We've got 6509/Sup720 routers in three data centers, each with an ACE module; we're using RHI on the ACEs to inject a static anycast route into the MSFCs (i.e. the same route in each data center) for our RADIUS servers, redistributing these into OSPF so clients only need to be configured with a single server address and failover between servers happens through the routing protocol.
This works fine, except for one peculiarity: the metrics seen in OSPF are not the ones that I've explicitly configured!
Router A (a chassis containing an ACE module) has this configuration (simplified):
router ospf 211
area 0.0.0.51 nssa redistribute static subnets route-map static-to-ospf network 0.0.0.0 255.255.255.255 area 0.0.0.51
ip prefix-list AAA-ANYCAST permit 10.0.0.240/30 le 32
route-map static-to-ospf permit 10 match ip address prefix-list AAA-ANYCAST set metric 10 set metric-type type-1 set tag 4445181
and the ACE module in it has this config (simplified):
policy-map multi-match POLICY_MM-AAA_DISTRIBUTION class CLASS-AAA_RADIUS_ANYCAST loadbalance vip inservice loadbalance vip icmp-reply active loadbalance vip advertise active loadbalance vip advertise metric 10
(note that the loadbalance vip advertise metric command really specifies the administrative distance, not the route metric!)
and sees this static route:
router-A>show ip route 10.0.0.240 Routing entry for 10.0.0.240/32 Known via "static", distance 10, metric 0 Redistributing via ospf 211 Advertised by ospf 211 subnets route-map static-to-ospf Routing Descriptor Blocks: * 10.0.0.226, via Vlan25 Route metric is 0, traffic share count is 1
So far, so good - the static route has the expected metric of zero.
Router B is directly connected to A through a VLAN where the OSPF cost is explicitly set to 2:
interface Vlan2349 ip address 10.8.11.165 255.255.255.254 ip ospf cost 2
So B should see the route to 10.0.0.240/32 with a metric of 10 (static-to-OSPF redistribution on A) + 2 (link cost) = 12.
This is what it actually sees:
router-B>show ip route 10.0.0.240 Routing entry for 10.0.0.240/32 Known via "ospf 211", distance 110, metric 32 Tag 4448081, type NSSA extern 1 Last update from 10.8.11.164 on Vlan2349, 3d23h ago Routing Descriptor Blocks: * 10.8.11.164, from 10.11.255.240, 3d23h ago, via Vlan2349 Route metric is 32, traffic share count is 1 Route tag 4448081
Where is the additional cost of 20 coming from?
I know that if I redistribute into OSPF without explicitly setting the metric then the default metric will be 20. It looks here like the explicit metric is being added to the default, rather than being used instead of the default.
Or am I overlooking something obvious?
As an aside, can anyone tell me what 'radius-server source-ports 1645-1646' does? It's in all of out 6500 configs, but I can't find it in the IOS docs; deleting it breaks AAA, and trying to change it to use the real RADIUS port numbers (1812-1813) isn't allowed...
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...