cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2897
Views
0
Helpful
7
Replies

OSPF distance command

Iaroslav
Level 1
Level 1

Hi, I don't quite understand how 'distance <AD> <IP> <wildcard>' works specifically for OSPF. Here is the topology:

 

Topology.png

R1, R2, and R3 are running OSPF; R2, R3 and R4 are running RIP. R2 and R3 are performing redistribution in both directions.

The relevant configs are:

R2#sho run | s router|interface
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
interface FastEthernet0/1
 ip address 192.168.24.2 255.255.255.0
router ospf 1
 redistribute rip subnets
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.12.0 0.0.0.255 area 0
 distance ospf external 150
router rip
 version 2
 redistribute ospf 1 metric 1
 network 192.168.24.0
 no auto-summary
R3#sho run | s router|interface
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
 ip address 192.168.34.3 255.255.255.0
interface FastEthernet0/1
 ip address 192.168.13.3 255.255.255.0
router ospf 1
 redistribute rip subnets
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.13.0 0.0.0.255 area 0
 distance ospf external 150
router rip
 version 2
 redistribute ospf 1 metric 1
 network 192.168.34.0
 no auto-summary
R1#sho run | s router|interface
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
interface FastEthernet0/1
 ip address 192.168.13.1 255.255.255.0
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
 distance 140 3.3.3.3 0.0.0.0
R4#sho run | s router|interface
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
interface FastEthernet0/0
 ip address 192.168.34.4 255.255.255.0
interface FastEthernet0/1
 ip address 192.168.24.4 255.255.255.0
router rip
 version 2
 network 0.0.0.0
 no auto-summary

According to the command reference
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-a1.html#wp3839574706
one should be able to change AD for certain prefixes from the neighbors identified by RIDs. However, when I specify a certain AD for R3 (3.3.3.3) to make it more preferred for redistributed prefixes, I get ECMP on R1 anyway:

R1#sho ip ro os
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 192.168.12.2, 00:00:03, FastEthernet0/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [140/2] via 192.168.13.3, 00:00:03, FastEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O E2     4.4.4.4 [140/20] via 192.168.13.3, 00:00:03, FastEthernet0/1
                 [140/20] via 192.168.12.2, 00:00:03, FastEthernet0/0
O E2  192.168.24.0/24 [140/20] via 192.168.13.3, 00:00:03, FastEthernet0/1
                      [140/20] via 192.168.12.2, 00:00:03, FastEthernet0/0
O E2  192.168.34.0/24 [140/20] via 192.168.13.3, 00:00:03, FastEthernet0/1
                      [140/20] via 192.168.12.2, 00:00:03, FastEthernet0/0

So what is the purpose and actual effect of the 'distance <AD>' command? Just to assign OSPF routes a certain AD no matter what router advertises them? Is there any usecase for this command?

Discovering the Why
https://braonle.wordpress.com/
1 Accepted Solution

Accepted Solutions

Hello Braonle,

to be honest I have used the O E1 approach + route-maps on multiple ASBR routers with good results in the past.

This kind of approach was recommended in books like "Internet routing architectures" by Halabi (cisco Press).

 

The advantage is that you make your route manipulations only on the ASBR routers.

If you want to play with AD, being AD never advertised you should do it on every router and this is not suitable for a real production network.

 

I have used the distance ospf command with all options to set AD for intra area, inter area and external routes in a migration scenario using two OSPF processes.

Two OSPF processes in same router are isolated and you need to differentiate the AD for each route type to make one process the core process and the other one the edge process.

 

>> 1) a bug (unlikely, old IOS and newer IOS XE have the same result);
2) intended behaviour (then what is the purpose of the command at all);
3) just a command that was never intended to be used.

 

I think it is something that is not used  a lot and probably works well only for internal routes. It is a feature interesting in a lab not in real world as explained above.

 

Hope to help

Giuseppe

 

View solution in original post

7 Replies 7

GRANT3779
Spotlight
Spotlight
The distance command is local, so regardless of what you configure on the local router, it won't be reflected on the others within the AS.

From reading your post I believe you are trying to prefer routes from R3 using distance command?

Try the following config on R1 -

ip access-list standard ACL_DISTANCE
permit 3.3.3.3
!
distance 100 0.0.0.0 0.0.0.0 ACL_DISTANCE

Yes, I am interested only in local routes manipulation. The initial purpose was to prefer 192.168.34.0/24 via R3 and 192.168.24.0/24 via R2 maintaining the backup routes.

Are you sure about the ACL? It is stating RID, not prefix. Moreover, 0.0.0.0 0.0.0.0 means nobody because no router can have RID = 0.0.0.0 or I am wrong?

