Showing results for 
Search instead for 
Did you mean: 

ACE RHI and redistributed route metrics

We've got 6509/Sup720 routers in three data centers, each with an ACE module; we're using RHI on the ACEs to inject a static anycast route into the MSFCs (i.e. the same route in each data center) for our RADIUS servers, redistributing these into OSPF so clients only need to be configured with a single server address and failover between servers happens through the routing protocol.

This works fine, except for one peculiarity: the metrics seen in OSPF are not the ones that I've explicitly configured!

For example:

Router A (a chassis containing an ACE module) has this configuration (simplified):

    router ospf 211

     area nssa
     redistribute static subnets route-map static-to-ospf
     network area

    ip prefix-list AAA-ANYCAST permit le 32

    route-map static-to-ospf permit 10
     match ip address prefix-list AAA-ANYCAST
     set metric 10
     set metric-type type-1
     set tag 4445181

and the ACE module in it has this config (simplified):

    policy-map multi-match POLICY_MM-AAA_DISTRIBUTION
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        loadbalance vip advertise active
        loadbalance vip advertise metric 10

(note that the loadbalance vip advertise metric command really specifies the administrative distance, not the route metric!)

and sees this static route:

    router-A>show ip route
    Routing entry for
      Known via "static", distance 10, metric 0
      Redistributing via ospf 211
      Advertised by ospf 211 subnets route-map static-to-ospf
      Routing Descriptor Blocks:
      *, via Vlan25
          Route metric is 0, traffic share count is 1

So far, so good - the static route has the expected metric of zero.

Router B is directly connected to A through a VLAN where the OSPF cost is explicitly set to 2:

    interface Vlan2349
     ip address
     ip ospf cost 2

So B should see the route to with a metric of 10 (static-to-OSPF redistribution on A) + 2 (link cost) = 12.

This is what it actually sees:

    router-B>show ip route
    Routing entry for
      Known via "ospf 211", distance 110, metric 32
      Tag 4448081, type NSSA extern 1
      Last update from on Vlan2349, 3d23h ago
      Routing Descriptor Blocks:
      *, from, 3d23h ago, via Vlan2349
          Route metric is 32, traffic share count is 1
          Route tag 4448081

Where is the additional cost of 20 coming from?

I know that if I redistribute into OSPF without explicitly setting the metric then the default metric will be 20.  It looks here like the explicit metric is being added to the default, rather than being used instead of the default.

Or am I overlooking something obvious?

As an aside, can anyone tell me what 'radius-server source-ports 1645-1646' does?  It's in all of out 6500 configs, but I can't find it in the IOS docs; deleting it breaks AAA, and trying to change it to use the real RADIUS port numbers (1812-1813) isn't allowed...

Everyone's tags (4)
CreatePlease to create content
Content for Community-Ad