Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

IP Routing On Cisco IOS, IOS XE And IOS XR

IP Routing On Cisco IOS, IOS XE And IOS XR
By , Aaron Foss and Ramiro Garza Rios

The following is an excerpt from IP Routing on Cisco IOS, IOS XE and IOS XR, An Essential Guide to Understanding and Implementing IP Routing Protocols, written by Brad Edgeworth, Aaron Foss and Ramiro Garza Rios. See more book excerpts and op-ed articles on Tom's Expert Voices section.

       Special Offer: Get 35% off this book at with coupon: TOMSITPRO

This chapter covers the following topics:

  • IP routing
  • IP packet switching
  • Planes of operation

The previous chapters described that a router is necessary to transmit packets between network segments. This chapter explains the process a router uses to accomplish this task. By the end of this chapter, you should have a good understanding of how a router performs IP routing and IP packet forwarding between different network segments.

IP Routing

A router’s primary function is to move an IP packet from one network to a different network. A router learns about nonattached networks through static configuration or through dynamic IP routing protocols.

Dynamic IP routing protocols distribute network topology information between routers and provide updates without intervention when a topology change in the network occurs. Design requirements or hardware limitations may restrict IP routing to static routes, which do not accommodate topology changes very well, and can burden network engineers depending on the size of the network. Routers try to select the best loop-free path in a network that forwards a packet to its destination IP address.

A network of interconnected routers and related systems managed under a common network administration is known as an autonomous system. The Internet is composed of thousands of autonomous systems spanning the globe.

The common dynamic routing protocols found in networks today are as follows:

  • RIPv2 (Routing Information Protocol Version 2)
  • EIGRP (Enhanced Interior Gateway Routing)
  • OSPF (Open Shortest Path First) Protocol
  • IS-IS (Intermediate System-to-Intermediate System) Protocol
  • BGP (Border Gateway Protocol)

With the exception of BGP, the protocols in the preceding list are designed and optimized for routing within an autonomous system and are known as internal gateway protocols (IGPs). External gateway protocols (EGPs) route between autonomous systems. BGP is an EGP protocol but can also be used within an autonomous system. If BGP exchanges routes within an autonomous system, it is known as an internal BGP (iBGP) session. If it exchanges routes between different autonomous systems, it is known as an external BGP (eBGP) session.

Figure 3-1 shows an illustration of how one or many IGPs as well as iBGP can be running within an autonomous system and how eBGP sessions interconnect the various autonomous systems together.Figure 3-1   Autonomous Systems and How They Interconnect

EGPs and IGPs use different algorithms for path selection and are discussed in the following sections.

Distance Vector Algorithms

Distance vector routing protocols, such as RIP, advertise routes as vectors (distance, vector), where distance is a metric (or cost) such as hop count and vector is the next-hop router’s IP used to reach the destination:

  • Distance: The distance is the route metric to reach the network.
  • Vector: The vector is the interface or direction to reach the network.

When a router receives routing information from a neighbor, it stores it in a local routing database as it is received and the distance vector algorithm (also known as Bellman-Ford and Ford-Fulkerson algorithms) is used to determine which paths are the best loop-free paths to each reachable destination. Once the best paths are determined, they are installed into the routing table and are advertised to each neighbor router.

Routers running distance vector protocols advertise the routing information to their neighbors from their own perspective, modified from the original route that it received. For this reason, distance vector protocols do not have a complete map of the whole network; instead, their database reflects that a neighbor router knows how to reach the destination network and how far the neighbor router is from the destination network. They do not know how many other routers are in the path toward any of those networks. The advantage of distance vector protocols is that they require less CPU and memory and can run on low-end routers.

