BGP peering via default route

Similar Messages

• How many BGP peers does the 3548 switch support?

  Is it possible to run more than 40 peers on a single switch? What is the limitation if not?

  Hi ,
   You can have 40 BGP peers , IPV4 unicast routes handled by hardware is only 24000 .Enusre all your BGP peering routing updates is within this limits . 
  http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3548-switch/data_sheet_c78-707001.html
  Table 7. Hardware Specifications Common to Both Switches
  Mode
  Normal Mode
  Warp Mode
  Hardware tables and scalability
  Number of MAC addresses
  64,000
  8000
  Number of IPv4 unicast routes
  24,000
  4000
  Number of IPv4 hosts
  64,000
  8000
  Number of IPv4 multicast routes
  8000
  8000
  Number of VLANS
  4096
  Number of ACL entries
  4096
  Number of spanning-tree instances
  Rapid Spanning Tree Protocol (RSTP): 512
  Multiple Spanning Tree (MST) Protocol: 64
  Number of EtherChannels
  24
  Number of ports per EtherChannel
  24
  Buffer size
  6 MB shared among 16 ports; 18 MB total
  Boot flash memory
  2 GB
  HTH
  Sandy

• Bgp default route-target filter

  Hi folks,
  how that command works, and why it don't need to be configured on an ASBR that is functioning as RR?
  Thank you very much for your support
  Regards
  Andrea

  By default, a cisco router will filter out prefixes that contain a route-target that is not use locally on that router.
  This check is disabled when you configure a route-reflector-client, since the client may need one of those routes.
  On an ASBR that IS already a RR, you don't need to mess with this command because the rt filter check is already turned off.
  However, if your ASBR is not a RR ( or doesn't have a particular VPN configured locally) and you need to advertise VPN prefixes to another AS, then you need to turn this check off or the ASBR will filter out the prefixes when they are received from its internal peers, so it will not have them to advertise to another else. In this case, you would do a "no bgp default route-target filter" on the ASBR so the routes are accepted even though they will not be used locally.
  HTH
  -Rob

• Inject BGP Default Routes into Multiple VRF before Best Path Selection

  Hello, 
  I have the following setup:
  Multiple Border Routers with eBGP sessions to external AS. We receive a default route from this multiple AS to keep the Table manageable. We noticed an important part of our traffic was been SW routed instead of CEF when we had the Full Internet table. Router Resources came to the ground when we changed to a default. 
  Now I want to separate this default routes into different VRF. Attached is the Diagram. 
  My question is,  the multiple default route all go into the BGP Table. The BGP table then select the best route and place it on the RIB and then to the FIB. 
  I want to redistribute the different Route on the BGP table prior to the Best path selection algorithm and placed on the RIB. 
  How can I achieve this?

  Hi,
  Redistribution of multiple routes to same prefix is not possible. Even if you have configured BGP multipath and all different bgp routes got installed into routing table, during redistribution only route will be redistributed. 
  Also would like to understand the requirement of redistributing multiple BGP routes in to IGP. As per your diagram, 3 different eBGP sessions are on three different routers, so you can prefer eBGP route over iBGP received from other routers and can distribute eBGP route to IGP from each router. Thus you will have three different default routes in to IGP in core.
  Please don't forget to rate this post if it has been helpful
  - Akash

