How The Routing Table Is Populated - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 9 Configuring IP Routing
Gateway of last resort is 10.86.194.1 to network 0.0.0.0
S
C
S*
On the ASA 5505 adaptive security appliance, the following route is also shown. It is the internal
loopback interface, which is used by the VPN Hardware Client feature for individual user authentication.
C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback

How the Routing Table is Populated

The security appliance routing table can be populated by statically defined routes, directly connected
routes, and routes discovered by the RIP and OSPF routing protocols. Because the security appliance
can run multiple routing protocols in addition to having static and connected routed in the routing table,
it is possible that the same route is discovered or entered in more than one manner. When two routes to
the same destination are put into the routing table, the one that remains in the routing table is determined
as follows:
•
•
•
Administrative distance is a route parameter that security appliance uses to select the best path when
there are two or more different routes to the same destination from two different routing protocols.
Because the routing protocols have metrics based on algorithms that are different from the other
protocols, it is not always possible to determine the "best path" for two routes to the same destination
that were generated by different routing protocols.
OL-10088-01
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
10.1.1.0 255.255.255.0 [3/0] via 10.86.194.1, outside
10.86.194.0 255.255.254.0 is directly connected, outside
0.0.0.0 0.0.0.0 [1/0] via 10.86.194.1, outside
If the two routes have different network prefix lengths (network masks), then both routes are
considered unique and are entered in to the routing table. The packet forwarding logic then
determines which of the two to use.
For example, if the RIP and OSPF processes discovered the following routes:
RIP: 192.168.32.0/24
–
OSPF: 192.168.32.0/19
–
Even though OSPF routes have the better administrative distance, both routes are installed in the
routing table because each of these routes has a different prefix length (subnet mask). They are
considered different destinations and the packet forwarding logic determine which route to use.
If the security appliance learns about multiple paths to the same destination from a single routing
protocol, such as RIP, the route with the better metric (as determined by the routing protocol) is
entered into the routing table.
Metrics are values associated with specific routes, ranking them from most preferred to least
preferred. The parameters used to determine the metrics differ for different routing protocols. The
path with the lowest metric is selected as the optimal path and installed in the routing table. If there
are multiple paths to the same destination with equal metrics, load balancing is done on these equal
cost paths.
If the security appliance learns about a destination from more than one routing protocol, the
administrative distances of the routes are compared and the routes with lower administrative
distance is entered into the routing table.
Cisco Security Appliance Command Line Configuration Guide
The Routing Table
9-23