An analogy commonly used to describe distance vector protocols is that of a road sign  at an intersection that indicates the destination is 20 miles to the west; this information is trusted and blindly followed, without really knowing whether there is a shorter or better way to the destination or if the sign is even correct. Figure 3-2 illustrates how a router using a distance vector protocol views the network and the direction that R3 needs to go to reach the subnet.Figure 3-2  Distance Vector Protocol View of the Network

Enhanced Distance Vector Algorithm

The Diffused Update Algorithm (DUAL) is an enhanced distance vector algorithm that EIGRP uses to calculate the shortest path to a destination within a network. EIGRP advertises network information to its neighbors as other distance vector protocols do, but it has some enhancements as its name suggests. Some of the enhancements introduced into this algorithm compared to other distance vector algorithms are the following:

  • Rapid convergence time for changes in the network topology.
  • Only sends updates when there is a change in the network. It does not send full routing table updates in a periodic fashion like distance vector protocols.
  • It uses hellos and forms neighbor relationships just like link-state protocols.
  • It uses bandwidth, delay, reliability, load, and maximum transmission unit (MTU) size instead of hop count for path calculations.
  • It has the option to load balance traffic across equal or unequal metric cost paths.

EIGRP is sometimes referred to as a hybrid routing protocol because it has characteristics of both distance vector and link-state protocols, as shown in the preceding list (for example, forming adjacencies with neighbor routers and relying on more advanced metrics such as bandwidth other than hop count for its best path calculations).

Link-State Algorithms

Link-state dynamic IP routing protocols advertise the link state and link metric for each of their connected links and directly connected routers to every router in the network. OSPF and IS-IS are two common link-state routing protocols found in enterprise and service provider networks. OSPF advertisements are called link-state advertisements (LSAs), and IS-IS uses link-state packets (LSPs) for its advertisements.

As a router receives an advertisement from a neighbor, it stores the information in a local database called the link-state database (LSDB), and advertises the link-state information on to each of its neighbor routers exactly as it was received. The link-state information
is essentially flooded throughout the network from router to router unchanged, just as the originating router advertised it. This allows all the routers in the network to have a synchronized and identical map of the network.

Using the complete map of the network, every router in the network then runs the Dijskstra shortest path first (SPF) algorithm (developed by Edsger W. Dijkstra) to calculate the best shortest loop-free paths. The link-state algorithm then populates the routing table with this information.

Due to having the complete map of the network, link-state protocols usually require more CPU and memory than distance vector protocols, but they are less prone to routing loops and make better path decisions. In addition, link-state protocols are equipped with extended capabilities such as opaque LSAs for OSPF and TLVs (type/length/value) for IS-IS that allows them to support features commonly used by service providers such as MPLS traffic engineering.

An analogy for link-state protocols is a GPS navigation system. The GPS navigation system has a complete map and can make the best decision as to which way is the shortest and best path to reach the destination. Figure 3-3 illustrates how R3 would view the network to reach the subnet.Figure 3-3 Link-State Protocol View of the Network

Path Vector Algorithm

A path vector protocol such as BGP is similar to a distance vector protocol; the difference is that instead of looking at the distance to determine the best loop-free path, it looks at various BGP path attributes. BGP path attributes include autonomous system path (AS_Path), Multi-Exit Discriminator (MED), origin, next hop, local preference, atomic aggregate, and aggregator. BGP path attributes are covered in Chapter 10, “BGP,” and Chapter 14, “Advanced BGP.”

A path vector protocol guarantees loop-free paths by keeping a record of each autonomous system that the routing advertisement traverses. Any time a router receives an advertisement in which it is already part of the autonomous system path, the advertisement is rejected because accepting the autonomous system path would effectively result in a routing loop.

Figure 3-4 illustrates this concept where autonomous system 1 advertises the network to autonomous system 2. Autonomous system 2 receives this information and adds itself to the autonomous system path and advertises it to autonomous system 4. Autonomous system 4 adds itself to the path and advertises it to autonomous system 3. Autonomous system 3 receives the route advertisement and adds itself to the path as well. However, when autonomous system 3 advertises that it can reach to autonomous system 1, autonomous system 1 discards the advertisement because the autonomous system path (path vector) contained in the advertisement includes its autonomous system number (autonomous system 1). When autonomous system 3 attempts to advertise reachability for to autonomous system 2, autonomous system 2 also discards it because the advertisement includes autonomous system 2 in the autonomous system path, too.Figure 3-4 Path Vector Loop Avoidance

All BGP path attributes and how to manipulate them to influence the best path selection process are covered in Chapter 15, “BGP Best Path Selection.”

