Inject BGP Default Routes into Multiple VRF before Best Path Selection

Similar Messages

• Injecting Global default Routes into a MPLS VPN

  Hi,
  I have a PE router running MPBGP which receives two default routes to the internet through an IPV4 BGP session. I need to import these routes in to a VRF and export them to different customer VRFs so that these VRFs are able to access Internet.
  I have used the feature called "BGP Support for IP Prefix Import from Global Table into a VRF Table" (URL:http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html#wp1063870)
  and imported these routes into a VRF.
  The issue is these routes are not propagated to any of the other PE routers which has customer VRFs configured.
  Has anybody tried this or a similar method to inject a dynamic default route into a MPLS VPN.
  Any suggestions would be highly appreciated.
  Thanks
  Subhash

  Hi Subhash,
  is there anything preventing you from terminating your internet BGP sessions in a VRF? Then everything should go smoothly, i.e. standard VRF import/export.
  So possibility A) create a VRF Internet, move bgp neighbor commands there and use filters preventing anything but the default route, then use route targets to distribute the default route into other VRFs.
  Possibility B) use static routing with packet leaking. Could look like this:
  ip route vrf Internet 0.0.0.0 0.0.0.0 global
  ip route vrf Internet 0.0.0.0 0.0.0.0 global 250
  ip route Serial0/0 !assuming this is where the customer router connects.
  Note: the BGP peer IP does not have to be directly connected! There has to be a LDP label for it though. so include your BGP peers network into your IGP and the backup will work, when you loose the link to the peer.
  Hope this helps! Please rate all posts.
  Regards, Martin

• How do I inject a static default route into vrf

  Could anybody give me any advise on injecting a static default route into vrf.
  The static route is to the internet, I can't enable vrf forwading on the fa interface as other users also use this internet connection.
  I am configuring a 7206 VXR 12.3(26) and have attached a copy of the config
  Any help gratefully received

  Hi
  I think you have to specify the route as this
  ip route vrf delegate_wireless fa0/0 0.0.0.0 0.0.0.0 194.154.168.1 global
  it tells the router to to use a next hop that is not part of the vrf.
  Also, don't forget that the return traffic has to be routed out to the vrf.
  Something like this.
  ip route a.b.c.d tu1 10.252.254.2
  /Mikael

• Using ACE RHI to inject a default route

  I think I posted this onto the wrong Forum. Anyone able to advise here?
  SteveK.
  Posted by: stevek1 - Network Administrator, Dept Natural Resources and Mines
  Apr 18, 2008, 12:04am PST
  Hi Folks,
  I need to provide internal devices with active-active access to our clustered firewall which sits across 2 data centres.
  I need to allow internal hosts to reach external/unknown networks via a default route.
  We have ACE modules in our internal network aggregation 6513s at each site.
  I aim to achieve this using RHI...ie...device at site 1 reaches the internet via firewall at site 1, device at site 2 reaches internet via firewall at site 2 (due to better route). If the firewall is inaccessible from site 2, ACE at site 2 removes the route from the MSFC using RHI and site 2 device traffic is re-routed to the site 1 exit point.
  Has anyone out there done this before?
  Regards, Steve.
  | Outline | Subscribe | E-Mail this Message
  Replied by: stevek1 - Network Administrator, Dept Natural Resources and Mines - Apr 20, 2008, 6:48pm PST
  Hi Folks,
  It's Steve here again. I haven't had a response to my query as yet, but basically I need to know the validity of using ACE RHI to inject a default route as opposed to a host route.
  Can anyone please advise?
  Best Wishes, Steve.

  Thanks so much for your response Zahoor.
  The solution you have provided is more complicated than I had in mind. For example we had not intended using FWSM (we don't have these modules). I just want to use our existing ACEs at each Data Centre to provide the injection of a default route to our internal EIGRP process based on the result of a probe to our Checkpoint FW. What do you think?
  Steve.

• Metrics when redistributing a static default route into EIGRP?

