Solved: Thanks Peter that clears it

Network Pro · ‎06-25-2015

Hi

I have the following set up

3925 rtr A- > Internet (cloud)-> ASA -> 3925 rtr B

There is a lan to lan tunnel between 3925 rtr and ASA over the internet permitting only GRE traffic (interesting traffic) between 3925 rtr and ASA. Now there is also a GRE tunnel between 3925 rtr A and 3925 rtr B on both ends.

now the static route on 3925 rtr B is the ASA (ip route 0.0.0.0 0.0.0.0 ASA interface). We run ospf or eigrp over the tunnel say for argument sake. Once the tunnel is up, I see specific routes by the routing protocol over the GRE tunnel and and a static route via ASA. which will take precedence if I am accessing from 3925 rtr B ? Shouldnt the static route take precedence since its AD is 1 ?

Peter Paluch · ‎06-25-2015

Hi,

Once the tunnel is up, I see specific routes by the routing protocol over the GRE tunnel and and a static route via ASA. which will take precedence if I am accessing from 3925 rtr B ? Shouldnt the static route take precedence since its AD is 1 ?

The route that matches the destination IP address in the longest prefix will be used. If I understand you correctly, you have a static 0.0.0.0/0 on your RouterB toward the ASA, and furthermore, you learn a set of routes (presumably more specific than 0.0.0.0/0) over the GRE tunnel using a dynamic routing protocol. In such case, the routing table on RouterB will contain a mix of routes - specific routes learned over the tunnel, directly connected networks, plus the statically configured default route. For each packet, the router will find the matching route using the longest prefix match rule, and use it to forward the packet. The default route will be used only if no more specific route matched the destination.

Keep in mind that the administrative distance (AD) controls what routes get installed into the routing table in the first place. Once they are installed in the routing table, the choice of a particular route to forward a particular packet is no longer influenced by AD; the selection rule is strictly the longest-prefix-match rule. In other words, AD influences only how the routing table is populated; it does not influence how the routing table is searched for a matching entry. Also, the AD would only be consulted if the same network (that is, the same address and the same netmask) was offered to the routing table from two or more different sources. In your case, this situation does not seem to occur - your static route is 0.0.0.0/0, while the routes learned over the GRE tunnel are more specific and thus do not compete with 0.0.0.0/0.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎06-25-2015

Hi,

Once the tunnel is up, I see specific routes by the routing protocol over the GRE tunnel and and a static route via ASA. which will take precedence if I am accessing from 3925 rtr B ? Shouldnt the static route take precedence since its AD is 1 ?

The route that matches the destination IP address in the longest prefix will be used. If I understand you correctly, you have a static 0.0.0.0/0 on your RouterB toward the ASA, and furthermore, you learn a set of routes (presumably more specific than 0.0.0.0/0) over the GRE tunnel using a dynamic routing protocol. In such case, the routing table on RouterB will contain a mix of routes - specific routes learned over the tunnel, directly connected networks, plus the statically configured default route. For each packet, the router will find the matching route using the longest prefix match rule, and use it to forward the packet. The default route will be used only if no more specific route matched the destination.

Keep in mind that the administrative distance (AD) controls what routes get installed into the routing table in the first place. Once they are installed in the routing table, the choice of a particular route to forward a particular packet is no longer influenced by AD; the selection rule is strictly the longest-prefix-match rule. In other words, AD influences only how the routing table is populated; it does not influence how the routing table is searched for a matching entry. Also, the AD would only be consulted if the same network (that is, the same address and the same netmask) was offered to the routing table from two or more different sources. In your case, this situation does not seem to occur - your static route is 0.0.0.0/0, while the routes learned over the GRE tunnel are more specific and thus do not compete with 0.0.0.0/0.

Best regards,
Peter

Network Pro · ‎06-25-2015

Thanks Peter that clears it up !

Richard Burts · ‎06-25-2015

The answer to your question is actually found in your question. You see specific routes advertised by the dynamic routing protocol and you see a default route that is static. It may help if we remember that the routing decision always chooses the longest match. So if you are trying to forward a packet to a subnet that is advertised by the dynamic routing protocol then you choose that route. And if you are trying to forward a packet to a destination that does not match any of the dynamic routes then you would use the static default route.

Perhaps where it gets interesting would be the question of what happens if your dynamic routing protocol advertised a default route. In that case you are correct that the admin distance of the static default route is better than the admin distance of the dynamic default route and you would use the static default route.

HTH

Rick

HTH

Rick

static vs GRE tunneling