Administrative Distance and Its Effects on BGP

When BGP and IGPs are used together for IP routing, as they generally will be in an enterprise network, you might sometimes want a router to prefer an IGP route to an E-BGP route. Under normal circumstances, this will not be possible because routers always prefer E-BGP routes because they have a lower administrative distance. The Cisco IOS Software uses the administrative distances shown in Table 9-11.

Table 9-11. Default Administrative Distances

Administrative Distance



Directly connected networks


Static routes




Internal EIGRP










External EIGRP





You can deal with these situations in a couple of ways. You could increase the administrative distance of an IGP protocol or increase the administrative distance for E-BGP routers using the distance distance-value command (or distance bgp external-distance internal-distance local-distance command for E-BGP routes); however, the effects of this command are rather broad and might produce unwanted results. Another more granular approach is to use the bgp backdoor command to alter routes on a network-by-network basis.

What Backdoors Are and How You Use Them

BGP backdoors are designed to change E-BGP administrative distance to allow IGP routes to have administrative preference in the IP routing table. The BGP backdoor command basically takes the specified E-BGP routes and changes the administrative distance from 20 to 200, the same distance as an I-BGP route, allowing IGP routes to take administrative precedence in the routing table. In Figure 9-18, for example, the Pike router has two paths to the network—one by means of the Pine router and the other through the Union router.


Figure 9-18 Administrative Distance and Routing on the Downtown Network

Because the Pike and Pine routers are not BGP neighbors, the Pike router stores only one route to the network. The reason the Pike router ignores the EIGRP route is that that route has an administrative distance of 90, which is higher than the Union router's E-BGP administrative distance of 20, as shown in Example 9-90.

Example 9-90. Pike Router's Routing Table Before the Backdoor

Pike# show ip route | begin subnet is subnetted, 1 subnets
B [20/0] via, 00:05:49 is subnetted, 2 subnets
C is directly connected, Serial0
C is directly connected, Serial1

To allow the Pike router to use the two EIGRP routes to the network, you can just configure a BGP backdoor for that network. BGP backdoors are configured using the network network-prefix mask network-mask backdoor command. You would be correct in thinking that the BGP network command cannot be used to generate a BGP advertisement for an indirectly connected network; however, in this case, the network command is used locally to change the administrative distance of a backdoor route. BGP does not advertise the route as a local route; the administrative distance for the route is simply altered, allowing the EIGRP routes to be administratively preferred by the main IP routing table. Example 9-91 shows how the BGP backdoor command is used to change the IP routing preference for the network.

Example 9-91. Changing the Administrative Distance with a BGP Backdoor

Pike# show run | begin eigrp
router eigrp 107
 maximum-paths 2
 no auto-summary
 no eigrp log-neighbor-changes
router bgp 202
 no synchronization
 bgp log-neighbor-changes
 network mask
 network mask backdoor
 neighbor remote-as 10101
 no auto-summary

Example 9-92 shows the resulting changes to the IP routing table. After this configuration is applied, the administrative distance for the BGP route is changed, and the E-BGP route is removed from the main IP routing table. At this time, the two EIGRP routes are added because they now have a lower administrative distance. Also, notice that the show ip bgp command still shows the route as the best route and the BGP network is still not advertised to any peer.

Example 9-92. Pike Router Configuration After the BGP Backdoor

Pike# show ip route | begin subnet is subnetted, 1 subnets
D [90/2195456] via, 00:01:14, Serial1
[90/2195456] via, 00:01:14, Serial0 is subnetted, 2 subnets
C is directly connected, Serial0
C is directly connected, Serial1
Pike# show ip bgp
BGP routing table entry for, version 6
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x800
  Not advertised to any peer
  10101 from (
      Origin IGP, metric 0, localpref 100, valid, external, best

Now that you understand the many ways that BGP can be configured for routing and policy enforcement, it's time to examine how BGP enables you to control Internet routing table stability, by means of route dampening, and some of the ways that BGP can be tuned to perform more efficiently.

+ Share This