Val:~$ whoami

I am Val Glinskiy, network engineer specializing in data center networks. TIME magazine selected me as Person of the Year in 2006.

Search This Blog

Saturday, January 14, 2012

IGP: administrative distance per prefix

Routing protocol administrative distance defines route from which protocol will be placed in RIB - lower is better. However, AD can be changed via "distance" command on Cisco routers. The full syntax is:

distance ip-address wildcard-mask  [ip-standard-acl |  ip-extended-acl | access-list-name]

access-list option assumes that AD can be changed per IP subnet. Let's see how it works in RIPv2, EIGRP and OSPF.

I have very simple topology here


Router R1 advertises 2 networks into RIP which we can see on R2:

R2#show ip route rip
R [120/1] via, 00:00:11, FastEthernet0/0
R [120/1] via, 00:00:11, FastEthernet0/0

Both routes have administrative distance 120 as it is default for RIP. Let's change AD for R2#conf t
R2(config)#access-list 10 permit
R2(config)#router rip
R2(config-router)#distance 150 10

Now, we'll give it some time since RIP is notoriously slow to converge protocol and check

R2#show ip route rip
R [120/1] via, 00:00:02, FastEthernet0/0
R [150/1] via, 00:00:02, FastEthernet0/0

As you can see, now has administrative distance 150

Now I configure EIGRP between my two routers

R2#show ip route eigrp
D [90/156160] via, 00:00:13, FastEthernet0/0
D [90/156160] via, 00:00:13, FastEthernet0/0

And repeat:

R2(config)#router eigrp 1
R2(config-router)#distance 150 10

Unlike RIP, EIGRP converges almost instantly:
R2#show ip route eigrp
D [90/156160] via, 00:00:02, FastEthernet0/0
D [150/156160] via, 00:00:02, FastEthernet0/0

R2#show ip route ospf
O [110/2] via, 00:00:17, FastEthernet0/0
O [110/2] via, 00:00:17, FastEthernet0/0

In case of OSPF IP address in distance command should be router-id of OSPF neighbor from which route is learned.

R2#conf t
R2(config)#router ospf 1
R2(config-router)#distance 150 10

R2#sho ip route ospf
O [110/2] via, 00:02:55, FastEthernet0/0
O [150/2] via, 00:02:55, FastEthernet0/0

Once again, AD has changed to 150 for

Let's consider more complex OSPF scenario:

R2 and R3 advertise and to R4.
R4#sho ip route ospf | begin
O [110/2] via, 00:00:10, FastEthernet0/0
                                [110/2] via, 00:00:10, FastEthernet0/1
O [110/2] via, 00:00:10, FastEthernet0/0
                                [110/2] via, 00:00:10, FastEthernet0/1

Both paths are equal and R4 will use both of them by default. Now, for some hard to explain reason we want to use R3 as our primary path to  It should be easy, all we need to do is to apply our access-list 10 from above to routes we receive from R2 (OSPF router-id
R4#conf t
R4(config)#router ospf 1
R4(config-router)#distance 150 10

We can not use "ip ospf cost" command since it affects all routes coming via that interface. Routing check:

R4#sho ip route ospf | begin
O [150/2] via, 00:15:07, FastEthernet0/0
                                [150/2] via, 00:15:07, FastEthernet0/1

Hmm, still has AD of 150 for both next hops. What happened? After doing a lot of digging I found this post from Mike Timm. Cisco bug CSCeh44993 prevents modifying administrative distance per route per neighbor in OSPF. Alas, Cisco decided not to fix it and make it a feature.

Wednesday, January 04, 2012

IPexpert puzzle

IPexpert posted  interesting puzzle today. Here is my solution:

router ospf 1
 network area 0
 default-information originate
router bgp 5
 no synchronization
 bgp router-id
 bgp log-neighbor-changes
 redistribute ospf 1
 neighbor remote-as 4
 neighbor default-originate route-map DEFAULT
 no auto-summary
ip prefix-list DEFAULT seq 5 permit
route-map DEFAULT permit 10
 match ip address prefix-list DEFAULT
Now let's head to R4 and check BGP routes:
R4#sho ip route bgp
B [20/0] via, 00:55:28 is subnetted, 2 subnets
B [20/2] via, 00:55:28
B [20/0] via, 00:55:28
B* [20/0] via, 00:37:36
I am still trying to find out why OSPF would not redistribute static default route. BGP will not redistribute default route even it's in source protocol routing table. It must be loop prevention mechanism, but I can not come up with a scenario when redistributing default route as oppose to originating it can cause routing loop. Especially in OSPF, where "default-information originate" creates Type5 LSA - same type as "redistribute" command would have created:
R2#sho ip ospf database | begin Type-5
                Type-5 AS External Link States
Link ID         ADV Router      Age         Seq#       Checksum Tag     391         0x80000003 0x001F26 1