  I saw a network working with EIGRP and resdistributing a static default route into it. I did not find the "default metrics" to redistribute into EIGRP but the static default route works and is redistributed. My understanding was that everytime you redistribute into EIGRP you needed to specify the metrics. How come this network is working? Can someone explain or point to a cisco document what explains it?
  Sample of the config:
  router eigrp 1
  redistribute static
  no autosummary
  network Y.Y.Y.Y
  ip route 0.0.0.0 0.0.0.0 X.X.X.X
  Thank you,

  It's just one of those specific things about EIGRP and IOS, maybe a design choice. If they do use the interface as the seed metric then that would help explain why it's that way.
  Weirdly if you are using EIGRP VRF address family configuration on IOS and you redistribute statics you do need a metric.
  And I believe NXOS running on Nexus switches also needs a metric defined.
  Just one of those things you have to remember but it would be good if it was consistent.
  Jon

• Bgp default route-target filter

  Hi folks,
  how that command works, and why it don't need to be configured on an ASBR that is functioning as RR?
  Thank you very much for your support
  Regards
  Andrea

  By default, a cisco router will filter out prefixes that contain a route-target that is not use locally on that router.
  This check is disabled when you configure a route-reflector-client, since the client may need one of those routes.
  On an ASBR that IS already a RR, you don't need to mess with this command because the rt filter check is already turned off.
  However, if your ASBR is not a RR ( or doesn't have a particular VPN configured locally) and you need to advertise VPN prefixes to another AS, then you need to turn this check off or the ASBR will filter out the prefixes when they are received from its internal peers, so it will not have them to advertise to another else. In this case, you would do a "no bgp default route-target filter" on the ASBR so the routes are accepted even though they will not be used locally.
  HTH
  -Rob

• Windows boot manager boots almost fully into windows 8 before letting me select windows 7, at which point it reboots my computer

  Hi,
  I haven't used my slow HDD with windows 7 on it in a while, but today my SDD with windows 8 on it died. I have kept my old OS in a dual boot setup exactly for this rare possibility. I in fact successfully revived my SSD from windows 7.
  During the restore procedure I had to boot into both OSes (7 and 8) several times before I managed to get 8 working. I tried a lot of things before one of them struck. (Is that how the phrase goes?
  Me Hungary, no good speak English some times...) I am surprised to have found the following unexpected behavior of the new windows 8 branded boot loader:
  The new windows boot manager boots almost fully into windows 8 before letting me select an OS.
  If I select windows 7, it reboots my computer and loads windows 7, wasting a lot of time... on the windows 8 portion of the boot process, which is simply thrown away if I happen need windows 7 and not 8.
  "This is highly inefficient!" — I almost exclaimed aloud... A boot manager should load just enough of itself so that a simple OS selection menu can be presented to the user with minimal keyboard interaction. Only when a selection is made should
  it load an OS. I have no use for the new boot manager's mouse control support, and having it appear on the second screen in my dual screen setup is just plain scary. Use the main laptop monitor where the BIOS messages were displaying, and keep the secondary
  off until the OS is done booting! By the time my secondary screen turns on, the boot selection menu disappears anyway.
  Yes, I only noticed this problem now because I haven't booted into windows 7 for a long time. (300 MB worth of Windows updates were waiting for me indeed.) My boot selection menu timeout is set to 3 seconds instead of 30 so I don't have to pick windows 8
  every time.
  I am going to wait at least a week for the forum's input before I switch on my own to a faster, minimalist boot manager. I don't know what to use, I'm familiar with:
  some minimalist bootstrap loaders
  coreboot/linuxbios (recently learned of it)
  bootcamp (not really)
  acronis OS selector (discontinued before windows 8 came out, probably doesn't support it)
  syslinux/isolinux (Linux only, I think)
  old Windows bootmgr
  more recent Windows ntldr
  then this new "inefficient for dual booting" Windows 8 boot manager
  and finally grub
  Grub feels like the best option as it keeps the windows boot manager intact and supports mac, windows, and linux. All 3 of which will at one point — or has already — come up as a subject or prerequisite in my university.
  I don't know how or why I was able to access windows 8's boot loader while my SSD was dead. Was it installed on the HDD, overwriting the windows 7 boot loader? That too is inefficient. I want to completely boot from my SSD. Don't spin up my HDD while I'm
  booting my laptop on the go! The shaking of the vehicle I'm in could seriously damage the disk if I run into a pothole (common in my country) with just the right timing, data could be damaged. The entire reason windows 8 is on an SSD is so that it can boot
  without accessing my HDD with all its moving parts. My goal with buying an SSD was for the HDD to remain safely offline while I'm in a shaky environment with potholes! Also, what if I want to disconnect the old HDD in the future... Or what if it dies? Will
  the windows 8 boot loader die with windows 7? I want the two kept separately and completely independent from each other for exactly this reason.
  In summary:
  How can I stop windows 8 from almost fully booting before offering the dual boot OS selection menu? Do I need a better Boot loader?
  Why was the boot loader that came with windows 8 still working OK while the SSD with windows 8 on it wasn't accessible? Did it sneak its way onto the old HDD? I want a 100% SSD-based boot process. What is the boot loader doing on a different drive? Its
  place is on the SSD, with the operating system it belongs to. Not on the HDD of a different OS. Can I move it?
  Sincerely,
  Daniel "3ICE" Berezvai
  p.s.: For windows 7 I only have a repair disk and hidden RECOVERY partition which I kept (came with the laptop, would rather not use it.) The Windows 8 pro DVD (purchased last year) is fine, but I had it moved to a bootable pendrive so I could remove my
  optical drive and replace it with an SSD on which windows 8 is installed now. (I also have a vista ultimate DVD, as they were giving them away for free on a Microsoft conference. Funny story.)
  p.p.s.: I am subscribed (☑ Alert me) to this topic and will respond to all questions and try all recommended actions right away.
  http://3ice.hu/