Routing Table

A router identifies the path a packet should take by evaluating the following components on a router:

  • Prefix length: The prefix length represents the number of leading binary bits in the subnet mask that are in the on position.
  • Administrative distance: Administrative distance (AD) is a rating of the trustworthiness of a routing information source. If a router learns about a route to a destination from more than one routing protocol and they all have the same prefix length, AD is compared. The preference is given to the route with the lower AD.
  • Metrics: A unit of measure used by a routing protocol in the best path calculation.

Prefix Length
Let’s look at a scenario of a router selecting a route when the packet destination is within the network range for multiple routes. Assume that a router has the following routes with various prefix lengths in the routing table:


Because each of these routes, also known as prefix routes or simply prefixes, has a different prefix length (subnet mask), they are considered to be different destinations, and they will all be installed into the routing table. This is represented in Table 3-1.

Table 3-1  Representation of Routing Table

If a packet needs to be forwarded, the route chosen depends on the prefix length, where the longest prefix length is always preferred. For example, /28 is preferred over /26, and /26 is preferred over /24. The following is an example using Table 3-1 as a reference:

  • If a packet needs to be forwarded to, it would match all three routes,  but it would be sent to next hop and outgoing interface Gigabit Ethernet 1/1 because has the longest prefix  match.
  • If a packet needs to be forwarded to, it would match and, so the packet would be sent to and outgoing interface Gigabit Ethernet 2/2 because has the longest prefix   match.
  • If a packet needs to be forwarded to, it matches only, so the packet is sent to and outgoing interface Gigabit Ethernet  3/3.

Administrative Distance
As each routing protocol receives updates and other routing information, it chooses the best path to any given destination and attempts to install this path into the routing table. Table 3-2 provides the default AD for the routing protocols covered in this book.

Table 3-2 Routing Protocol Default Administrative Distances
For example, if OSPF learns of a best path toward, it first checks to see whether an entry exists in the routing table. If it does not exist, the route is installed into the Routing Information Base (RIB). If the route already exists in the RIB, the router decides whether to install the route presented by OSPF based on the AD of the route in OSPF and the AD of the existing route in the RIB. If this route has the lowest AD to the destination (when compared to the other route in the table), it is installed in the routing table. If this route is not the route with the best AD, the route is rejected.

Consider another example on this topic. A router has OSPF, IS-IS, and EIGRP running, and all three protocols have learned of the destination network with a different best path and metric.

Each of these three protocols will then attempt to install the route to into the routing table. Because the prefix length is the same, the next decision point is the AD, where the routing protocol with the lowest AD installs the route into the routing table.

Because the EIGRP internal route has the best AD, it is the one installed into the routing table:
90 <<< Lowest AD Installed in Route Table

The routing protocol or protocols that failed to install their route into the table (in this example, that would be OSPF and IS-IS) will hang on to this route to use it as a backup route and will tell the routing table process to report to them if the best path fails so that they can then try to reinstall this route.

For example, if the EIGRP route installed in the routing table fails for some reason, the routing table process calls OSPF and IS-IS, and requests them to reinstall  the route in the routing table. Out of these two protocols, the preferred route is chosen based on AD, which would be OSPF because of its lower AD.

The default AD might not always be suitable for a network; for instance, there might be a requirement to adjust it so that OSPF routes are preferred over EIGRP routes. However, changing the AD on routing protocols can have severe consequences, such as routing loops and other odd behavior in a network. It is recommended that the AD be changed only with extreme caution, and only after what needs to be accomplished has been thoroughly thought out. A good backup plan is recommended in case things do not turn out as planned.

As discussed in the previous section, routes are chosen and installed into the routing table based on the routing protocol’s AD. The routes learned from the routing protocol with the lowest AD are the ones installed into the routing table. If there are multiple paths to the same destination from a single routing protocol, these paths would have the same AD; for this case, the best path is selected within the routing protocol. Most protocols use the path with the best metric, but OSPF and IS-IS have additional logic that preempts the lowest metric.