• BGP default route advertisement - change preference

  hi guys,
  I would appreciate some assistance here. We have a primary head office & a DR site. Routers at both sites connect to our carrier for an IP VPN service using BGP. BGP configs on each router advertise a default route 0.0.0.0.
     #sh ip bgp neighbors x.x.x.x advertised-routes
        BGP table version is 358, local router ID is x.x.x.x
        Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
        Origin codes: i - IGP, e - EGP, ? - incomplete
        Originating default network 0.0.0.0
  Issue is, some of our remote sites prefer the DR router path for traffic destined to internet.
  We are advertising multiple default routes to our carrier, and based on feedback from carrier, route with lowest MED is preferred.
  This brings me to what i need to change from my side. Need to change the route preference so that from our remote offices, only the route to head office is preferred with DR site the least preferred route. I know there are multliple ways of doing this, however keen to get input from the experts out there.
  DR site router has this BGP config currently applied:
     router bgp XXXXX
      bgp log-neighbor-changes
      redistribute connected
      redistribute ospf 1 match internal external 1 external 2
      neighbor x.x.x.x remote-as XXXX
      neighbor x.x.x.x default-originate
      neighbor x.x.x.x soft-reconfiguration inbound
      neighbor x.x.x.x route-map IMPORT-POLICY in
      neighbor x.x.x.x route-map OPI-route-advertisement out
      default-information originate
  Removing the  "neighbor x.x.x.x default-originate" is not an option, as we need to have the ability to failover to DR at any point.
  Thanks in advance & if you need any further info pls advise.
  Rama

  Hi Milan,
  Thanks. Answers below:
  Does it provide an MPLS backbone to you? YES
  Are you using the same AS number on all your sites or different ones? Same AS
  Any way, what about advertising the default route from your DR site with the site AS number prepended several times (5 times, e.g.)? That's the thing I am struggling to understand as the route-map OPI-route-advertisement already has it prepended 2 times. Shouldn't that be enough to influence which route is least preferred?
  route-map OPI-route-advertisement permit 20
   match ip address prefix-list xxx default-route
   set as-path prepend XXXXX XXXXX
  If your provider would permit that and hasn't configured his routers to ignore the AS_PATH length (as him a question), it should make the default route advertised from your DR less preferred within your backbone. Will ask.
  Given this, any other thoughts/questions?
  Thanks, Rama

• ASA receiving two default routes to internet via OSPF

  I am trying to test something for a client.  If I have an ASA that receives two default routes to the internet via OSPF, will it load balance those connections?  I have a feeling the answer is 'no.'  If that is the case, would the ASA would be at least able use the second internet connection if the primary one becomes saturated?
  TIA,
  Dan

  Yes, I know that the ASA cannot have default routes on multiple interfaces.  Both of the default routes are coming into the ASA's outside interface.  There would be two routers and the ASA in area 0 for OSPF.  The routers would have the default-information originate command in their OSPF configuration to push the default route out to the ASA.

• Ipv6 Default route bgp

  Hi,
  I am reciving a default route on bgp over ipv6 by my service provider. I want to control to only recive the default route, but when I ask for full table I recived all the routes, I don't know how to control the prefix to only recived the default route, this is what I have (ios XR):
  prefix-set IPv6
    ::/0 le 128
  end-set
  route-policy PERMIT_IPv6
    if destination in IPv6 then
      pass
    endif
  end-policy
  router bgp 279xx
  vrf INTERNET
  neighbor 2800:xxxx:x:x:x:x:x:x
  remote-as 523xx
  description eBGP GlobeNetIPV6
  update-source Bundle-Ether4.663
  address-family ipv6 unicast
  route-policy PERMIT_IPv6 in
  route-policy IPV6_OUT out
  Sorry for my english.

  pdriver answer is the right one, you are allowing all routes
  prefix-set IPv6
    ::/0 le 128
  end-set
  it allows :: from mask 0 to mask 128, just remove the "le 128"

• Unable to connect to VM's in new cloud service via express route

  We have changed our express route setup, initially we had an express route via London, but we have added a second one via Amsterdam and removed the one via London. All existing and new vm's in the different vnet's have connection to our local datacenter,
  but as soon as we create vm's in a new cloud service the published routes don't seem to be picked up and the machine are only reachable in their local vnet on azure.
  Does anyone have an idea where to look, it looks like the route publishing does not seem to work correctly, but it is strange that new vm's in existing cloud service do work correctly. BGP peering and vnet have been provided access via the expressroute and
  all have status provisioned.

  Hi Syed,
  When I try to connect to a new vm via rdp or try to do a tracert to the machine (with firewall turned off on the vm) I don't get a response (traffic is routed via the express-route correctly). If I do a tracert to an ip on the on premise network
  from the vm in question the trace is directed to internet instead of to the on premise network via the express route.
  the new cloud services were created in the same region as the working cloud services and the vm's are also in the same vnet/subnet as the working vm's. If I delete a vm (keeping the disks) from a new cloud service and redeployed it in an existing cloud service
  I can reach it again via the internal ip.
  We have checked the route publishing and the correct routes are published to the express route/vnet.
  When I check the provisioning of the vnet's via get-azurededicatedcircuitlink all the vnet's in question are listed as provisioned.
  I'll try to remove the bpgrouting for the original expressroute this evening to see if that helps.
  kind regards
  Xander

• UNABLE TO INJECT A STATIC DEFAULT ROUTE FROM PE????

  UNABLE TO INJECT A STATIC DEFAULT ROUTE FROM PE????
  Description:
  I am unable to get a static default route via MPBGP session for a vrf, any other route redistributed the same way is getting through.
  Just the static default route isn't ????
  1>
  SOURCE PE WHERE IS THE ROUTE REDISTRIBUTED:
  pe1#
  router bgp 4755
  bgp router-id 10.10.10.103
  no bgp default ipv4-unicast
  bgp log-neighbor-changes
  neighbor 10.10.10.100 remote-as 4755
  neighbor 10.10.10.100 update-source Loopback0
  address-family vpnv4
  neighbor 10.10.10.100 activate
  neighbor 10.10.10.100 send-community extended
  exit-address-family
  address-family ipv4 vrf B
  redistribute static <<<<<<<<<<<<<< STATIC REDIS
  no auto-summary
  no synchronization
  exit-address-family
  address-family ipv4 vrf A
  redistribute static <<<<<<<<<<<<<< STATIC REDIS
  no auto-summary
  no synchronization
  exit-address-family
  ip classless
  ip route vrf A 0.0.0.0 0.0.0.0 Serial1/0 192.168.1.2 global <<<< STATIC ROUTE POINTING THE GLOBAL CONTEXT INTERFACE
  ip route vrf B 0.0.0.0 0.0.0.0 Serial1/0 192.168.1.2 global <<<< STATIC ROUTE POINTING THE GLOBAL CONTEXT INTERFACE
  DESTINATION PE HERE I CANNOT SEE THE STATIC DEFAULT ROUTE:
  pe3(config-router-af)#do sh ip bgp vpnv4 all
  BGP table version is 11, local router ID is 10.10.10.103
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
  Network Next Hop Metric LocPrf Weight Path
  Route Distinguisher: 4755:1 (default for vrf A)
  *>i172.16.1.0/30 10.10.10.101 0 100 0 ?
  *>i172.16.2.0/30 10.10.10.102 0 100 0 ?
  *>i172.16.10.0/24 10.10.10.101 2297856 100 0 ?
  *>i172.16.20.0/24 10.10.10.102 2297856 100 0 ?
  *>i172.16.200.0/24 10.10.10.102 2170112 100 0 ?
  Route Distinguisher: 4755:2 (default for vrf B)
  *>i172.16.1.0/30 10.10.10.101 0 100 0 ?
  *>i172.16.2.0/30 10.10.10.102 0 100 0 ?
  *>i172.16.10.0/24 10.10.10.101 2297856 100 0 ?
  *>i172.16.20.0/24 10.10.10.102 2297856 100 0 ?
  *>i172.16.200.0/24 10.10.10.102 2170112 100 0 ?
  THE STAITC ROUTE IS REDISTRIBUTED TO LOCAL VRF CONTXT ASWELL AS WE CAN SEE:
  pe3(config-router-af)#do sh ip route vrf A
  Routing Table: A
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  E1 - OSPF external type 1, E2 - OSPF external type 2
  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
  ia - IS-IS inter area, * - candidate default, U - per-user static route
  o - ODR, P - periodic downloaded static route
  Gateway of last resort is 192.168.1.2 to network 0.0.0.0
  172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
  B 172.16.200.0/24 [200/2170112] via 10.10.10.102, 00:00:23
  B 172.16.20.0/24 [200/2297856] via 10.10.10.102, 00:00:23
  B 172.16.10.0/24 [200/2297856] via 10.10.10.101, 00:00:23
  B 172.16.1.0/30 [200/0] via 10.10.10.101, 00:00:23
  B 172.16.2.0/30 [200/0] via 10.10.10.102, 00:00:23
  S* 0.0.0.0/0 [1/0] via 192.168.1.2, Serial1/0
  Hope I am clear in explaining the issue...
  Thanks,
  Dara