  Hi,
  Thank you for your post.
  From your description, I see the issue you are facing is there is no menu to choose OS when booting dual boot(Windows 7 & Windows 8). Please let me know if I have misunderstood anything.
  It seems that the Windows 7 entry is missing, currently, we can use a tool –
  EasyBCD to get it back. After downloading it, choose the Add/Edit panel item, select the OS you're missing and let the program detect it. Then simply click the Add button to add the missing OS entry.
  At the meantime, here is a related link which demonstrates how to keep Windows 7 as the default OS in dual boot, you may use it for a reference.
  How to Dual-Boot Windows 8 While Keeping Windows 7 As Your Default OS
  http://blog.laptopmag.com/how-to-dual-boot-windows-8-while-keeping-windows-7-as-your-default-os
  [Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy
  of this information.]
  Regarding your second questions in your first post, you can refer to the following link to know more about dual boot.
  Dual
  Booting Explained: How You Can Have Multiple Operating Systems on Your Computer
  http://www.howtogeek.com/187789/dual-booting-explained-how-you-can-have-multiple-operating-systems-on-your-computer/
  [Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy
  of this information.]
  Hopefully the information is helpful. Please let me know if you have any questions. Thanks for your time.
  Best Regards,
  Sophia Sun
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• BGP Session drops when loading routes into a VRF

  I've configured a small MPLS network with 4 P routers (ASR 1002s) 4 PE routers (6509s) and two Cisco 7206s as route reflectors.  I'm using OSPF as the routing protocol on the PE-CE interfaces and have sham links configured between PE routers.  I currently have two VRFs configured on this network, one is working fine, and there are approximately 150 routes in this VRF. 
  The second vrf is configured, it also has ospf sham links configured, neighbors up, etc.
  The problem I have is that when I bring up the first PE-CE link and load about 7000 routes into the second vrf my BGP sessions between the other PEs and route-reflectors start timing out.  I do show the vpnv4 routes show up in the route-reflectors "sh ip bgp vpnv4 rd 14017:2" I believe the debug outputs below indicate the issue is in the route-reflectors, but was curious if anyone else had seen this issue.  The BGP peering IP address for one of the route-reflectors is 10.2.0.7 and one of the session dropping PEs is 10.2.0.13.
  Normal output from "unloaded" debug ip bgp vpnv4 unicast keepalives:
  Route-reflector output:
  May 16 09:35:31   2329: May 16 09:35:30.718 CDT: BGP: ses global 10.2.0.13 (0xA0519C0:1) Keep alive timer fired.
  May 16 09:35:31   2330: May 16 09:35:30.718 CDT: BGP: 10.2.0.13 KEEPALIVE requested (bgp_keepalive_timer_expired)
  May 16 09:35:31   2331: May 16 09:35:30.718 CDT: BGP: ses global 10.2.0.13 (0xA0519C0:1) service keepalive IO request.
  May 16 09:35:31   2332: May 16 09:35:30.718 CDT: BGP: 10.2.0.13 KEEPALIVE write request serviced in BGP_IO
  PE output:
  May 16 09:35:38.421 CDT: BGP: 10.2.0.7 KEEPALIVE requested (bgp_keepalive_timer_expired)
  May 16 09:35:38.421 CDT: BGP: 10.2.0.7 KEEPALIVE sent
  Route-reflector output:
  May 16 09:35:39   2341: May 16 09:35:38.427 CDT: BGP: 10.2.0.13 received KEEPALIVE, length (excl. header) 0
  Same output but during a "loaded" condition:
  Route-reflector output:
  May 15 20:41:31   774: May 15 20:41:31.015 CDT: BGP: ses global 10.2.0.13 (0xA091324:1) Keep alive timer fired.
  May 15 20:41:31   775: May 15 20:41:31.015 CDT: BGP: 10.2.0.13 KEEPALIVE requested (bgp_keepalive_timer_expired)
  May 15 20:41:31   778: May 15 20:41:31.015 CDT: BGP: ses global 10.2.0.13 (0xA091324:1) service keepalive IO request.
  May 15 20:42:29   793: May 15 20:42:28.363 CDT: BGP: ses global 10.2.0.13 (0xA091324:1) Keep alive timer fired.
  May 15 20:42:29   794: May 15 20:42:28.363 CDT: BGP: 10.2.0.13 KEEPALIVE requested (bgp_keepalive_timer_expired)
  May 15 20:43:23   805: May 15 20:43:22.638 CDT: BGP: ses global 10.2.0.13 (0xA091324:1) Keep alive timer fired.
  May 15 20:43:23   806: May 15 20:43:22.638 CDT: BGP: 10.2.0.13 KEEPALIVE requested (bgp_keepalive_timer_expired)
  May 15 20:43:33   813: May 15 20:43:33.934 CDT: %BGP-3-NOTIFICATION: received from neighbor 10.2.0.13 4/0 (hold time expired) 0 bytes
  PE output:
  May 15 20:43:33.927 CDT: %BGP-3-NOTIFICATION: sent to neighbor 10.2.0.7 4/0 (hold time expired) 0 bytes
  May 15 20:43:33.927 CDT: %BGP-5-ADJCHANGE: neighbor 10.2.0.7 Down BGP Notification sent
  Route-reflector output:
  May 15 20:43:34   814: May 15 20:43:33.934 CDT: %BGP-5-ADJCHANGE: neighbor 10.2.0.13 Down BGP Notification received
  It appears to me that we are missing "BGP: 10.2.0.13 KEEPALIVE write request serviced in BGP_IO"
  For full disclosure there are other BGP keep-alive events going on to the other PEs at this time, some passing, some failing.
  route-reflector info:
  route-reflector1#sh inv
  NAME: "Chassis", DESCR: "Cisco 7206VXR, 6-slot chassis"
  PID: CISCO7206VXR      , VID:    , SN: 37050753
  NAME: "NPE-G2 0", DESCR: "Cisco 7200 Series Network Processing Engine NPE-G2"
  PID: NPE-G2            , VID: V03 , SN: JAF1410AADM
  NAME: "disk2", DESCR: "256MB Compact Flash Disk for NPE-G2"
  PID: MEM-NPE-G2-FLD256 , VID:    , SN:
  NAME: "Power Supply 1", DESCR: "Cisco 7200 AC Power Supply"
  PID: PWR-7200-AC       , VID:    , SN:
  NAME: "Power Supply 2", DESCR: "Cisco 7200 AC Power Supply"
  PID: PWR-7200-AC       , VID:    , SN:
  route-reflector1#sh ver
  Cisco IOS Software, 7200 Software (C7200P-ADVIPSERVICESK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 04-Sep-12 19:41 by prod_rel_team
  ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
  BOOTLDR: Cisco IOS Software, 7200 Software (C7200P-BOOT-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
  route-reflector1 uptime is 15 weeks, 20 hours, 43 minutes
  System returned to ROM by reload at 11:03:48 UTC Thu Jan 31 2013
  System restarted at 12:37:52 CST Thu Jan 31 2013
  System image file is "disk2:c7200p-advipservicesk9-mz.151-4.M5.bin"
  Any thoughts on this problem would be greatly appreciated.

