Administrative Distance, prefix length, metric… Who is the winner?


  • The Concept
  • Procedural tasks
  • Result table
  • Conclusion

The concept

The idea of the lab is to test the RIB best route election criteria of a border router. To do so, four overlapping subnets are configured in different parts of the network and available to a border router through different routing protocols. One of them is directly connected.

All prefixes are made available and reachable in the same time to see who is going to be elected as best route, then remove the winner from the competition by making the corresponding path unavailable and iterate the selection process until the last path.

One directly connected segment and three routing protocols, so four administrative distances: directly connected (AD=0), RIP(AD=120),OSPF(AD=110) and EIGRP internal(AD=90).

Each protocol has two unequal paths (different metrics) to reach the same prefix.

Prefix masks are configured to be inversely proportional to routing protocol administrative distances.

Lab topology

6VPE MPLS

Procedural tasks

For each test case, the routing table is checked for the best route, a trace route to check the path and make the winner path unavailable.




Result table

Classification

Mask length

metric

AD

prefix

Path

Routing protocol

4

28

110

110

192.168.1.64

A

OSPF

3

74

192.168.1.64

B

1

29

1

120

192.168.1.64

C

RIP

2

2

192.168.1.64

D

6

27

32195456

90

192.168.1.64

E

EIGRP

5

2195456

192.168.1.64

F

7

26

0

0

192.168.1.64

G


Directly connected

RIB looks at the mask length first. The directly connected prefix with the shortest mask length is considered last as the longer the mask, the more accurate the prefix.

Conclusion

With the same prefix and different mask lengths, the border router considers the following criteria in order of preference:

  1. Longest mask among all routing protocols
  2. Lowest cost with the same routing protocol
Advertisements

Routing Protocol Redistribution and Path optimization



Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
router ospf 123
redistribute connected route-map rmap-connnected subnets

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2
router eigrp 124
redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500
!router ospf 123
network 192.168.23.0 0.0.0.255 area 0
redistribute eigrp 124 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24
ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24

ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

!

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1

    Picture 5: primary path


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324
via 192.168.14.4 (1757952/1732352), FastEthernet0/0
P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

P 192.168.14.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/0

P 192.168.24.0/24, 1 successors, FD is 307200

via 192.168.14.4 (307200/281600), FastEthernet0/0

P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

R1#

R1#ping 33.33.33.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms
R1#trace 33.33.33.33

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.13.3 68 msec * 52 msec

R1#

  • Simulate a failure on R3 fa0/1

    A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1

R3(config-if)#sh

R3(config-if)#

*Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#

  • Test connectivity at R1

    Picture6: path redundancy

R1#route4

33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0

R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 192.168.14.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms

R1#

R1#
R1#trace 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Tracing the route to 33.33.33.33

1 192.168.14.4 112 msec 32 msec 44 msec
2 192.168.24.2 44 msec 36 msec 56 msec
3 192.168.23.3 64 msec * 88 msec

R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3

    The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

    Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123
redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2

    For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

    R2:

router eigrp 123
redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500
!
router ospf 124
redistribute eigrp 123 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24

ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24

ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24

ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24

!

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

R1:

router ospf 124
redistribute eigrp 123 subnets route-map to-ospf
!
ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24
!

route-map to-ospf permit 10

match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1
R1#route4

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0


R1#


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status
P 11.11.11.0/24, 1 successors, FD is 128256

via Connected, Loopback11

P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

P 192.168.13.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/1

R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms

R1#

R1#trace 33.33.33.33 source 11.11.11.11

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.14.4 96 msec 32 msec 0 msec

2 192.168.24.2 76 msec 36 msec 36 msec

3 192.168.23.3 32 msec * 176 msec

R1#


Picture 5: primary path


Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

  • Solutions :
    • 5.1- Control paths by controlling the redistribution on the border routers:

      This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

    • 5.2- Change the AD per-prefix:

      In case you need to guarantee route redundancy for internal traffic even through external domains.

    • 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
    • 5.4- Perform summarization to shorter subnet mask 

      So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124
distance 180 192.168.14.4 0.0.0.0 ACL33
!
ip access-list standard ACL33
permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0

R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag

11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0

33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100

192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100

192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100

R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh
R3(config-if)#
*Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down
*Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#


R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0

R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0

R1(config-router)#

R1:

router ospf 124
distribute-list ACL_NO_33 in FastEthernet0/0
!
ip access-list standard ACL_NO_33
deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1

R4#

R1 before summarization:

R1(config-router)#do s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0

R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)

via Connected, Loopback11
P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

….

R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4

33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0

D EX 33.33.33.0/24

[170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1


R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 192.168.13.3 48 msec * 24 msec
R1#



Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


%d bloggers like this: