CCNP ROUTE 300-101 Part 3.13 – Identify Suboptimal Routing

Suboptimal Routing

When multiple routers redistribute between the same two routing protocol domains,
several potential problems can occur. One type of problem occurs on the redistributing
routers, because those routers will learn a route to most subnets through both routing
protocols. That router uses the AD to determine the best route when comparing the best
routes from each of the two routing protocols, this typically results in some routes using
suboptimal paths.

Initially you should avoid any kind of redistribution but if that is not possible, you must be careful and remember that routing protocols by default will choose routes based on administrative distance or metrics.

To solve this type of problem, the redistributing routers must have some awareness of
which routes came from the other routing domain. The lower AD routing protocol needs to decide which routes came from the higher AD routing protocol, and either use a different AD for those routes or filter the routes. Though there are a few different methods of preventing this type of problem.

 

Mutual Redistribution at Multiple Routers

When multiple routers redistribute between the same two routing protocol domains,
several potential problems can occur. One type of problem occurs on the redistributing
routers, because those routers will learn a route to most subnets through both routing
protocols. That router uses the AD to determine the best route when comparing the best
routes from each of the two routing protocols; this typically results in some routes using
suboptimal paths.

Below shows a sample network, with R3 choosing its AD 110 OSPF route to 10.1.2.0/24 network over the probably better route but with AD 120 RIP route (only 1 hop away).

Mutual Redistribution Suboptimal Routing

 

R3 learns of subnet 10.1.2.0/24 through RIP updates from R2. Also, R1 learns of the subnet with RIP and redistributes the route into OSPF, and then R3 learns of a route to 10.1.2.0/24 through OSPF. R3 chooses the route with the lower administrative distance, with all default settings, OSPF’s AD of 110 is better that RIP’s 120.

If both R1 and R3 mutually redistribute between RIP and OSPF, the suboptimal route
problem would occur on either R1 or R3 for each RIP subnet, all depending on timing.

Below example shows the redistribution configuration, along with R3 having the suboptimal route shown in the above topology. However, after R1’s fa0/0 interface flaps, R1 now has a suboptimal route to 10.1.2.0/24, but R3 has an optimal route.

! R1's related configuration follows:
router ospf 1
router-id 1.1.1.1
redistribute rip subnets
network 10.1.15.1 0.0.0.0 area 0
!
router rip
redistribute ospf 1
network 10.0.0.0
default-metric 1

! R3's related configuration follows:
router ospf 1
router-id 3.3.3.3
redistribute rip subnets
network 10.1.34.3 0.0.0.0 area 0
!
router rip
redistribute ospf 1
network 10.0.0.0
default-metric 1

! R3 begins with an AD 110 OSPF route, and not a RIP route, to 10.1.2.0/24.
R3# sh ip route | incl 10.1.2.0
O E2 10.1.2.0 [110/20] via 10.1.34.4, 00:02:01, Serial0/0/0.4

! R1 has a RIP route to 10.1.2.0/24, and redistributes it into OSPF, causing R3
! to learn an OSPF route to 10.1.2.0/24.
R1# sh ip route | incl 10.1.2.0
R 10.1.2.0 [120/1] via 10.1.12.2, 00:00:08, FastEthernet0/0

! Next, R1 loses its RIP route to 10.1.2.0/24, causing R3 to lose its OSPF route.
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# int fa 0/0
R1(config-if)# shut

! R3 loses its OSPF route, but can then insert the RIP route into its table.
R3# sh ip route | incl 10.1.2.0
R 10.1.2.0 [120/1] via 10.1.23.2, 00:00:12, Serial0/0/0.2

! Not shown: R1 brings up its fa0/0 again
! However, R1 now has the suboptimal route to 10.1.2.0/24, through OSPF.
R1# sh ip route | incl 10.1.2.0
O E2 10.1.2.0 [110/20] via 10.1.15.5, 00:00:09, Serial0/0/0.5

 

The key concept behind this seemingly odd example is that a redistributing router processes only the current contents of its IP routing table. When this network first came up, R1 learned its RIP route to 10.1.2.0/24, and redistributed into OSPF, before R3 could do
the same. So, R3 was faced with the choice of putting the AD 110 (OSPF) or AD 120 (RIP) route into its routing table, and R3 chose the lower AD OSPF route. Because R3 never had the RIP route to 10.1.2.0/24 in its routing table, R3 could not redistribute that RIP route into OSPF.