  Hehehe :)
  "Unfortunately" that's true !!!!
  This could have been the last thing that I try.
  Getting he techs work, protocols work is fine.
  But if get to make myself understand the logic behind adding this command as well than ... :(
  Thanks a lot,

• Import EIGRP default route only with network command

  Hi,
  Does anyone know why I can only import the default route learned by EIGRP (from a CE router) in the VPNV4 table with the command ?network 0.0.0.0? under the address family? Is this the correct behavior?
  router bgp 100
  address-family ipv4 vrf red
  redistribute eigrp 200
  no synchronization
  network 0.0.0.0
  exit-address-family
  PE9(config-router-af)#do show ip route vrf red 0.0.0.0
  Routing entry for 0.0.0.0/0, supernet
  Known via "eigrp 200", distance 90, metric 547840, candidate default path, type internal
  Redistributing via bgp 100, eigrp 200
  Last update from 91.91.91.1 on FastEthernet0/0.91, 00:04:11 ago
  Routing Descriptor Blocks:
  * 91.91.91.1, from 91.91.91.1, 00:04:11 ago, via FastEthernet0/0.91
  Route metric is 547840, traffic share count is 1
  Total delay is 20400 microseconds, minimum bandwidth is 100000 Kbit
  Reliability 255/255, minimum MTU 1500 bytes
  Loading 1/255, Hops 4
  PE9(config-router-af)#do show ip bgp vpnv4 vrf red 0.0.0.0
  % Network not in table
  PE9(config-router-af)#
  PE9(config-router-af)#network 0.0.0.0
  PE9(config-router-af)#
  PE9(config-router-af)#do show ip bgp vpnv4 vrf red 0.0.0.0
  BGP routing table entry for 91:91:0.0.0.0/0, version 1068
  Paths: (1 available, best #1, table red)
  Flag: 0x820
  Advertised to update-groups:
  2
  Local
  91.91.91.1 (via red) from 0.0.0.0 (9.9.9.9)
  Origin IGP, metric 547840, localpref 100, weight 32768, valid, sourced, local, best
  Extended Community: RT:118:118 Cost:pre-bestpath:128:547840
  0x8800:32768:0 0x8801:200:522240 0x8802:65284:25600 0x8803:65281:1500
  mpls labels in/out 28/nolabel
  PE9(config-router-af)#
  Thanks,
  Marcelo

  Hi Marcelo,
  Yes this is normal, a default route unlike any other routes is not redistributed between routing protocols by default, in the case of BGP you have 2 options, either use a network command and make sure that the route is in the routing table (via EIGRP in your case), or use redistribute + default-information originate, you can test this by removing the network command and adding the default-information originate under the address family.
  HTH,
  Mohammed Mahmoud.

