Solved: Understanding the default route and static route across multiple paths

goyourmin · ‎08-21-2023

hello!
I'm sorry. I feel like I've asked you this question many times.
I'm going to ask you exactly what I don't understand.

This configuration is only static. (In reality, due to the use of VPNs, firewalls, etc., dynamic is not possible.)

- Is it possible to set it in multiple paths from the

default route

?
Q1. Is it possible to set the

default route

direction from the PC host to the ISP in only one direction? Why?

Q2. Is it possible to use the AD or metric config between interlinks as a backup route for the

default route

?


ex) L3-Switch-1 <-> L3-Switch-2(interlink), L3-Switch-3 <-> L3-Switch-4(interlink), L3-Switch-5 <-> L3-Switch-6(interlink)

Q3. In the case of

L3-Switch-1,2

attached to the ISP, why do I need to set the interlink static as well as the

default route

?

Q4. On the other hand, why does

L3-Switch-3,4,5,6

not include static for the upper band and only static for the lower band?

config)

There are too many static settings, so I changed it easily.


ISP
router bgp 1
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 100.100.100.2 remote-as 2
neighbor 100.100.100.6 remote-as 2
maximum-paths 2
!

L3-Switch-1
router bgp 2
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
redistribute static
neighbor 172.16.0.2 remote-as 2
neighbor 172.16.0.2 update-source Loopback0
neighbor 172.16.0.2 next-hop-self
neighbor 100.100.100.1 remote-as 1
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/3 100.100.100.1 name ISP
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.0.2 100 name interlink
ip route 10.0.0.0 255.0.0.0 Ethernet0/1 172.16.1.2 name PC-host-lo0
ip route 10.0.0.0 255.0.0.0 Ethernet0/0 172.16.0.2 100 name PC-host-interlink
ip route 172.16.0.0 255.255.0.0 Ethernet0/1 172.16.1.2 name L3-link
ip route 172.16.0.0 255.255.0.0 Ethernet0/0 172.16.0.2 100 name L3-link
!

L3-Switch-2
router bgp 2
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
redistribute static
neighbor 172.16.0.1 remote-as 2
neighbor 172.16.0.1 update-source Loopback0
neighbor 172.16.0.1 next-hop-self
neighbor 100.100.100.5 remote-as 1
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/3 100.100.100.5 name ISP
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.0.1 100 name interlink
ip route 10.0.0.0 255.0.0.0 Ethernet0/1 172.16.2.2 name PC-host-lo0
ip route 10.0.0.0 255.0.0.0 Ethernet0/0 172.16.0.1 100 name PC-host-interlink
ip route 172.16.0.0 255.255.0.0 Ethernet0/1 172.16.2.2 name L3-link
ip route 172.16.0.0 255.255.0.0 Ethernet0/0 172.16.0.1 100 name L3-link
!

L3-Switch-3
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.1.1 name L3-1
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.5.2 100 name interlink
ip route 10.0.0.0 255.0.0.0 Ethernet0/2 172.16.3.2 name PC-host-lo0
ip route 10.0.0.0 255.0.0.0 Ethernet0/0 172.16.5.2 100 name PC-host-interlink
ip route 172.16.0.0 255.255.0.0 Ethernet0/2 172.16.3.2 name L3-link
ip route 172.16.0.0 255.255.0.0 Ethernet0/0 172.16.5.2 100 name L3-link
!

L3-Switch-4
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.2.1 name L3-2
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.5.1 100 name interlink
ip route 10.0.0.0 255.0.0.0 Ethernet0/2 172.16.4.2 name PC-host-lo0
ip route 10.0.0.0 255.0.0.0 Ethernet0/0 172.16.5.2 100 name PC-host-interlink
ip route 172.16.0.0 255.255.0.0 Ethernet0/2 172.16.4.2 name L3-link
ip route 172.16.0.0 255.255.0.0 Ethernet0/0 172.16.5.2 100 name L3-link
!


L3-Switch-5
!
interface vlan 10
ip address 10.10.10.2 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 priority 110
standby 10 preempt
standby 10 track 10 decrement 20
!
track 10 interface Ethernet0/2 line-protocol
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/2 172.16.3.1 name L3-3
ip route 0.0.0.0 0.0.0.0 172.16.4.2 100 name interlink
!

L3-Switch-6
!
interface vlan 10
ip address 10.10.10.3 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 preempt
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/2 172.16.4.1 name L3-4
ip route 0.0.0.0 0.0.0.0 172.16.3.2 100 name interlink
!

