Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Raffael_Hotz
New Contributor

Inject default route OSPF stub

Hi guys,

I hope you can help me as I am just too dumb right now. My setup looks like the following:

2 sites, both with a Fortigate for WAN connectivity and between the sites are 2 L3 devices connecting the sites with eachother. Site1 has Area 0 and other areas directly connected to the L3 switch and area 0 is also used for OSPF connection to the Fortigate. The L3 switch inject default route to the other site - connected by OSPF stub area.

The second site has a L3 switch as well, connected with the same stub area to the firewall there.

The plan is to use the default route from site 2 fortigate for all site a connected devices (so Fortigate Site 2 needs to inject its default route into the stub and overrule default route from Site 1). In case of failure or health links jitter is too high, the default route should be discarded and now Site 2 should take the default route injected from Site 1.

For testing purposes I even disconnected Site 1 from Site 2 but still on my L3 switch I cannot get the default route injected from my stub area fortigate even though it says "Inject default routes always". I also tried to change default metric lower than the Site 1 metric ...

Is it even possible to have a stub getting a default route injected from somewhere else than the area 0?

Hope that makes sense!

Thanks in regards

Cheers

 

1 Solution
Toshi_Esumi
Esteemed Contributor II

I don't think it's allowed. To redistribute a local default route that is already in RIB, that router needs to be an ASBR, which is not allowed in a stub area.

 

Toshi

View solution in original post

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor II

I don't think it's allowed. To redistribute a local default route that is already in RIB, that router needs to be an ASBR, which is not allowed in a stub area.

 

Toshi

Raffael_Hotz

Hi Toshi,

well thats completely right. I now have changed my areas into NSSAs and I can get into the internet via the backup route (when my Fortigate disconnects its WAN port). But now I need my default-route from my local fortigate (NSSA 10.207.0.0) to overrule the other site which injects it default route as well.

Is there a chance to do it?

Looks like: WAN- Fortigate NSSA 200 - Core1 NSSA 200 - Core1 Backbone - Core2 Backbone - Core1/2 NSSA 207 - Site2 NSSA 207 - Fortigate NSSA 207

Toshi_Esumi
Esteemed Contributor II

Honestly we don't use OSPF much because it's difficult to manipulate routes per prefix due to the fact that the design of OSPF is to share the topology of the entire network among all routers in the domain. We mainly use BGP instead. So I don't have the answer even if it's possible, which I doubt.