Removing Unused Static Routes - help

My Network manager wants me to visit all the L3 switches on the network and remove any unused static routes.

Obviously I dont want to cause any loss of required routes when doing this,

for example (this is an example static route btw)

ip route 10.10.10.10 255.255.255.255 192.168.1.1

I know this is host route because its a /32. Agreed.

And I know that to get to 10.10.10.10 you have to go via 192.168.1.1. Agreed

So if 192.168.1.1 does not reply to a ping this route is pointless, unless, the device 192.168.1.1 is a firewall or a device that does not respond to ICMP, correct,

My last attempt at this was using NMAP to scan all the ports on 192.168.1.1

So If NMAP comes back with 0 ports open then its pretty safe to remove the Static route. Agreed? Thoughts?

Anybody else had experience with this task, can help me do some enumeration on these static routes?

Many thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

NetworkVeteran

So If NMAP comes back with 0 ports open then its pretty safe to remove the Static route. Agreed? Thoughts?

Some networking devices are not up 24/7. This approach may black hole devices that are temporarily off-the-grid, such as a device being upgraded, a device down for repair, or a device only powered-on when in use. I would apply more caution.

If you don't have a list of key devices and their owners, would this be a good time to make one?

Also, are these static routes even necessary, considering your dynamic routes?

networker050184

Agreed with NetworkVeteran. Probably time to come up with a cross-functional list of devices and owners. Have them all have a representative standing by when routes are changed and verify all their devices are still functioning.

Another thing to do as NetworkVeteran pointed out is to check your routing to see what is not going to be routed once these static routes are removed.

Futura

NetworkVeteran wrote: »

Some networking devices are not up 24/7. This approach may black hole devices that are temporarily off-the-grid, such as a device being upgraded, a device down for repair, or a device only powered-on when in use. I would apply more caution.

If you don't have a list of key devices and their owners, would this be a good time to make one?

Also, are these static routes even necessary, considering your dynamic routes?

Excellent, thanks for the input,

Just to confirm, this is a new network to me, one that I have have been transferred to, to suss out and tidy up.

There are some dynamic advertisements in OSPF that I am also going to be tidying up. this is for later on,

The site had a 'Route Fairy' a fairy that went round the switches and placed random routes on devices, this 'Route Fairy' no longer has the enable password.

I was just trying to get some likewise thoughts on my mission,

thanks Again!.

shodown

Route Fairy

Man I can't stand static route warriors. I did a blog post a few years back about a company i worked with and they must have had 30 pages of static routers on there core devices. Every time they had some sort of outtage they were calling us to help them figure out what went wrong. 9 times out of 10 it was because a damn route was black holing the traffic.

Futura

shodown wrote: »

Route Fairy

Man I can't stand static route warriors. I did a blog post a few years back about a company i worked with and they must have had 30 pages of static routers on there core devices. Every time they had some sort of outtage they were calling us to help them figure out what went wrong. 9 times out of 10 it was because a damn route was black holing the traffic.

Someone who shares my frustration.

I'm thinking I will start to remove them a couple at a time and see if anyone complains. Its the only way.

the destination of the static route is not responsive to icmp or any ports in NMAP and I know the addresses of all the firewalls, so here goes!.

And as NetworkVeteran said, devices may be down, but I can confirm that they are all up currently.

to some, this may seem like a pointless task, but I have replaced around 40 of the MLS's without a single static, apart from the default route to the gateway. I''m trying to get the network 100% documented and accounted for.

Thanks guys!

nkillgore

I just got hired somewhere where the config for the core device is 6000 lines long. The ASA config is 5k lines long. the branch router configs are no less than 1000 lines long

Some of it is route maps. Some is static routes. there is also some reverse route injection going on.

>_< that's my face at the end of every day I spend trying to clean that sh*t up.

Good luck

Futura

Its a shame there is no Hit Counter for statics, like there is for ACL's etc.

I would make life much easier,

Obviously the statics would be used over the dynamic entrys as they have a superior distance.

Hmm, from a technical enumeration standpoint, any other ideas, apart from icmp and NMAP?

Thanks