Best regards,

Giuseppe Larosa · ‎08-21-2023

Hello @goyourmin ,

I remember the previous thread.

>> Q1. Is it possible to set the

default route

direction from the PC host to the ISP in only one direction? Why?

the PC host can set its

default gateway

to the HSRP / VRRP VIP and it will send traffic to the active router in the HSRP / VRRP group. This is the common choice it provides redundancy with the host that needs only a

default gateway

and it is not aware of current routing setup and topology.

>> Q2. Is it possible to use the AD or metric config between interlinks as a backup route for the

default route

?
ex)

 L3-Switch-1 <-> L3-Switch-2(interlink), L3-Switch-3 <-> L3-Switch-4(interlink), L3-Switch-5 <-> L3-Switch-6(interlink)

Yes if using floating static routes with an AD value the backup default static routes are used only if primary route fails.

I see you have configured in this way

ip route 0.0.0.0 0.0.0.0 Ethernet0/3 100.100.100.1 name ISP
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.0.2 100 name interlink

and with the same logic everywhere. it looks like fine.

>> Q3. In the case of

L3-Switch-1,2

attached to the ISP, why do I need to set the interlink static as well as the

default route

?

For the fact no dynamic routing is used downstream devices

L3-switch3 and L3-switch4

cannot detect if the eBGP session between

L3Switch1 and ISP router, and between L3 switch2 and ISP router

are up and running or not.

To be noted for

L3switch1 and L3switch2

you can use an IBGP session between them instead of a backup static route as I have explained in the previous thread.

I would suggest to use an iBGP session and to use neigh

100.100.100.1 weight 500

the iBGP session would act as a backup path and it is dynamic.

>> Q4. On the other hand, why does

L3-Switch-3,4,5,6

not include static for the upper band and only static for the lower band?

Because for going "upstairs " is enough to use the

default route

without providing details of all inter switch link IP subnets.

Final note:

as I have noted in previous thread the ISP router should inject a

default route

into BGP this is what happens in real world, there s no sense in having an eBGP session and not receiving the

default route

on it.

For a lab is enough the following:

Router ISP

ip route 0.0.0.0 0.0.0.0 null0 200

router bgp 1

network 0.0.0.0

This makes a great difference as you can use an iBGP session between

L3switch1 and L3switch2 on link 172.16.0.1 / 172.16.0.2

and each device can detect if there is a

default route

available in BGP with preference given to the eBGP route.

Without injecting a

default route

in eBGP from ISP router if both ISP links are down you would have a routing loop on interlink switch .

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-22-2023

Hello @goyourmin ,

>>

- If

L3-Switch-3 config the default route

in both directions, will the traffic become disoriented and cause a loop?

(L3-Switch-3 default route -> L3-Switch-1 , L3-Switch-3 default route -> L3-Switch-5

This is really dangerous

L3switch-3 should point to L3-switch1

only, because as I have explained in your previous thread each node when having multiple

default static routes

of same AD would install both in routing table and it would use a locally seed to make a load balancing decision

So a specific flow could be routed by

L3-Switch5 to L3Switch3 and L3switch3

could send it back to

L3switch5

just using its own CEF load balancing decision and this is a routing loop even with no faults in the network.

L3Switch3

could have two

default routes

in a safe way only if

L3Switch3

would have a direct link to both

L3Switch1 and to L3switch2

in that case you could use two

default routes

pointing to the upper multilayer switches.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-21-2023

Hello @goyourmin ,

I remember the previous thread.

>> Q1. Is it possible to set the

default route

direction from the PC host to the ISP in only one direction? Why?

the PC host can set its

default gateway

to the HSRP / VRRP VIP and it will send traffic to the active router in the HSRP / VRRP group. This is the common choice it provides redundancy with the host that needs only a

default gateway

and it is not aware of current routing setup and topology.

>> Q2. Is it possible to use the AD or metric config between interlinks as a backup route for the

default route

?
ex)

 L3-Switch-1 <-> L3-Switch-2(interlink), L3-Switch-3 <-> L3-Switch-4(interlink), L3-Switch-5 <-> L3-Switch-6(interlink)

Yes if using floating static routes with an AD value the backup default static routes are used only if primary route fails.

I see you have configured in this way

ip route 0.0.0.0 0.0.0.0 Ethernet0/3 100.100.100.1 name ISP
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.0.2 100 name interlink

and with the same logic everywhere. it looks like fine.

>> Q3. In the case of

L3-Switch-1,2

attached to the ISP, why do I need to set the interlink static as well as the

default route

?

For the fact no dynamic routing is used downstream devices

L3-switch3 and L3-switch4

cannot detect if the eBGP session between

L3Switch1 and ISP router, and between L3 switch2 and ISP router

are up and running or not.

To be noted for

L3switch1 and L3switch2

you can use an IBGP session between them instead of a backup static route as I have explained in the previous thread.

I would suggest to use an iBGP session and to use neigh

100.100.100.1 weight 500

the iBGP session would act as a backup path and it is dynamic.

>> Q4. On the other hand, why does

L3-Switch-3,4,5,6

not include static for the upper band and only static for the lower band?

Because for going "upstairs " is enough to use the

default route

without providing details of all inter switch link IP subnets.

Final note:

as I have noted in previous thread the ISP router should inject a

default route

into BGP this is what happens in real world, there s no sense in having an eBGP session and not receiving the

default route

on it.

For a lab is enough the following:

Router ISP

ip route 0.0.0.0 0.0.0.0 null0 200

router bgp 1

network 0.0.0.0

This makes a great difference as you can use an iBGP session between

L3switch1 and L3switch2 on link 172.16.0.1 / 172.16.0.2

and each device can detect if there is a

default route

available in BGP with preference given to the eBGP route.

Without injecting a

default route

in eBGP from ISP router if both ISP links are down you would have a routing loop on interlink switch .

Hope to help

Giuseppe

goyourmin · ‎08-22-2023

It's such a pleasure to see you again.

Question Q1 seems to have been mistranslated in translation, so I will ask again.

Q. I'd like to know why I need to set the

default route

in only one direction.
ex)

 PC -> L3-Switch-5 -> L3-Switch-3 -> L3-Switch-1 -> ISP

- If

L3-Switch-3

config the

default route

in both directions, will the traffic become disoriented and cause a loop?

(L3-Switch-3 default route -> L3-Switch-1 , L3-Switch-3 default route -> L3-Switch-5

L3-Switch-1 default route -> ISP , L3-Switch-5 default route -> L3-Switch-3)

ps. I didn't pay attention to the BGP protocol. I'll take note. I appreciate it.

best regards,

Giuseppe Larosa · ‎08-22-2023

Hello @goyourmin ,

>>

- If

L3-Switch-3 config the default route

in both directions, will the traffic become disoriented and cause a loop?

(L3-Switch-3 default route -> L3-Switch-1 , L3-Switch-3 default route -> L3-Switch-5

This is really dangerous

L3switch-3 should point to L3-switch1

only, because as I have explained in your previous thread each node when having multiple

default static routes

of same AD would install both in routing table and it would use a locally seed to make a load balancing decision

So a specific flow could be routed by

L3-Switch5 to L3Switch3 and L3switch3

could send it back to

L3switch5

just using its own CEF load balancing decision and this is a routing loop even with no faults in the network.

L3Switch3

could have two

default routes

in a safe way only if

L3Switch3

would have a direct link to both

L3Switch1 and to L3switch2

in that case you could use two

default routes

pointing to the upper multilayer switches.

Hope to help

Giuseppe

goyourmin · ‎08-23-2023

Thank you so much for the kind explanation.

I had a lot of confusion about

static route

especially on

L3-Switch-3,4 devices

Then I was also confused about the

default route

Finally, when it is a full mesh, is there a recommended

default route

config?

L3-Switch-1
ip route 0.0.0.0 0.0.0.0 Ethernet0/3 100.100.100.1 name ISP
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.0.2 100 name interlink

ip route 172.16.0.0 255.255.0.0 EthernetX/X X.X.X.X nor or 100? name toward L3-Switch-4
ip route 10.0.0.0 255.0.0.0 EthernetX/X X.X.X.X not or 100? name toward L3-Switch-4

-L3-Switch-3
ex)
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.1.1 name L3-1
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.5.2 100 name interlink
ip route 0.0.0.0 0.0.0.0 EthernetX/X X.X.X.X 100 name toward L3-Switch-2

-L3-Switch-4
ex)
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.2.1 name L3-2
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 172.16.5.1 100 name interlink
ip route 0.0.0.0 0.0.0.0 EthernetX/X X.X.X.X 100 name toward L3-Switch-1

Best regards,