Later, when R1’s fa0/0 failed, R3 had time to remove the OSPF route and add the RIP route for 10.1.2.0/24 to its routing table—which then allowed R3 to redistribute that RIP route into OSPF, causing R1 to have the suboptimal route.

 

Preventing Suboptimal Routes by Setting the Administrative Distance

A simple and elegant solution to the problem of suboptimal routes on redistributing routers is to flag the redistributed routes with a higher AD.

A route’s AD is not advertised by the routing protocol. However, a single router can be configured such that it assigns different AD values to different routes, which then impacts that one router’s choice of which routes end up in the routing table.

For the above example, R3 could have assigned the OSPF-learned route to 10.1.2.0/24, an AD higher than 120, thereby preventing the original problem.

Below shows a more complete example, with a route from the RIP domain (10.1.2.0/24) and another from the OSPF domain (10.1.4.0/24). Redistributing Router R3 will learn the two routes both from RIP and OSPF. When you configure R3’s logic to treat OSPF internal routes with default AD 110, and OSPF external routes with AD 180 (or any other value larger than RIP’s default of 120), R3 will choose the optimal path for both RIP and OSPF routes.

Effect of Differing ADs for Internal and External Routes

 

Both R1’s and R3’s configurations look like the previous example, but with the addition of the distance command.

R3(config)# router ospf 1
R3(config-router)# distance ospf external 180

 

R3 has a more optimal RIP route to 10.1.2.0/24, as does R1.

R3# sh ip route | incl 10.1.2.0
R 10.1.2.0 [120/1] via 10.1.23.2, 00:00:19, Serial0/0/0.2

 

On R1 as the following

R1# show ip route | incl 10.1.2.0_
R 10.1.2.0 [120/1] via 10.1.12.2, 00:00:11, FastEthernet0/0

 

R1 loses its next-hop interface for the RIP route, so now its OSPF route, with AD 180, is its only and best route to 10.1.2.0/24.

R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# int fa 0/0
R1(config-if)# shut
R1(config-if)# do sh ip route | incl 10.1.2.0
O E2 10.1.2.0 [180/20] via 10.1.15.5, 00:00:05, Serial0/0/0.5

 

EIGRP supports the exact same concept by default, using AD 170 for external routes and 90 for internal routes. In fact, if EIGRP were used instead of OSPF, neither R1 nor R3 would have experienced any of the suboptimal routing. You can reset EIGRP’s distance for internal and external routes by using the distance eigrp value router subcommand.

In some cases, the requirements might not allow for setting all external routes’ ADs to
another value. Example, if R4 injected some legitimate external routes into OSPF, the
configuration would result in either R1 or R3 having a suboptimal route to those external routes that pointed through the RIP domain. In those cases, the distance router subcommand can be used in a different way, influencing some of or all the routes that come from a particular router. The syntax is as follows:

 distance {distance-value ip-address {wildcard-mask} [ip-standard-list] [ip-extended-list]

 

This command sets three key pieces of information: the AD to be set, the IP address of
the router advertising the routes, and optionally, an ACL with which to match routes.

With RIP, and EIGRP, this command identifies a neighboring router’s interface address using the ip-address wildcard-mask parameters.

With OSPF, those same parameters identify the RID of the router owning (creating) the link-state advertisement (LSA) for the route. The optional ACL then identifies the subset of routes for which the AD will be set. The logic boils down to something like this:

Set this AD value for all routes, learned from a router that is defined by the IP address and wildcard mask, and for which the ACL permits the route.

Below shows how the command could be used to solve the same suboptimal route problem on R1 and R3, while not causing suboptimal routing for other external routes. The design goals are summarized as follows:

  • Set a router’s local AD for its OSPF routes for subnets in the RIP domain to a value of 179, thereby making the RIP routes to those subnets better than the OSPF routes to those same subnets.
  • Do not set the AD for any other routes.

 

Using the distance command to reset particular routes’ ADs

Note that the command refers to 3.3.3.3, which is R3’s RID. Other commands not related to resetting the AD are omitted. The distance command on R1 refers to R3’s OSPF RID, because R3 created the OSPF LSAs that we are trying to match, the LSAs created when R3 injected the routes redistributed from RIP.

