Archives for posts with tag: default route

This feature is similar to Cisco IPSLA, in that it tracks the reachability of a destination and can remove static routes based on the ping response.

Simple topology with Palo-Alto connected to the internet and using path monitor on the default route. Internal interface peering OSPF with the core router and redistributing the static route but only when the ping responds.











First create the static route
Network -> Virtual Routers -> (router) -> Static Routes -> Add+

Virtual Router - Static Routes

In this scenario the path monitor will ping the opposite side of the link and Google DNS, both must fail for the condition to be met. Interval and count are default (5 pings 3 seconds apart). Once the pings fail, the route will be removed from the routing table. When the router is able to ping the destination after a failure it waits 2 minutes before re-installing the route, this is default preemptive behaviour and can be changed.

Next create a redistribution profile that redistributes your routes, what I found was that if you redistribute ‘’ that means all routes, if you have other routes you don’t want to redistribute just match them with a lower priority and choose ‘No redist

Network -> Virtual Routers -> (router) -> Redistribution Profile -> Add+

Redistribution Profile

Configure OSPF as you normally would with any other device no difference here the usual attributes must match. Area 0 is the same as Area

Next apply the redistribution profile to OSPF and check ‘Allow Redistribute Default Route‘. You have the option to set external type, metric and tag.

Network -> Virtual Routers -> (router) -> OSPF -> Export Rules -> Add+

Export Rules

The Palo-Alto should have formed neighbors with the core router and be redistributing the default route. This can be seen here. Network -> Virtual Routers -> More Runtime Stats. You can also view the routing table here and the forwarding table along with OSPF neighbors etc.

Run Time Stats

Currently the core router receives the route from the Palo-Alto


Next fail the routing on the internet router to see the impact on the path monitoring. The outcome is, the route is withdrawn (debug ip routing)

Route withdrawn

Path Monitor (down)

On the core device you may have a floating static or default route with a higher metric from a different IGP, waiting to take over in the event of a failure to the Palo-Alto.

When routing is restored you can view the preempted route counting down. After the 2 minutes the route is re-instated.

Preempt hold

That’s it, works great.



Advertising a default route in BGP with an alternate default route as backup.

So you have your MPLS WAN and your filtering internet at your main data centre, everything going along nicely until the CE router at your data centre goes hard down, all your users are suddenly wondering why they can’t use Facebook or YouTube anymore!
Advertising a default route is easy but advertising multiple…………… now thats a different story.

You need to find a way of making the backup route less desirable, that way it would only be used if the original was unavailable, so here’s how to do it.

You will at least be familiar with BGP path selection, prefix lists, route-maps

Advertise your default route from your main data centre. Here is a sample config

router bgp xxxxx
neighbor x.x.x.x remote-as xxxxx

In order for BGP to advertise any route it must exist in the routing table so either you use a static route or you’re running a dynamic routing protocol to advertise into your router like EIGRP from your main data centre switch. (I would recommend you use a dynamic routing protocol)
Now that your default route is being advertised this will filter out to the rest of your WAN routers.
So your secondary default route is a little different you still need to advertise this but with some sort of distinguishing feature, the simplest way to do this is to use AS-Prepend this adds on the AS (Autonomous System) number you specify to the advertised route, If you know how BGP Path selection works you will know that BGP will prefer the shortest AS_PATH, regardless of bandwidth or connection type so imagine RIP routing it uses a hop count for route selection it’s the same idea as that. Note. BGP path selection does not solely rely on AS_PATH but for the purposes of this discussion we will assume you are not using WEIGHT, LOCAL_PREF or IGP redistribution.

Firstly you need to create a prefix list to match only the default route

ip prefix-list 10 description Secondary-default
ip prefix-list 10 seq 5 permit

Next thing you want to do is use a route map to tie in the conditions you need to set for the default route.

route-map default-route permit 5
match ip address prefix-list 10
set as-path prepend xxxxx xxxxx xxxxx xxxxx xxxxx
route-map default-route permit 10

Then all that’s left to do is advertise the route map via BGP

router bgp xxxxx
neighbor x.x.x.x remote-as xxxxx
neighbor x.x.x.x route-map default-route out

Again making sure the default route exists in your routing table otherwise it won’t be advertised.

Some commands you might use to confirm your changes will be

sh ip bgp
sh ip bgp
sh ip bgp neighbor x.x.x.x advertised-routes
sh ip route
sh ip route
sh run | inc ip route

Easy as that!

BGP is by far the most versatile and configurable routing protocol I have ever worked with it surprises me every time work with it I learn something new about it.