ROUTE REDISTRIBUTION

Overview

Redistribution is the process of taking routes from the routing table and injecting them into a routing protocol. The source of the injected routes could be any of: connected routes, static routes or routes from another routing protocol that are in the routing table (RIB). Sourcing routes from the RIB implies that;

1. the best routes are redistributed.
2. Loop-free routes are redistributed.

The routing device performing the redistribution participates in the routing domain of the source and destination of the redistributed routes; for instance, if redistributing routes from OSPF into BGP, the redistributing device participates in the OSPF routing domain as well as the BGP routing domain.

Reasons for Redistribution

An enterprise may implement redistribution for one or more of the following reasons:

1. A company merger where the networks of both companies run different routing protocols.
2. Different organizational department networks are under different network administrative control perhaps based on geography.
3. An organization inter-connecting with partner networks
4. Hardware constraints such routing devices with low memory, CPU.
5. During conversion or migration from one routing protocol to another.
6. Mixed vendor environment.
7. Support for legacy equipment in the network.
8. Application-specific protocols support.
9. IGP routes may need to be advertised into BGP.
10. Some BGP routes may need to be advertised into an IGP.
11. Political boundaries.

Types of Redistribution

Redistribution can be implemented in two ways:

• Unidirectional Redistribution (one-way redistribution): routes are redistributed from the source to the destination protocol on a single routing device in one direction. Conceptually, this type of redistribution is similar to multipoint one-way redistribution where redistribution is implemented on more than one routing device but in the same direction i.e. from source X to destination Y.

  Creation of routing loops in one-way redistribution is not possible. Usually one way redistribution occurs when redistributing from a source that is not a routing protocol such as default routes or static routes. Rarely is one-way redistribution implemented with the source being a routing protocol.

• Mutual Redistribution (two-way redistribution): Mutual redistribution occurs when routes from routing protocol X are injected into routing protocol Y and routes sourced from routing protocol Y are injected into routing protocol X on the same routing device. Mutual redistribution can be thought of as a form of route connversion. Mutual redistribution can be implemented on a single routing device in the network (single-point two-way redistribution) or on two or more routing devices (multipoint two-way redistribution).

  Multipoint mutual redistribution has a high-potential for introducing routing loops. These routing loops can be prevented from occuring using: access-lists or prefix-lists referenced by route-maps. One of the most scalable solutions for preventing routing loops introduced by route redistribution is through the use of route-tags.

Mutual multipoint redistribution provides the benefit of fault-tolerence where the failure of a redistributing device at one point does not affect traffic across both routing domains.

Sources of Routes

Route Source	Description
Connected	Any interface in an "Up" state that is not associated with the destination protocol. Secondary IP addresses are also redistributed.
Static	Any static route that is present in the RIB. Static routes can only be a source i.e. mutual redistribution can not be implemented with static routes.
OSPF	Any routes in the RIB sourced from OSPF. If redistributing from OSPF to BGP, by default, OSPF external routes are not redistributed into BGP unless the match external option is used.
EIGRP	Any routes in the RIB sourced from EIGRP including connected interfaces. Any route that is in the topology table will be redistributed.
BGP	Any routes in the RIB sourced from BGP. By default, routes learned from iBGP peers are not redistributed into IGP protocols unless the command redistribute internal is configured.
IS-IS	Any routes in the RIB sourced from IS-IS. Only routes from the L2 link-state database are selected. Directly connected networks are not included during redistribution.

Redistribution Rules

1. Redistribution is not transitive: Routes that have been redistributed into a routing protocol can not be further redistributed into a third routing protocol on the same routing device. To resolve this, mutual redistribution should be configured between routing protocol A and B, B and C and A with C.
2. Sequential redistribution is allowed when it is spread across multiple routers: Redistributed routes from protocol A into Protocol B on Router R1. These routes can be redistributed into protocol C on router R2.
3. Routes to be redistributed must be in the routing table.

Seed Metric

During redistribution, metric information of the redistributed routes is lost because the different routing protocols calculate route metrics using different methods. Route metrics are only maintained when redistribution occurs from one routing process or autonomous system to another with the same routing protocol.

Seed metric is assigned, by default, to redistributed routes, when no metric is manually configured. The redistribution metric of redistributed routes can be configured in the following ways:

• Using the metric keyword of the redistribution command.
• Configuration of a default metric where all redistributed routes into the destination routing protocol receive the configured default seed metric. This can be implemented using the command default-metric.
• Using a route-map with the metric command.

The recommended best practice from Cisco is to set a default metric when redistributing routes.

The following table shows the seed metric of routes when redistributing from one routing protocol to another.

	DESTINATION
SOURCE	RIP	EIGRP	OSPF	IS-IS	BGP
RIP	Metric maintained	Infinity	20	0	RIP Metric*
EIGRP	Infinity	Metric maintained	20	0	EIGRP Metric*
OSPF	Infinity	Infinity	Metric maintained	0	OSPF Metric*
BGP	Infinity	Infinity	1	0	Path attributes maintained

* The IGP metric becomes the MED path attribute of the prefix.

Routes with the default redistribution metric of infinity are installed into the Link-state database (OSPF), BGP table (BGP) or similar data structures of the destination routing protocol. These routes are not inserted into the routing table because they are considered unreachable due to their metric of infinity. EIGRP does not add routes with infinity metric to its topology table.

When redistributing between two same routing protocols but different processes or autonomous systems, the metric remains unchanged because the destination protocol understands the metric of the source protocol. For example OSPF process 1 to OSPF process 2, the metric of the redistributed routes remains the same.

When redistributing connected networks (on local interfaces),

Configuration of Redistribution

When redistributing routes into a routing protocol from another routing domain, there are many controls that can be implemented that the redistribution point such as tagging, metric configuration, filtering of redistributed routes.

When configuring redistribution, redistribution commmands are entered into the router configuration mode of the destination routing protocol. In a way, the redistribution configuration command says: "Redistribute routes from the specified routing source into this routing source."

EIGRP

Any route that is in the EIGRP topology table is a candidate for redistribution. Routes redistributed into EIGRP are given a default seed metric of infinity. This prevents the routes from being installed into the EIGRP topology table. The exception to this is when redistributing routes from one EIGRP autonomous system to another. In such a scenario, the path metric is maintained.

In IOS, routes redistributed into EIGRP have an administrative distance of 170. This administrative distance is the same regardless of the source routing protocol i.e. even if the source of the prefixes was another EIGRP autonomous system.

Redistribution is configured under the EIGRP router command:

redistribute <source> <metric> <bandwidth> <delay> <reliability> <load> <mtu> route-map <route-map_name>

where <source> is the source of the redistributed routes.

In EIGRP named mode, redistribution is configured under topology base configuration mode as shown below:

R2(config)#router eigrp EIGRP_NAMED
R2(config-router)#address-family ipv4 unicast autonomous-system 1
R2(config-router-af-topology)#redistribute ospf 1


In EIGRP classic mode, redistribution is configured under EIGRP router configuration mode as shown below:

R2(config)#router eigrp 1
R2(config-router)#redistribute ospf 1


When configuring the EIGRP redistribution seed metric, delay value is in tens of microseconds.

When redistributing BGP routes into EIGRP, the administrative tag is set to the autonomous system number of the BGP device that sent the prefixes.

EIGRP requires the configuration of a seed metric during redistribution. If the seed metric is not included in the redistribution, EIGRP will give the route a metric of infinity.

In IPv4, by default, connected routes that are associated with EIGRP will have their configured network addresses included in a redistribution. However, with IPv6, by default, they are not included redistributed. Some connected interfaces may not necessarily be destination networks for network traffic such as transit networks. However, during redistribution, it may be a good idea to redistribute these networks as well as it may sometimes result in traffic blackholing. This is especially likely when utilising some tunneling techniques such as MPLS tunneling.