  Hi again,
  did you check this?
  http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008010a28a.shtml
  I honestly do not remember the defaults in Cisco but I had a very similar issue working with Juniper because of this value was set @ about 4500 prefixes at once.
  Take care
  Alessio
  Sent from Cisco Technical Support iPad App

• BGP default route advertisement - change preference

  hi guys,
  I would appreciate some assistance here. We have a primary head office & a DR site. Routers at both sites connect to our carrier for an IP VPN service using BGP. BGP configs on each router advertise a default route 0.0.0.0.
     #sh ip bgp neighbors x.x.x.x advertised-routes
        BGP table version is 358, local router ID is x.x.x.x
        Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
        Origin codes: i - IGP, e - EGP, ? - incomplete
        Originating default network 0.0.0.0
  Issue is, some of our remote sites prefer the DR router path for traffic destined to internet.
  We are advertising multiple default routes to our carrier, and based on feedback from carrier, route with lowest MED is preferred.
  This brings me to what i need to change from my side. Need to change the route preference so that from our remote offices, only the route to head office is preferred with DR site the least preferred route. I know there are multliple ways of doing this, however keen to get input from the experts out there.
  DR site router has this BGP config currently applied:
     router bgp XXXXX
      bgp log-neighbor-changes
      redistribute connected
      redistribute ospf 1 match internal external 1 external 2
      neighbor x.x.x.x remote-as XXXX
      neighbor x.x.x.x default-originate
      neighbor x.x.x.x soft-reconfiguration inbound
      neighbor x.x.x.x route-map IMPORT-POLICY in
      neighbor x.x.x.x route-map OPI-route-advertisement out
      default-information originate
  Removing the  "neighbor x.x.x.x default-originate" is not an option, as we need to have the ability to failover to DR at any point.
  Thanks in advance & if you need any further info pls advise.
  Rama

  Hi Milan,
  Thanks. Answers below:
  Does it provide an MPLS backbone to you? YES
  Are you using the same AS number on all your sites or different ones? Same AS
  Any way, what about advertising the default route from your DR site with the site AS number prepended several times (5 times, e.g.)? That's the thing I am struggling to understand as the route-map OPI-route-advertisement already has it prepended 2 times. Shouldn't that be enough to influence which route is least preferred?
  route-map OPI-route-advertisement permit 20
   match ip address prefix-list xxx default-route
   set as-path prepend XXXXX XXXXX
  If your provider would permit that and hasn't configured his routers to ignore the AS_PATH length (as him a question), it should make the default route advertised from your DR less preferred within your backbone. Will ask.
  Given this, any other thoughts/questions?
  Thanks, Rama

• ASR 1002 Router doing multiple VRFs

  I have an ASR 1002 router with Three VRFs coming into it. The first 2 VRFs are just terminating on the ASR with L3 sub interfaces. So no big deal with them. The third one is a VRF that needs to terminate on a separate router. The ASR that needs to split out this 3rd VRF is not allowed to have an IP address for it. So it just needs to forward off this as L2 to a separate physical port and then terminates on a different router. 
  So my question is what is the best way to accomplish this on the ASR? Could I setup a pseudo wire setup or is there an easier way to just split off this as separate VLAN to the other physical interface? 

