Cisco Administrative Distance Manipulation – Part 1

Ok – “infolookup” has been asking for my contribution to his blog for quite some time now.  This is my first and hopefully not the last.

Recently I needed to meet a redundancy requirement on a Cisco router running both EIGRP and OSPF. The requirement was simple: favor the prefix learned via EIGRP and use the prefix learned via OSPF as a backup. I must also mention that the prefix is an EIGRP (D EX) route, which has an AD of 170 and an OSPF (O E2) route which has an AD of 110. In the first part of this article, I will go through the setup of the lab, which closely simulates the scenario I had and in the second part, will go through the actual remedy implemented that resulted in a “happy network”.

Let’s get to it.

First, let’s go through the topology. This lab contains 5 routers: R0 – R5 as follows:

R0 = Representing a 3rd party network , who is advertising 198.200.230.0/24; 222.102.23.0/24; 0.0.0.0/0; 172.203.46.0/24

R1 = R0’s BGP peer / NAT point of our network / redistribution point of BGP to EIGRP

R2 = The Main router running EIGRP, RIP & OSPF (Think of this as the CORE of a particular site)

R3 = Router running RIP and OSPF. This provides a backup route towards one of the destinations available from R0 (222.102.23.0/24)

R4 = Router running OSPF. This provides a backup route towards one of the destinations available from R0  (198.200.230.0/24)

Please see Topology Diagram:

Administrative Distance Lab Topology

R0’s relevant configuration:

hostname R0
!
interface Loopback0
ip address 198.200.230.1 255.255.255.0
!
interface Loopback1
ip address 222.102.23.1 255.255.255.0
!
interface Loopback2
ip address 172.203.46.1 255.255.255.0
!
interface FastEthernet0/0
description FastE to R1
ip address 10.146.12.2 255.255.255.254
duplex auto
speed auto
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 0.0.0.0
network 172.203.46.0 mask 255.255.255.0
network 198.200.230.0
network 222.102.23.0
neighbor R1-eBGP peer-group
neighbor R1-eBGP remote-as 65001
neighbor R1-eBGP route-map ROUTER-1-IN in
neighbor R1-eBGP route-map ROUTER-1-OUT out
neighbor 10.146.12.3 peer-group R1-eBGP
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Null0
!
ip prefix-list R1-IN seq 5 permit 172.32.27.0/24
!
ip prefix-list R1-OUT seq 5 permit 198.200.230.0/24
ip prefix-list R1-OUT seq 10 permit 222.102.23.0/24
ip prefix-list R1-OUT seq 15 permit 172.203.46.0/24
ip prefix-list R1-OUT seq 20 permit 0.0.0.0/0
!
route-map ROUTER-1-IN permit 10
match ip address prefix-list R1-IN
!
route-map ROUTER-1-OUT permit 10
match ip address prefix-list R1-OUT
!
Nothing fancy here, just basic BGP peering and prefix advertisement filters (in/outbound).

R1’s relevant configuration:
hostname R1
!
ip address 172.32.27.1 255.255.255.0
!
interface Loopback1
ip address 172.25.240.1 255.255.255.0
!
interface FastEthernet0/0
description FastE to R0

ip address 10.146.12.4 255.255.255.254
ip nat inside
ip virtual-reassembly

duplex auto
speed auto
!
interface FastEthernet1/0
description FastE to R2

ip address 10.146.12.3 255.255.255.254
ip nat outside
ip virtual-reassembly

duplex auto
speed auto
!
router eigrp 200
redistribute bgp 65001 metric 1 1 1 1 1
network 10.146.12.4 0.0.0.0
network 172.25.240.1 0.0.0.0
no auto-summary
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 172.32.27.0 mask 255.255.255.0
neighbor R0-eBGP peer-group
neighbor R0-eBGP remote-as 65000
neighbor R0-eBGP route-map ROUTER-0-OUT out
neighbor 10.146.12.2 peer-group R0-eBGP
no auto-summary
!
ip nat pool OVERLOAD 172.32.27.100 172.32.27.100 netmask 255.255.255.0
ip nat inside source list 10 pool OVERLOAD overload
!
ip prefix-list R0-OUT seq 5 permit 172.32.27.0/24
!
access-list 10 deny 10.146.12.3
access-list 10 permit any
!
route-map ROUTER-0-OUT permit 10
match ip address prefix-list R0-OUT
!

Not too fancy either. Doing BGP to EIGRP redistribution and performing NAT on traffic sourcing from ACL 10. Since R1 is only advertising 172.32.27.0/24 to R0, without the NATing on R1, I wouldn’t be able to ping R0’s loopbacks from R4 for example.

R2’s relevant configuration:

hostname R2
! interface FastEthernet0/0
ip address 10.146.12.5 255.255.255.254
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.19.200.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 200
redistribute ospf 100 metric 1 1 1 1 1
network 10.146.12.5 0.0.0.0
no auto-summary
!
router ospf 100
router-id 172.19.200.1
log-adjacency-changes
network 172.19.200.1 0.0.0.0 area 0
network 172.25.196.1 0.0.0.0 area 0
default-information originate always
!
router rip
version 2
network 172.19.0.0
no auto-summary
!

