Guest

IP Routing

Specifying a Next Hop IP Address for Static Routes

Cisco - Specifying a Next Hop IP Address for Static Routes

Document ID: 27082

Updated: Oct 30, 2006

   Print

Introduction

This document introduces basic concepts about static routes. This document uses a problem scenario to demonstrate the circumstances under which it is desirable to specify the interface through which the next hop IP address can be reached when you configure a static route.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Background Theory

The ability to configure a static route was introduced in Cisco IOS® Software Release 10.0. Static routes are used for a variety of reasons and are often used when there is no dynamic route to the destination, or when you run a dynamic routing protocol is not feasible.

By default, static routes have an administrative distance of one, which gives them precedence over routes from dynamic routing protocols. When you increase the administrative distance to a value greater than that of a dynamic routing protocol, the static route can be a safety net in the event that dynamic routing fails. For example, Interior Gateway Routing Protocol (IGRP)-derived routes have a default administrative distance of 100. In order to configure a static route that is overridden by an IGRP route, specify an administrative distance greater than 100 for the static route.

This kind of static route is called "floating" static. It is installed in the routing table only when the preferred route disappears. For example, ip route 172.31.10.0 255.255.255.0 10.10.10.2 101.

Note: An administrative distance of 255 is considered unreachable and static routes with an administrative distance of 255 are never entered in the routing table.

If you point a static route to a broadcast interface, the route is inserted into the routing table only when the broadcast interface is up. This configuration is not recommended because when the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface. For example, ip route 0.0.0.0 0.0.0.0 Ethernet0.

With this type of configuration, a router performs Address Resolution Protocol (ARP) on the Ethernet for every destination the router finds through the default route because the router considers all of these destinations as directly connected to Ethernet 0.

This kind of default route, especially if it is used by a lot of packets to many different destination subnets, can cause high processor utilization and a very large ARP cache (along with attendant memory allocation failures).

Specifying a numerical next hop on a directly connected interface prevents the router from performing ARP or each destination address. However, if the interface with the next hop goes down and the numerical next hop is reachable through a recursive route, you should specify both the next hop IP address and the interface through which the next hop should be found. For example, ip route 0.0.0.0 0.0.0.0 Serial 3/3 192.168.20.1.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

In this network diagram, there are two static routes to the same destination (172.31.10.0/24). One route is a floating static, it is the "backup" or redundant path to the destination network on the LAN. The problem in the scenario is that the floating static route never gets installed in the routing table when the primary link is shut down.

R1 has a default route that points to the Internet Service Provider (ISP) router for Internet access. R1 has two links to R2. The T1 is the primary link and 56 K is the backup link. R1 has a static route for 172.31.10.0/24 which points to the R2 Serial 0 IP address (10.10.10.2) as the next-hop. R1 also has a floating static route for 172.131.10.0/24 which points to the R2 Serial 1 IP address (192.168.20.2), the administrative distance for the floating static route is 250. The idea is for packets to flow over the 56 K line in both directions only if the primary link fails.

ip_static_routes_01.gif

This example shows the R1 configuration:

R1
hostname R1

!
ip subnet-zero
no ip domain-lookup
!
controller E1 2/0
!
controller E1 2/1
!
interface Serial3/0
 description ISP Link
 ip address 192.168.10.1 255.255.255.252
 clockrate 64000
!
interface Serial3/1
 no ip address
 shutdown
!
interface Serial3/2
 description Primary Link to R2
 ip address 10.10.10.1 255.255.255.252
!
interface Serial3/3
 description Backup Link to R2
 ip address  192.168.20.1 255.255.255.252
 clockrate 64000
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial3/0

!---This is the default route to ISP router.

ip route 172.31.10.0 255.255.255.0 10.10.10.2

!---This is the preferred route to the LAN.

ip route 172.31.10.0 255.255.255.0 192.168.20.2 250

!---This is the floating route to the LAN.

This example shows the R1 routing table:

R1 Routing Table
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     10.0.0.0/30 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial3/2
     192.168.10.0/30 is subnetted, 1 subnets
C       192.168.10.0 is directly connected, Serial3/0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial3/3
     172.31.0.0/24 is subnetted, 1 subnets
S       172.31.10.0 [1/0] via 10.10.10.2

!--- The preferred static route to the LAN through the T1.