Anyway, it didn't change anything:

R1#sho run | s ip access
ip access-list standard ACL_DISTANCE
permit 3.3.3.3
R1#sho run | s router ospf router ospf 1 network 0.0.0.0 255.255.255.255 area 0 distance 100 0.0.0.0 0.0.0.0 ACL_DISTANCE R1#sho ip ro os 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/2] via 192.168.12.2, 00:00:06, FastEthernet0/0 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/2] via 192.168.13.3, 00:00:06, FastEthernet0/1 4.0.0.0/32 is subnetted, 1 subnets O E2 4.4.4.4 [110/20] via 192.168.13.3, 00:00:06, FastEthernet0/1 [110/20] via 192.168.12.2, 00:00:06, FastEthernet0/0 O E2 192.168.24.0/24 [110/20] via 192.168.13.3, 00:00:06, FastEthernet0/1 [110/20] via 192.168.12.2, 00:00:06, FastEthernet0/0 O E2 192.168.34.0/24 [110/20] via 192.168.13.3, 00:00:06, FastEthernet0/1 [110/20] via 192.168.12.2, 00:00:06, FastEthernet0/0

 

Discovering the Why
https://braonle.wordpress.com/

apologies I should have put the following -

ip access-list standard ACL_DISTANCE
permit 192.168.34.0
!
distance 100 3.3.3.3 0.0.0.0 ACL_DISTANCE

The behaviour would still be the same (ECMP) although limited to a specific prefix. So AD is changed, as in the first output, but not per neighbour as the command probably implies. It is changed for the whole prefix and ECMP persists.

Anyway, the output for the corrected version is below:

R1#sho run | s ip access
ip access-list standard ACL_DISTANCE
 permit 192.168.34.0 0.0.0.255
R1#sho run | s router ospf
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
 distance 100 3.3.3.3 0.0.0.0 ACL_DISTANCE
R1#sho ip ro os
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 192.168.12.2, 00:00:33, FastEthernet0/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 192.168.13.3, 00:00:33, FastEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O E2     4.4.4.4 [110/20] via 192.168.13.3, 00:00:33, FastEthernet0/1
                 [110/20] via 192.168.12.2, 00:00:33, FastEthernet0/0
O E2  192.168.24.0/24 [110/20] via 192.168.13.3, 00:00:33, FastEthernet0/1
                      [110/20] via 192.168.12.2, 00:00:33, FastEthernet0/0
O E2  192.168.34.0/24 [100/20] via 192.168.13.3, 00:00:33, FastEthernet0/1
                      [100/20] via 192.168.12.2, 00:00:33, FastEthernet0/0
Discovering the Why
https://braonle.wordpress.com/

Hello Braonle,

being OSPF link state it is correct that the distance command should refer to the OSPF RID and not the IP next-hop of the route like it happens for EIGRP or RIP.

In your fist attempt you had a command under router ospf on R2 and R3

router ospf 1

distance ospf external 150

!

In your network scenario with two routers that performs mutual redistribution OSPF to RIP and RIP to OSPF it is correct to have the command distance ospf external 150 otherwise one ASBR can even install the OSPF external route coming from the other ASBR router instead of the RIP routes.

If this happens on R2, R2 stops to generate its own LSA external for the prefix.

 

to understand what is happening you need to look at the OSPF database

post the ouput of the following command on R1

show ip ospf database external 192.168.34.0

 

you need to verify if two different LSA type 5 exist in the database for the prefix.

 

They should exist. Consider this a sanity check.

 

Usually when having multiple ASBR in OSPF we use external type 1 O E1  route and different seed metric in redistribution to achieve a differentiation in what ASBR to use for each prefix.

I agree that only the LSA type 5 generated by R3 should be given a lower AD, however the AD is a concept of the IP routing table and not of OSPF itself.

I am afraid that until R3 generates its own LSA type 5 for the prefix, the prefix is installed with two paths because the IP routing table daemon does not know about this difference.

 

Hope to help

Giuseppe

 

 

 

Hello Giuseppe,

Thank you for the detailed reply.
The LSA5 contents are below:

R1#sho ip os dat external 192.168.34.0

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 65
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 192.168.34.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0x828A
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 65
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 192.168.34.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x64A4
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

I understand your idea about using E1 routes with route-maps setting correct metrics for prefixes. Moreover, there is almost no overhead difference from managing perspective as the specific prefixes have to be either in ACL on R1 or route-maps on ASBRs. The question is totally about the behaviour of the command itself.

AD is the parameter of RIB, true, but how is then the behaviour of the command different for EIGRP, for example? I mean, EIGRP also has its topology database and 'distance' command there works perfectly for internal routes. OSPF, however, does change the AD of the prefix but for BOTH neighbours simultaneously. So IOS doesn't ignore the command, it processes it somehow. I just wonder if it is:
1) a bug (unlikely, old IOS and newer IOS XE have the same result);
2) intended behaviour (then what is the purpose of the command at all);
3) just a command that was never intended to be used.

Discovering the Why
https://braonle.wordpress.com/

Hello Braonle,

to be honest I have used the O E1 approach + route-maps on multiple ASBR routers with good results in the past.

This kind of approach was recommended in books like "Internet routing architectures" by Halabi (cisco Press).

 

The advantage is that you make your route manipulations only on the ASBR routers.

If you want to play with AD, being AD never advertised you should do it on every router and this is not suitable for a real production network.

 

I have used the distance ospf command with all options to set AD for intra area, inter area and external routes in a migration scenario using two OSPF processes.

Two OSPF processes in same router are isolated and you need to differentiate the AD for each route type to make one process the core process and the other one the edge process.

 

>> 1) a bug (unlikely, old IOS and newer IOS XE have the same result);
2) intended behaviour (then what is the purpose of the command at all);
3) just a command that was never intended to be used.

 

I think it is something that is not used  a lot and probably works well only for internal routes. It is a feature interesting in a lab not in real world as explained above.

 

Hope to help

Giuseppe

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco