Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE RHI and redistributed route metrics

We've got 6509/Sup720 routers in three data centers, each with an ACE module; we're using RHI on the ACEs to inject a static anycast route into the MSFCs (i.e. the same route in each data center) for our RADIUS servers, redistributing these into OSPF so clients only need to be configured with a single server address and failover between servers happens through the routing protocol.

This works fine, except for one peculiarity: the metrics seen in OSPF are not the ones that I've explicitly configured!

For example:

Router A (a chassis containing an ACE module) has this configuration (simplified):

    router ospf 211

     area 0.0.0.51 nssa
     redistribute static subnets route-map static-to-ospf
     network 0.0.0.0 255.255.255.255 area 0.0.0.51

    ip prefix-list AAA-ANYCAST permit 10.0.0.240/30 le 32

    route-map static-to-ospf permit 10
     match ip address prefix-list AAA-ANYCAST
     set metric 10
     set metric-type type-1
     set tag 4445181

and the ACE module in it has this config (simplified):

    policy-map multi-match POLICY_MM-AAA_DISTRIBUTION
      class CLASS-AAA_RADIUS_ANYCAST
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        loadbalance vip advertise active
        loadbalance vip advertise metric 10

(note that the loadbalance vip advertise metric command really specifies the administrative distance, not the route metric!)

and sees this static route:

    router-A>show ip route 10.0.0.240
    Routing entry for 10.0.0.240/32
      Known via "static", distance 10, metric 0
      Redistributing via ospf 211
      Advertised by ospf 211 subnets route-map static-to-ospf
      Routing Descriptor Blocks:
      * 10.0.0.226, via Vlan25
          Route metric is 0, traffic share count is 1

So far, so good - the static route has the expected metric of zero.

Router B is directly connected to A through a VLAN where the OSPF cost is explicitly set to 2:

    interface Vlan2349
     ip address 10.8.11.165 255.255.255.254
     ip ospf cost 2

So B should see the route to 10.0.0.240/32 with a metric of 10 (static-to-OSPF redistribution on A) + 2 (link cost) = 12.

This is what it actually sees:

    router-B>show ip route 10.0.0.240
    Routing entry for 10.0.0.240/32
      Known via "ospf 211", distance 110, metric 32
      Tag 4448081, type NSSA extern 1
      Last update from 10.8.11.164 on Vlan2349, 3d23h ago
      Routing Descriptor Blocks:
      * 10.8.11.164, from 10.11.255.240, 3d23h ago, via Vlan2349
          Route metric is 32, traffic share count is 1
          Route tag 4448081


Where is the additional cost of 20 coming from?

I know that if I redistribute into OSPF without explicitly setting the metric then the default metric will be 20.  It looks here like the explicit metric is being added to the default, rather than being used instead of the default.

Or am I overlooking something obvious?

As an aside, can anyone tell me what 'radius-server source-ports 1645-1646' does?  It's in all of out 6500 configs, but I can't find it in the IOS docs; deleting it breaks AAA, and trying to change it to use the real RADIUS port numbers (1812-1813) isn't allowed...

Everyone's tags (4)
968
Views
0
Helpful
0
Replies
CreatePlease login to create content