Advanced Cisco Routing: Route Precedence

So far, all of our routing examples have been fairly straightforward. For example, in all of our examples so far, we have had clearly delineated subnets that do not conflict with each other. In general, I often use subnets within 10.0.0.0/8 and 192.168.0.0/16 for Ethernet or FastEthernet links, and I tend to use subnets within 172.16.0.0/12 for tunnels or serial links (point-to-point networks). This helps me keep various subnets straight in my mind while I am creating these labs, and makes it easy to see what type of network I am working with at a glance. However, in the real world, IP addressing schemes tend to be organic -- that is, the network admin(s) may have started out with an overall scheme in mind, but do to company mergers, changes in staffic, and the like, the addressing schemes tend to change over time, causing "islands" within larger subnets to be located on routes that differ significantly from the routes that contain the larger subnet. Consider this network, for example:

In this diagram, we see two companies, SmallCo and MegaCorp that have merged as the result of an aquisition. SmallCo has two offices, with routers R1 (a satellite location) and R2 (the main office router). As a result of the merger, SmallCo has migrated all of its LAN IP space into the subnet 10.2.0.0/16, and is using 172.16.100 for point-to-point networks. MegaCorp is using both the 10.0.0.0/8 and 192.168.0.0/16 subnets for its IP addressing. However, as far as routing is concerned, we now have a problem: SmallCo is using a subnet inside the 10.0.0.0/8 address range that MegaCorp is using internally. Fortunately, MegaCorp isn't using any addresses inside 10.2.0.0/16, but it means that the network admins can't just route 10.0.0.0/8 to its internal routers anymore, since 10.2.0.0/16 has to go to SmallCo's routers.

Or can they?

Suppose R1 and R2 are sharing routes via OSPF, and suppose there are static routes on both routers pointing 10.0.0.0/8 and 192.168.0.0/16 to R3. Will PCs (R4 and R5) on the two SmallCo LANs be able to reach each other? Will they be able to reach hosts on the 10-dot subnets within MegaCorp? Let's find out.

Here is the routing configuration on R1:
router ospf 42
router-id 10.2.7.129
log-adjacency-changes
redistribute connected subnets
network 172.16.100.20 0.0.0.3 area 0.0.0.0
!
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.15.49
ip route 192.168.0.0 255.255.0.0 192.168.15.49

Here is the routing configuration on R2:
router ospf 42
router-id 10.2.6.1
log-adjacency-changes
redistribute connected subnets
network 172.16.100.20 0.0.0.3 area 0.0.0.0
!
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.12.45
ip route 192.168.0.0 255.255.0.0 192.168.12.45

...and finally, here is the routing configuration for R3:
ip classless
ip route 10.254.0.0 255.255.0.0 192.168.12.46
ip route 10.254.7.128 255.255.255.192 192.168.15.50

If you ping from any of the various endpoints...:
R4#ping 10.2.6.236

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.6.236, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/62/152 ms
R4#ping 192.168.9.161

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.9.161, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/52/152 ms
R4#ping 10.10.100.221

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.100.221, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/38/68 ms
R4#


R7#ping 10.2.7.184

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.7.184, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/36 ms
R7#ping 10.2.6.236

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.6.236, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/32 ms
R7#ping 192.168.9.161

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.9.161, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/24 ms
R7#

This works because a route to a more specific subnet mask will ALWAYS override a more generic subnet mask in the routing tables. In this case, routes to 10.2.6.0/24 and 10.2.7.128/26 are more specific than the route to 10.0.0.0/8, so if the router sees a packet destined for one of these two subnets, it will route the packet to R2 or R1 (respectively) rather than to R3...even if the packet originates on R3.