Skip to content
MikroTik RouterOS Docs

OSPF Route Redistribution and Default Route

OSPF Route Redistribution and Default Route

Section titled “OSPF Route Redistribution and Default Route”

Route redistribution introduces external routes — routes learned from outside OSPF — into the OSPF domain as external LSAs. Redistribution is performed by an autonomous system boundary router (ASBR), which generates Type 5 LSAs (or Type 7 inside NSSAs) that flood throughout the OSPF domain.

RouterOS 7 controls redistribution through two mechanisms on the OSPF instance: the redistribute parameter selects which protocol classes enter the redistribution pipeline, and an out-filter-chain routing filter controls which individual prefixes are accepted and what external attributes they carry.

The ASBR Role

Section titled “The ASBR Role”

Any router that redistributes routes from an external source into OSPF automatically becomes an ASBR. RouterOS assigns this role automatically — there is no explicit ASBR configuration flag. The ASBR originates Type 5 external LSAs that flood into all areas except stubs and totally stubby areas.

An ASBR can also be an ABR (connecting multiple areas). In this case it redistributes external routes into the backbone, and they propagate from there into other areas. An ASBR inside an NSSA generates Type 7 LSAs instead of Type 5; the elected translator ABR converts them to Type 5 for the backbone.

ASBR placement guidelines:

  • Place ASBRs close to the external source (upstream router, BGP peer, or internet edge).
  • Multiple ASBRs advertising the same external prefixes provide redundancy — use metric type 1 so routers choose the topologically closer ASBR.
  • In NSSA branch areas with local internet breakout, the branch ASBR uses Type 7 LSAs; the ABR translates them to Type 5 for the core.

Configuring Redistribution

Section titled “Configuring Redistribution”

The redistribute Parameter

Section titled “The redistribute Parameter”

Set on the OSPF instance. Accepts a comma-separated list of route classes:

ValueRoutes redistributed
connectedDirectly connected interface prefixes
staticStatic routes
bgpRoutes learned from BGP
ripRoutes learned from RIP
vpnVPN routes
dhcpRoutes installed by DHCP client
modemRoutes installed by PPP/modem clients
# Redistribute connected and static routes
/routing ospf instance
set ospf1 redistribute=connected,static


# Redistribute connected and BGP (common on edge ASBRs)
/routing ospf instance
set ospf1 redistribute=connected,bgp

Without an output filter, all routes from the selected classes are redistributed with default metric type 2 and metric 20. This is acceptable for small networks but loses control quickly when redistributing large BGP tables or mixed static routes.

Attaching a Routing Filter

Section titled “Attaching a Routing Filter”

Attach a filter chain via out-filter-chain to select which prefixes are redistributed and set external attributes on each route:

/routing ospf instance
set ospf1 redistribute=connected,static,bgp out-filter-chain=ospf-ext-out

Filter rules are evaluated top-to-bottom. Routes that match no rule are implicitly rejected. Always include an explicit reject at the end to document intent.

/routing filter rule


# Redistribute loopback /32 as type 1 — allows topologically closer ASBR selection
add chain=ospf-ext-out rule="if (protocol connected && dst in 10.255.0.0/24 && dst-len == 32) { \
    set ospf-ext-type type1; set ospf-ext-metric 10; accept }"


# Redistribute LAN infrastructure as type 2 with explicit metric
add chain=ospf-ext-out rule="if (protocol connected && dst in 10.0.0.0/8) { \
    set ospf-ext-type type2; set ospf-ext-metric 20; accept }"


# Redistribute specific static summary routes only
add chain=ospf-ext-out rule="if (protocol static && dst in 172.16.0.0/12 && dst-len <= 20) { \
    set ospf-ext-type type2; set ospf-ext-metric 50; accept }"


# Reject all other routes — explicit, documents intent
add chain=ospf-ext-out rule="reject"

External Metric Types

Section titled “External Metric Types”

OSPF external routes carry one of two metric types, controlling how routers compare the total cost to reach the external destination.