Probably the simplest of all the configs, but this is the key router on which we’ll be going through the Administrative Distance (AD) exercise.   Not a lot to explain here either.  Redistributing OSPF into EIGRP, so that R1 knows of the subnets from R3/4 as well as the shared segment between R2/R3 and R4.

R3’s relavant configuration:


hostname R3
!
!
interface Loopback1
ip address 11.12.13.1 255.255.252.0
!
interface Loopback2
ip address 14.15.16.1 255.255.252.0
!
interface Loopback3
ip address 201.200.200.2 255.255.255.0
!
interface Loopback4
ip address 199.199.199.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.19.200.2 255.255.255.0
duplex auto
speed auto
!
router ospf 100
router-id 172.19.200.2
log-adjacency-changes
network 11.12.13.1 0.0.0.0 area 0
network 14.15.16.1 0.0.0.0 area 0
network 172.19.200.2 0.0.0.0 area 0
distribute-list prefix DEFAULT-ONLY in
!
router rip
version 2
redistribute static
network 172.19.0.0
no auto-summary
!
ip route 222.102.23.0 255.255.255.0 Null0
!
!
ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0
!

A few things to note here.  Although Lo1/2 and Fa0/0 are in OSPF, I am only allowing a default (0.0.0.0/0) to be installed into the routing table from the OSPF process.  Also note the static route to Null0;  This is a lab after all, instead of having a dummy host on the other side of an interface, I created the static to Null0 so I can have a “live” static route to play with (ie. “redistribute static” under rip)

R4’s relavant configuration:

hostname R4
!
interface Loopback1
ip address 199.20.46.1 255.255.254.0
!
interface Loopback2
ip address 198.22.12.1 255.255.254.0
!
interface FastEthernet0/0
ip address 172.19.200.3 255.255.255.0
duplex auto
speed auto
!
router ospf 100
router-id 172.19.200.3
log-adjacency-changes
redistribute static subnets
network 172.19.200.3 0.0.0.0 area 0
distribute-list prefix DEFAULT-ONLY in
!
ip route 198.200.230.0 255.255.255.0 Null0
!
!
ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0

A few things to note here. Much like R3, Lo1/2 and Fa0/0 are in OSPF, I am only allowing a default (0.0.0.0/0) to be installed into the routing table from the OSPF process. Also note the static route to Null0;

Ok – Enough configuration.  Let’s look at some show command to verify that the network is up and running as we want and also point out the behavior that needs correcting – to be done in Part 2.


+++++++ R0
R0#sh ip bgp summary | b Neigh
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.146.12.3 4 65001 1677 1677 14 0 0 1d03h 1
R0#sh ip bgp neighbors 10.146.12.3 advertised-routes | b Net
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
*> 172.203.46.0/24 0.0.0.0 0 32768 i
*> 198.200.230.0 0.0.0.0 0 32768 i
*> 222.102.23.0 0.0.0.0 0 32768 i
Total number of prefixes 4
R0#sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
*> 172.32.27.0/24 10.146.12.3 0 0 65001 i
*> 172.203.46.0/24 0.0.0.0 0 32768 i
*> 198.200.230.0 0.0.0.0 0 32768 i
*> 222.102.23.0 0.0.0.0 0 32768 i
R0#
Total number of prefixes 1
R1#
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
FastEthernet1/0
Inside interfaces:
FastEthernet0/0
Hits: 409 Misses: 8
CEF Translated packets: 181, CEF Punted packets: 16
Expired translations: 47
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 pool OVERLOAD refcount 0
pool OVERLOAD: netmask 255.255.255.0
start 172.32.27.100 end 172.32.27.100
type generic, total addresses 1, allocated 0 (0%), misses 102
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#

R2#sh ip route eigrp
172.203.0.0/24 is subnetted, 1 subnets
D EX 172.203.46.0 [170/2560002816] via 10.146.12.4, 1d03h, FastEthernet0/0
172.25.0.0/24 is subnetted, 1 subnets
D 172.25.240.0 [90/156160] via 10.146.12.4, 1d05h, FastEthernet0/0
172.32.0.0/24 is subnetted, 1 subnets
D EX 172.32.27.0 [170/2560002816] via 10.146.12.4, 1d02h, FastEthernet0/0
D*EX 0.0.0.0/0 [170/2560002816] via 10.146.12.4, 1d03h, FastEthernet0/0
R2#sh ip route ospf
O E2 198.200.230.0/24 [110/20] via 172.19.200.3, 1d02h, FastEthernet1/0
11.0.0.0/32 is subnetted, 1 subnets
O 11.12.13.1 [110/2] via 172.19.200.2, 1d02h, FastEthernet1/0
14.0.0.0/32 is subnetted, 1 subnets
O 14.15.16.1 [110/2] via 172.19.200.2, 1d02h, FastEthernet1/0
R2#sh ip route rip
R 222.102.23.0/24 [120/1] via 172.19.200.2, 00:00:16, FastEthernet1/0
R2#

