Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff

Created on ‎07-08-2020 06:12 AM

Article Id 190738

Technical Tip: Configuring admin distance for routes received from the same routing protocol

Description
This article describes the behavior of administrative distance and route installation into active routing table when same route is received from a different peer of the same routing protocol.

Solution
BGP in this example has the option of configuring the admin-distance for routes using prefix lists.
# config router access-list
    edit "int-routes"
    # config rule
        edit 1
            set prefix 10.10.10.0 255.255.255.0
            set exact-match enable   
        end
    end

# config router BGP
# config admin-distance
      edit 1
            set neighbour-prefix 192.168.79.254 255.255.255.255
            set route-list "int-routes"
            set distance 110
        next
        edit 2
            set neighbour-prefix 192.168.239.254 255.255.255.255
            set route-list "int-routes"
            set distance 120
       end
  end
In the above example, same route 10.10.10.0/24 is being received from two BGP peers and administrative distance being set is different.
Normally, the route learned via neighbor 192.168.79.254 is expected to be added to the routing table as it has the smaller AD of 110.

However, since the same routing protocol is used, which is BGP in this case, the comparison is done based on the BGP attributes.
# get router info BGP network 10.10.10.0/24
BGP routing table entry for 10.10.10.0/24

  65002 65002 65002 65001
    192.168.79.254 from 192.168.79.254 (1.1.1.1)
      Origin IGP metric 10, localpref 99, valid, external
      Community: 3257:2170
      Last update: Wed Jun 24 14:07:38 2020

  65000 65000 65001
    192.168.239.254 from 192.168.239.254 (2.2.2.1)
      Origin IGP metric 10, localpref 100, valid, external, best
      Last update: Wed Jun 24 14:07:40 2020
As can be seen from the above output, the second route is selected as the best.
Regardless of the distance when checking in the routing table, the route learned via neighbor 192.168.239.254 which have higher AD of 120 will be added.
This is because this route is selected as preferred when comparison was done for routes based on BGP attributes.
# get router info routing-table details | grep 10.10.
B       10.10.10.0/24[120/10] via 192.168.239.254, ext_vpn
The route selection process is as follow:

1) In the start the best route is selected within the routing protocol database in this case as with BGP.
2) Then this route is sent to the routing database along with any similar routes learned via OSPF or any static routes.
3) The comparison takes place between these routes in the routing database and afterwards the best is selected and added to the active routing table.

To sum it up the functionality of how route gets installed is as follows:

1) Prefer a subnet learned via two neighbor having same routing protocol ---> Use the attributes of that routing protocol for example for BGP use its attributes and for OSPF to use cost/metric etc.
2) Prefer a subnet learned via two different routing protocols ---> Route gets installed into the routing table and then based on AD.

Related Articles

Troubleshooting Tip: To prefer the specific OSPF route over EBGP

Labels:
20254
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.