How to Influence Routes in OSPF to Take Precedence Over Static Routes
There are environments where the Palo Alto Networks firewall learns routes for a network from both static route and OSPF. This method enables customers to choose the primary route through OSPF and have a backup route to the same network via static route, for redundancy. This document describes how to influence OSPF routing by modifying the administrative distance configuration.
The administrative distance of a static route can be increased so that it becomes the secondary route for the same network. By default, static route has an admin distance of 10 and OSPF Int and OSPF Ext have admin distances of 30 and 110 respectively. To set OSPF to take precedence over the static route, increase the admin distance of the static route accordingly, depending upon the route being an OSPF external or OSPF internal.
The setting for admin distance can be configured by going to Network > Virtual Routers > Static Routes, then select a static route. The Admin Distance field is located in the pop-up dialog that appears:
Use the CLI commands below to verify if the route is on the OSPF LSDB and is present under the firewall's routing table:
- Display OSPF LS database status
> show routing protocol ospf lsdb
- Display OSPF LS database status with all details
> show routing protocol ospf dumplsdb
- Display route entries, and show the active and backup routes for the same network
> show routing route