S*   0.0.0.0/0 is directly connected, Serial3/0

!--- The static default route to the Internet.

This example shows the R2 configuration:

R2
hostname R2
!
enable password ww
!
!
!
!
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
!
!
interface Ethernet0
 description Local LAN
 ip address 172.31.10.2 255.255.255.0
!
interface Serial0
 description Primary Link to R1
 ip address 10.10.10.2 255.255.255.252
 clockrate 56000
!
interface Serial1
 description Backup Link to R1
 ip address 192.168.20.2 255.255.255.252
!
interface TokenRing0
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1

!--- This is the primary default route.

ip route 0.0.0.0 0.0.0.0 192.168.20.1 250

!--- The floating default route to be used if the T1 fails.

no ip http server
!
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 password ww
 login
!
end

R2 has the default route installed through 10.10.10.1 and when you use the traceroute command from R2 to the ISP router, the packets use the T1 link. R2 can send pings to the Internet host 192.168.30.1 sourced from 172.31.10.2. The route to 192.168.30.1 is through the default route 0.0.0.0 0.0.0.0.

R2 Routing Table
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     172.31.0.0/24 is subnetted, 1 subnets
C       172.31.10.0 is directly connected, Ethernet0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial1
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.10.10.0/30 is directly connected, Serial0
S*   0.0.0.0/0 [1/0] via 10.10.10.1

!--- This is the primary default route.

R2#traceroute 192.168.10.2

Type escape sequence to abort.
Tracing the route to 192.168.10.2

  1 10.10.10.1 16 msec 20 msec 16 msec
  2 192.168.10.2 32 msec *  32 msec

R2#ping
Protocol [ip]:
Target IP address: 192.168.30.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.31.10.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms

If you shut down Serial 3/2 on R1 to test the failover, you should expect R1 to install the floating static route to the local LAN 172.31.10.0 and for R2 to install the floating static route to 0.0.0.0 through 192.168.20.1. You would expect traffic to flow over the 56K link.

R1
R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Serial3/0              192.168.10.1    YES manual up                    up
Serial3/1              unassigned      YES unset  administratively down down
Serial3/2              10.10.10.1      YES manual up                    up
Serial3/3              192.168.20.1    YES manual up                    up


R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int s3/2
R1(config-if)#shut
R1(config-if)#end
2d21h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/2, changed state to down
2d21h: %LINK-5-CHANGED: Interface Serial3/2, changed state to administratively down

R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Serial3/0              192.168.10.1    YES manual up&                   up
Serial3/1              unassigned      YES unset  administratively down down
Serial3/2              10.10.10.1      YES manual administratively down down
Serial3/3              192.168.20.1    YES manual up                    up


R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     192.168.10.0/30 is subnetted, 1 subnets
C       192.168.10.0 is directly connected, Serial3/0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial3/3
     172.31.0.0/24 is subnetted, 1 subnets
S       172.31.10.0 [1/0] via 10.10.10.2

!--- The static route through the T1 remains in the routing table.
!--- This is not what was expected to happen when Serial 3/2 was shut.

S*   0.0.0.0/0 is directly connected, Serial3/0

!--- The static default route to the Internet.

R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 192.168.20.1 to network 0.0.0.0

     172.31.0.0/24 is subnetted, 1 subnets
C       172.31.10.0 is directly connected, Ethernet0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial1
S*   0.0.0.0/0 [250/0] via 192.168.20.1

!--- It is no longer possible to ping the Internet host 192.168.20.1 if the ping 
!--- is sourced from the LAN on R2 because R1 tries to send the replies
!--- via the Serial 3/2, which is down.

R2#ping
Protocol [ip]:
Target IP address: 192.168.30.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.31.10.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

The floating static route was not installed on R1 and the primary static route is still in the routing table of R1 even though the Serial 3/2 link is shut down. The reason this happens is because static routes are recursive in nature. You always keep the static route in the routing table as long as you have a route to the next hop. In this case, R1 thinks it can get to 10.10.10.2 through 192.168.10.2 because 192.168.10.2 is the next hop for 0.0.0.0 0.0.0.0.

