Richard Chivers(r.chiv...@zengenti.com) on 2020.04.27 19:26:08 +0100: > Hi, > > That makes a lot of sense thanks, and appears to have solved the problem, > we had a route added through our loopback interface in production" > "!/sbin/route add -reject default 127.0.0.1" > > Is that the best/general practise in general?
Yes. -blackhole is even better because you wont respond with icmp if you loose routes (for example when routes flap) or when someone sends you traffic you cannot route for other reasons. > > Cheers > > Richard > > On Mon, Apr 27, 2020 at 8:25 AM Claudio Jeker <cje...@diehard.n-r-g.com> > wrote: > > > On Sun, Apr 26, 2020 at 08:44:42PM +0100, Richard Chivers wrote: > > > Not sure how I missed the clear information in the man page... > > > > > > "If set to default, a default route pointing to this router will be > > > announced over OSPF" > > > > > > It seems I am just having an issue and it should work as I expected. > > > > > > I will do some more diagnosis in the morning... > > > > > > > I think the man page is not optimal here. ospfd(8) and ospf6d(8) will only > > redistribute networks that are in the FIB. So in case of redistribute > > default the router needs to have a default route 0/0 or ::/0 in the > > routing table. Also that route's priority needs to be less than 32 > > to be picked up. > > > > This is different from bgpd where the network statements and export > > default-route statement work even if there is no matching route in the > > FIB. > > > > > On Sun, 26 Apr 2020, 17:09 Richard Chivers, <r.chiv...@zengenti.com> > > wrote: > > > > > > > Hi, > > > > > > > > Hope someone can help, I am having a strange issue and can't seem to > > > > isolate the problem. > > > > > > > > We have "redistribute default" set globally on our bgp/ibgp speakers > > > > in the ospfd.conf. The bsd boxes are all 6.6. > > > > > > > > These routers are connected via ibgp to some other routers and have > > > > external bgp sessions taking at present a couple of basic network > > > > announcements from their egbp peers. e.g. 2.2.2.0/24 ( we have faked > > our > > > > transit provider) > > > > > > > > Connected to these routers we have a pair of firewalls, which > > previously > > > > received a default route from the bgp/ibgp speakers. > > > > > > > > I am trying to understand exactly what the redistribute default in the > > > > ospfd.conf does. I assume it is saying if i have a static default > > route or > > > > another default route from an upstream then tell other routers about > > it? Or > > > > is it saying tell others to use me as a default route. I can't seem to > > find > > > > anything specific in the docs to clarify this, and would like to > > understand > > > > it clearly if pos. > > > > > > > > In our case our previous configuration on 5.8 and this configuration > > has a > > > > static route on the bgp speakers of 0.0.0.0/24 -> 127.0.0.1. > > > > > > > > If I do a ospfctl sh rib or ospfctl sh data on the firewalls i just > > don't > > > > see any default route being provided by the bgp speakers. > > > > > > > > Hope this makes sense. I am sure I am missing something obvious... > > > > > > > > Effectively I want the bgp speakers to announce themselves as the > > default > > > > route for their neighbor firewalls over ospf. > > > > > > > > Thanks > > > > > > > > -- > > :wq Claudio > > > --
