Content

The OSPF Default Mysteries

Default routing should be a simple concept (packets with unknown destinations are forwarded to a router that advertises it has more information), but becomes surprisingly complex in routing protocols that have multiple layers of default routes. In this article, you’ll see how the Open Shortest Path First (OSPF) protocol uses default routes and how various OSPF-generated default routes interact in typical network scenarios.

Sample Network

Throughout the article we’ll work on a sample three-area OSPF network (Figure 1). The core area has three central routers (A2 is used solely for redundancy) and two upstream Internet connections through X1 and X2.

Figure 1

Structure of the sample network

Area 11 connects small offices (S1 and S2) to the core. As these sites have no other external connectivity, area 11 is configured as a stub area to minimize the impact of routing changes to its routers and WAN link utilization. Area 22 connects international offices. These could have their own Internet links; therefore area 22 is configured as a not-so-stubby area (NSSA) to allow the routers within it to advertise their own external routes while still retaining the isolation benefits of a stub area.

Note

Figure 1 shows the OSPF router IDs of all routers in the network diagram. Please refer to this diagram whenever analyzing printouts throughout this article.

External Default Route Origination

The default route is announced as IP prefix 0.0.0.0/0 in OSPF. Because you can’t configure this prefix from a directly connected interface, it can be inserted into the OSPF domain only as an external or inter-area (summary) route. However, the regular route redistribution does not work; even if the default route is in the IP routing table, it will not be redistributed into OSPF. To generate an external default route into an OSPF domain, you have to configure the default-information originate command on a router. This command automatically changes the router into an autonomous system boundary router (ASBR), the router that connects the OSPF domain to other routing protocols.

When your network has a single upstream link (for example, a single connection to the Internet), the ASBR with the upstream link should advertise the default route unconditionally; after all, even if the upstream link fails, there is no alternate path that the packets could be taking. The unconditional advertising of the default route is achieved with the default-information originate always command.

In the sample network, assuming that X1 is the only gateway to the Internet (Figure 2), the OSPF configuration displayed in Listing 1 will ensure that X1 will advertise the default route into the OSPF network regardless of the state of the upstream link.

Figure 2

OSPF network with a single Internet connection

Listing 1

Unconditional default route origination on X1

interface Loopback0

ip address 10.0.1.4 255.255.255.255

ip ospf 1 area 0

interface Serial1/0

description *** Link to A1 ***

ip address 10.0.7.10 255.255.255.252

ip ospf 1 area 0

interface Serial1/1

description *** Link to A3 ***

ip address 10.0.7.54 255.255.255.252

ip ospf 1 area 0

interface Serial1/3

description *** Upstream link to the Internet ***

ip address 10.0.7.37 255.255.255.252

router ospf 1

log-adjacency-changes

default-information originate always

If you inspect the external OSPF Link State Advertisements (LSA) on any router within the area 0, you’ll notice the IP prefix 0.0.0.0/0 advertised from X1 (Listing 2). With no additional configuration options, the default route is advertised as External Type 2 (E2) route with metric 1.

Listing 2

External default route LSA on A1

A1#show ip ospf database external 0.0.0.0

OSPF Router with ID (10.0.1.1) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA

LS age: 204

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: X1

LS Seq Number: 80000001

Checksum: 0xC1E1

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

Note

You can display the advertising router’s name in the show ip ospf database commands with the ip ospf name-lookup global configuration command.

Conditional Default Route Origination

Whenever you have multiple upstream links from your OSPF network, you should not use unconditional default route advertisements, as they might result in traffic “black holes.” For example, if both X1 and X2 in the sample network advertise the default route unconditionally and one of the Internet links fails, the traffic sent to the router with the failed link would be dropped (Figure 3).

Figure 3

Unconditional default route advertisement results in a traffic “black hole”

The easiest conditional default route origination is configured with the default-information originate router configuration command without the always option, which will advertise an external default route into the OSPF domain only if the advertising router has a non-OSPF default route in its routing table.

Note

The default-information originate command without the always option is functionally equivalent to redistributing the default route into OSPF.

