Static routes

Everything I have read says that using the next hop or a exit interface is functionally the same. Nobody every seems to explain why I should choose one over the other.

Find more posts tagged with

Comments

rob42

*REMOVED*

My comments seem woefully inadequate when compared to the ones below...

dontstop

Have a read of this: https://supportforums.cisco.com/document/116711/static-routes-next-hop-exit-interface-or-ip-address#Introduction:

->For point to point interfaces, you can use static routes that point to the interface or to the next hop address. There is only one possible next hop and its L2 address will be used to build L2 frame.

->For multipoint/Broadcast interfaces, it is more suitable to use static routes that point to a next hop address to avoid the need for resolving every destination address to its L2 address. As you have seen above it is still possible to use static routes pointing to the interface but not a scalable solution.

In essence if you specify a route with an outgoing interface the router believes that the route is "directly connected" so if the underlying L2 interface is Ethernet it will try and ARP for the L2 address for every destination address as it literally thinks that every destination address is directly off that Interface. If the underlying L2 is actually a point-to-point then it will just throw the frame out on the link as HDLC/PPP don't need a MAC destination to forward their frames.

networker050184

It's never a good idea to use just an exit interface on Ethernet. Especially defaults on older routers you can eat up resources with ARP rather quickly. My standard in production is exit interface and next hop IP for every static route unless there is a compelling reason not to.

dontstop

Out of curiosity, why both?

networker050184

The interface in the static route keeps it from recursing to another unintended interface. If the intended interface a static route is across goes down you're likely going to want the route withdrawn even if that next hop is known via another, usually less preferred, path. Especially if you're redistributing these into other routing protocols. This usually happens with routers in HA pairs. You want the router in the pair with the actual intended path still up to be the one advertising the route upstream.

txn41655

if you chose the next hope IP address it will perform a recursive because it need to know on which interface to exit for the next hop.

for best performance you should fully specify the next hop IP address and the exit interface.

bornwith

How does this work? With 2 separate commands or one with both the interface and next hop. If it's the later how does that work. I can't find an example and IOS doesn't seem to like it when I try it.

txn41655

bornwith wrote: »

How does this work? With 2 separate commands or one with both the interface and next hop. If it's the later how does that work. I can't find an example and IOS doesn't seem to like it when I try it.

Example :
ip route 172.31.0.0 255.255.255.0 s0/0/1 172.31.1.197

Uriah7

txn41655 wrote: »

Example :
ip route 172.31.0.0 255.255.255.0 s0/0/1 172.31.1.197

The next hop IP address is considered a backup to the exit interface, correct?

ccie14023

The answers above are very good. I had a case back in my TAC years when a linecard on a GSR kept crashing. It turned out that it was an Internet-facing router, and they had put a static default to the next hop, using the Ethernet interface instead of the IP address. Well, this resulted in a separate ARP entry for every address on the Internet they were reaching, which meant a separate dCEF entry on the line card. It would run for a few weeks before memory would be consumed and then, crash. Whoops. The customer learned the hard way to use next hop IP addresses on broadcast interfaces, and he wasn't all that appreciative when I pointed it out.

dontstop

ccie14023 wrote: »

Well, this resulted in a separate ARP entry for every address on the Internet they were reaching, which meant a separate dCEF entry on the line card. It would run for a few weeks before memory would be consumed and then, crash. Whoops.

To what MAC Address was it resolving to for each of the IP Addresses? Was something upstream proxying for it?

ccie14023

dontstop wrote: »

To what MAC Address was it resolving to for each of the IP Addresses? Was something upstream proxying for it?

I believe so. There was one router off the interface that was proxying, so all the ARP entries pointed to it. However, each address required a separate entry despite the fact that they all pointed to the same MAC.

ccie14023

You brought back such fond memories that I wrote the full story of this TAC case and posted it in the "TAC Tales" section of my blog... Enjoy:

TAC Tales #11: Full up - SubnetZero

bornwith

So the moral of this story is never use the exit interface?

networker050184

I would never use just an exit interface even though there is no harm on P2P links usually. In conjunction with a next hop IP it can be very useful.