I had a interesting question from a friend today.
Assume the following scenario:
Im going to exclude any MPLS connectivity, as it is not relevant.
The PE (Router1) connects the CE (Router3) with two links, one serial and one wireless.
This particular ISP runs mostly static routes to client sites (within the VRF’s) or alternatively eBGP.
On a wireless link it is always good practise to run BGP to detect when connectivity with the remote end is lost in the underlying Layer2 network. (Preventing a blackhole)
Regarding routing on the Serial Link, there as a default route out from Router 3 and a static route to 10.33.33.0/24 on Router1 pointing to Router3.
The client wants to load-balance traffic across both links. And the Admin Distance of the static route was set to 20 to match eBGP. (this is the scenario)
So the question : Why does Router1 not install both routes (the eBGP route and the Static), both with an prefix-length of /24, a Admin Distance of 20, and metric of 0 into the RIB??
Yes the obvious solution is to run BGP on both, but the principal question here is, why does the router not install two routes from separate protocols if the prefix, AD and metric matches? (This applies to any combination of protocols, RIP vs EIGRP, EIGRP vs OSPF etc.) According to route-selection criteria at cisco.com it should.
Here is only the static router to 10.33.33.0/24 installed (BGP neighbor disabled):
Here is only the BGP route to 10.33.33.0/24 installed (static was removed):
Notice the Prefix-length (/24), the Distance (20) and the Metric (0) is exactly the same when either is installed? Yet when both the static is configured and the BGP neighbor is up, ONLY the static route is installed into the RIB.
There is no Cisco documentation regarding this in the route-selection process, but basically the hidden rule goes as follow,
- If the Prefix lengths are equal, compare the AD.
- If the AD is equal between routes, AND they are from different protocols (like here), then the default AD value (appose the the configured AD) be used as a tie breaker. If the AD is a equal and the routes are from the same protocol, then follow the normal route-selection criteria. (I did a extensive flow chart here)
We can observe this behaviour with the debug:
Rack1R1(config)#do debug ip routing IP routing debugging is on Rack1R1(config)# ip route 10.33.33.0 255.255.255.0 126.96.36.199 20 Rack1R1(config)# *Jan 7 16:33:24.806: RT: closer admin distance for 10.33.33.0, flushing 1 routes <---X *Jan 7 16:33:24.806: RT: NET-RED 10.33.33.0/24 *Jan 7 16:33:24.806: RT: SET_LAST_RDB for 10.33.33.0/24 NEW rdb: via 188.8.131.52 *Jan 7 16:33:24.806: RT: add 10.33.33.0/24 via 184.108.40.206, static metric [20/0] *Jan 7 16:33:24.806: RT: NET-RED 10.33.33.0/24
We know the routes configured, have matching prefix-lengths, and distances, but the router makes a decision the Cisco way. Since we have a tie with the configured AD (and only because it’s routes from different protocols), does the router look at the default AD value, to decide. This is seen by “closer admin distance” and as a result the static route is more preferred . This concludes why you cannot load-balance between different protocols.