Backup routes, How forwarding decisions are made – Cisco ASA 5505 User Manual
Page 442
21-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 21 Routing Overview
Information About the Routing Table
The administrative distance is a local setting. For example, if you use the distance-ospf command to
change the administrative distance of routes obtained through OSPF, that change would only affect the
routing table for the ASA on which the command was entered. The administrative distance is not
advertised in routing updates.
Administrative distance does not affect the routing process. The OSPF and RIP routing processes only
advertise the routes that have been discovered by the routing process or redistributed into the routing
process. For example, the RIP routing process advertises RIP routes, even if routes discovered by the
OSPF routing process are used in the ASA routing table.
Backup Routes
A backup route is registered when the initial attempt to install the route in the routing table fails because
another route was installed instead. If the route that was installed in the routing table fails, the routing
table maintenance process calls each routing protocol process that has registered a backup route and
requests them to reinstall the route in the routing table. If there are multiple protocols with registered
backup routes for the failed route, the preferred route is chosen based on administrative distance.
Because of this process, you can create floating static routes that are installed in the routing table when
the route discovered by a dynamic routing protocol fails. A floating static route is simply a static route
configured with a greater administrative distance than the dynamic routing protocols running on the
ASA. When the corresponding route discovered by a dynamic routing process fails, the static route is
installed in the routing table.
How Forwarding Decisions Are Made
Forwarding decisions are made as follows:
•
If the destination does not match an entry in the routing table, the packet is forwarded through the
interface specified for the default route. If a default route has not been configured, the packet is
discarded.
•
If the destination matches a single entry in the routing table, the packet is forwarded through the
interface associated with that route.
•
If the destination matches more than one entry in the routing table, and the entries all have the same
network prefix length, the packets for that destination are distributed among the interfaces
associated with that route.
•
If the destination matches more than one entry in the routing table, and the entries have different
network prefix lengths, then the packet is forwarded out of the interface associated with the route
that has the longer network prefix length.
For example, a packet destined for 192.168.32.1 arrives on an interface of an ASA with the following
routes in the routing table:
hostname# show route
....
R 192.168.32.0/24 [120/4] via 10.1.1.2
O 192.168.32.0/19 [110/229840] via 10.1.1.3
....
In this case, a packet destined to 192.168.32.1 is directed toward 10.1.1.2, because 192.168.32.1 falls
within the 192.168.32.0/24 network. It also falls within the other route in the routing table, but the
192.168.32.0/24 has the longest prefix within the routing table (24 bits verses 19 bits). Longer prefixes
are always preferred over shorter ones when forwarding a packet.