R1# conf t
R1(config)# ip access-list standard only-rip-routes 
R1(config-std-nacl)# permit 10.1.12.0
R1(config-std-nacl)# permit 10.1.3.0 
R1(config-std-nacl)# permit 10.1.2.0
R1(config-std-nacl)# permit 10.1.23.0
R1(config-std-nacl)# router ospf 1
R1(config-router)# distance 179 3.3.3.3 0.0.0.0 only-rip-routes
R1(config-router)#

 

Preventing Suboptimal Routes by Using Route Tags

Another method of preventing suboptimal routing on the redistributing routers is to simply filter the problematic routes. Using subnet 10.1.2.0/24 as an example again, R3 could use an incoming distribute-list to filter the OSPF route to 10.1.2.0/24, allowing R3 to use its RIP route to 10.1.2.0/24. R1 would need to perform similar route filtering as well to prevent its suboptimal route.

Performing simple route filtering based on IP subnet number works, but the redistributing
routers will need to be reconfigured every time subnets change in the higher-AD routing domain. The administrative effort can be improved by adding route tagging to the process.

When you tag all routes taken from the higher-AD domain and advertised into the lower-AD domain, the distribute-list command can make a simple check for that tag. Below shows the use of this idea for subnet 10.1.2.0/24.

Filtering with Reliance on Route Tags

 

Route tags are simply unitless integer values in the data structure of a route. These tags,
typically either 16 or 32 bits long depending on the routing protocol, allow a router to
imply something about a route that was redistributed from another routing protocol.

R1 can tag its OSPF-advertised route to 10.1.2.0/24 with a tag—say, 9999. OSPF does not define what a tag of 9999 means, but the OSPF protocol includes the tag field in the LSA reducing the administrative overhead. Later, R3 can filter routes based on their tag, solving the suboptimal route problem.

R1 and R3 tag all redistributed RIP routes with tag 9999 as they enter the OSPF domain, and then R1 and R3 filter incoming OSPF routes based on the tags. This design works well because R1 can tag all redistributed RIP routes, thereby removing the need to change the configuration every time a new subnet is added to the RIP domain.

R1 config. The redistribute command calls the route map that tags routes taken from RIP as 9999. distribute-list looks at routes learned in OSPF that were earlier tagged by R3.

R1(config)# router ospf 1
R1(config-router)# redistribute rip subnets route-map tag-rip-9999
R1(config-router)# network 10.1.15.1 0.0.0.0 area 0
R1(config-router)# distribute-list route-map check-tag-9999 in

 

Sequence 10, (deny), matches all tagged 9999 routes, so those routes are filtered. Sequence 20 permits all other routes, because with no match subcommand, the clause is considered to “match all.”

R1(config-route-map)# route-map check-tag-9999 deny 10
R1(config-route-map)# match tag 9999
R1(config-route-map)# exit
R1(config)# route-map check-tag-9999 permit 20

 

The tag-rip-9999 matches all routes (no match command), and then tags them all with tag 9999. This route-map is used only for routes taken from RIP into OSPF.

R1(config)# route-map tag-rip-9999 permit 10
R1(config-router)# set tag 9999

 

R3’s configuration does not have to use the same names for route maps, but the essential elements are identical, so the route maps are not repeated here.

R3(config)# router ospf 1
R3(config-router)# redistribute rip subnets route-map tag-rip-9999
R3(config-router)# network 10.1.34.3 0.0.0.0 area 0
R3(config-router)# distribute-list route-map check-tag-9999 in

 

R3 and R1 have RIP routes to 10.1.2.0, as well as other routes from the RIP domain. Also, note that the OSPF LSDB shows the tagged values on the routes.

R3# show ip route | incl 10.1.2.0
R 10.1.2.0 [120/1] via 10.1.23.2, 00:00:26, Serial0/0/0.2

R3# sh ip ospf data | begin Type-5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.1.1.0 1.1.1.1 834 0x80000006 0x00CE86 9999
10.1.1.0 3.3.3.3 458 0x80000003 0x0098B7 9999
10.1.2.0 1.1.1.1 834 0x80000006 0x00C390 9999
10.1.2.0 3.3.3.3 458 0x80000003 0x008DC1 9999

 

Next, the unfortunate side effect of filtering the route, R3 does not have an alternative route to RIP subnets, although OSPF internal routers (like R4 in the diagram above) will.

R3# conf t
R3(config)# int s0/0/0.2
R3(config-subif)# shut
R3(config-subif)# ^Z
R3# sh ip route | incl 10.1.2.0
R3#

 

The last few lines of the example show the largest negative of using route filtering to prevent the suboptimal routes. When R3 loses connectivity to R2, R3 does not use the alternate route through the OSPF domain. R3’s filtering of those routes occurs regardless of whether R3’s RIP routes are available or not. As a result, using a solution that manipulates the AD might ultimately be the better solution to this suboptimal-routing problem.