• Management to VRF Interface on 1841 relying on default route

  I couldn't find this in any of the bug lists, has anyone come across this scenario before:
  I have an 1841 router, running: c1841-advipservicesk9-mz.124-25f
  This router has multiple loopbacks in different VRFs, loopback 0 is in the global context, loopback 1 is in the "ADMIN" VRF (there are multiple other VRFs, but there is nothing special or unique in the config between them, so I'll just stick with loop1, the behaviour is the same for all VRFs)
  The routing table contains an all-zeros route:
  show ip route vrf ADMIN
  Routing Table: ADMIN
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is 10.254.144.13 to network 0.0.0.0
       10.0.0.0/8 is variably subnetted, 330 subnets, 7 masks
  B       10.254.156.104/30 [20/0] via 10.254.144.13, 3d23h
  [etc etc]
  10.254.144.13 is the next hop for all networks in the ADMIN VRF, this router is not dual attached.
  My PC sits behind a firewall outside the MPLS network, the VRFs in the MPLS network rely on a default all-zeros route into the firewall - hence there is not specific route for the subnet my PC is on.
  From my PC, I can ping the Loopback1 address, however I cannot get to any management services (ssh, telnet, http or https) via loopback1. When I add a static route for my PC (/32) (or for the entire 10.0.0.0/8 network - which is my current work around), I can then ssh or telnet etc to Loopback1.
  Loopback0 (in the global context) works fine regardless of if it's relying on the all zeros route or not.
  Anyone seen this before? It appears to be a bug in the IOS that management services do not look at the default route within a VRF?

  You can generate a default route with the following command:
  neighbor 1 default-originate
  and you need to have a default route in the routing table. This will get the PE to generate a default route to the CE.

• Changing default route after import route-target

  Hi there,
  Before I import route-target, the default route is set to 192.168.0.22 . After import the vrf, suddently it change to another PE, which is 192.168.0.19 . How do I force the default route to use 192.168.0.22 ?
  before adding route-target import 4000:1
  PE#sh ip route vrf customer 0.0.0.0
  Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path,
  type internal
  Last update from 192.168.0.22 00:14:08 ago
  Routing Descriptor Blocks:
  * 192.168.0.22 (Default-IP-Routing-Table), from 192.168.0.3, 00:14:08 ago
  Route metric is 0, traffic share count is 1
  AS Hops 0
  PE#sh ip bgp vpnv4 vrf customer 0.0.0.0
  BGP routing table entry for 100:239:0.0.0.0/0, version 335256
  Paths: (2 available, best #2, table customer)
  Not advertised to any peer
  Local
  192.168.0.22 (metric 4) from 192.168.0.45 (192.168.0.45)
  Origin incomplete, metric 0, localpref 100, valid, internal
  Extended Community: RT:100:120
  Originator: 192.168.0.50, Cluster list: 192.168.0.45
  Local
  192.168.0.22 (metric 4) from 192.168.0.3 (192.168.0.3)
  Origin incomplete, metric 0, localpref 100, valid, internal, best
  Extended Community: RT:100:120
  Originator: 192.168.0.50, Cluster list: 192.168.0.3
  after adding route-target import 4000:1
  PE#sh ip route vrf customer 0.0.0.0
  Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path,
  type internal
  Last update from 192.168.0.19 00:00:09 ago
  Routing Descriptor Blocks:
  * 192.168.0.19 (Default-IP-Routing-Table), from 192.168.0.3, 00:00:09 ago
  Route metric is 0, traffic share count is 1
  AS Hops 0
  PE#sh ip bgp vpnv4 vrf customer 0.0.0.0
  BGP routing table entry for 100:239:0.0.0.0/0, version 335386
  Paths: (3 available, best #1, table customer)
  Flag: 0x1820
  Not advertised to any peer
  Local, imported path from 4000:1:0.0.0.0/0
  192.168.0.19 (metric 2) from 192.168.0.3 (192.168.0.3)
  Origin incomplete, metric 0, localpref 100, valid, internal, best
  Extended Community: RT:4000:1
  Originator: 192.168.0.19, Cluster list: 192.168.0.3
  Local
  192.168.0.22 (metric 4) from 192.168.0.45 (192.168.0.45)
  Origin incomplete, metric 0, localpref 100, valid, internal
  Extended Community: RT:100:120
  Originator: 192.168.0.50, Cluster list: 192.168.0.45
  Local
  192.168.0.22 (metric 4) from 192.168.0.3 (192.168.0.3)
  Origin incomplete, metric 0, localpref 100, valid, internal
  Extended Community: RT:100:120
  Originator: 192.168.0.50, Cluster list: 192.168.0.3
  thanks in advance.
  maher