Redistribution of routers into EIGRP can be implemented using the following EIGRP routing device command: redistribute <source> metric <bandwidth delay reliability load mtu>

Command	Description
BGP	redistribute bgp <ASN> where <ASN> is the BGP autonomous system number.

OSPF

In OSPF, the routing device that redistributes external routes into OSPF is referred to as an autonomous system boundary router (ASBR).

When redistributing routes into OSPF, redistributed routes are given an administrative distance of 110 and are flagged as OSPF external routes. The AD is similar to the administrative distance of intra-area and inter-area routes. When making forwarding decisions for routes from multiple sources, OSPF's prefix selection process gives preference in the following order:

1. intra-area routes
2. inter-area routes
3. external routes
1. external type 1 routes
2. external type 2 routes

The metric for OSPF external type 1 routes equals the redistribution metric plus the total path metric to the autonomous system boundary router. The metric for OSPF external type 2 metric equals only the redistribution metric. If two type 2 routes have the same metric, then the one with the lower forwarding cost is preferred. This is the default external metric type used by OSPF.

When configuring redistribution into OSPF, the OSPF router mode command redistribute is used.

redistribute <source> subnets metric <metric> metric-type (<1 | 2>) tag <0 - 4294967295> route-map <route-map-name>

Where:

• source: the source of routes
• metric: seed metric of the redistributed routes
• route-map: filtering can be applied using the route-map or route path information

In older IOS versions, if the optional subnets command is excluded, only classful routes are advertised. In newer IOS versions, the subnets keyword is automatically added by the IOS into the running configuration.

Redistributing routes between OSPF processes will preserve the path metric during redistribution regardless of the metric type.

To inject EIGRP sourced routes into OSPF:

R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 1 subnets

OSPF Forwarding Address

By default, packets destined for external destinations are routed through the advertising autonomous system boundary router (ASBR). Scenarios like this are not optimal in certain circumstances. By default, OSPF sets the forwarding address value to 0.0.0.0. The forward address can be viewed using the command show ip ospf database external.

OSPF will change the forwarding address from 0.0.0.0 to the next-hop IP address in the source routing protocol when:

• OSPF is enabled on the ASBR's interface that points to the next-hop IP address of the redistributed routes.
• The interface is not set to passive.
• The OSPF interface type is set to a broadcast or non-broadcast type.

Enabling OSPF on R2's interface facing towards R1 (10.123.1.1) changes the forwarding address from 0.0.0.0 to the interface pointed towards R1. The forwarding-address changes on R3 irrespective of whether redistribution is configured on R3.

When redistributing OSPF prefixes into another routing protocol, IOS provides the option to match internal, external or NSSA-external routes. This can be useful in preventing the redistribution of external OSPF routes into another routing protocol.

When redistributing into OSPF, the optional subnets keyword results in subnets being included in the redistribution. In newer IOS versions the subnets keyword is automatically included by default if the keyword was not configured.

OSPF External Route Types

OSPF classifies redistributed routes as external type 1 and external type 2 routes. By default, OSPF classifies routes as external type 2 routes.

OSPF issues redistributed routes with a default metric of 20. OSPF external type 1 routes are redistributed with the default metric of 20 and maintain this same metric throughout the OSPF autonomous system. OSPF external type 2 routes have a default metric of 20 or configured redistribution metric. However, as the routes are distributed within the OSPF domain, the metric does not increase.

Command	Description
BGP	redistribute bgp <ASN> where <ASN> is the BGP autonomous system number. When redistributing BGP into OSPF, the subnets keyword is automatically added to the redistribution command.
EIGRP	redistribute eigrp

BGP

Redistributing routes into BGP does not require a seed metric because it is a path vector protocol. Redistributed routes have the following BGP attributes set:

• Origin is set to incomplete
• Next-hop address is set to the next-hop IP address identified in the source protocol.
• The weight is set to 32,768.
• The MED is set to the path metric of the source protocol.

Redistributing routes from OSPF to BGP does not include OSPF external routes by default. The optional match external (1 | 2) keyword is required to redistribute OSPF external routes. The type of OSPF external routes can be configured using 1 or 2 to redistribute type-1 or type-2 routes only.

Protocol	Command
OSPF	redistribute ospf <process> where <process> is the OSPF process ID. When redistributing OSPF routes into BGP, by default, only internal OSPF routes are redistributed into BGP. To redistribute external and nssa-external OSPF routes into BGP, list route type after the redistribute match keyword. With the match keyword external type 1 and/or type 2 routes can be matched. Additionally, the route match can be configured in a route-map.

Formation of Loops

If redistribution happens at one point (one routing device) or two points in one direction, the possibility of a routing loop does not exist. If mutual redistribution at more than one point occurs, then the possibility of loop formation exists.

Route feedback occurs when a redistributed route is advertised back into the original source routing protocol. Route feedback is likely to occur in networks where mutual redistribution is implemented in more than one device i.e. multipoint mutual redistribution. Route feedback causes:

• Sub-optimal routing
• Routing loops
• Invalid routing tables

Types of Loops

Loops exist in two categories:

• Control-plane: exist when routing information is looping. Control-plane loops are detected using the debug ip routing command. This command is largely silent. However, it will display when a route is added or removed from the routing table. If this happens repeatedly, then we can be certain that we are dealing with a loop. Redistribution should be done after observing the debug ip routing output for a while.
• Data-plane: occur when data packets are looping. The best way to detect data-plane loops is to use the ping and traceroute commands. If traffic is being dropped, then a black hole exists. Looped packets may include packets for known networks (in RIB) or unknown networks (default route). With mutual multipoint redistribution, it is also likely that the default route may be looped.

Troubleshooting Loops

Mutual multipoint route redistribution usually forms routing loops. The following techniques can be used to prevent the formation of routing loops during redistribution:

1. Filtering of network prefixes during redistribution.
2. Filtering by route tag during redistribution
3. Increasing the seed metric
4. Modifying the administrative distance.
5. Route summarization

When troubleshooting routing loops:

• Multiple techniques can be combined.
• Document the physical and logical topology to include the routing protocols and desired traffic flows.
• Focus on keeping the source routing domain loop-free.

The underlying principle in preventing the formation of loops in a multipoint mutual redistribution network, at each redistribution point, routes from a source protocol need to be allowed into the destination protocol and these routes prevented from returning from the destination routing protocol back to the source protocol.

Prefix Filtering

Prefixe filtering can be implemented during the redistribution with some prefixes filtered (preventing from being redistributed) on one redistribution device and permitted to be redistributed on another device. This can be used for controlled path manipulation.

Route filtering can be implemented during redistribution through the configuration of a route-map. The prefixes to be filtered are identified through the use of a prefix-list or access control list (ACL).

Filtering Connected Networks

Explicit configuration always overrides implicit configuration. When redistributing the networks assigned to connected interfaces, the use of the network command advertises the networks of the connected interfaces. However, when filtering, if a filter excludes these networks, the networks configured on these interfaces will not be advertised. This affects all IGP protocols that use interfaces to form neighborships such as OSPF, EIGRP. BGP behaves a little different as it is enabled on a per neighbor- basis and not per interface basis. If a route-map references an access list or prefix-list to identify interfaces to be filtered (not redistributed), these interfaces should be identified using the permit ACL keyword.

Route Tagging

A route tag is associated with routes during redistribution. A route-tag is a numeric value associated with a route. Use of the AD of the source protocol for the route-tag is a good technique.