In the sample network, this command has to be entered on X1 and X2, resulting in two external default routes being originated into the OSPF domain. Both routers would also need a non-OSPF default route. You could use static routes pointing to the Internet interface (as shown in Listing 3), static routes based on IP SLA measurements (reliable static routes), PPP- or DHCP-based default routes or even BGP-advertised default routes.

Listing 3

Conditional default route origination on X1 and X2

interface Serial1/3

description *** Upstream link to the Internet ***

ip address 10.0.7.37 255.255.255.252

encapsulation ppp

router ospf 1

default-information originate

ip route 0.0.0.0 0.0.0.0 Serial1/3

After configuring conditional default route origination on X1 and X2, both routers start announcing the default route as an E2 OSPF route with metric 1 (Listing 4). Since the external metrics are identical, each OSPF router in the non-stub areas selects the closest exit point, resulting in proximity-based load sharing. For example, A1 will select X1 as its exit point (Listing 5), while A3 will select X2. A2 has two equal-cost paths toward the Internet (A1-X1 and A2-X2) and thus will load-balance between them (Listing 6).

Listing 4

External routes in the OSPF topology database

OSPF Router with ID (10.0.1.1) (Process ID 1)

Type-5 AS External Link States

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: X1

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: X2

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

Listing 5

Default route on A1 points toward X1

A1#show ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 1, candidate default path

Tag 1, type extern 2, forward metric 50

Last update from 10.0.7.10 on Serial1/0, 00:34:44 ago

Routing Descriptor Blocks:

* 10.0.7.10, from 10.0.1.4, 00:34:44 ago, via Serial1/0

Route metric is 1, traffic share count is 1

Route tag 1

Listing 6

A2 load-shares traffic between X1 and X2

A2#show ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 1, candidate default path

Tag 1, type extern 2, forward metric 51

Last update from 10.2.1.3 on FastEthernet0/0, 00:35:56 ago

Routing Descriptor Blocks:

10.2.1.3, from 10.0.1.5, 00:35:56 ago, via FastEthernet0/0

Route metric is 1, traffic share count is 1

Route tag 1

* 10.2.1.1, from 10.0.1.4, 00:36:12 ago, via FastEthernet0/0

Route metric is 1, traffic share count is 1

Route tag 1

Primary/Backup Link Selection

In the preceding section, the routers within the OSPF backbone area selected the closest exit point to the Internet based on internal OSPF cost toward the ASBR. If you want to implement the primary/backup Internet link design, you should change the metrics of the default routes advertised by X1 and X2. For example, if you want to use X1 as the primary Internet gateway (and X2 serving solely as a backup) as displayed in Figure 4, X1 should advertise the OSPF default route with a lower E2 metric than that of X2. (E2 metrics should be used because OSPF does not consider internal cost toward the ASBR when comparing E2 routes.)

Figure 4

Primary/backup Internet connection design

To change the metric of the OSPF default route, use the metric-type and metric options of the default-information originate command. The configuration in Listing 7 changes the metric of the default route advertised by X1.

Note

The metric-type parameter is missing from the configuration as Cisco IOS does not include the default parameter values in the configuration even if you configure them.

Listing 7

Default route origination on X1

router ospf 1

default-information originate metric 10

With the changed external default route LSAs in the OSPF topology database (Listing 8), all core routers use X1 as the primary Internet gateway (Listing 9).

Listing 8

Default routes with different metrics in the OSPF topology database

OSPF Router with ID (10.0.1.1) (Process ID 1)

Type-5 AS External Link States

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: X1

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 10

Forward Address: 0.0.0.0

External Route Tag: 1

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: X2

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 20

Forward Address: 0.0.0.0

External Route Tag: 1

Listing 9

A3 uses X1 as the exit point to the Internet

A3#show ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 10, candidate default path

Tag 1, type extern 2, forward metric 51

Last update from 10.2.1.1 on FastEthernet0/0, 00:04:59 ago

Routing Descriptor Blocks:

* 10.2.1.1, from 10.0.1.4, 00:04:59 ago, via FastEthernet0/0

Route metric is 10, traffic share count is 1

Route tag 1

Integration with Other Routing Protocols

If OSPF is not your core routing protocol, you might want to replace two-way route redistribution between OSPF and the core routing protocol (most commonly BGP) with advertisements of the default route into the OSPF domain. For example, if you use MPLS VPN service with BGP as the routing protocol for your international connectivity and multi-area OSPF within each country (Figure 5), the default routing from OSPF toward BGP might simplify your overall network design and increase the stability of in-country networks because the international route flaps would not be propagated to local OSPF areas.