  Hi
  You could try with bridging. Something like this
  Interface bvi 1
  no ip address
  interface gig0
  bridge-gropup 1
  interface gig1
  bridge-group 1
  /Mikael

• BGP Best Path Selection Algorithm

  How is the administrative distance positioned in the bgp route decision ?
  i.e If a route is learned from iBGP with higher "local prefernece" and eBGP with lower "local prefernece" - which path will be installed in the routing table
  the path learned from eBGP or the path with higer local prefernce ?

  For your scenario the path with the higher local pref will be installed in the routing table althogh its ibgp.
  if a router recieves the same prefix from 2 neighbors 1 from ibgp and the other from ebgp
  the router will compare them with the bgp path selection algorithm
  the one that wins will be installed in the routing table with the admin distance of the kind of route it is so if the ibgp route won the path selection you will see in the routing table the admin distance of 200,if the ebgp route won you'll see 20 in the admin distance.
  so remember the ibgp/ebgp comparision is the 9th in the path selection algorithm so an ibgp route can win the path selection by (local pref weight....)
  and if the ibgp won then you'll see the ibgp admin dstance in your routing tables.

• Management to VRF Interface on 1841 relying on default route

  I couldn't find this in any of the bug lists, has anyone come across this scenario before:
  I have an 1841 router, running: c1841-advipservicesk9-mz.124-25f
  This router has multiple loopbacks in different VRFs, loopback 0 is in the global context, loopback 1 is in the "ADMIN" VRF (there are multiple other VRFs, but there is nothing special or unique in the config between them, so I'll just stick with loop1, the behaviour is the same for all VRFs)
  The routing table contains an all-zeros route:
  show ip route vrf ADMIN
  Routing Table: ADMIN
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is 10.254.144.13 to network 0.0.0.0
       10.0.0.0/8 is variably subnetted, 330 subnets, 7 masks
  B       10.254.156.104/30 [20/0] via 10.254.144.13, 3d23h
  [etc etc]
  10.254.144.13 is the next hop for all networks in the ADMIN VRF, this router is not dual attached.
  My PC sits behind a firewall outside the MPLS network, the VRFs in the MPLS network rely on a default all-zeros route into the firewall - hence there is not specific route for the subnet my PC is on.
  From my PC, I can ping the Loopback1 address, however I cannot get to any management services (ssh, telnet, http or https) via loopback1. When I add a static route for my PC (/32) (or for the entire 10.0.0.0/8 network - which is my current work around), I can then ssh or telnet etc to Loopback1.
  Loopback0 (in the global context) works fine regardless of if it's relying on the all zeros route or not.
  Anyone seen this before? It appears to be a bug in the IOS that management services do not look at the default route within a VRF?

  You can generate a default route with the following command:
  neighbor 1 default-originate
  and you need to have a default route in the routing table. This will get the PE to generate a default route to the CE.

• Introduce second default gateway into policy-based routing and optimization

  Questions:
  1) How to get the second PBR_DEFAULT_GATEWAY address 10.20.20.3 into the policy-based routing for redundancy?
  2) Any optimizations as more and more traffic (policy-based routed and otherwise) goes through interface Gi1/0/1?
  Address range A.B.0.0/16 represents assigned Internet-routable addresses.
  Network also uses 10.0.0.0/8, 172.16.0.0/20, 192.168.0.0/16.
  DEFAULT_GATEWAY router participates in OSPF and injects the default routes 0.0.0.0/0 10.10.10.1 and 0.0.0.0/0 10.20.20.1 into OSPF.
  PBR_DEFAULT_GATEWAY router participates in OSPF but filters out default routes injected by DEFAULT_GATEWAY router.
  ROUTER_A participates in OSPF and receives default routes injected by DEFAULT_GATEWAY router.
  ROUTER_A contains the attached policy-routing configuration that allows the subnet A.B.30.0/24 to route anywhere on the network and uses PBR_DEFAULT_GATEWAY as the way out.

