Solved: Re: Default Gateway Exit Interface - Page 2

petnetsolutionions · ‎03-19-2009

Hi All,

Can you explain to me how does default routing out of the exit interface work? for example ip route 0.0.0.0 0.0.0.0 f0/0. I know that if you use the next hop IP address in the default router configuration (ip route 0.0.0.0 0.0.0.0 192.168.1.1), router can resolve the next hop IP to the MAC Address to put in the data link frame as destination. How does router know what to put in data link frame as the destination address if it has no IP address to resolve? How does it work? Thanks a lot

petnetsolutionions · ‎03-19-2009

I tested it today and it does allow you to do that, thats why it is stuck on my brain.

paolo bevilacqua · ‎03-19-2009

As mentioned above, the mac address for next hop.

Richard Burts · ‎03-20-2009

It certainly does allow you to specify an Ethernet interface as the exit in a static route, including a static default route. There are several things that make this a problematic thing to do:

- it means that the router will send an ARP request for EVERY layer 3 destination address, so it is generating lots of traffic.

- it will only be successful in the next hop router has enabled proxy-arp, and increasingly some organizations regard proxy-arp as a security weakness and disable it. This means that now the success of your routing is dependent on something that you may not control.

- if the next hop router does enable proxy-arp then the MAC address gets added to the ARP table which contains ALL of the destination IP addresses to which the router has forwarded, so the ARP table gets very large, consuming memory and CPU cycles to maintain it.

So the best advice is that static routes specifying the exit interface are ok if the exit interface is some point to point link like HDLC, PPP, Frame Relay but otherwise it is much better to specify the nex hop address.

HTH

Rick

HTH

Rick

petnetsolutionions · ‎03-20-2009

So proxy-ARP is how it is possible. In my scenario I had 3 1841s hooked up through the Ethernet interfaces (1841----1841----1841) and one of the edge routers had default gateway set as an interface and it worked fine. So is proxy ARP enabled by default because I didn't enable anything for it to work.

Richard Burts · ‎03-20-2009

Yes proxy-arp is enabled by default in IOS. This means that a static route specifying only the exit interface can work. But note that just because something can be done does not necessarily mean that it should be done.

If you set this up as you describe and if you ping 50 remote addresses you wind up with 50 entries in your arp cache. If you ping 500 remote addresses you wind up with 500 entries in your arp cache. If you ping 5000 remote addresses you wind up with 5000 entries in your arp cache. Give it a test.

Another thing to think about: how long do the entries stay in the arp cache? You might want to test for this also.

HTH

Rick

HTH

Rick

petnetsolutionions · ‎03-20-2009

Thanks Richard! I think it makes more sense now. I am actually not going to use this scenario in production. In production we are using ADSL set up with PPPoE which is a point to point link so setting the default gateway as the interface should be just fine. I wanted to test a few things in the lab so thats why I set up the default gateway on the Ethernet interface.

Richard Burts · ‎03-20-2009

I am glad that it makes more sense now. Some times things work and we do not look closely to see how they work and whether there are implications that we should be aware of in how they work. Setting things up in the lab and testing is a very good way to learn how they really work.

HTH

Rick

HTH

Rick

rpfinneran · ‎03-22-2009

One other issue that you may run into. If you have unicast reverse-path forwarding enabled on the egress interface, then setting a static-default route to the interface will fail. I ran into this a while back and it really bugged me...