The use of route-tags is a more scalable solution. In the case of prefix-lists and ACLs, everytime a new prefix is added, the prefix-list or ACL needs to be updated to reflect this new addition. When creating route-tags, a recommended best practice is to tag routes using the administrative distance of the routing protocol. This way, it is easier to tell the origin of the route.

Increase Seed Metric

Increase the seed metric to a value higher and less preferred to locally originated routes.This can be done through any of the seed metric configuration methods.

Configuring different seed metric values for different prefixes helps with preventing sub-optimal routing through traffic shaping. The redistribution metric on one redistributing device can be made lower so that to reach these prefixes, traffic transits through a specific path.

The seed metric can be modified through a route-map using the set metric command.

R1#traceroute 10.0.35.1
Type escape sequence to abort.
Tracing the route to 10.0.35.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.12.2 12 msec 16 msec 20 msec
  2 10.0.24.2 28 msec 64 msec 44 msec
  3 10.0.49.2 52 msec 16 msec 72 msec
  4 10.0.59.1 48 msec 68 msec 60 msec
  5 10.0.35.1 88 msec 28 msec 36 msec

R3(config)#ip access-list standard ACL_10.3
R3(config-std-nacl)#permit 10.0.35.0 0.0.0.3
R3(config-std-nacl)#20 permit 10.3.0.0 0.0.255.255
R3(config-std-nacl)#30 permit 10.0.59.0 0.0.0.3
R3(config-std-nacl)#40 permit 10.5.0.0 0.0.255.255
R3(config-std-nacl)#exit
R3(config)#route-map O2E permit 10
R3(config-route-map)#match ip address ACL_10.3
R3(config-route-map)#set metric 1000000 1 255 1 1500
R3(config-route-map)#set tag 110
R3(config)#router eigrp 1
R3(config-router)#redistribute ospf 1 route-map O2E

R1#show ip eigrp topology 10.0.35.0/30
EIGRP-IPv4 VR(EIGRP_NAMED) Topology Entry for AS(1)/ID(10.1.13.1) for 10.0.35.0/30
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1966080, RIB is 15360
  Descriptor Blocks:
  10.0.13.2 (GigabitEthernet1/0), from 10.0.13.2, Send flag is 0x0
      Composite metric is (1966080/1310720), route is External
      Vector metric:
        Minimum bandwidth is 1000000 Kbit
        Total delay is 20000000 picoseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
        Originating router is 3.3.3.3
      External data:
        AS number of route is 1
        External protocol is OSPF, external metric is 0
        Administrator tag is 110 (0x0000006E)
  10.0.12.2 (GigabitEthernet0/0), from 10.0.12.2, Send flag is 0x0
      Composite metric is (7864320/7208960), route is External
      Vector metric:
        Minimum bandwidth is 1000000 Kbit
        Total delay is 110000000 picoseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
        Originating router is 10.2.13.1
      External data:
        AS number of route is 1
        External protocol is OSPF, external metric is 4
        Administrator tag is 0 (0x00000000)
R1#

R1#traceroute 10.0.35.1
Type escape sequence to abort.
Tracing the route to 10.0.35.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.13.2 8 msec 44 msec 16 msec
R1#


Administrative Distance

Increase the administrative distance for external routes on routing protocols that support it. Alternatively, the AD can be modified for preferred routes.

External Route Summarization

Summarizing routes as they are redistributed into the second domain if they are re-inserted back to primary routing domain. They are less specific and not taken.

Route-Maps

Route-maps can be used to prevent the formation of routing loops. Tools to match the traffic include: access-lists, prefix-lists, route-tags, communities (BGP), administrative distance, distribute-lists(ACLs, prefix-lists), offset-lists(ACLs, prefix-lists).

In redistribution of EIGRP to OSPF, using route-tags, the tag for EIGRP is permitted on one mutually redistributing routing device and denied on another redistributing routing device.

For two protocols mutual redistribution at two points: R1 BLUE:
route-map o2E deny 10
match tag 90
route-map O2E permit 20
set tag 110
R1 RED
riyte-map E2O deny 10
match tag 110
route-map E2O permit 20
set tag 90
R2 RED
route-map O2E deny 10
match tag 90
route-map O2E permit 20
set tag 110

R2 BLUE
route-map E2O deny 10
match tag 110
route-map E2O permit 20
set tag 90


Redistribution Scenarios

Two-point Mutual Redistribution

Three-point Mutual Redistribution

If three protocols are involved in mutual redistribution at three points. The generic method to prevent the formation of routing loops when redistributing mutually between three or more protocols inside a route map:

1. deny destination protocol
2. match protocol 2
3. match protocol 3
4. match protocol 4
5. match protocol n

The challenge with this redistribution is if the tag will be maintained when redistributing from protocol 1 to protocol 2 and then to protocol 3. For example when redistributing from OSPF into EIGRP and subsequently into RIP. The tag is maintained when copying the routes from:

This may be IOS specific

Source	Destination	Tag Maintained
RIP	OSPF	Yes
RIP	OSPF	YES
EIGRP	RIP	NO
OSPF	RIP	NO
EIGRP	OSPF	YES
OSPF	EIGRP	YES

A solution would be for the following:

route-map O2E deny 10
match tag 90
route-map O2E permit 20
match tag 120
set tag 120
route-map O2E permit 30
set tag 110


The above route-maps will only operate if configured as a system on all the mutually redistributing routers. The route-maps will operate as a system and potentially prevent loops in 99.999% of the cases.

However, some situations exist where the above route-map will not succeed in preventing a routing loop.

When configuring redistribution, the configuration commands should be entered inside the destination routing protocol.

IPv6

By default, IPv6 does not include connected networks when doing redistribution. IPv6 does not include the subnets keyword in OSPFv3. This is because IPv6 does not necessarily use the concept of classful networks. To redistribute connected networks, use the keyaword include-connected.

IOS XE no longer redistributes the connected subnets on the interfaces over which the protocol is enabled. IOS XE routers will only redistribute route entries that exactly match the source protocol in the route table.

The keyword included-connected can be used with the redistribution command to include the locally connected prefixes in the dynamic routing protocol redistribution. The include-connected keyword only injects prefixes for interfaces that have a dynamic routing protocol enabled. To inkect networks for interfaces without a dynamic protocol the redistribute connected command is still required.

TODO : Redistribute some local interfaces and not others. This results in the IP address of the excluded connected interfaces being removed from the routing table. The solution is to include a match statement for that interface in the route map. Redistribution lABS ----------------------------------- -Configure RIP, redistribute OSPF -Configure EIGRP. redistribute to/from RIP, redistribute to/from OSPF -Configure OSPF: redistribute where possible for full connectivity.

BiDirectional Forwarding Detection (BFD)

Introduction and Overview

Bidirectional Forwarding Detection (BFD) is a light-weight standards-based protocol, defined by RFC 5880, that detects failure in the forwarding path on a layer 3 network between two adjacent routers. These failures may be on the connecting interfaces, data links, tunnels, and forwarding planes of devices not directly connected to the routers in a layer 2 network. BFD is capable of working on multiple media types. BFD uses UDP packets to exchange control information with peers on port 49152 as the source port and destination port of 3784.

BFD's primary goal is to detect loss of connectivity between two devices quickly and efficiently. BFD notifies client protocols of the link failure. BFD client protocols include OSPF, IS-IS RSVP, EIGRP, HSRP, BGP, static routes that have registered to receive BFD notifications. BFD provides faster and more consistent failure detection than the hello and keepalive timers of routing protocols. Failure detection in BFD can be in the millisecond range. Most routing protocol timers will detect a link failure at a minimum of one second after it has occurred. It is up to these client protocols to determine how to recover from the failure of the link between the two devices. The client protocols may try to find alternative paths for routes that were initially accessible through the failed device. The client protocols use the BFD-provided information independently. BFD runs to serve these client protocols. It is pointless to run BFD without client protocols.