  Ok I will see if I can run out to work and try this today..
  After thinking about this, If I need to get to local ip addresses (192.168.1.0 and 192.168.128.0), I might have to change my route map to include those ranges in an ACL, then assign the 172.20.200.1 as the gateway to get to those networks, with the last statement being the traffic to be sent out the firewall
  for instance
  # Access to one of my local networks
  access-list 101 permit ip 172.20.200.0 0.0.0.255 192.168.1.0 0.0.0.255
  # Send Internet traffic to ASA/PIX
  access-list 172 permit ip 172.20.200.0 0.0.0.255 any
  route-map pix-172-20-200 permit 10
  match ip address 101
  set ip next-hop 172.20.200.1
  route-map pix-172-20-200 permit 20
  match ip address 172
  set ip next-hop 172.20.200.2
  and so on?
  I know I need to be in front of my switch to test the change from set ip default next-hop to set ip next-hop...
  I wantto make sure I can still get to the local networks I need to get to.
  I appreciate all your help, and I will test this later on today..
  Thanks
  Don Hickey

• Modify the preference value of the default route

  Hi
  How to achieve the Below ? any configuration example?
  1)How to modify the preference value of the default route to be less prefered than OSPF External route
  2)how to redistribute the default route as type 2 external route
  3)how to redistribute the default route as type 1 external route
  thanks

  Hi Ibrahim,
  See below:
  1) Can you elaborate on this a bit? Can you explain, specifically, what your trying to accomplish? I don't think you can get a default route into the OSPF RIB that is not external as the default is injected as a Type-5 LSA (e1 or e2). If your talking about getting a router to use the OSPF learned default over the default router learned via some other source (e.g. static, BGP, etc), then it depends on the source because of the Administrative Distance when comparing the two defaults ( the one default learned via OSPF has AD=110, and the other default is AD=X, where X is the Administrative Distance assigned to the protocol).
  2) Use the "default-information originate metric-type 2" command under "router ospf" -- Note this is the default
  3) Use the "default-information originate metric-type 1" command under "router ospf" -- Note, you don't need this in Totally Stubby Area.
  4) For NSSA area you have to use the "area nssa <area_num> default information-originate metric-type <type>" router subcommand. Note your NSSA should have a Type-7 LSA for the default route
  Rate if helpful.
  Joe

• Distribution of default route of four different ISP in a WAN MPLS

  We´ve a MPLS Network, there is a vrf, the Green vrf, in wich are the users, now we are going to have four connections to internet in each one we are going to be receiving the default route, but we want to control the use of that connections, so if you are an user in one PE your default route must be provided depending on the region in wich you are. We´ve route reflectors.
  How can we make the distribution of the default route depending of the region in wich the user is, such that the PE_11 gets his default route from the PE_ 1 and not from the PE_3, and the users in the PE_13 gets his default route from the PE_3 and not from the PE_5.
  If we put the four defaults route in the vrf green an let bgp works, the route reflectors are going to distribute de best route that they learn, so will be only one ”best” default route out of the four we are having, and we need to balance the traffic.
  How can we solve this?
  The equipment involved is 7613 with IOS 12.2(33)SRD3

  Hello.
  If your PE_1, PE_5, PE_6 and PE_3 use different RD for the vrf, RR would reflect all the "default gateways" as they are different in terms of VPNV4 prefix.
  So, now you need a solution to prefer one PE over another. The best would be to use communities, like:
   PE_1 - injects 1:1
   PE_3 - injects 1:3
   PE_5 - injects 1:5
   PE_6 - injects 1:6
  Now regions could have following routing policy:
   if community matches 1:1 then
     set local-pref 140
   elseif community matches 1:3 then
    set local-pref 130
  Per region you would assign high LP for "closer" exit-point.
  Now you have typical configuration per region and failover mechanism between them all.