TypeTotal cost formulaBehavior
type2 (default)External metric onlyAll routers compare only the external metric; the internal OSPF cost to reach the ASBR is ignored
type1Internal OSPF cost to ASBR + external metricRouters account for the full path cost, choosing the topologically closer ASBR

When to use type1:

  • Two or more ASBRs advertise the same external prefix with the same external metric.
  • You want routers to prefer the closer ASBR over a distant one.
  • Internal OSPF cost to the ASBR is a meaningful differentiator.

When to use type2:

  • Single ASBR — type1 vs type2 makes no difference.
  • External metric represents a known policy value (ISP preference) that should override topology.
  • You want all routers to treat ASBR distance as irrelevant.
/routing filter rule
# Type 1 — favors closer ASBR when two ASBRs advertise the same prefix
add chain=ospf-ext-out rule="if (protocol bgp && dst in 10.100.0.0/16) { \
    set ospf-ext-type type1; set ospf-ext-metric 100; accept }"


# Type 2 — all routers see equal cost regardless of ASBR location
add chain=ospf-ext-out rule="if (protocol static) { \
    set ospf-ext-type type2; set ospf-ext-metric 200; accept }"

When two ASBRs advertise the same external prefix:

  • Type 2 (same metric): Routers break the tie using the lowest-cost path to the ASBR’s router-id — unpredictable without planning.
  • Type 1: Routers add their internal cost to the ASBR to the external metric, choosing the overall cheaper path automatically.

Redistributing BGP Routes

Section titled “Redistributing BGP Routes”

Redistributing BGP into OSPF injects external IP prefixes into the OSPF domain. Always apply strict prefix-length and prefix-range filters to avoid leaking transit routes, full BGP tables, or the default route unintentionally.

/routing ospf instance
set ospf1 redistribute=connected,bgp out-filter-chain=ospf-ext-out


/routing filter rule
# Redistribute connected loopback as type 1
add chain=ospf-ext-out rule="if (protocol connected && dst-len == 32) { \
    set ospf-ext-type type1; set ospf-ext-metric 10; accept }"


# Accept only customer prefixes from BGP — /24 to /28 within the allocated block
# Never redistribute /0, /8, /16 transit routes
add chain=ospf-ext-out rule="if (protocol bgp && dst in 203.0.113.0/22 && dst-len >= 24 && dst-len <= 28) { \
    set ospf-ext-type type2; set ospf-ext-metric 100; accept }"


# Reject everything else
add chain=ospf-ext-out rule="reject"

Key safety rules for BGP redistribution:

  • Never set redistribute=bgp without an out-filter-chain — unfiltered BGP tables flood the OSPF domain.
  • Explicitly exclude 0.0.0.0/0 in filter rules (handle default route with distribute-default instead).
  • Restrict redistributed prefixes to known customer or aggregate ranges.
  • Set dst-len bounds to prevent leaking overly specific routes from BGP.

Default Route Distribution

Section titled “Default Route Distribution”

The distribute-default parameter on the OSPF instance controls whether the router originates a 0.0.0.0/0 default route into OSPF as an external LSA. This is independent of the redistribute parameter.

ValueBehavior
neverDo not originate a default route (default)
if-installedOriginate only when 0.0.0.0/0 exists in the routing table
alwaysAlways originate regardless of routing table state
if-installed-as-type1Same as if-installed but forces type 1 metric
if-installed-as-type2Same as if-installed but forces type 2 metric
always-as-type1Same as always but forces type 1 metric
always-as-type2Same as always but forces type 2 metric

When to use if-installed

Section titled “When to use if-installed”

The if-installed option is the safest choice for internet edge routers. It originates a default route into OSPF only while the upstream default route is present in the routing table. If the WAN link drops and the default route disappears, the OSPF default is withdrawn automatically — preventing the router from attracting traffic it cannot forward.

# Internet edge router: originate default only while uplink is active
/routing ospf instance
set ospf1 distribute-default=if-installed-as-type2

When to use always

Section titled “When to use always”

Use always on core routers that must provide a default route to the OSPF domain regardless of their own routing table state — for example, a summary or aggregation router that should always attract traffic for forwarding to a next-hop.

