The administrative distance can be used to configure several identical routes or prefixes to different remote sites. The route with the lowest administrative distance is the preferred active route. This mechanism can be used, for example, to configure simple backup mechanisms.
The manipulation of the administrative distance for routes that are dynamic is handled by the respective dynamic routing protocol.
Example 1: Two VPN tunnels are to be configured with the route 192.168.2.0/24. The second VPN tunnel is to be configured as the "always-on" backup for the first VPN tunnel.
For the first tunnel, the prefix 192.168.2.0/24 is set up to the remote site VPN-1 with an administrative distance of 10. For the second tunnel, the prefix 192.168.2.0/24 is set up to the remote site VPN-2 with an administrative distance of 20. Both VPN tunnels will be established, but the route is only active for the first VPN tunnel as it has the better/lower administrative distance. If the first VPN tunnel disconnects, the operating system sets this route to the administrative distance of 255 (interface down), which automatically activates the route using the second tunnel.
Example 2: There is a static route for 192.168.1.0/24 to the remote peer VPN-Tunnel1. If the same prefix 192.168.1.0/24 is received via BGP, the static route has a better/lower administrative distance by default, so it has preference over the route via BGP.
If you now set the administrative distance of the static route to the value 210, then the route learned via BGP is preferred and active, since (e)BGP has an administrative distance of 20 or 200 (iBGP). The static route thus serves as a backup for the dynamic BGP route.
This feature does not replace the backup table, but it does offer a different kind of "backup". When using the backup table, only one connection is active at a time. If the backup is required, the system attempts to activate the backup connection. While the backup connection is active, the system attempts to reestablish the primary connection and will switch back to it, if successful. The backup strategy based on the administrative distance assumes that connections to all remote sites are always established. This may be undesirable in certain scenarios, e.g. with backups via cellular networks, and the backup table would be the preferred choice.
The value 0 has a special function and is internally the lowest value reserved for the device's own addresses (i.e. for the sources Loopback, Local LAN, Local WAN, Broadcast, VRRP).
In the configuration, 0 has the special role of assigning the default value for the route source to a route marked with this administrative distance. This can be seen in show admin-distance.
The value 255 has the special role for the "route disabled" or "interface down" state.
If administrative distances are to be used for prioritizing routes in the configuration, values from 1-254 must be used. The values 0 and 255 have a special function.
The commands show ipv4-static-routes and show ipv6-static-routes displays all active and inactive static routes. The current administrative distances for route sources can be viewed from the CLI using the command show admin-distance.
Type of route | Administrative distance |
---|---|
Own addresses of the device, automatic default | 0 |
Static routes | 5 |
VPN | 15 |
eBGP | 20 |
OSPF | 110 |
RIP | 120 |
iBGP | 200 |
LISP | 240 |
Interface Down | 255 |
Static routes are defined as routes that a user manually configured in the IPv4 or IPv6 routing table.
VPN routes are defined as routes that are automatically entered into the routing table by the VPN, e.g. by IKEv2 routing.