 

Using Metrics and Metric Types to Influence Redistributed Routes

A different set of issues can occur for a router that is internal to a single routing domain. The issue is simple, with multiple redistributing routers, an internal router learns multiple routes to the same subnet, so it must pick the best route.

The redistributing routers can set the metrics, by setting those metrics with meaningful values, the internal routers can be influenced to use a particular redistribution point. Interestingly, internal routers might not use metric as their first consideration when choosing the best route.

For example, an OSPF internal router will first take an intra-area route over an inter-area route, regardless of their metrics.

The table below lists the criteria an internal router will use when picking the best route, before considering the metrics of the different routes.

IGP Order of Precedence for Choosing Routes Before Considering the Metric:

RIP: No other considerations
EIGRP: Internal, then external
OSPF: Intra-area, inter-area, E1, then E2*
IS-IS: L1, L2, external

 

Note* For E2 routes whose metric ties, OSPF also checks the cost to the advertising ASBR

Next example focuses on R4 and its routes to 10.1.2.0/24 and 10.1.5.0/24 from Figure 11-4 . The example shows the following, in order:

1. R1 and R3 advertise 10.1.2.0/24 as an E2 route, metric 20. R4 uses the route through R3, because R4’s cost to reach ASBR R3 is lower than its cost to reach ASBR R1.

2. After changing R1 to advertise redistributed routes into OSPF as E1 routes, R4 uses the E1 routes through R1, even though the metric is larger than the E2 route through R3.

3. R4 uses it higher-metric intra-area route to 10.1.5.0/24 through R5. Then, the R4-R5 link fails, causing R4 to use the OSPF external E2 route to 10.1.5.0/24—the route that leads through the RIP domain and back into OSPF through the R3-R2-R1-R5 path.

R4 has E2 routes to all the subnets in the RIP domain, and they all point to R3. R4 chose the routes through R3 instead of R1 due to the lower cost to R3.

R4# sh ip route ospf
10.0.0.0/24 is subnetted, 10 subnets
O 10.1.15.0 [110/128] via 10.1.45.5, 00:03:23, Serial0/0/0.5
O E2 10.1.12.0 [110/20] via 10.1.34.3, 00:03:23, Serial0/0/0.3
O E2 10.1.3.0 [110/20] via 10.1.34.3, 00:03:23, Serial0/0/0.3
O E2 10.1.2.0 [110/20] via 10.1.34.3, 00:03:23, Serial0/0/0.3
O E2 10.1.1.0 [110/20] via 10.1.34.3, 00:03:23, Serial0/0/0.3
O 10.1.5.0 [110/65] via 10.1.45.5, 00:03:23, Serial0/0/0.5
O E2 10.1.23.0 [110/20] via 10.1.34.3, 00:03:23, Serial0/0/0.3

 

R4 chose the routes through R3 instead of R1 due to the lower cost to R3.

R4# show ip ospf border-routers
OSPF Process 1 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 1.1.1.1 [128] via 10.1.45.5, Serial0/0/0.5, ASBR, Area 0, SPF 13
i 3.3.3.3 [64] via 10.1.34.3, Serial0/0/0.3, ASBR, Area 0, SPF 13

 

Not shown, R1 is changed to redistribute RIP routes as E1 routes by adding the metric-type 1 option on R1. R4 picks routes through R1 because they are E1 routes, even though the metric (148) is higher than the routes through R3 (cost 20).

R4# show ip route ospf
10.0.0.0/24 is subnetted, 10 subnets
O E1 10.1.2.0 [110/148] via 10.1.45.5, 00:00:11, Serial0/0/0.5
---output ommitted---

R4’s route to 10.1.5.0/24 below is intra-area, metric 65.

R4# show ip route | incl 10.1.5.0
O 10.1.5.0 [110/65] via 10.1.45.5, 00:04:48, Serial0/0/0.5

Not shown, R4 shuts down link to R5, R4’s new route to 10.1.5.0/24 is E2, learned from R3, with metric 20.

R4# show ip route | incl 10.1.5.0
O E2 10.1.5.0 [110/20] via 10.1.34.3, 00:10:52, Serial0/0/0.3

 

Hope this helps someone else!

Advertisements

3 responses to “CCNP ROUTE 300-101 Part 3.13 – Identify Suboptimal Routing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s