Manipulation of Administrative Distance

For a variety of reasons you may want to keep routes that have been learned by a routing protocol from reaching the forwarding table or for a less “believable” protocol to take precedence over a more “believable” protocol. In this post we’ll explore some of those options. We do this to the end that knowing about these options gives you the flexibility to use them, in addition to being aware that someone else may have used them and that is why routes that you are expecting to see in the routing table are not there.

While you may know that administrative distance is there and know what it is for, you should also be aware that it is very configurable. You may not have known, but…

You can change the administrative distance for an entire routing protocol.
You can change the administrative distance for a type of route within a routing protocol (OSPF: internal, E1, E2, ISIS: L1, L2).
You can change the administrative distance for a specific subnet.

Pretty neat, huh?

To change the AD for an entire routing protocol, the method depends on the protocol, but they are all really similar. No matter which routing protocol you’re using, the AD always gets changed under the routing process. In this example we’ll use OSPF.

First lets check out what OSPF’s contribution to the routing table looks like before we start noodling.

P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.1.2.0 [110/65] via 10.1.0.2, 00:01:39, Serial1/1
O       10.1.4.0 [110/2] via 10.1.1.3, 00:01:39, FastEthernet0/0
P1R1#

There we are, good old standard OSPF all around. We have an inter-area route and an intra-area route. Let’s make some adjustments.

P1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1R1(config)#router ospf 1
P1R1(config-router)#distance ?
  <1-255>  Administrative distance
  ospf     OSPF distance

P1R1(config-router)#distance 120
P1R1(config-router)#

That’s it. Now when we back out of the routing process and go to an exec prompt, we can see the fruits of our labor:

P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.1.2.0 [120/65] via 10.1.0.2, 00:00:01, Serial1/1
O       10.1.4.0 [120/2] via 10.1.1.3, 00:00:01, FastEthernet0/0
P1R1#

Notice that the OSPF routes have an administrative distance of 120; mission accomplished. Next let’s talk about just altering the administrative distance for just one route type.

P1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1R1(config)#router ospf 1
P1R1(config-router)#distance ospf ?
  external    External type 5 and type 7 routes
  inter-area  Inter-area routes
  intra-area  Intra-area routes

P1R1(config-router)#distance ospf intra-area 130
P1R1(config-router)#end
P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.1.2.0 [120/65] via 10.1.0.2, 00:00:05, Serial1/1
O       10.1.4.0 [130/2] via 10.1.1.3, 00:00:05, FastEthernet0/0

Now, for routes that are intra-area, that is, routes within our current area of area 1, we have an AD of 130 while every other route learned via OSPF should be still at 120 (from before).

We can remove the statements, and we’re back to scratch.

P1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1R1(config)#router ospf 1
P1R1(config-router)#no distance 120
P1R1(config-router)#no distance ospf intra-area 130
P1R1(config-router)#end
P1R1#sh ip
*Feb  4 19:13:56.863: %SYS-5-CONFIG_I: Configured from console by console
P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.1.2.0 [110/65] via 10.1.0.2, 00:01:39, Serial1/1
O       10.1.4.0 [110/2] via 10.1.1.3, 00:01:39, FastEthernet0/0

From here, let’s look at changing the AD for just a specific route. Maybe we want to leave everything intact with an AD of 110, but for a single subnet. In this example we’ll change 10.1.4.0 to an AD of 155. This is a bit more complicated than the other options because we are adding the extra step of creating an access-list to match our networks. Next, the syntax is a bit different than what we have been working with so far. We start off with “distance 155″ much like the first part of this exercise, but then we quantify the routing source before we reference our access list. This allows us the opportunity to be even more granular with our matching. While I won’t go too much further into this here, let’s just say that you could keep your normal AD set except for when you get the route from a certain router. Here I am going to say that 0.0.0.0 (any IP) and wildcard mask 255.255.255.255 (all “I don’t care” bits) so that any route source (any router) that sends us routes matching access-list 10 (10.1.4.0/24) matches and will set the AD to 155.

P1R1(config)#access-list 10 permit 10.1.4.0 0.0.0.255
P1R1(config)#router ospf 1
P1R1(config-router)#distance 155 0.0.0.0 255.255.255.255 10
P1R1(config-router)#end
P1R1#
*Feb  5 00:09:25.134: %SYS-5-CONFIG_I: Configured from console by console

With the configuration complete, we’re ready to check out how we did. Fingers crossed…

P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 4 subnets
O IA    10.1.2.0 [110/65] via 10.1.0.2, 00:02:30, Serial1/1
O       10.1.4.0 [155/2] via 10.1.1.3, 00:02:30, FastEthernet0/0
P1R1#

There you go!

For a final note on our Administrative distance portion I want to remind you that the higher the value of the administrative distance, the less believable it is considered by the router. Also, be aware that if you set an AD to 255, it will NEVER get into the routing table. Take a look…

P1R1(config)#router ospf 1
P1R1(config-router)#distance 255 0.0.0.0 255.255.255.255 10
P1R1(config-router)#end
*Feb  5 00:51:55.398: %SYS-5-CONFIG_I: Configured from console by console
P1R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 3 subnets
O IA    10.1.2.0 [110/65] via 10.1.0.2, 00:00:05, Serial1/1
P1R1#

Not there. But what’s this? It *IS* in the link-state database! Check it…

P1R1#sh ip ospf database

            OSPF Router with ID (10.1.1.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.1.1.1        10.1.1.1        1110        0x8000000D 0x00ED69 2
10.1.2.2        10.1.2.2        1018        0x8000000B 0x00CA8B 2

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.1.0        10.1.1.1        1110        0x8000000B 0x0076A2
10.1.2.0        10.1.2.2        1018        0x8000000B 0x005EB7
10.1.4.0        10.1.1.1        847         0x8000000B 0x005FB5

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.1.1.1        10.1.1.1        1110        0x8000000C 0x00BC36 1
10.200.200.13   10.200.200.13   863         0x8000000C 0x00B2E7 2

                Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.1.1        10.1.1.1        1110        0x8000000B 0x009AC5

                Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.0        10.1.1.1        1129        0x8000000B 0x00F9E0
10.1.2.0        10.1.1.1        1129        0x8000000B 0x00EDE9
P1R1#

There you have it. The AD of 255 killed the 10.1.4.0/24 route.

That pretty much wraps up this post. I hope you enjoyed our little adventure in manipulating administrative distances – I know that I’ll have a hard time sleeping tonight =). Please email if you have any questions or comments, or if you feel that something was not clearly explained or if you feel that something is in error.

Manipulation of Administrative Distance

Comments

Leave a Reply Cancel reply

More posts

Why EIGRP is the only IGP that does unequal-cost load balancing

My Goodbye to Mozilla

Are you on Facebook?

The Relationship Between LSA Types and Special Areas