Networks carrying realtime traffic such as video and voice need speedy network convergence. Link failure detection time usually delays convergence of networks. Traditional link failure detection relies on:

• Hello message timeouts of routing protocols.
• Transmission technology capability to detect failure.

BFD runs independent of routing protocol hello messages and notifies the client protocols of link failure by sending rapid failure detection notices to routing protocols and reducing convergence time through routing table recalculation. BFD can be used in place of routing protocol timers and can act as a single method of liveliness detection between nodes irrespective of media type.

On distributed platforms, BFD packets can be processed on interface modules of the line card hence it is not CPU intensive. In most cases, routing protocol hello packets are processed by the control plane (CPU).

BFD also provides failure detection on virtual circuits such as MPLS LSP, Ethernet virtual circuits tunnels.

By default, BFD topology is primarily point-to-point running on a link between two devices.

BFD can be implemented in multiple ways:

1. Single-hop BFD: BFD for IPv4 and IPv6
2. Generic Application of BFD
3. BFD for MPLS (LSPs)
4. Multihop BFD for peers that are several hops away from each other

Benefits of BFD

The closest alternative to using BFD for failure detection is the hello packet of routing protocols EIGRP, OSPF, IS-IS and BGP keepalive messages. If configured to their minimum supported values, these routing protocol timers usually detect failures of peers or their links within one second of the failure. With OSPF though, configuration of sub-second values is possible using the interface command ip ospf dead-interval minimal hello-multiplier <multiplier> where multiplier is the number of hello packets sent per second;

BFD does have some advantages over the aforementioned failure detection techniques:

• BFD is protocol independent and can therefore act as a generic failure detection mechanism for various routing protocols.
• Parts of BFD failure mechanisms can be configured to operate at the data-plane reducing or eliminating CPU involvement in failure detection. This can be contrasted with failure detection methods of routing protocols that largely operate at the control plane.
• BFD is able to detect failures in the sub-second range compared to most routing protocol failure detection which is usually at a minimum of one second.

Prerequisites for BFD

• Cisco Express Forwarding (CEF) needs to be enabled.
• The client routing protocol should be configured on the router before BFD is deployed.

Restrictions of BFD

• When BFD is enabled on an interface, an access control list (ACL) with the "log" opton is not supported on that interface.
• BFD is not supported in IPSec.

BFD Modes

BFD operates in one of two modes: asynchronous or demand mode. BFD also offers an echo function which works with both modes. Most vendors support asynchronous mode operating with or without echo function enabled.

Asynchronous Mode

BFD control packets are exchanged by neighboring systems at pre-agreed time intervals which is usually in milliseconds. If a specified number of sequential packets are not received from the BFD peer, BFD declares the session to be down and notifies any registered protocol of this failure. Asynchronous mode is supported by Cisco IOS.

Demand Mode

Once the BFD session is established, the participating systems can request that the BFD packets not be sent, then request an exchange of packets only when needed to verify connectivity. Though this mode is defined in the RFC 5880, few network equipment vendors support BFD demand mode.

How BFD Works

Once a BFD session is established with a neighbor, BFD exchanges control packets to verify connectivity and inform the requesting protocol(s) of link failure if a specified number of successive packets are not received. The requesting protocol is then responsible for responding to the link-failure. Routing protocols using BFD for failure detection continue to operate normally when BFD is enabled, including the exchange of their respective hello packets.

A BFD session is a three-way handshake and tear-down process:

1. Routing protocol discovers neighbor and registers neighbor as a client with BFD.
2. BFD control packets act as keepalive to maintain the neighbor session.
3. Failure of the BFD session triggers a notification to the registered routing protocol client which in term tears down the routing protocol neighbor session. If an alternative path exists the routing protocol immediately converges.

BFD Packets

BFD utilises control packets to exchange control information as well as detect the liveliness of the BFD peer.

BFD Control Packet Format

Field	Description
Diagnostic Code (Diag) and Session State:	State in which the BFD session is in and reason i.e. Up/Down/Init.
Discriminators:	demultiplexers
Detect Time Multiplier	Used to calculate detection times for peers. The detection time is the product of the Detect Time Multiplier and Min RX Interval that is used to question a peer's liveliness if a control packet is not received within this product in milliseconds.
Desired Min TX Interval (msecs):	Desired interval to transmit control packets. i.e. how fast the peer desires to send control packets.
Required Min RX Interval (msecs):	Minimum receive interval peer can handle. i.e. rate that the peer can receive packets.
Required Min Echo Interval	Interval within which echo packets are received to indicate liveliness of a peer (if the echo function is enabled).

The following output shows a Wireshark packet capture of a BFD control packet. From this packet capture, it can be determined that the transmit interval is configured to 1000ms, the receive interval to 1000ms, minimum echo interval to 50ms and the multiplier to 3 (x3 the value of the transmit interval).

BFD Control message
    001. .... = Protocol Version: 1
    ...0 0000 = Diagnostic Code: No Diagnostic (0x00)
    01.. .... = Session State: Down (0x1)
    Message Flags: 0x40
        0... .. = Poll: Not set
        .0.. .. = Final: Not set
        ..0. .. = Control Plane Independent: Not set
        ...0 .. = Authentication Present: Not set
        .... 0. = Demand: Not set
        .... .0 = Multipoint: Not set
    Detect Time Multiplier: 3 (= 3000 ms Detection time)
    Message Length: 24 bytes
    My Discriminator: 0x00000002
    Your Discriminator: 0x00000000
    Desired Min TX Interval: 1000 ms (1000000 us)
    Required Min RX Interval: 1000 ms (1000000 us)
    Required Min Echo Interval: 50 ms (50000 us)


Timer Negotiation and Detection Times

When making decisions on detection timers, BFD sends packets as fast as their local peers allow but no faster. A BFD device notes the Required Min RX Interval value received from a peer's BFD control packet (how fast a peer can receive BFD packets) and compares it to its configured Desired Min TX Interval (how fast it can send BFD control packets). The operational transmit interval is then set to whichever of the two values is higher.

When calculating the detection timer values, the local detection is equal to the product of the peer's Detect Time Multiplier and the peer's Tx value. The TX timer and the detection times can be different for each peer.

Given three scenarios where R1 forms a BFD session with peer R2, R3 forms a BFD session with R4 and R5 forms a BFD session with R6, the operational transmit interval and detection time are calculated as shown in the following table:

Device	TX Interval	Min_Rx	Operational TX	Multiplier	Detection Time
R1	50ms	50ms	50ms	3	3 ×50ms = 150ms
R2	50ms	50ms	50ms	3	3 ×50ms = 150ms
R3	50ms	150ms	150ms	5	10 ×150ms = 1500ms
R4	50ms	150ms	150ms	10	5 × 150ms = 750ms
R5	50ms	200ms	150ms	5	10 ×500ms = 5000ms or 5s
R6	500ms	150ms	500ms	10	5 × 150ms = 750ms

The first device to detect that the peer is unreachable will set a flag in the control packet notifying the peer that it is unreachable. The local BFD instance will notify the client routing protocols in each of the peers resulting in both tearing down the routing protocol neighborship.

Echo Function

When the echo function is activated, echo packets are looped back through the layer 3 forwarding path to the BFD peer without involving the CPU. Link failure is detected by an interruption in the stream of echoed packets. Echo function makes it possible for link failure detection using BFD to be handled at the data plane level and not involve the CPU.