If a routing protocol identifies multiple paths as a best path, and supports multiple path entries, the router installs the maximum number of paths allowed per destination. This is known as equal-cost multipath (ECMP) and provides load sharing across all links.

For example, Figure 3-5 illustrates a network running OSPF to reach the prefix Router 1 (R1) has two equal-cost paths; therefore, it will install both in the routing table.Figure 3-5   OSPF ECMP Technology

Example 3-1 confirms that both paths have been installed into the RIB, and because the metrics are identical, this confirms the router is using ECMP.

Example 3-1    R1’s Routing Table Showing the ECMP Paths to

Note    Best path metric calculation and the default and maximum ECMP paths allowed for each routing protocol vary. This is covered in later routing protocol-related chapters.

Virtual Routing and Forwarding

Virtual Routing and Forwarding (VRF) is a technology that allows multiple independent virtual routing table and forwarding table instances to exist concurrently in a router. This can be leveraged to create segmentation between networks, which allows for overlapping IP addressing to be used even on a single interface (that is, using subinterfaces), and because the traffic paths are isolated, network security is increased and can eliminate the need for encryption and authentication for network traffic.

Service Providers with Multiprotocol Label Switching (MPLS) backbones typically use VRFs to create separate virtual private networks (VPNs) for their customers, and when used in this manner, VRFs are known as VPN Routing and Forwarding.

When VRF is not used in conjunction with MPLS, it is known as VRF-Lite (also termed multi-VRF CE, or multi-VRF customer-edge device).  Because  MPLS  is  beyond  the scope of this book, only VRF-Lite is covered in this section and is referred to it simply as VRF.The configurations in Example 3-2 should help clarify the VRF concept. Example 3-2 shows how configuring different interfaces with overlapping IP addresses and subnets is not allowed within a routing table, not even if they are both on different interfaces because they would end up in the same routing table and cause a conflict.

Example 3-2 Overlapping IP Address Problems

Note    In IOS XR, the IP Address Repository Manager (IPARM) enforces the uniqueness of global IP addresses configured in the system. By default, when there is an IP address and subnet mask conflict, the lowest rack/slot/interface (that is, g0/0/0/3 is lower than g0/0/0/5) is the one that gets assigned the IP address. To change the default behavior, use the ipv4 conflict-policy {static | highest-ip | longest-prefix} command.

In older IOS releases, only single-protocol IPv4-only VRFs could be created. The command ip vrf vrf-name created a single-protocol VRF on the router and was activated on an interface with the command ip vrf forwarding vrf-name under the interface configuration mode.

In current IOS releases, a new configuration option allows the creation of multiprotocol VRFs that support both IPv4 and IPv6. Entering the command vrf definition vrf-name creates the multiprotocol VRF. Under VRF definition submode, the command address-family {ipv4 | ipv6} is required to specify the appropriate address family. The VRF is then associated to the interface with the command vrf forwarding vrf-name under the interface configuration submode.

Note    The commands ip vrf vrf-name and ip vrf forwardingvrf-name will be available for a period of time before they are deprecated. To migrate any older IPv4-only VRFs to the new multiprotocol VRF configuration, you can use the vrf upgrade-cli multi-af-mode {common-policies | non-common-policies} [vrf vrf-name] command. When creating a new VRF, even if it is just an IPv4-only VRF, Cisco recommends using the multiprotocol VRF vrf definition and vrf forwarding commands.

In IOS, the following steps are required to create a VRF and assign it to an interface:

 Step 1.Create a multiprotocol VRF.

The multiprotocol VRF routing table is created with the command vrf definition vrf-name
 Step 2.Identify the address family.

Initialize the appropriate address family with the command address-family {ipv4 | ipv6}. The address family can be IPv4, IPv6, or both.
 Step 3.Specify the interface to be associated with the VRF.

Enter interface configuration submode and specify the interface to be associated with the VRF with the command interfaceinterface-type interface-number.
 Step 4.Associate the VRF to the interface.