  Maher,
  Here's an example:
  router bgp xx
  address-family vpnv4
  nei x.x.x.x route-map localpref in
  ip extcommunity 1 permit rt 4000:1
  route-map localpref permit 10
  match extcommunity 1
  set local-preference 110
  route-map localpref permit 20
  BTW: if the route with RT 4000:1 had a different RD both routes would get imported in the VRF and you could set the local-pref using an import map instead of an inbound route-map on the VPNv4 session.
  Hope this helps,

• ASA 5520 - Can not change default route.

  Hi
  My asa is sitting behind a router the next hop from the ASA to the router is 10.0.0.5 I have tried to change the default route to route DMZ 0 0 10.0.0.5  to no availability right now the default route is (S*   0.0.0.0 0.0.0.0 [1/0] via 172.16.8.20, Outside) but even if I were to do a "no route Outside 0 0 172.16.8.20" the default route does not disappear when I do a "sh route" command. ant help would be greatly appreciated.

  I apologize for not being clear hopefully this helps. Basically the  default route should be: route DMZ 0.0.0.0 0.0.0.0 10.10.10.5, I had to  add a metric of 2 because otherwise it would conflict with the Gateway  of last resort, the interesting part is if I try to remove the current  gateway of last resort then the error I get is  %No matching route to delete and I try to add the new route I get ERROR: Cannot add route entry, conflict with existing routes.
  **"show ip address" output---
  Interface                Name                   IP address      Subnet mask     Method
  GigabitEthernet0/0       Outside               172.22.8.166    255.255.252.0   CONFIG
  GigabitEthernet0/3       DMZ                   10.10.10.16     255.255.255.0   CONFIG
  Management0/0            management      192.168.100.1   255.255.255.0   CONFIG
  GigabitEthernet1/0       Inside                 172.16.0.2      255.255.252.0   CONFIG
  GigabitEthernet1/1       VPN                    X.X.X.X          255.255.255.240 CONFIG
  Current IP Addresses:
  Interface                Name                   IP address      Subnet mask     Method
  GigabitEthernet0/0       Outside               172.22.8.166    255.255.252.0   CONFIG
  GigabitEthernet0/3       DMZ                   10.10.10.16     255.255.255.0   CONFIG
  Management0/0            management      192.168.100.1   255.255.255.0   CONFIG
  GigabitEthernet1/0       Inside                 172.16.0.2      255.255.252.0   CONFIG
  GigabitEthernet1/1       VPN                    X.X.X.X          255.255.255.240 CONFIG
  **"show running-config" output---
  !The DMZ route should be the gateway of last resort
  route DMZ 0.0.0.0 0.0.0.0 10.10.10.5 2
  route Outside 10.0.1.0 255.255.255.252 172.22.8.20 1
  route Outside 10.0.2.0 255.255.255.252 172.22.8.20 1
  route Outside 10.0.4.0 255.255.255.252 172.22.8.20 1
  route Outside 10.0.5.0 255.255.255.240 172.22.8.20 1
  route Outside 10.0.6.0 255.255.255.252 172.22.8.20 1
  route Outside 10.0.25.0 255.255.255.0 172.22.8.20 1
  route Outside 10.0.52.0 255.255.255.0 172.22.8.20 1
  route Inside 172.16.0.0 255.255.252.0 172.16.0.3 1
  route Outside 172.16.6.0 255.255.255.0 172.16.6.1 1
  route Outside 172.22.0.0 255.255.0.0 172.22.8.20 10
  route Outside 192.168.0.0 255.255.255.0 172.22.8.20 255
  route DMZ 192.168.200.0 255.255.255.0 156.108.124.66 1
  **"show route" output ---
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 172.22.8.20 to network 0.0.0.0
  S    172.16.6.0 255.255.255.0 [1/0] via 172.16.6.1, Outside
                                [1/0] via 172.22.8.20, Outside
  C    172.16.0.0 255.255.252.0 is directly connected, Inside
  C    172.22.8.0 255.255.252.0 is directly connected, Outside
  S    172.22.0.0 255.255.0.0 [10/0] via 172.22.8.20, Outside
  D    192.168.4.8 255.255.255.252 [90/2178816] via 172.16.0.3, 66:37:21, Inside
  D    192.168.4.9 255.255.255.255 [90/2178816] via 172.16.0.3, 66:37:21, Inside
  S    10.0.2.0 255.255.255.252 [1/0] via 172.22.8.20, Outside
  D    10.0.0.0 255.255.255.0 [90/3072] via 172.16.0.3, 66:37:21, Inside
  C    10.10.10.0 255.255.255.0 is directly connected, DMZ
  S    10.0.1.0 255.255.255.252 [1/0] via 172.22.8.20, Outside
  S    10.0.6.0 255.255.255.252 [1/0] via 172.22.8.20, Outside
  S    10.0.4.0 255.255.255.252 [1/0] via 172.22.8.20, Outside
  S    10.0.5.0 255.255.255.240 [1/0] via 172.22.8.20, Outside
  S    10.0.25.0 255.255.255.0 [1/0] via 172.22.8.20, Outside
  S    10.0.52.0 255.255.255.0 [1/0] via 172.22.8.20, Outside
  S    192.168.0.0 255.255.255.0
             [255/0] via 172.22.8.20, Outside
  D    192.168.100.0 255.255.255.0 [90/3072] via 172.16.0.3, 66:37:21, Inside
  ! I have tried to remove the route below with the command "no  route Outside 0 0 172.22.8.20" but always get the error %No matching  route to delete
  S*   0.0.0.0 0.0.0.0 [1/0] via 172.22.8.20, Outside

