Cisco: OSPF conditional inject of a Default Route

I believe most of you are familiar how OSPF is injecting a default route in a normal area. If not, you can find here all the documentation that you need. Please be familiar with this concept before reading this article.

Now, let’s assume that we have the following topology (click on image to have a more detailed view) :cisco-ospf-conditional-default-route

As you can see we have a BGP peering between PE and CE router, with CE router having and OSPF connection with the Core. CE router is injecting a default route to Core:

router ospf 1
default-information originate always

This configuration is OK, but we can run into the following issue. Imagine that for some reason the BGP peering between PE and CE is broken (e.g. line being down), the CE router will have no clue about this and will still propagate the default route to the Core. In this situation, the Core will still forward all the packets without specific route to CE where it will have no further route to reach the destination, as the CE does not receive any route from the BGP peer. As you can imagine is better to avoid this situation, especially if for some reasons you are not monitoring the connection between PE and CE and you cannot react to change manually the route in case of a failure. We are lucky because some smart engineers have developed a solution to avoid this problem, called Conditional inject of a default route in OSPF.

With this solution, OSPF is monitoring the reachability of the point-to-point IP connection between PE and CE. When OSPF process on CE router notice that the IP connection is not available anymore, it automatically retract the propagation of the default route to the Core. The solution is simple an assume use of  an ACL or prefix-list then match this on a route-map and finally use this route-map under “router ospf” process. For step-by-step configuration check below.

First we will create and ACL matching the IP subnet between PE and CE. In this example I’m using a p2p subnet /30:

access-list 1 permit

Then I will match this into a route-map as follow:

route-map WAN-LINK permit 10
match ip address 1

Finall, we will use this route-map to implement the OSPF conditional injection of default route to Core router ( /30 is the p2p IP subnet between CE and Core):

router ospf 1
network area 0
default-information originate always route-map WAN-LINK

Now, the OSPF process on CE will inject a default route to the Core as long as the IP subnet between CE and PE is reachable.
IMPORTANT NOTE: This solution might not work if your connection from CE to PE is Ethernet and not Serial like in the example. I will explain why on the next post, when I’ll achieve the same behavior but using EEM together with an Ethernet based connection instead of a Serial one.

Please check below to see a small presentation how this is working on a test environment:


Published by


Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

7 thoughts on “Cisco: OSPF conditional inject of a Default Route”

  1. What’s wrong with it?

    I know that in low screen resolutions, it overlaps over the text, but I supposed that this days everybody has a larger screens.

    Anyway, thanks for pointing this out. I’ll try to solve this issue.

  2. Hi, Calin
    Good article on the OSPF injecting of the default route. I am interested in speaking with like minded people when you get this message feel free to email me.

  3. Greetings I recently finished going through through your blog and also I’m very impressed. I truly do have a couple concerns for you personally however. Do you think you’re thinking about doing a follow-up submitting about this? Will you be likely to keep bringing up-to-date too?

    1. Hello Mohammad,

      I think I already replied to you on Cisco NSP list, but I’ll adapt the answer here.

      If you’re testing this with Ethernet (PE – CE) in GNS3 / Dynamips, it will not work.

      If you shutdown the interface on PE, it will not signalize to CE that the link is down, so the interface on CE will always be up.

      With CE interface being always up, the subnet (p2p link, in the example above) will be always in the routing table of CE. As long as the subnet it’s in the routing table the condition is meet and the default route is propagated to Core.

      If you want Ethernet there, you need to shutdown the interface on the CE to prove that it’s working.

Any opinion on this post? Please let me know:

This site uses Akismet to reduce spam. Learn how your comment data is processed.