OSPF and static route redistribution

I need to enable OSPF on the interface where I am doing the static routing redistribution. The problem is that this interface is a blackhole interface

 

Where are you getting this from?

FWIW, here's an example of a BH route injection from a ospf vdom

      next         end         config redistribute "connected"         end         config redistribute "static"             set status enable             set routemap "ospftagovr"             set tag 289         end

my route-map that used for distribution controls;

SOC60D (root) # show router route-map config router route-map     edit "redist-def"             config rule                 edit 1                     set match-ip-address "default"                     set set-tag 9999                 next             end     next     edit "ospftagovr"             config rule                 edit 1                     set match-ip-address "mymap"                     set set-metric 15678                     set set-tag 8990                 next                 edit 2                 next             end     next end

my prefix-list ( i like prefix lists for ipv4 or ipv6 )

 edit "mymap"             config rule                 edit 1                     set prefix 10.200.11.0 255.255.255.0                     unset ge                     unset le                 next                 edit 2                     set prefix 10.200.199.0 255.255.255.0  < -pointed to blackhole                     unset ge                     unset le                 next             end     next end

static pushing the route to blackhole

config router static     edit 77         set dst 10.200.199.0 255.255.255.0         set blackhole enable     next end

( and here how it looks at a another ospf router )

SOC60D (custA) # get route info routing-table  ospf O E2    10.200.10.0/24 [110/10] via 192.168.10.1, root2custA1, 10:43:26 O E2    10.200.11.0/24 [110/15678] via 192.168.10.1, root2custA1, 10:43:26 O E2    10.200.199.0/24 [110/15678] via 192.168.10.1, root2custA1, 00:00:54   < route inject from static

 LS age: 266   Options: 0x2 (*|-|-|-|-|-|E|-)   LS Type: AS-external-LSA   Link State ID: 10.200.199.0 (External Network Number)   Advertising Router: 192.0.2.1   LS Seq Number: 80000001   Checksum: 0x8f28   Length: 36   Network Mask: /24         Metric Type: 2 (Larger than any link state path)         TOS: 0         Metric: 15678         Forward Address: 0.0.0.0         External Route Tag: 8990

I hope that helps.

ken

Hi Emnoc,

Thanks for your reply. The configuration you are giving is similar to the current configuration I am having with a standard OSPF area. (static routing to a blackhole interface and OSPF redistribute static command)

The problem is that I want to change the type of the OSPF area to a totally NSSA. The 'only' way I have found to have a consistent routing table on my routers, is to have a fortigate (was another router in my lab) where static routing is pointing to an enabled OSPF interface (on a fortigate it impossible with a blackhole interface, that's why I am asking if there is another method with a loopback interface or something else).

If you want to understand the problem, I have made a poste on cisco forums https://supportforums.cisco.com/discussion/12612446/ospf-totally-nssa-and-route-redistribution where I was explained the forwarding address specification in an NSSA area. R1 and R8 represents routers, R2 & R3 fortigates.

Nicolas

Okay I still don't understand your "exact" problem. Is this a metric or FA issue? or your concerns over E and N populated LSAs?

Have you pull the OSPF LSA database for the injected  routed via static on the advertising or receiving  OSPF routers & the fortigate?

You could use a static route with a next-hop and redistribute  that but  keep aware of any FA issues in the route entry. I will post something later when I get back to my lab showing a redistribution concept using a loopback address but it falls in the same concept of the blackhole.

In the mean time you can review this blog I wrote about pertaining with E1 redistributed routes and carrying the FA and metric calcuations.

http://socpuppet.blogspot.com/2013/08/forward-address-not-equal-0000-why.html

I would re-suggest that you  query the actual  OSPF database information on the routers and firewall involved. Also the cisco NSSA and compatibility could be a issue.  Have  you research "compatible rfc1587"  ? BUT be very very careful if you explore this in a production routers and any routers that are no enable. You can get  routing loops or other nasties.