Val:~$ whoami

I am Val Glinskiy, network engineer specializing in data center networks. TIME magazine selected me as Person of the Year in 2006.

Search This Blog

Saturday, January 14, 2012

IGP: administrative distance per prefix

Routing protocol administrative distance defines route from which protocol will be placed in RIB - lower is better. However, AD can be changed via "distance" command on Cisco routers. The full syntax is:

distance ip-address wildcard-mask  [ip-standard-acl |  ip-extended-acl | access-list-name]

access-list option assumes that AD can be changed per IP subnet. Let's see how it works in RIPv2, EIGRP and OSPF.

I have very simple topology here

R1-------------------R2

Router R1 advertises 2 networks into RIP which we can see on R2:

R2#show ip route rip
R    192.168.200.0/24 [120/1] via 192.168.12.1, 00:00:11, FastEthernet0/0
R    192.168.100.0/24 [120/1] via 192.168.12.1, 00:00:11, FastEthernet0/0


Both routes have administrative distance 120 as it is default for RIP. Let's change AD for 192.168.100.0/24 R2#conf t
R2(config)#access-list 10 permit 192.168.100.0 0.0.0.255
R2(config)#router rip
R2(config-router)#distance 150 192.168.12.1 0.0.0.0 10
R2(config-router)#end

Now, we'll give it some time since RIP is notoriously slow to converge protocol and check

R2#show ip route rip
R    192.168.200.0/24 [120/1] via 192.168.12.1, 00:00:02, FastEthernet0/0
R    192.168.100.0/24 [150/1] via 192.168.12.1, 00:00:02, FastEthernet0/0

As you can see, 192.168.100.0/24 now has administrative distance 150

2. EIGRP
Now I configure EIGRP between my two routers

R2#show ip route eigrp
D    192.168.200.0/24 [90/156160] via 192.168.12.1, 00:00:13, FastEthernet0/0
D    192.168.100.0/24 [90/156160] via 192.168.12.1, 00:00:13, FastEthernet0/0

And repeat:

R2(config)#router eigrp 1
R2(config-router)#distance 150 192.168.12.1 0.0.0.0 10
R2(config-router)#end


Unlike RIP, EIGRP converges almost instantly:
R2#show ip route eigrp
D    192.168.200.0/24 [90/156160] via 192.168.12.1, 00:00:02, FastEthernet0/0
D    192.168.100.0/24 [150/156160] via 192.168.12.1, 00:00:02, FastEthernet0/0

3. OSPF
R2#show ip route ospf
O    192.168.200.0/24 [110/2] via 192.168.12.1, 00:00:17, FastEthernet0/0
O    192.168.100.0/24 [110/2] via 192.168.12.1, 00:00:17, FastEthernet0/0

In case of OSPF IP address in distance command should be router-id of OSPF neighbor from which route is learned.

R2#conf t
R2(config)#router ospf 1
R2(config-router)#distance 150 1.1.1.1 0.0.0.0 10
R2(config-router)#end

R2#sho ip route ospf
O    192.168.200.0/24 [110/2] via 192.168.12.1, 00:02:55, FastEthernet0/0
O    192.168.100.0/24 [150/2] via 192.168.12.1, 00:02:55, FastEthernet0/0

Once again, AD has changed to 150 for 192.168.100.0/24

Let's consider more complex OSPF scenario:


R2 and R3 advertise 192.168.100.0/24 and 192.168.200.0/24 to R4.
R4#sho ip route ospf | begin 192.168.200.0
O    192.168.200.0/24 [110/2] via 192.168.34.3, 00:00:10, FastEthernet0/0
                                [110/2] via 192.168.24.2, 00:00:10, FastEthernet0/1
O    192.168.100.0/24 [110/2] via 192.168.34.3, 00:00:10, FastEthernet0/0
                                [110/2] via 192.168.24.2, 00:00:10, FastEthernet0/1

Both paths are equal and R4 will use both of them by default. Now, for some hard to explain reason we want to use R3 as our primary path to 192.168.100.0/24.  It should be easy, all we need to do is to apply our access-list 10 from above to routes we receive from R2 (OSPF router-id 2.2.2.2):
R4#conf t
R4(config)#router ospf 1
R4(config-router)#distance 150 2.2.2.2 0.0.0.0 10
R4(config-router)#end

We can not use "ip ospf cost" command since it affects all routes coming via that interface. Routing check:

R4#sho ip route ospf | begin 192.168.100.0
O    192.168.100.0/24 [150/2] via 192.168.34.3, 00:15:07, FastEthernet0/0
                                [150/2] via 192.168.24.2, 00:15:07, FastEthernet0/1

Hmm, 192.168.100.0/24 still has AD of 150 for both next hops. What happened? After doing a lot of digging I found this post from Mike Timm. Cisco bug CSCeh44993 prevents modifying administrative distance per route per neighbor in OSPF. Alas, Cisco decided not to fix it and make it a feature.

Wednesday, January 04, 2012

IPexpert puzzle

IPexpert posted  interesting puzzle today. Here is my solution:


R2:
router ospf 1
 router-id 192.168.0.2
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
 default-information originate
R5:
router bgp 5
 no synchronization
 bgp router-id 192.168.0.5
 bgp log-neighbor-changes
 redistribute ospf 1
 neighbor 172.16.45.4 remote-as 4
 neighbor 172.16.45.4 default-originate route-map DEFAULT
 no auto-summary
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map DEFAULT permit 10
 match ip address prefix-list DEFAULT
Now let's head to R4 and check BGP routes:
R4#sho ip route bgp
B    192.168.25.0/24 [20/0] via 172.16.45.5, 00:55:28
     192.168.0.0/32 is subnetted, 2 subnets
B       192.168.0.2 [20/2] via 172.16.45.5, 00:55:28
B       192.168.0.5 [20/0] via 172.16.45.5, 00:55:28
B*   0.0.0.0/0 [20/0] via 172.16.45.5, 00:37:36
I am still trying to find out why OSPF would not redistribute static default route. BGP will not redistribute default route even it's in source protocol routing table. It must be loop prevention mechanism, but I can not come up with a scenario when redistributing default route as oppose to originating it can cause routing loop. Especially in OSPF, where "default-information originate" creates Type5 LSA - same type as "redistribute" command would have created:
R2#sho ip ospf database | begin Type-5
                Type-5 AS External Link States
Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         192.168.0.2     391         0x80000003 0x001F26 1