Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vtsonev
Staff
Staff

Created on ‎05-02-2009 07:59 AM Edited on ‎06-02-2022 09:39 AM By Anonymous

Article Id 191699

Technical Tip: How to redistribute a default route in OSPF

Description
This article provides explanations on how to redistribute default route in OSPF with different metric, so the peer will get the route with lower than the default metric of 10.

Solution
Following syntax is used to advertise a default route in OSPF on a FortiGate.

# config router ospf
(ospf) set default-information-originate <option>

Available options are as below:

'enable': Enable setting.                                  <----- This will send a default route if FortiGate has one in routing table.
'always': Always advertise the default router.     <----- This will always send a default route.
'disable': Disable setting.

To do not advertise a default route to some OSPF neighbors behind specific OSPF interfaces:

1) Not enable OSPF on those interfaces if this is possible (a static default route towards the ISPs routers might be enough in most cases).
2) Set those interfaces as passive interfaces if the subnet has to be advertised as OSPF routes but not forming adjacency

From the GUI, see the same options:



 
 
By default, the redistributed default route is with the metric of 10.
In order to change the metric for the default route, you can use the following options (CLI):
# config router ospf
    set default-information-originate enable
    set default-information-metric 1                   <----- It is possible to use metric if needed.
    set default-information-metric-type type 1 | type2
The result is the following external LSA generated from the advertising FortiGate:
 
AS External Link States.
  LS age: 551
  Options: 0x2 (*|-|-|-|-|-|E|-)
  LS Type: AS-external-LSA
  Link State ID: 0.0.0.0 (External Network Number)
  Advertising Router: 172.16.20.2
  LS Seq Number: 80000001
  Checksum: 0xb475
  Length: 36
  Network Mask: /0
        Metric Type: 2                                <----- Larger than any link state path.
        TOS: 0
        Metric: 1
        Forward Address: 10.200.1.1
        External Route Tag: 0
In the routing table of the peer, it is possible to confirm that the route is with metric of 1:
# get router info routing-table data
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       > - selected route, * - FIB route, p - stale info

Routing table for VRF=0
O E2    0.0.0.0/0 [110/1] via 10.200.1.1, port1, 00:22:17
S    *> 0.0.0.0/0 [10/0] via 172.16.31.254, port10




Related Articles

Technical Note : OSPF configuration guide for ABR and ASBR settings

Technical Note : simple OSPF configuration with 2 FortiGates in the same area

Technical Note : OSPF route summarization for LSAs Type3 (on ABR) and Type5 (on ASBR)

Technical Note : How to redistribute routes from other sources in a dynamic routing protocol (RIP, O...

35843
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.