The route to a next hop can be a more specific, a less specific, or a default route. In this problem scenario, you would think that since the link is down you should not have a route to 10.10.10.2, but if you look at the routing table on R1, you see that there is a static default route pointing to the ISP router. R1, therefore believes that it can reach the next hop (10.10.10.2) for 172.31.10.0/24 through this default route, so the static route to 172.31.10.0/24 through 10.10.10.2 remains in the routing table and the floating static route never gets installed.

There is a better way to configure static routes that would allow you to avoid this problem. If you specify the interface through which the next hop should be found, you will install the floating static route only if the next hop IP address is reachable through the specified interface. Before the solution to this problem is presented, you will bring the Serial 3/2 interface on R1 back up again.

R1
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int s 3/2
R1(config-if)#no shut
R1(config-if)#end
R1#
2d22h: %LINK-3-UPDOWN: Interface Serial3/2, changed state to up
2d22h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/2, changed state to up
2d22h: %SYS-5-CONFIG_I: Configured from console by console


R1#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Serial3/0&             192.168.10.1    YES manual up                    up
Serial3/1              unassigned      YES unset  administratively down down
Serial3/2              10.10.10.1      YES manual up                    up
Serial3/3              192.168.20.1    YES manual up                    up


R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     10.0.0.0/30 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial3/2
     192.168.10.0/30 is subnetted, 1 subnets
C       192.168.10.0 is directly connected, Serial3/0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial3/3
     172.31.0.0/24 is subnetted, 1 subnets
S       172.31.10.0 [1/0] via 10.10.10.2
S*   0.0.0.0/0 is directly connected, Serial3/0
R1#

Solution

The solution is to remove the old static routes to the LAN (172.31.10.0) and configure new static routes, this time specifying the interface through which the next hop must be reached. This allows the floating static route on R1 to get installed when the Serial 3/2 interface is shut.

R1
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip route 172.31.10.0 255.255.255.0 10.10.10.2
R1(config)#no ip route 172.31.10.0 255.255.255.0 192.168.20.2 250
R1(config)#ip route 172.31.10.0 255.255.255.0 Serial3/2 10.10.10.2
R1(config)#ip route 172.31.10.0 255.255.255.0 Serial3/3 192.168.20.2 250
R1(config)#end
R1#
2d22h: %SYS-5-CONFIG_I: Configured from console by console

The static route to 172.31.10.0 through 10.10.10.2 is installed in the routing table of R1 if 10.10.10.2 is seen through Serial 3/2. If this condition is not met, the static route through 10.10.10.2 is removed from the routing table and the floating static route to 172.31.10.0 through Serial 3/3 with next hop 192.168.20.2 is installed.

In order to test how this works and bring the T1 link down, shut down Serial 3/2 and see if the floating static route gets installed in the routing table.

R1
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int s 3/2
R1(config-if)#shut
R1(config-if)#end
R1#
3d00h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/2, changed state to down
3d00h: %SYS-5-CONFIG_I: Configured from console by console
3d00h: %LINK-5-CHANGED: Interface Serial3/2, changed state to administratively down

R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Serial3/0              192.168.10.1    YES manual up                    up
Serial3/1              unassigned      YES unset  administratively down down
Serial3/2              10.10.10.1      YES manual administratively down down
Serial3/3              192.168.20.1    YES manual up                    up

R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     192.168.10.0/30 is subnetted, 1 subnets
C       192.168.10.0 is directly connected, Serial3/0
     192.168.20.0/30 is subnetted, 1 subnets
C       192.168.20.0 is directly connected, Serial3/3
     172.31.0.0/24 is subnetted, 1 subnets
S       172.31.10.0 [250/0] via 192.168.20.2, Serial3/3
S*   0.0.0.0/0 is directly connected, Serial3/0
R1#

Now R1 can ping the Internet host 192.168.20.1 with packets sourced from the LAN.

R2
R2#ping
Protocol [ip]:
Target IP address: 192.168.20.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.31.10.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms

The floating static route gets installed as expected.

Related Information

Updated: Oct 30, 2006
Document ID: 27082