The minimum reception rate for BFD control packets from the neighbor is also changed automatically when the echo function is operational, because liveness detection is supplied by the echo packets.

While BFD control messages are transmitted to UDP port 3784, BFD echo messages use UDP port 3785 for both source and destination ports of the BFD echo packet.

BFD started out based on a polling ("asynchronous") approach using control packets. One router polls the other and gets a quick response back. The challenge with this is delay in waking up the BFD process to send a reply, culminating in variable jitter in the response. If the peer is slow in responding BFD triggers a link failure notification, which is not ideal. It is possible to configure both peers to send BFD echo packets or one peer to send the BFD echo packet. The latter approach is referred to as BFD asymmetry.

The Echo function is an additional feature that can be enabled in any of the BFD operational modes i.e. asynchronous or demand modes. The BFD echo function enhances BFD in one very specific way; it allows the devices running BFD to test the actual forwarding path taken by data packets. This is a capability that the control packets are not able to carry out. In some IOS distributions, the Echo function is enabled by default.

Echo Packets

The Echo function uses echo packets using interesting values for the IP source and destination addresses. The destination IP address is set to the IP address of the sender. In other words, the destination IP address is the same as the source IP address of the sender. For Layer 2 addressing, the destination address is the MAC address of the BFD peer.

After the BFD peer receives an echo packet and determines that the destination IP address is different from any of its IP addresses, it consults the RIB/FIB to determine how to forward the packet and sends it to the sender. In this way it uses the data forwarding path of network traffic.

Echo Function in BFD Asynchronous Mode

Peers need to exchange BFD information such as intervals, State, Diag etc. Echo packets do not carry usable data and are technically processed by the sender. Control packets are still exchanged but the frequency is substantially decreased. In BFD asynchronous mode without the echo function, the control packets play the dual-role of exchanging BFD session information and detecting link failure. In BFD asynchronous mode with echo function, the echo function uses control packets to exchange BFD information as usual. However, the control packets are sent less frequently; more frequently sent are echo packets which take the primary role of detecting link failure.

Echo Function Activation

BFD peers use the control packet to signal activation of the echo function. The control packet field Required Min Echo Interval is used to signal echo function activation to a BFD peer. If the echo function is activated, the Required Min Echo Interval field contains a value in milliseconds. It is used to communicate to the BFD peer the minimum rate of the sender receiving echo packets. Conceptually, it is similar to the Required Min RX Interval of the Echo packet. The frequency of Echo packet are therefore partially dictated by the neighbors. Echo packets can not be sent more frequently than the Required Min RX Interval values of the BFD peer. If the echo function is not activated, the control packets from the peer will contain zero values for the Required Min Echo Interval field.

Restrictions to Using the Echo Function

1. Disable ICMP redirects on any interface where the BFD echo function will be used using the command no ip icmp redirects. With ICMP redirect active on an interface, the interface will notice that the echo packets are looped back. It will then generate an ICMP redirect message for each echo packet. Disabling ICMP redirect messages helps in avoiding high CPU uilization.
2. Any uRPF checks will need to be disabled on the interface or an exception should be made for echo packets on the interface. Based on the way echo packets are transmitted and looped back, they fail uRPF checks; depending on how strict the uRPF checks have been configured. If BFD echo mode and uRPF are configured on the same interface, BFD sessions will flap.

BFD Slow Timer

BFD can use the slow timer to slow down the transmission rate of BFD control packets when the echo function is enabled. This reduces the number of BFD control packets that are sent between two BFD neighbors. With echo function enabled, control packets are not used for failure detection hence may not be desirable to be exchanged frequently. This, in turn, further lightens the CPU load.

To configure BFD slow timer use the global configuration mode command bfd slow-timer <milliseconds>:

R6#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
R6(config)#bfd slow-timers 12000
R6(config)#

BFD Configuration

Configuration of BFD is a two step process:

Step 1: Enable BFD on interface through which the peer is reachable using the interface configuration command: bfd interval <tx-interval> min_rx < min_rex> multiplier <multiplier>. The rate of exchanging hello control packets (similar to hello-timer) can be set in the range 50 - 9999 milliseconds. min_rx: minimum interval supported for receiving BFD control packets from a neighbor. multiplier: used to compute the hold-down time. If multiplier is 3 and hello interval 50 then holddown timer is 150 ms.

R6(config)#interface gigabitethernet0/0
R6(config-if)#bfd interval 100 min_rx 50 multiplier 3


Step 2: Configure the routing protocol to use BFD for failure detection. Interested clients include static routing, EIGRP, OSPF, BGP, FHRP(HSRP, VRRP, GLBP), MPLS LSP, etc registers with BFD and is notified as soon as BFD detects a neighbor loss.

BFD for BGP

BFD must be running on all participating BGP devices.

R6(config)#router bgp 65531
R6(config-router)#neighbor 1.1.1.1 remote-as 65532
R6(config-router)#neighbor 1.1.1.1 fall-over bfd ?
  multi-hop   Force BFD multi-hop to detect failure
  single-hop  Force BFD single-hop to detect failure
<cr>

BFD in BGP supports two session types: multi-hop and single-hop. This is because BGP supports BGP peers that can be directly connected or several hops away. This BFD session type will depend on the BGP session type of the neighbor being configured; if the neighbor is several hops away, configure the BFD multi-hop type.

BFD in EIGRP

In EIGRP named mode, BFD is configured under the af-interface mode:

R6(config)#router eigrp EIGRP_NAMED
R6(config-router)#address-family ipv4 autonomous-system 1
R6(config-router-af)#af-interface gigabitethernet0/0
R6(config-router-af-interface)#bfd
R6(config-router-af-interface)#

If BFD is configured under af-interface default, all interfaces with EIGRP peers will be registered to receive BFD notifications. However, remember that BFD has to first be configured on the interface otherwise the following error messaage will be generated:

R6(config)#router eigrp EIGRP_NAMED
R6(config-router)#address-family ipv4 autonomous-system 1
R6(config-router-af)#af-interface gigabitethernet0/0
R6(config-router-af-interface)#bfd
%EIGRP: BFD interval is not configured on interface GigabitEthernet0/0 required for BFD operation.
R6(config-router-af-interface)#

In EIGRP classic mode, EIGRP can be configured to receive BFD notifications on link failure on a single interface as below:

R6(config)#router eigrp 2
R6(config-router)#bfd interface gigabitethernet 0/0

In EIGRP classic mode, EIGRP can be configured to receive BFD notifications on all EIGRP-enabled interfaces as below:

R6(config)#router eigrp 2
R6(config-router)#bfd all-interfaces

NOTE: Configuration of EIGRP to receive notifications from all EIGRP enabled interfaces as demonstrated above does not issue a log message if BFD has not been enabled on the interface using the interface-mode BFD configuration commands.

BFD in OSPF

BFD is configured in OSPF for all interfaces with the router ospf mode command bfd all-interfaces. The command does not provide the additional flexibility of EIGRP of installing on select interfaces or all interfaces at once. To enable BFD on an interface, issue the following interface configuration command: ip ospf bfd

Under an interface, to disable BFD for a specific interface in interface mode issue the command: ip ospf bfd disable.

BFD in Static Routing

BFD is able to detect failures in the forwarding path of static routes. To configure BFD in static routing:

R6(config)#interface g1/0
R2(config-if)#bfd interval 250 min_rx 150 multiplier 3
R2(config-if)#exit
R6(config)#ip route static bfd gigabitethernet1/0 10.0.26.1


Verification

BFD operation can be verified using the command show bfd neighbors (detail)

BFD Troubleshooting

Troubleshooting of BFD may be required when BFD is not functioning effectively:

• BFD session down: Verify BFD configuration on both routers.
• BFD session is flapping: check if uRPF has been configured on the interface.