• Where does the default route come from ?

  Dear All 
  As we know, the edge router in client side gets default route from ISP' edge router. Where does the default route come from in ISP? If the ISP edge router has full route table, it produces there. If not, it comes from its upstream router until full routes table(only BGP). Please correct me if I am wrong. Thank you. 

  Hello.
  While establishing BGP with ISP, there are three options for a client:
  > Default route (used in general) - client router forwards every request (for destination route) to ISP router.
  > Full route - ISP router's complete routing table would be received and maintained in client router.
  > Partial route - Only specific route would be received from ISP (Head office - Branch office scenario)
  ISP generate default route from their peering router that should have full routing table or knowledge of the router having it. A local ISP may generate default to their client and have one received from their upstream or global / larger ISP. Hope this helps.

• CSS advertise OSPF default route?

  I have a CSS in one armed mode sitting between the Internet Edge router and PIX firewall.
  The edge router is getting a default route from BGP and distributes that into the Firewall via OSPF.
  The firewall sees the Edge router as the default gateway from the distributed route.
  Would it be possible to have the CSS (through OSPF) get the default route from the Edge router and advertise it to the Firewall?
  The goal is to have the Firewall use the CSS as it's default gateway, rather than the Edge router, but it needs to be a dynamic route.
  In turn the edge router would pass traffic through the CSS to the firewall.
  The CSS would be an intermidiate hop between the router and firewall.
  Is this something that the CSS is capable of doing?
  And from a design perspective, it is something that could be an issue?

  Thanks,
  I did see that document and played with it some last night.
  I think it should work too, but was not sure if it was not reccomended by Cisco or not.
  I have seen they they do not reccomend OSPF or RIP configurations, but I am only concerned with the default route and this would maybe solve the problem of any potential asymetric traffic flow.