The VRF is associated to the interface or subinterface by entering the command vrf forwardingvrf-name under interface configuration submode.
 Step 5.Configure an IP address on the interface or subinterface.

The IP address can be IPv4, IPv6, or both. It is configured by entering the following  commands:

ip address ip-address subnet-mask [secondary]

ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/ prefix-length}

Note    On IOS nodes, the VRF needs to be associated to the interface first before configuring an IP address. If an IP address is already configured, and the VRF is associated to the interface, IOS will remove the IP address.

IOS XR supports only multiprotocol VRFs. The following steps are required to create a multiprotocol VRF and assign it to an interface on an IOS XR node:

 Step 1.Create a multiprotocol VRF.

The multiprotocol VRF routing table is created with the command vrfvrf-name. The VRF name is  arbitrary.
 Step 2.Identify the address family.

Initialize the appropriate address family with the command address-family{ipv4 | ipv6} unicast. The address family can be IPv4, IPv6, or both.
 Step 3.Specify the interface to be associated with the VRF.

Enter interface configuration submode and specify the interface to be associated with the VRF with the command interfaceinterface-type interface-number.
 Step 4.Associate the VRF with an interface or subinterface.

The VRF is associated with the interface or subinterface by entering the command vrf vrf-name under interface configuration submode.
 Step 5.Configure an IP address on the interface or subinterface.

The IP address can be IPv4, IPv6, or both. It is configured by entering the following  commands:

ipv4 address ipv4-address subnet-mask

ipv6 address ipv6-address/prefix-length

Note    For IOS XR, the VRF needs to be associated to the interface first before configuring an IP address; otherwise, the VRF configuration will not be accepted.

Figure 3-6 Illustrates two routers to help visualize the VRF routing table concept.  One  of the routers has no VRFs configured, and the other one has a management VRFnamedMGMT. This figure can be used as a reference for the following examples.Figure 3-6    Comparison of a Router with no VRFs and a Router with a VRF

Table 3-3 provides a set of interfaces and IP addresses that overlap between the global routing table and the VRF. This information is used in the following examples.

Table 3-3    Sample Interfaces and IP Addresses
Example 3-3 shows how the IP addresses are assigned to the interfaces in the global routing table shown in Table 3-3.

Example 3-3    IP Address Configuration in Global Routing Table
Example 3-4 displays the global routing table with the command show ip route for IOS and show route for IOS XR to show the IP addresses configured in Example 3-3.

Example 3-4    Output of Global Routing Table
Example 3-5 shows how the VRF named MGMT is created, two interfaces are associ- ated with it, and the IP addresses in Table 3-3 are configured on the interfaces. These IP addresses overlap with the ones configured in Example 3-3, but there is no conflict because they are in a different routing table.

Example 3-5    VRF Configuration Example

Example 3-6 shows how the VRF IP addresses configured in Example 3-5 cannot be
seen in the output of the show ip route command for IOS and the show route command for IOS XR; these commands display only the contents of the global routing table.  To see a VRF routing table, the commands show ip route vrf vrf-name for IOS and show route vrf {all |  vrf-name} for IOS XR should be used.

Example 3-6    Output of Global Routing Table and VRF Routing Table
In IOS, to display a quick summary of the usability status for each IP interface, in addi- tion to all the IP addresses configured in the global routing table and all VRFs, the command show ip interface brief should be used. In IOS XR, the command show ipv4 interface brief only shows the IP addresses in the global routing table. To see the IP addresses in the global routing table and all VRFs, use the command show ipv4 vrf all interface brief. Example 3-7 provides sample output of these show commands.

Example 3-7    Verification of Interfaces Status and IP Addresses
VRF-Lite can provide similar functionality to that of virtual local-area networks (VLANs); however, instead of relying on Layer 2 technologies such as spanning tree, Layer 3 dynamic routing protocols can be used. Using routing protocols over Layer 2 technologies has some advantages such as improved network convergence times, dynam- ic traffic load sharing, and troubleshooting tools such as ping and traceroute.