The following commands are important in troubleshooting BFD:

Command	Description
show bfd neighbor detail	Displays the BFD adjacency database. The details keyword shows all BFD protocol parameters and timers per neighbor.
debug bfd event	Displays debugging information about BFD control packets or events such as BFD state transitions.

Recommendations on Deployment of BFD

• The use of BFD echo function is encouraged.
• BFD may not be necessary if devices are directly connected on point to point link without any other device such as a switch in-between. BFD is ideal if two routers are connected to each other with a switch interconnecting the two devices.
• Remember to configure the slower timer command, when you enable BFD echo function.

Understanding Administrative Distance

Administrative Distance (AD) is a ranking of believability or trustworthiness of a routing information source. A router uses the routing information base (RIB) also, known as routing table, to determine the path to route traffic to destination networks. Routing information sources inform the router about paths to various networks. These routing information sources include: static routes, connected routes, routing protocols such as RIP, OSPF, BGP, EIGRP. Administrative distance is the first criterion that a router uses when making a path selection decision if two or more routing information sources provide route information for the same destination. It is important to note that before considering the AD in path selection criteria, a router always selects the most specific path to forward traffic regardless of the routing information source.

If a router learns about the path to a prefix from more than one source such as: OSPF, EIGRP, BGP, static routes, routers use AD assigned to each of those sources to to rank the routes and decide which routes should be installed into the routing table and therefore used for routing traffic. The AD is a value that ranges from 0 to 255. The lower the AD of a route source, the more believable its routing information and more likely that its offered routes will be installed into the routing table. Routes with an AD of 255 are not installed in the routing table as they are considered unbelievable. The router will install into the routing table the route from the source with the lowest AD. Each path installed in the routing table has an Administrative Distance. The AD of a route in the RIB indicates that the route was installed from a given source.

In many networks, only one routing protocol is operational. Some scenarios exist where two or more dynamic routing protocols are operational in a network simultaneously such as during a routing protocol migration where one routing protocol is being replaced by another. This results in routing devices in the network receiving routing information from various sources.

AD is a locally significant value. A router does not advertise the AD of its sources to its peers.

Default Administrative Distance

Cisco IOS assigns different ADs to all supported routing information sources. The default AD of the various routing information sources is shown in the following table:

The default administrative distances of different information sources

Route Source	Default Administrative Distance
Connected interface	0
Static route	1
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route	5
External Border Gateway Protocol (eBGP)	20
Internal EIGRP	90
IGRP	100
OSPF	110
Intermediate System-to-Intermediate System (IS-IS)	115
Routing Information Protocol (RIP)	120
Exterior Gateway Protocol (EGP)	140
On Demand Routing (ODR)	160
External EIGRP	170
Internal BGP (iBGP)	200
Unknown*	255

* A route with an administrative distance of 255 will not be installed in the routing table.

The default AD can be modified to implement traffic shaping where traffic follows specific routes according to the design of the network.

Note: AD is used in path selection only if the destination prefix is the same for routes from various routing information sources. In situations where the subnet mask is different, the routing information source with the more specific path will always be used regardless of the AD.

Floating Static Route

A floating static route is a static route whose administrative distance is greater than one (1). Usually, the AD of a floating static is higher than the administrative distance of a similar route that is currently installed in the RIB. The source of the route in the RIB could be a routing protocol such as RIP, EIGRP or another static route. By default, static routes have an administrative distance of 1. In the case of a floating static route, its administrative distance is configured to be higher than the AD of the source of the route to the same destination network in the RIB. This results in the floating static route acting as a backup route to the already existing route in the RIB. The floating static route is not installed in the routing table because its AD is higher than the AD of the current route. It only gets installed in the routing table only when the current route is not present in the routing table.

To configure a floating static route, use the global configuration mode command: ip route <network-address> <subnet-mask> <next-hop-ip> <1-255> where <network-address> is the destination network and <1-255> is the desired AD of the floating static route.

The following topology is used in the configuration of floating static routes.

Given the following EIGRP sourced route in the routing table with an AD of 90:

R2#show ip route 192.168.118.0
Routing entry for 192.168.118.0/24
  Known via "eigrp 1", distance 90, metric 2816, type internal
  Redistributing via eigrp 1
  Last update from 192.168.12.1 on GigabitEthernet0/0, 01:35:10 ago
  Routing Descriptor Blocks:
  * 192.168.12.1, from 192.168.12.1, 01:35:10 ago, via GigabitEthernet0/0
      Route metric is 2816, traffic share count is 1
      Total delay is 12 microseconds, minimum bandwidth is 1000000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
R2#

To configure a floating static route to the destination network 192.168.118.0/24:

R2(config)#ip route 192.168.118.0 255.255.255.0 192.168.24.2 91

After configuring the following floating static route with an AD of 91, it will be installed in the routing table only if the EIGRP route fails, is removed from the routing table and no alternative EIGRP path to the destination network 192.168.118.0/24 is found with a lower administrative distance. This can be confirmed by viewing the status of static routes using the command: show ip static route

R2#show ip static route
Codes: M - Manual static, A - AAA download, N - IP NAT, D - DHCP,
       G - GPRS, V - Crypto VPN, C - CASA, P - Channel interface processor,
       B - BootP, S - Service selection gateway
       DN - Default Network, T - Tracking object
       L - TL1, E - OER, I - iEdge
       D1 - Dot1x Vlan Network, K - MWAM Route
       PP - PPP default route, MR - MRIPv6, SS - SSLVPN
       H - IPe Host, ID - IPe Domain Broadcast
       U - User GPRS, TE - MPLS Traffic-eng, LI - LIIN
       IR - ICMP Redirect
Codes in []: A - active, N - non-active, B - BFD-tracked, D - Not Tracked, P - permanent

Static local RIB for default

M  192.168.118.0/24 [91/0] via 192.168.24.2 [N]
R2#


The floating static route is displayed as being non-active with the code N

If an interface fails, say gigabitherethernet0/0 on device R2, then the floating static route is added to the routing table. This can be observed from the output of the debug ip routing

.....

*Feb 20 23:24:57.431: RT: add 192.168.115.0/24 via 192.168.24.2, eigrp metric [170/5376]
*Feb 20 23:24:57.431: RT: delete route to 192.168.118.0 via 192.168.12.1, eigrp metric [90/2816]
*Feb 20 23:24:57.431: RT: no routes to 192.168.118.0, delayed flush
*Feb 20 23:24:57.431: RT: delete network route to 192.168.118.0/24
*Feb 20 23:24:57.431: RT: updating eigrp 192.168.118.0/24 (0x0):
    via 192.168.24.2 Gi1/0 1048578

*Feb 20 23:24:57.431: RT: add 192.168.118.0/24 via 192.168.24.2, eigrp metric [170/5376]
R2(config-if)#
*Feb 20 23:24:57.431: RT: delete route to 192.168.112.0 via 192.168.12.1, eigrp metric [90/2816]
*Feb 20 23:24:57.431: RT: no routes to 192.168.112.0, delayed flush
*Feb 20 23:24:57.431: RT: delete network route to 192.168.112.0/24
*Feb 20 23:24:57.431: RT: updating eigrp 192.168.112.0/24 (0x0):
    via 192.168.24.2 Gi1/0 1048578

