Solved: How to config static when multiple paths

goyourmin · ‎08-08-2023

hello!

There is a box-type topology as follows.
I want to configure the

default static route

in the direction of ISP.

(L3-Switch-5 -> L3-Switch-3 -> L3-Switch-1 -> ISP)

I envisioned the

default static route

in the upstream, and the

static route

in the interlink and downsteam.
With this idea, I applied it to EVE-NG. As a result of observation, I saw that a loop occurs through the interlink.
When

pinging L3-Switch-5 -> L3-Switch-1

Loop occurred between the

L3-switch-3 and L3-switch-4

interlinks.

I think I'm wrong somewhere, but I'm not sure.
Also, if these Link down, do users need to change the settings?
This is a topology that takes into account the occurrence of failures.

* there is no alternative to this static configuration in the environment. (Dynamic protocol not supported)

- L3-switch-1
ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)

ip route 10.10.10.0 255.255.255.0 eth0/1
ip route 10.10.10.0 255.255.255.0 eth0/0 100
ip route 10.2.2.2 255.255.255.255 eth0/0 100
ip route 10.3.3.3 255.255.255.255 eth0/0 100
ip route 10.4.4.4 255.255.255.255 eth0/0 100
ip route 10.5.5.5 255.255.255.255 eth0/0 100
ip route 10.6.6.6 255.255.255.255 eth0/0 100
ip route 172.16.2.0 255.255.255.252 eth0/0 100
ip route 172.16.3.0 255.255.255.252 eth0/0 100
ip route 172.16.4.0 255.255.255.252 eth0/0 100
ip route 172.16.5.0 255.255.255.252 eth0/0 100

router bgp 2
bgp router-id 10.1.1.1
network 100.100.100.0 mask 255.255.255.252
neighbor 100.100.100.1 remote-as 1
redistribute static

- L3-switch-2
ip route 0.0.0.0 0.0.0.0 eth0/3 100 (ISP backup route)

ip route 10.10.10.0 255.255.255.0 eth0/1
ip route 10.10.10.0 255.255.255.0 eth0/0 100
ip route 10.2.2.2 255.255.255.255 eth0/0 100
ip route 10.3.3.3 255.255.255.255 eth0/0 100
ip route 10.4.4.4 255.255.255.255 eth0/0 100
ip route 10.5.5.5 255.255.255.255 eth0/0 100
ip route 10.6.6.6 255.255.255.255 eth0/0 100
ip route 172.16.1.0 255.255.255.252 eth0/0 100
ip route 172.16.3.0 255.255.255.252 eth0/0 100
ip route 172.16.4.0 255.255.255.252 eth0/0 100
ip route 172.16.5.0 255.255.255.252 eth0/0 100

router bgp 2
bgp router-id 10.1.1.1
network 100.100.100.4 mask 255.255.255.252
neighbor 100.100.100.5 remote-as 1
redistribute static

- L3-switch-3
ip route 0.0.0.0 0.0.0.0 eth0/1

ip route 10.10.10.0 255.255.255.0 eth0/2
ip route 10.10.10.0 255.255.255.0 eth0/0 100
ip route 10.1.1.1 255.255.255.255 eth0/0 100
ip route 10.2.2.2 255.255.255.255 eth0/0 100
ip route 10.4.4.4 255.255.255.255 eth0/0 100
ip route 10.5.5.5 255.255.255.255 eth0/0 100
ip route 10.6.6.6 255.255.255.255 eth0/0 100
ip route 172.16.0.0 255.255.255.252 eth0/0 100
ip route 172.16.2.0 255.255.255.252 eth0/0 100
ip route 172.16.4.0 255.255.255.252 eth0/0 100

- L3-switch-4
ip route 0.0.0.0 0.0.0.0 eth0/1

ip route 10.10.10.0 255.255.255.0 eth0/2
ip route 10.10.10.0 255.255.255.0 eth0/0 100
ip route 10.1.1.1 255.255.255.255 eth0/0 100
ip route 10.2.2.2 255.255.255.255 eth0/0 100
ip route 10.3.3.3 255.255.255.255 eth0/0 100
ip route 10.5.5.5 255.255.255.255 eth0/0 100
ip route 10.6.6.6 255.255.255.255 eth0/0 100
ip route 172.16.0.0 255.255.255.252 eth0/0 100
ip route 172.16.1.0 255.255.255.252 eth0/0 100
ip route 172.16.3.0 255.255.255.252 eth0/0 100

- L3-switch-5,6
ip route 0.0.0.0 0.0.0.0 eth0/2

- ISP
router bgp 1
bgp router-id 1.1.1.1
network 1.1.1.1 mask 255.255.255.255
neighbor 100.100.100.2 remote-as 2
neighbor 100.100.100.6 remote-as 2

Best regard,

Giuseppe Larosa · ‎08-10-2023

Hello @goyourmin ,

if the use of a dynamic routing protocol is not possible the configuration of static routes need to be careful to avoid issues with possible routing loops and with excessive ARP activiity.

a) ARP activity when using a

default static route

without an IP next-hop

A static route like the following one:

ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)

makes the local device to make an ARP request for each different destination in the internet instead of resolving the IP next-hop once. So if you have 10,000 different destinations you will have 10,000 ARP entries in the ARP table all of them resolving to the ISP router interface MAC address. This is a waste of resources and it can lead to problems if the ARP table size is too big.

So you need to use static routes where you use IP next-hops. I hope this point is clear now.

b) configuring static routes in a redundant environment requires attention to avoid possible routing loops

With the configuration that you have proposed there is a potential for routing loops

Your proposed config is the following:

- L3-switch-1

ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.2

- L3-switch-2

ip route 0.0.0.0 0.0.0.0 eth0/3 100 (ISP backup route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.1

Configuration on L3 switch 1 should be :

ip route 0.0.0.0 0.0.0.0 eth0/3 100.100.100.1 

+

ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.2  100

the second static route must be floating in order to be used only when primary route is removed from routing table ( link to ISP router fails)

With your current proposed configuration you have two static routes on

L3switch-1

one pointing to ISP router and one pointing to the neighbor

L3Switch-2

but they are both used.

Depending on CEF load balancing decisions on

L3switch-1

if a packet is sent to

L3 switch-2

using the second

default route, L3switch-2

will send it back to

L3Switch-1

that will send it again to

L3switch-2

because the load balancing decision is based on an hash of IP source address and IP destination address, but it does not consider the input interface.

So you have a routing loop and you can solve it by making the route to

L3 switch2

floating ( adding an AD value greater then 1, 100 as in my example)

c) other considerations on your lab

In real world the ISP router would send a

default route

in BGP to the eBGP neighbors, with your current setup this does not happen and you use

default static routes on L3Switch-1 and  L3switch-2

On router ISP you can advertise a

default route

in BGP

you need

ip route 0.0.0.0.0 0.0.0.0 A.B.C.D

+

router bgp 1

network 0.0.0.0

At this point you can remove the

default static routes

on

L3switch-1 , L3switch-2

toward ISP router and you can add an iBGP session between them

L3-switch1

route-map RISE-PREF permit 10

set preference 200

router bgp 2

neighbor 100.100.100.1 route-map RISE-PREF in

neighbor 172.16.0.2 remote-as 2

L3 switch-2

router bgp 2

neighbor 172.16.0.1 remote-as 2

and you can remove also the floating static routes pointing to each other.

L3switch-2

will select the iBGP path from

L3switch-1

for the higher local preference 200 over the

eBGP route via ISP router

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-09-2023

Hello @goyourmin ,

there are several notes about your configuration

a) your static routes do not use IP next-hops and they rely on proxy ARP to be enabled on the neighbors. Use IP next-hops this avoid a lot of issues with excessive ARP usage specially for the

default static route

b)

on routers having eBGP sessions with ISP router you should use a

route-map

when redistributing static routes in order to avoid to

redistribute the default static route

to the ISP router

c)

>> Also, if these Link down, do users need to change the settings?
>> This is a topology that takes into account the occurrence of failures.

Your topology is not able to handle link failures because it uses static routes you should use an IGP like OSPF or EIGRP in order to build a dynamic fault tolerant routing domain

Hope to help

Giuseppe

goyourmin · ‎08-09-2023

Thank you for your answer.

However, there is no alternative to this static configuration in the environment. (Dynamic protocol not supported)

If so, is it possible to configure the

default static root

for interlink between

L3-Switch-1 <-> L3-Switch-2

?

Example)
- L3-switch-1

ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.2

- L3-switch-2

ip route 0.0.0.0 0.0.0.0 eth0/3 100 (ISP backup route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.1

Giuseppe Larosa · ‎08-10-2023

Hello @goyourmin ,

if the use of a dynamic routing protocol is not possible the configuration of static routes need to be careful to avoid issues with possible routing loops and with excessive ARP activiity.

a) ARP activity when using a

default static route

without an IP next-hop

A static route like the following one:

ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)

makes the local device to make an ARP request for each different destination in the internet instead of resolving the IP next-hop once. So if you have 10,000 different destinations you will have 10,000 ARP entries in the ARP table all of them resolving to the ISP router interface MAC address. This is a waste of resources and it can lead to problems if the ARP table size is too big.

So you need to use static routes where you use IP next-hops. I hope this point is clear now.

b) configuring static routes in a redundant environment requires attention to avoid possible routing loops

With the configuration that you have proposed there is a potential for routing loops

Your proposed config is the following:

- L3-switch-1

ip route 0.0.0.0 0.0.0.0 eth0/3 (ISP main route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.2

- L3-switch-2

ip route 0.0.0.0 0.0.0.0 eth0/3 100 (ISP backup route)
ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.1

Configuration on L3 switch 1 should be :

ip route 0.0.0.0 0.0.0.0 eth0/3 100.100.100.1 

+

ip route 0.0.0.0 0.0.0.0 eth0/0 172.16.0.2  100

the second static route must be floating in order to be used only when primary route is removed from routing table ( link to ISP router fails)

With your current proposed configuration you have two static routes on

L3switch-1

one pointing to ISP router and one pointing to the neighbor

L3Switch-2

but they are both used.

Depending on CEF load balancing decisions on

L3switch-1

if a packet is sent to

L3 switch-2

using the second

default route, L3switch-2

will send it back to

L3Switch-1

that will send it again to

L3switch-2

because the load balancing decision is based on an hash of IP source address and IP destination address, but it does not consider the input interface.

So you have a routing loop and you can solve it by making the route to

L3 switch2

floating ( adding an AD value greater then 1, 100 as in my example)

c) other considerations on your lab

In real world the ISP router would send a

default route

in BGP to the eBGP neighbors, with your current setup this does not happen and you use

default static routes on L3Switch-1 and  L3switch-2

On router ISP you can advertise a

default route

in BGP

you need

ip route 0.0.0.0.0 0.0.0.0 A.B.C.D

+

router bgp 1

network 0.0.0.0

At this point you can remove the

default static routes

on

L3switch-1 , L3switch-2

toward ISP router and you can add an iBGP session between them

L3-switch1

route-map RISE-PREF permit 10

set preference 200

router bgp 2

neighbor 100.100.100.1 route-map RISE-PREF in

neighbor 172.16.0.2 remote-as 2

L3 switch-2

router bgp 2

neighbor 172.16.0.1 remote-as 2

and you can remove also the floating static routes pointing to each other.

L3switch-2

will select the iBGP path from

L3switch-1

for the higher local preference 200 over the

eBGP route via ISP router

Hope to help

Giuseppe