Figure 5

Integration with BGP-based MPLS VPN backbone

To prevent black holes caused by failures in the MPLS VPN infrastructure or PE-CE links, X1 and X2 should not advertise the default route unconditionally, but only if they’re receiving BGP routes from the MPLS VPN backbone. You can use the default-information originate route-map command to achieve this goal: whenever a route in the IP routing table matches the conditions specified in the route-map, the default route is advertised into OSPF.

Warning

The route-map specified in the default-information originate route-map command checks the entries in the IP routing table. Therefore, you can use matches on IP prefixes, next-hops and metrics, but not on BGP attributes such as AS-path or local preference.

The default-information originate route-map command is very limited in its functionality:

The route-map has to use a standard IP access list to match the IP route in the main IP routing table. Prefix lists don’t work.

The entry in the standard IP access list has to be an exact match of the entry in the main IP routing table. Wildcard bits don’t work.

The default route is originated only when a major network is matched (tested in IOS release 12.2SRC). You cannot originate a default route based on the presence of a subnet or a supernet.

Assuming that the presence of the IP prefix 198.18.2.0/24 indicates that the MPLS VPN backbone is operational, you could originate the default route into the OSPF network from X1 and X2 with the configuration in Listing 10.

Listing 10

Route map-based default route origination on X1 and X2

router ospf 1

default-information originate always metric 10 route-map CoreRoutes

route-map CoreRoutes permit 10

match ip address CoreRoutes

ip access-list standard CoreRoutes

permit 198.18.2.0

Note

You should set the default route metrics based on whether you want to have load-balancing between X1 and X2, or a primary/backup design.

Stub Areas

Stub areas are OSPF areas with no external connectivity (routers cannot redistribute non-OSPF routes into a stub area). To ensure end-to-end connectivity between routes in stub areas and external destinations, all area border routers (ABRs) originate default routes into stub areas. These routes are advertised as inter-area (summary) routes. For example, A1 and A2 advertise the default route into area 11 of the sample network shown in Figure 1 as displayed in Listing 11.

Listing 11

Default routes in a stub area

S1#show ip ospf database summary 0.0.0.0 | exc LS|Check|Opt

OSPF Router with ID (10.0.1.6) (Process ID 1)

Summary Net Link States (Area 11)

Link State ID: 0.0.0.0 (summary Network Number)

Advertising Router: A1

Length: 28

Network Mask: /0

TOS: 0 Metric: 1

Link State ID: 0.0.0.0 (summary Network Number)

Advertising Router: A2

Length: 28

Network Mask: /0

TOS: 0 Metric: 1

Unless configured otherwise, the default routes are advertised into the stub area with OSPF metric equal to one. The routers within the stub area thus select the nearest ABR to reach external destinations. If there is a significant bandwidth mismatch between the stub area and the network core (for example, one of the ABRs has a slow core link, as shown in Figure 6), you have to ensure that the routers within the stub area select the desired ABR; adjust the metric of the inter-area default route.

Figure 6

Primary/backup ABR design in an OSPF stub area

The inter-area default route metric is configured with the area default-cost router configuration command. In the sample network from Figure 6, the cost of the default route should be raised on the A2 router (Listing 12), ensuring that all routers within the stub area select A1 as the preferred ABR (Listing 13 and Listing 14).

Note

ABR selection becomes even more important in the totally stubby areas, as the ABRs advertise only the default route and no other inter-area summaries into these areas.