*Feb 20 23:24:57.431: RT: add 192.168.112.0/24 via 192.168.24.2, eigrp metric [170/5376]
*Feb 20 23:24:57.431: RT: delete route to 192.168.111.0 via 192.168.12.1, eigrp metric [90/2816]
*Feb 20 23:24:57.431: RT: no routes to 192.168.111.0, delayed flush
*Feb 20 23:24:57.431: RT: delete network route to 192.168.111.0/24
*Feb 20 23:24:57.431: RT: updating eigrp 192.168.111.0/24 (0x0):
    via 192.168.24.2 Gi1/0 1048578

*Feb 20 23:24:57.435: RT: add 192.168.111.0/24 via 192.168.24.2, eigrp metric [170/5376]
*Feb 20 23:24:57.435: RT: updating eigrp 192.168.118.0/24 (0x0):
    via 192.168.24.2 Gi1/0 1048578

*Feb 20 23:24:57.443: RT: updating static 192.168.118.0/24 (0x0):
    via 192.168.24.2 1048578

*Feb 20 23:24:57.447: RT: closer admin distance for 192.168.118.0, flushing 1 routes
*Feb 20 23:24:57.447: RT: add 192.168.118.0/24 via 192.168.24.2, static metric [91/0]
*Feb 20 23:24:57.519: RT: updating eigrp 192.168.118.0/24 (0x0):
    via 192.168.24.2 Gi1/0 1048578

*Feb 20 23:24:57.523: RT: rib update return code: 17
*Feb 20 23:24:59.115: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Feb 20 23:24:59.119: is-up: GigabitEthernet0/0 0 state: 6 sub state: 1 line: 1
*Feb 20 23:25:00.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Feb 20 23:25:00.123: is-up: GigabitEthernet0/0 0 state: 6 sub state: 1 line: 1
R2(config-if)#
.....

From the output of the command debug ip route, initially, the alternate external EIGRP route with an administrative distance of 170 is installed for the lost path to the destination network 192.168.118.0/24. However, this path is deleted and replaced with the path from the floating static route because of its lower administrative distance of 91. The floating static route can be confirmed to have been installed in the routing table using the commands: show ip static route and show ip route 192.168.118.0 as shown below:

R2#show ip static route
Codes: M - Manual static, A - AAA download, N - IP NAT, D - DHCP,
       G - GPRS, V - Crypto VPN, C - CASA, P - Channel interface processor,
       B - BootP, S - Service selection gateway
       DN - Default Network, T - Tracking object
       L - TL1, E - OER, I - iEdge
       D1 - Dot1x Vlan Network, K - MWAM Route
       PP - PPP default route, MR - MRIPv6, SS - SSLVPN
       H - IPe Host, ID - IPe Domain Broadcast
       U - User GPRS, TE - MPLS Traffic-eng, LI - LIIN
       IR - ICMP Redirect
Codes in []: A - active, N - non-active, B - BFD-tracked, D - Not Tracked, P - permanent

Static local RIB for default

M  192.168.118.0/24 [91/0] via 192.168.24.2 [A]

R2#show ip route 192.168.118.0
Routing entry for 192.168.118.0/24
  Known via "static", distance 91, metric 0
  Routing Descriptor Blocks:
  * 192.168.24.2
      Route metric is 0, traffic share count is 1


Modification of Administrative Distance

Modification of the administrative distance of a routing protocol is usually not recommended when optimizing network traffic flows. Scenarios, however, exist that require the modification of the default AD of one routing source resulting in the paths advertised by that routing source being installed in the routing table such as complex redistribution particularly in large networks.

Usually modification of the AD of a routing information source results in the instantaneous ranking of the paths from the different sources. However, this depends of the speed of convergence of the routing information sources. With IGPs this takes place almost instantly. However, BGP is slow to converge and therefore if the AD of BGP is the lowest, the BGP learned route will take a while before it is installed into the RIB.

BGP

By default, iBGP has an AD of 200 and eBGP has an AD of 20.

In many networks running BGP, an IGP is usually configured to support routing in the internal network. BGP is usually used to share prefixes between external networks. The low AD of eBGP reflects this preference for eBGP routes to be preferred to IGP routes for external prefixes and IGP paths to be preferred for internal prefixes.

AD of eBGP and iBGP Routes

The AD of iBGP routes can be modified using the BGP address-family command: distance <ebgp-distance> <ibgp-distance>. In the following configuration, the eBGP AD is set to 15 and iBGP AD is set to 121.

R1(config)#router bgp 65000
R1(config-router)#address-family ipv4 unicast
R1(config-router-af)#distance ?
   <1-255> Administrative distance
  bgp      BGP distance
  mbgp     MBGP distance
R1(config-router-af)#distance bgp 15 121

AD of Specific BGP Routes

The AD of specific BGP routes can be modified using the command: distance <1-255> <network-address> <wildcard-mask>. In the following configuration, the AD for the route 192.168.1.0 with a subnet mask of 255.255.255.0 is set to 89.

R1(config)#router bgp 65000
R1(config-router)#address-family ipv4 unicast
R1(config-router-af)#distance 89 192.168.1.0 0.0.0.255

NOTE: After modifying the AD of BGP, take note that BGP is a little slow to converge so the configurations will take a while to take effect.

EIGRP

By default, the Administrative Distance for EIGRP internal routes is 90, external routes (routes redistributed into EIGRP) is 170 and EIGRP summary routes is 5. The default administrative distance in EIGRP can be modified for routes that are internal, external or per route. If the AD of a route is modified, EIGRP's Diffusing Update ALgorith (DUAL) is run due to the route configuration.

Modifying the AD of Internal and External Routes

The EIGRP default administrative distance for internal and external routes can be modified using the distance <internal> <external> command:

For EIGRP classic mode, the AD for internal routes is modified to 70 and external routes to 105.

R4(config)#router eigrp 1
R4(config-router)#distance eigrp 70 105

For EIGRP named mode, the AD modifications are implemented under address-family topology configuration mode:

R1(config)#router eigrp EIGRP-NAMED
R1(config-router)#address-family ipv4 unicast autonomous-system 1
R1(config-router-af)#topology base
R1(config-router-af-topology)#distance eigrp 70 105

Modifying AD for Individual Routes

The AD for individual routes can be modified using the command: distance <1-255> <network-address> <wildcard-mask>

R1(config)#router eigrp EIGRP-NAMED
R1(config-router)#address-family ipv4 unicast autonomous-system 1
R1(config-router-af)#topology base
R1(config-router-af-topology)#distance 60 192.168.12.0 0.0.0.3

Floating Summary Route

A floating summary route is created by configuring a default route and an administrative distance at the interface level or address family interface level. It is configured using the classical EIGRP interface command ip summary-address eigrp or EIGRP named mode af-interface command summary-address.

The configuration of a default summary route on an upstream router blocks the advertisement of more specific routes to downstream routers by intermediate routers. This problem can be resolved by configration of a floating summary route. On the upstream router that advertised the default summary route, an AD greater than the default EIGRP AD is added to the floating summary route.

R4(config)#interface g1/0
R4(config-if)#ip summary-address eigrp 1 0.0.0.0 0.0.0.0 252

On some IOS versions, adding the AD to a ip summary-address eigrp command is deprecated. The EIGRP router-mode command summary-metric is instead used:

R4(config)#interface g1/0
R4(config-if)#ip summary-address eigrp 1 0.0.0.0 0.0.0.0 252
%EIGRP: summary-address accepted but distance option deprecated; use summary-metric command for distance.
R4(config-if)#router eigrp 1
R4(config-router)#summary-metric 0.0.0.0 0.0.0.0 distance 252

OSPF

Given a routing table, EIGRP topology table and OSPF database table below, the modification of the OSPF AD affects what routes get populated in the RIB.