+++++++ R3

R3#sh ip route ospf
O*E2 0.0.0.0/0 [110/1] via 172.19.200.1, 1d02h, FastEthernet0/0
R3#sh ip rip database
172.19.0.0/16 auto-summary
172.19.200.0/24 directly connected, FastEthernet0/0
222.102.23.0/24 auto-summary
222.102.23.0/24 redistributed
[1] via 0.0.0.0,
R3#

+++++++ R4

R4#sh ip route ospf
O*E2 0.0.0.0/0 [110/1] via 172.19.200.1, 1d02h, FastEthernet0/0
R4#

Below are the relevant out put from R2, which shows that R2 is not using the EIGRP learned routes to 222.102.23.0/24 and 198.200.230.0/24, but is using the OSPF and RIP routes instead.   As mentioned earlier, the requirement for this scenario is that R2 uses the EIGRP routes originated from R0, since they are the primary source.  In Part 2, I’ll go through the configuration added on R2 to make that happen.  If you do have ideas flowing through your head, please feel free to post your comment.

Until Next Time (AJ)


R2#sh ip route 222.102.23.1
Routing entry for 222.102.23.0/24
Known via "rip", distance 120, metric 1
Redistributing via rip
Last update from 172.19.200.2 on FastEthernet1/0, 00:00:11 ago
Routing Descriptor Blocks:
* 172.19.200.2, from 172.19.200.2, 00:00:11 ago, via FastEthernet1/0
Route metric is 1, traffic share count is 1
R2#sh ip route 198.200.230.0
Routing entry for 198.200.230.0/24
Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 1
Redistributing via eigrp 200
Advertised by eigrp 200 metric 1 1 1 1 1
Last update from 172.19.200.3 on FastEthernet1/0, 1d02h ago
Routing Descriptor Blocks:
* 172.19.200.3, from 172.19.200.3, 1d02h ago, via FastEthernet1/0
Route metric is 20, traffic share count is 1
R2#sh ip eigrp topology 222.102.23.0/24
IP-EIGRP (AS 200): Topology entry for 222.102.23.0/24
State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295
Routing Descriptor Blocks:
10.146.12.4 (FastEthernet0/0), from 10.146.12.4, Send flag is 0x0
Composite metric is (2560002816/2560000256), Route is External
Vector metric:
Minimum bandwidth is 1 Kbit
Total delay is 110 microseconds
Reliability is 1/255
Load is 1/255
Minimum MTU is 1
Hop count is 1
External data:
Originating router is 172.32.27.1
AS number of route is 65001
External protocol is BGP, external metric is 0
Administrator tag is 65000 (0x0000FDE8)
R2#sh ip eigrp topology 198.200.230.0/24
IP-EIGRP (AS 200): Topology entry for 198.200.230.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2560000256
Routing Descriptor Blocks:
172.19.200.3, from Redistributed, Send flag is 0x0
Composite metric is (2560000256/0), Route is External
Vector metric:
Minimum bandwidth is 1 Kbit
Total delay is 10 microseconds
Reliability is 1/255
Load is 1/255
Minimum MTU is 1
Hop count is 0
External data:
Originating router is 192.168.20.2 (this system)
AS number of route is 100
External protocol is OSPF, external metric is 20
Administrator tag is 0 (0x00000000)
10.146.12.4 (FastEthernet0/0), from 10.146.12.4, Send flag is 0x0
Composite metric is (2560002816/2560000256), Route is External
Vector metric:
Minimum bandwidth is 1 Kbit
Total delay is 110 microseconds
Reliability is 1/255
Load is 1/255
Minimum MTU is 1
Hop count is 1
External data:
Originating router is 172.32.27.1
AS number of route is 65001
External protocol is BGP, external metric is 0
Administrator tag is 65000 (0x0000FDE8)
R2#

+++++++ R1
R1#sh ip route eigrp
172.19.0.0/24 is subnetted, 1 subnets
D EX 172.19.200.0 [170/2560002816] via 10.146.12.5, 1d02h, FastEthernet0/0
11.0.0.0/32 is subnetted, 1 subnets
D EX 11.12.13.1 [170/2560002816] via 10.146.12.5, 1d02h, FastEthernet0/0
14.0.0.0/32 is subnetted, 1 subnets
D EX 14.15.16.1 [170/2560002816] via 10.146.12.5, 1d02h, FastEthernet0/0
R1#sh ip bgp neighbors 10.146.12.2 advertised-routes | b Net
Network Next Hop Metric LocPrf Weight Path
*> 172.32.27.0/24 0.0.0.0 0 32768 i


+++++++ R2
Advertisements