# Core aggregation router: always advertise default into OSPF
/routing ospf instance
set ospf1 distribute-default=always-as-type2

Default Route with Metric Type

Section titled “Default Route with Metric Type”

Default routes follow the same type 1 / type 2 rules as other external routes. When multiple ASBRs each originate a default route:

  • Type 2 (same metric): Tie broken by lowest-cost ASBR — can produce asymmetric flows.
  • Type 1: Routers select the default via the closest ASBR, distributing traffic proportionally to topology.
# Two internet edge routers: use type 1 so routers pick the closer exit
# Edge router A
/routing ospf instance
set ospf1-a distribute-default=if-installed-as-type1


# Edge router B
/routing ospf instance
set ospf1-b distribute-default=if-installed-as-type1

Redistribution in NSSA Areas

Section titled “Redistribution in NSSA Areas”

NSSA areas allow redistribution while still reducing external LSA flooding from the rest of the domain. An ASBR inside an NSSA originates Type 7 LSAs (NSSA external) rather than Type 5. Type 7 LSAs stay within the NSSA — the elected translator ABR converts them to Type 5 for advertisement to the backbone and other areas.

NSSA ASBR Configuration

Section titled “NSSA ASBR Configuration”
# Branch router: ASBR inside an NSSA, redistributing its local connected routes
/routing ospf instance
add name=ospf1 version=2 router-id=3.3.3.3 \
    redistribute=connected \
    out-filter-chain=nssa-ext-out


/routing ospf area
add name=nssa-branch area-id=0.0.0.20 instance=ospf1 type=nssa


/routing ospf interface-template
add interfaces=ether1 area=nssa-branch   # link to ABR
add interfaces=ether2 area=nssa-branch passive=yes  # local LAN, redistributed


/routing filter rule
add chain=nssa-ext-out rule="if (protocol connected && dst in 192.168.100.0/24) { \
    set ospf-ext-type type2; set ospf-ext-metric 20; accept }"
add chain=nssa-ext-out rule="reject"

Verifying Type 7 to Type 5 Translation

Section titled “Verifying Type 7 to Type 5 Translation”
# On the ASBR inside the NSSA: verify Type 7 LSAs are originated
/routing ospf lsa print where type=nssa-external


# On the ABR: confirm translation to Type 5 is happening
/routing ospf lsa print where type=external


# On a router in the backbone: external routes should be visible
/ip route print where ospf~"."

If Type 7 LSAs exist in the NSSA but are not translated, either no ABR is elected as translator or the translator ABR has translator-role=never. Force translation explicitly:

/routing ospf area
set nssa-branch translator-role=always

Practical Examples

Section titled “Practical Examples”

Edge Router: Redistribute Connected + Default Route

Section titled “Edge Router: Redistribute Connected + Default Route”

Simple internet edge router redistributing its loopback and originating a default route only while the WAN is up.

/routing ospf instance
add name=ospf1 version=2 router-id=10.255.0.1 \
    redistribute=connected \
    out-filter-chain=edge-out \
    distribute-default=if-installed-as-type2


/routing ospf area
add name=backbone area-id=0.0.0.0 instance=ospf1


/routing ospf interface-template
add interfaces=ether1 area=backbone network-type=point-to-point  # backbone uplink
add interfaces=lo0    area=backbone passive=yes                  # loopback


/routing filter rule
# Redistribute only the loopback /32 — not transit links
add chain=edge-out rule="if (protocol connected && dst-len == 32) { \
    set ospf-ext-type type2; set ospf-ext-metric 10; accept }"
add chain=edge-out rule="reject"

Dual-Exit: Two Internet Edges with Type 1 Default

Section titled “Dual-Exit: Two Internet Edges with Type 1 Default”

Two edge routers each provide internet exit. Type 1 metrics cause internal routers to prefer the closer exit.

           Internet
          /        \
     edge-A       edge-B
     (1.1.1.1)    (2.2.2.2)
       │               │
  backbone OSPF domain
       │               │
   router-X         router-Y

Both edge routers:

/routing ospf instance
set <instance> distribute-default=if-installed-as-type1

With type 1 metrics, router-X (closer to edge-A) routes internet traffic through edge-A; router-Y uses edge-B. If edge-A loses its WAN, it withdraws its default route and router-X automatically fails over to edge-B.

Selective BGP Redistribution

Section titled “Selective BGP Redistribution”

BGP-connected ASBR redistributing a controlled subset of BGP-learned prefixes:

/routing ospf instance
add name=ospf1 version=2 router-id=5.5.5.5 \
    redistribute=connected,bgp \
    out-filter-chain=bgp-into-ospf


/routing filter rule
# Connected loopback only
add chain=bgp-into-ospf rule="if (protocol connected && dst-len == 32) { \
    set ospf-ext-type type1; set ospf-ext-metric 10; accept }"


# Customer BGP aggregates — /22 to /24 in known allocation
add chain=bgp-into-ospf rule="if (protocol bgp && dst in 10.200.0.0/14 && dst-len >= 22 && dst-len <= 24) { \
    set ospf-ext-type type2; set ospf-ext-metric 100; accept }"


# Reject all other BGP routes — including default, transit, and more-specifics
add chain=bgp-into-ospf rule="reject"

Verification

Section titled “Verification”
# Confirm redistribute and filter chain are configured
/routing ospf instance print detail


# List all routing filter rules for redistribution chain
/routing filter rule print where chain=ospf-ext-out


# Show external LSAs in the LSDB (Type 5 = standard; Type 7 = NSSA)
/routing ospf lsa print where type=external
/routing ospf lsa print where type=nssa-external


# Show external LSA detail (metric, metric-type, forwarding address)
/routing ospf lsa print detail where type=external


# Confirm OSPF-learned external routes in routing table
/ip route print where ospf~"."


# Check routes from a specific remote router's perspective
# (run on the remote router)
/ip route print where dst-address=0.0.0.0/0

Troubleshooting

Section titled “Troubleshooting”

External Routes Not Appearing After Redistribution

Section titled “External Routes Not Appearing After Redistribution”

  1. Confirm redistribute is set and includes the correct protocol class:

    /routing ospf instance print detail

  2. Confirm the out-filter-chain name matches and is not empty:

    /routing filter rule print where chain=<your-chain-name>

  3. Temporarily remove the filter to confirm redistribution works without it:

    /routing ospf instance set ospf1 out-filter-chain=""
    /routing ospf lsa print where type=external

    If external LSAs appear now, the filter chain is rejecting the routes. Add a log action to find which rule fires:

    /routing filter rule
    add chain=<chain-name> rule="log ospf-debug; passthrough"
    /log print where topics~"ospf-debug"

  4. If LSAs are present but routes do not reach remote routers, check for stub areas blocking Type 5:

    # On the remote router — check what area it is in
    /routing ospf area print
    # Stub and totally-stubby areas block Type 5 LSAs
    # Use NSSA if redistribution is needed inside that area

Default Route Not Being Distributed

Section titled “Default Route Not Being Distributed”

  1. Check distribute-default value:

    /routing ospf instance print detail

  2. If using if-installed, verify a default route exists in the routing table:

    /ip route print where dst-address=0.0.0.0/0

    If no default is installed (WAN down, DHCP client not connected), no OSPF default will be originated. Switch to always if the router should always originate a default regardless.

  3. Verify the default LSA is present in the LSDB on a remote router:

    /routing ospf lsa print where type=external
    # Look for forwarding-address 0.0.0.0/0

Routing Loop After Redistribution

Section titled “Routing Loop After Redistribution”

Redistributing OSPF routes back into OSPF (e.g., via a static redistribute → BGP → redistribute BGP chain) creates loops. Prevent this by:

  • Using out-filter-chain to explicitly reject routes with OSPF origin.
  • Applying route tagging: set a tag on redistributed routes and filter out tagged routes on re-entry.
/routing filter rule
# Tag routes when redistributing into BGP
add chain=bgp-out rule="if (protocol ospf) { set bgp-communities 65000:100; accept }"


# Block tagged routes when redistributing BGP back into OSPF
add chain=ospf-ext-out rule="if (bgp-communities == 65000:100) { reject }"
Section titled “Related Documentation”
  • OSPF — OSPF fundamentals, LSA types, neighbor states, and authentication
  • OSPF Configuration — Multi-area setup, DR/BDR election, and interface-template configuration
  • OSPF Area Types — Stub, totally stubby, and NSSA area configuration
  • Route Filters — Routing filter rule syntax, matchers, and actions
  • BGP — BGP configuration for redistributing into OSPF