R1#show ip route | ex Connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set
      
      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.12.0/30 is directly connected, GigabitEthernet0/0
L        192.168.12.1/32 is directly connected, GigabitEthernet0/0
      192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.13.0/30 is directly connected, GigabitEthernet1/0
L        192.168.13.1/32 is directly connected, GigabitEthernet1/0
      192.168.24.0/30 is subnetted, 1 subnets
D        192.168.24.0
           [90/15360] via 192.168.12.2, 01:09:44, GigabitEthernet0/0
      192.168.34.0/30 is subnetted, 1 subnets
D        192.168.34.0
           [90/20480] via 192.168.12.2, 01:09:44, GigabitEthernet0/0
D     192.168.41.0/24
           [90/2575360] via 192.168.12.2, 00:14:37, GigabitEthernet0/0
D     192.168.42.0/24
           [90/2575360] via 192.168.12.2, 00:14:23, GigabitEthernet0/0
D     192.168.43.0/24
           [90/2575360] via 192.168.12.2, 00:14:08, GigabitEthernet0/0
D     192.168.44.0/24
           [90/2575360] via 192.168.12.2, 00:13:58, GigabitEthernet0/0
      192.168.45.0/30 is subnetted, 1 subnets
D        192.168.45.0
           [90/20480] via 192.168.12.2, 01:09:44, GigabitEthernet0/0
O IA  192.168.46.0/24 [110/3] via 192.168.13.2, 00:00:46, GigabitEthernet1/0
O IA  192.168.47.0/24 [110/3] via 192.168.13.2, 00:00:56, GigabitEthernet1/0
O IA  192.168.48.0/24 [110/3] via 192.168.13.2, 00:00:56, GigabitEthernet1/0
O IA  192.168.49.0/24 [110/3] via 192.168.13.2, 00:01:35, GigabitEthernet1/0

R1#show ip eigrp topology
EIGRP-IPv4 VR(EIGRP-NAMED) Topology Table for AS(1)/ID(192.168.13.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
        r - reply Status, s - sia Status

P 192.168.24.0/30, 1 successors, FD is 1966080
        via 192.168.12.2 (1966080/1310720), GigabitEthernet0/0
P 192.168.34.0/30, 1 successors, FD is 2621440
        via 192.168.12.2 (2621440/1966080), GigabitEthernet0/0
P 192.168.12.0/30, 1 successors, FD is 1310720
        via Connected, GigabitEthernet0/0
P 192.168.45.0/30, 1 successors, FD is 2621440
        via 192.168.12.2 (2621440/1966080), GigabitEthernet0/0
P 192.168.13.0/30, 1 successors, FD is 1310720
        via Connected, GigabitEthernet1/0
P 192.168.41.0/24, 1 successors, FD is 329646080
        via 192.168.12.2 (329646080/328990720), GigabitEthernet0/0
P 192.168.42.0/24, 1 successors, FD is 329646080
        via 192.168.12.2 (329646080/328990720), GigabitEthernet0/0
P 192.168.44.0/24, 1 successors, FD is 329646080
        via 192.168.12.2 (329646080/328990720), GigabitEthernet0/0
P 192.168.43.0/24, 1 successors, FD is 329646080
        via 192.168.12.2 (329646080/328990720), GigabitEthernet0/0

R1#show ip ospf database

            OSPF Router with ID (192.168.13.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age        Seq#       Checksum Link count
192.168.13.1    192.168.13.1    313        0x80000004 0x00E0EC 2
192.168.34.1    192.168.34.1    2347       0x80000004 0x0045B6 2
192.168.45.1    192.168.45.1    194        0x8000000B 0x002C78 6

                Net Link States (Area 0)

Link ID         ADV Router      Age        Seq#       Checksum
192.168.13.2    192.168.34.1    2347       0x80000002 0x00E44E
192.168.34.2    192.168.45.1    314        0x80000003 0x0023CE

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.46.0    192.168.45.1    230         0x80000001 0x009775
192.168.47.0    192.168.45.1    240         0x80000001 0x008C7F
192.168.48.0    192.168.45.1    240         0x80000001 0x008189
192.168.49.0    192.168.45.1    278         0x80000001 0x007693
R1#
R1#show ip ospf database router 192.168.45.1

            OSPF Router with ID (192.168.13.1) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 231
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 192.168.45.1
  Advertising Router: 192.168.45.1
  LS Seq Number: 8000000B
  Checksum: 0x2C78
  Length: 96
  Area Border Router
  Number of Links: 6
  
    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.41.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
    
    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.42.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
    
    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.43.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
    
    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.44.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
    
    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.45.0
     (Link Data) Network Mask: 255.255.255.252
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
    
    Link connected to: a Transit Network
     (Link ID) Designated Router address: 192.168.34.2
     (Link Data) Router Interface address: 192.168.34.2
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
  


OSPF has a default AD of 110 for all OSPF routes: intra-area, inter-area and external (routes redistributed into OSPF). OSPF offers a variety of options for modifying the default administrative distance. The AD of OSPF can be modified for intra-area, inter-area and external routes. Additionally, the AD can be modified for a single route, group of routes, or all routes.

Intra-Area Routes

The OSPF AD of only intra-area routes can be modified using the OSPF router mode command distance ospf intra-area <1-255>:

R1(config)#router ospf 1
R1(config-router)#distance ospf intra-area 89

The routing table installs the OSPF intra-area routes instead of the EIGRP sourced routes because OSPF intra-area routes have an AD of 89 which is lower than the EIGRP AD of 90. Notice that the inter-area routes still have their AD at the default of 110.

Inter-area Routes

The AD of only OSPF inter-area routes can be modified using the OSPF router mode command: distance ospf inter-area <1-255> where distance is the desired AD.

R1(config)#router ospf 1
R1(config-router)#distance ospf inter-area 50

External Routes

The AD of routes redistributed into OSPF (external) can be modified using the router OSPF mode command distance ospf external 150.

R1(config)#router ospf 1
R1(config-router)#distance ospf external 150

The following output shows the effect of the previous modifications of the OSPF AD for intra-area, inter-area and external routes:

R1(config-router)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.5.0/29 is subnetted, 1 subnets
O E2     192.168.5.8 [150/20] via 192.168.13.2, 00:00:10, GigabitEthernet1/0
      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.12.0/30 is directly connected, GigabitEthernet0/0
L        192.168.12.1/32 is directly connected, GigabitEthernet0/0
      192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.13.0/30 is directly connected, GigabitEthernet1/0
L        192.168.13.1/32 is directly connected, GigabitEthernet1/0
      192.168.24.0/30 is subnetted, 1 subnets
D        192.168.24.0
           [90/15360] via 192.168.12.2, 02:13:45, GigabitEthernet0/0
      192.168.34.0/30 is subnetted, 1 subnets
O        192.168.34.0 [89/2] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O     192.168.41.0/24 [89/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O     192.168.42.0/24 [89/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O     192.168.43.0/24 [89/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O     192.168.44.0/24 [89/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
      192.168.45.0/30 is subnetted, 1 subnets
O        192.168.45.0 [89/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O IA  192.168.46.0/24 [50/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O IA  192.168.47.0/24 [50/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O IA  192.168.48.0/24 [50/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
O IA  192.168.49.0/24 [50/3] via 192.168.13.2, 00:06:05, GigabitEthernet1/0
R1(config-router)#


OSPF Changing AD of Specific Route

OSPF provides the capability for the AD of a specific route to be modified using the OSPF router mode command: distance <1-255> <network-adress> <wildcard>

R1(config)#router ospf 1
R1(config-router)#distance 21 192.168.44.0 0.0.0.255

OSPF AD for All Routes

To modify the AD for all OSPF routes, use the OSPF route mode command: distance <1-255>