Listing 12

High cost of inter-area default route within area 11 is configured on A2

router ospf 1

area 11 stub

area 11 default-cost 64000

Listing 13

Default routes in stub area 11

S1#show ip ospf database summary 0.0.0.0 | exc LS|Check|Opt

OSPF Router with ID (10.0.1.6) (Process ID 1)

Summary Net Link States (Area 11)

Link State ID: 0.0.0.0 (summary Network Number)

Advertising Router: A1

Length: 28

Network Mask: /0

TOS: 0 Metric: 1

Link State ID: 0.0.0.0 (summary Network Number)

Advertising Router: A2

Length: 28

Network Mask: /0

TOS: 0 Metric: 64000

Listing 14

All routers within the stub area select A1 as the preferred ABR

S1#show ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 51, candidate default path, type inter area

Last update from 10.0.7.13 on Serial1/0, 00:02:33 ago

Routing Descriptor Blocks:

* 10.0.7.13, from 10.0.1.1, 00:02:33 ago, via Serial1/0

Route metric is 51, traffic share count is 1

Not-So-Stubby Areas

The not-so-stubby areas (NSSAs) present a particular challenge to router vendors, as the routers within the NSSA could originate an external default route with the NSSA external route (type-7) LSA.

Note

Cisco routers don’t advertise external default routes into a NSSA area even when configured with default-information originate always, but RFC 3101 does not explicitly prohibit default route advertising into an NSSA area.

The Cisco routers acting as ABRs in an NSSA area thus don’t advertise the OSPF default route without manual configuration. You can configure the ABRs to advertise the OSPF default route with the following configuration commands:

area nssa default-information-originate advertises a type-7 (NSSA external) default route into the NSSA area. Similarly to the default-information originate command, this command enables you to configure the external metric and metric type.

area nssa no-summary configures an NSSA area as a totally stubby area (no inter-area summaries are advertised into the NSSA area) and generates an inter-area (type 3) external route. You can adjust the metric of this default route with the area default-cost router configuration command.

Warning

If you don’t configure the default route origination into an NSSA area with one or the other router configuration command, the routers within the area will not be able to reach destinations advertised as external routes within the OSPF backbone area.

The considerations for default route metrics are the same as in the stub area or external default route designs: if the routers within an NSSA area should choose the closest ABR (default scenario), the default route metrics should be identical on all ABRs. If you want to implement a primary/backup scenario, you should use an E2 metric type (to ensure that the intra-area cost is not added to the cost of the default route) and different default route metrics on ABRs.

If one of the ABRs has a significantly faster core uplink than the other ABRs in the same area (see Figure 7 for a sample network diagram), you should advertise type-7 default routes with different E2 metrics into the NSSA area. The relevant parts of OSPF router configuration on A2 and A3 are included in Listing 15 and Listing 16, and the OSPF topology database in area 22 is displayed in Listing 17.

Figure 7

Primary/backup ABR design in an NSSA area

Listing 15

OSPF router configuration on A2

router ospf 1

log-adjacency-changes

area 11 stub

area 11 default-cost 64000

area 22 nssa default-information-originate metric 20

Listing 16

OSPF router configuration on A3

router ospf 1

log-adjacency-changes

area 22 nssa default-information-originate metric 10

Listing 17

External default routes in the NSSA area

R1#show ip ospf database nssa 0.0.0.0 | exc LS|Check|Opt|Length

OSPF Router with ID (10.0.1.8) (Process ID 1)

Type-7 AS External Link States (Area 22)

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: A2

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 20

Forward Address: 0.0.0.0

External Route Tag: 0

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: A3

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

Metric: 10

Forward Address: 0.0.0.0

External Route Tag: 0

Summary

Default routing in OSPF is no less complex than other features of this lovely routing protocol. Contrary to many other routing protocols, the default route (IP prefix 0.0.0.0/0) cannot be redistributed into OSPF, but rather has to be configured manually with the default-information originate router configuration command.

An AS boundary router (ASBR) can advertise the OSPF default route unconditionally (even if it has no default route), based on the presence of the default route in the IP routing table (equivalent to redistributing the default route into OSPF), or based on the presence of a major network in the IP routing table.

Stub areas and NSSA areas have their own default routes independent from the network-wide default routes. (Network-wide default routes are always advertised as external routes, and thus by definition are prohibited from entering stub or NSSA areas.) Area border routers (ABRs) advertise inter-area default routes in stub areas and might advertise NSSA external (type-7) or inter-area default routes in NSSA areas.

The advertisement of default route into NSSA areas has to be configured manually and is mandatory for proper operation of an OSPF network; routers within an NSSA area are unable to reach external destinations without an NSSA default route.