Unicast IP Routing |
An external route is defined as any route that is not within the OSPF AS. External routes can come from many sources:
External routes are learned and propagated throughout the OSPF AS through one or more ASBRs. The ASBR advertises the availability of external routes using a series of external route LSAs. The external route LSAs are flooded throughout the AS (except in stub areas) and become part of the SPF Tree and routing table calculation. Traffic to external networks is routed within the AS using the least cost path to the ASBR.
Figure 3.21 shows an AS with an ASBR and external routes.
Figure 3.21 OSPF External Routes
By default, OSPF routers acting as ASBRs import and advertise all external routes. You might want to filter out external routes to protect the AS from improper or malicious routing information.
For the Windows 2000 Router, external routes can be filtered on the ASBR by the external route source or by the individual route. You can configure the ASBR to accept or ignore the routes of certain external sources such as routing protocols (RIP v2) or other sources (static routes or SNMP). You can also configure the ASBR to accept or discard specific routes by configuring one or multiple [Destination, Network Mask] pairs.
A combination of these filters configured at the ASBR can ensure that the OSPF AS only receives the correct external routes from the proper sources.
When a router is configured to be an ASBR, it advertises by default all external routes including its own default static route. This default route needs to be valid for all OSPF routers in your AS. An example of an invalid default route is one that points to another router within the OSPF AS. The router used as the default gateway ends up with a default route with the next hop IP address of itself. If this occurs, the packets forwarded using the default route on that router are dropped.
If the default route is not valid for all OSPF routers, it should not be advertised. A valid default route would have the next hop gateway address external to your OSPF AS. This route would only be configured on the router that can directly reach the external network.
There are two ways to avoid this problem: