Solved: Routing choice in routing table

lodovici2012 · ‎09-05-2016

Hi,

in a Cisco 4500 series I have a default route configured (ip route 0.0.0.0 0.0.0.0 10.254.0.254) and same statics routes to some subnets of the network 10.0.0.0/8 with subnet mask /21.

Once the router with a known route to a host destination is reached, the router determines which route is valid by finding the "most specific match". The network with the longest subnet mask that matches the destination IP address wins.

Now, if I trace an IP with no match in the routing table, for exemple 11.7.2.1 , the packet is routed to 10.254.0.254, that is good. But if I trace any other IP with no match in the routing table that is in a subnet of 10.0.0.0/8 , the packet is not routed to 10.254.0.254 .

For exemple, if there is a static route to networks 10.50.8.0/21 and 10.50.16.0/21 and I do "traceroute 10.51.24.1", the packet is not routed to 10.254.0.254 .

Could sameone explain me why the router discard packets to 10.51.24.1?

In the routing table I have this line: "10.0.0.0/8 is variably subnetted" , but this isn't a route to 10.0.0.0/8

Thank you

Richard Burts · ‎09-06-2016

The symptoms described are a classic example of what happens when you have configured the router with no ip classless. Long ago (when we did mostly classful routing) this was appropriate. But Cisco changed the default to ip classless as routing evolved and adopted more classless behaviors.

The key thing about what is happening here is that with no ip classless the router will use the default route to forward a packet only if the destination address does not match any classful network that is found in the routing table. The concept behind the behavior is that in classful routing (no ip classless) the router assumes that if it knows any subnets of a network then it will know all of the subnets of that network. So since the router knows about some subnets of 10.0.0.0 then it will not use the default route to forward 10.52.24.1 (or 10.51.24.1).

Try configuring ip classless and let us know if the behavior changes.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎09-22-2016

Thank you for clarifying the reference to the link that you posted. I missed the paragraph on page 39 the first time that I was looking but clearly it is there and does say that classful routing is not supported.

The test results that you post are quite helpful. The difference in treatment of 10.21.96.1 and 172.16.3.1 does suggest that there might be something on your firewall that is causing this issue.

HTH

Rick

HTH

Rick

View solution in original post

dmuinoorallo · ‎09-05-2016

Could you put a show ip roue command here?

lodovici2012 · ‎09-06-2016

Gateway of last resort is 10.254.0.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.254.0.254
10.0.0.0/8 is variably subnetted, 363 subnets, 9 masks

..........

S 10.50.8.0/21 [1/0] via 10.10.10.126
S 10.50.16.0/21 [1/0] via 10.10.10.54

..........

C 10.254.0.0/24 is directly connected, Vlan89
L 10.254.0.2/32 is directly connected, Vlan89

Thanks

devils_advocate · ‎09-06-2016

Ideally we need to see the whole routing table but can you run the following and post back:

#show ip route 10.51.24.1

Thanks

lodovici2012 · ‎09-06-2016

Hi,

the output it's the same for the IP routed to 10.254.0.254 and not, with the difference that in the first case the IP is part of a network and in the second it is part of a subnet :

MI_Catalyst_4500_SS_1#show ip route 11.7.2.1
% Network not in table
MI_Catalyst_4500_SS_1#
MI_Catalyst_4500_SS_1#show ip route 10.52.24.1
% Subnet not in table

There is a mistake in my first post : the IP 10.52.24.1 replace the IP 10.51.24.1, sorry.

Thanks

Richard Burts · ‎09-06-2016

The symptoms described are a classic example of what happens when you have configured the router with no ip classless. Long ago (when we did mostly classful routing) this was appropriate. But Cisco changed the default to ip classless as routing evolved and adopted more classless behaviors.

The key thing about what is happening here is that with no ip classless the router will use the default route to forward a packet only if the destination address does not match any classful network that is found in the routing table. The concept behind the behavior is that in classful routing (no ip classless) the router assumes that if it knows any subnets of a network then it will know all of the subnets of that network. So since the router knows about some subnets of 10.0.0.0 then it will not use the default route to forward 10.52.24.1 (or 10.51.24.1).

Try configuring ip classless and let us know if the behavior changes.

HTH

Rick

HTH

Rick

lodovici2012 · ‎09-21-2016

Hi Richard,

1) the command "ip classless" is not supported because classless routing is enabled by default (WS-C4506-E - Sup 7-E 10GE - 15.0(1r)SG5 03.05.01.E - bootflash:cat4500e-universalk9.SPA.03.05.01.E.152-1.E1.bin).

Source http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_29986-01.pdf

2) I tryed to add a route with gateway 10.254.0.254, but it don't work.

Have you any idea?

Thank you

Richard Burts · ‎09-21-2016

I looked through the link that you posted and do not see any reference to classful or classless routing. Did I miss something?

The symptoms that you describe certainly suggest that classless routing has been disabled. Perhaps the output of show ip protocol might be helpful.

You say that you have configured this route

ip route 10.52.24.0 255.255.248.0 10.254.0.254

I would expect that to work and to forward packets to some destination in that range toward the default gateway. Are you saying that this does not work?

HTH

Rick

HTH

Rick

lodovici2012 · ‎09-22-2016

Hi Richard,

the reference to classful/classless routing is in page 39 of the link that I posted.
The Cisco 4500 not support the ip classless command and I not see the no "ip classless" or "ip classless" line in the running-config (I used the command "show running-config all").

I agree with you, the symptoms suggest that classless routing has been disabled, but I'm very confusing, because
I have the problem with 10.0.0.0 subnet, but not with 172.16.0.0 subnet. It is possible to you that the problem is on the routing table of the firewall ? (the default gateway for the Cisco 4500)

My PC (10.21.31.195) -> Cisco-sw (gw 10.21.31.254) -> Cisco 4500 (10.254.0.2) -> Firewall (10.254.0.254)

In the next lines, you can see the routing table and the tests with traceroute command from my PC

I hope that you can help my.

Thank you very much.

Routing table on Cisco 4500

Catalyst_4500#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.254.0.254 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.254.0.254
      10.0.0.0/8 is variably subnetted, 366 subnets, 9 masks
S        10.1.40.0/21 [1/0] via 10.10.10.14
S        10.1.56.0/21 [1/0] via 10.10.10.94
C        10.1.72.0/21 is directly connected, Vlan32
L        10.1.79.254/32 is directly connected, Vlan32
S        10.1.80.0/21 [1/0] via 10.10.10.14
S        10.1.88.0/24 [1/0] via 10.10.10.74
S        10.1.89.0/28 [1/0] via 10.10.10.102
C        10.2.0.0/24 is directly connected, Vlan14
L        10.2.0.254/32 is directly connected, Vlan14
C        10.2.10.0/24 is directly connected, Vlan10
L        10.2.10.254/32 is directly connected, Vlan10
C        10.2.22.0/24 is directly connected, Vlan22
L        10.2.22.254/32 is directly connected, Vlan22
C        10.2.80.0/24 is directly connected, Vlan80
L        10.2.80.254/32 is directly connected, Vlan80
C        10.3.0.0/24 is directly connected, Vlan15
L        10.3.0.254/32 is directly connected, Vlan15
C        10.4.0.0/16 is directly connected, Vlan3
L        10.4.255.254/32 is directly connected, Vlan3
S        10.6.14.0/28 [1/0] via 10.10.10.14
C        10.7.0.0/24 is directly connected, Vlan16
L        10.7.0.254/32 is directly connected, Vlan16
C        10.8.0.0/24 is directly connected, Vlan17
L        10.8.0.254/32 is directly connected, Vlan17
   .......
C        10.10.10.100/30 is directly connected, Port-channel136
L        10.10.10.101/32 is directly connected, Port-channel136
C        10.10.10.104/30 is directly connected, Port-channel126
L        10.10.10.105/32 is directly connected, Port-channel126
C        10.10.10.108/30 is directly connected, Port-channel113
L        10.10.10.109/32 is directly connected, Port-channel113
C        10.10.10.112/30 is directly connected, Port-channel122
L        10.10.10.113/32 is directly connected, Port-channel122
C        10.10.10.120/30 is directly connected, Port-channel145
L        10.10.10.122/32 is directly connected, Port-channel145
C        10.10.10.124/30 is directly connected, Port-channel102
L        10.10.10.125/32 is directly connected, Port-channel102
C        10.10.10.132/30 is directly connected, GigabitEthernet1/4/9
L        10.10.10.133/32 is directly connected, GigabitEthernet1/4/9
C        10.10.10.136/30 is directly connected, Port-channel118
L        10.10.10.137/32 is directly connected, Port-channel118
C        10.10.10.140/30 is directly connected, Port-channel140
L        10.10.10.141/32 is directly connected, Port-channel140
C        10.10.10.144/30 is directly connected, Port-channel110
L        10.10.10.145/32 is directly connected, Port-channel110
C        10.10.10.148/30 is directly connected, Port-channel104
L        10.10.10.149/32 is directly connected, Port-channel104
C        10.10.10.152/30 is directly connected, Port-channel127
L        10.10.10.153/32 is directly connected, Port-channel127
C        10.10.10.172/30 is directly connected, Port-channel108
L        10.10.10.173/32 is directly connected, Port-channel108
C        10.10.10.180/30 is directly connected, Port-channel117
L        10.10.10.181/32 is directly connected, Port-channel117
S        10.20.0.0/21 [1/0] via 10.10.10.90
S        10.20.8.0/21 [1/0] via 10.10.10.126
S        10.20.16.0/21 [1/0] via 10.10.10.54
S        10.20.24.0/21 [1/0] via 10.10.10.150
S        10.20.32.0/21 [1/0] via 10.10.10.46
S        10.20.48.0/21 [1/0] via 10.10.10.74
S        10.20.56.0/21 [1/0] via 10.10.10.174
S        10.20.64.0/21 [1/0] via 10.10.10.10
S        10.20.72.0/21 [1/0] via 10.10.10.146
S        10.20.80.0/21 [1/0] via 10.10.10.58
S        10.20.88.0/21 [1/0] via 10.10.10.98
S        10.20.96.0/21 [1/0] via 10.10.10.110
S        10.20.104.0/21 [1/0] via 10.10.10.18
S        10.20.112.0/21 [1/0] via 10.10.10.62
S        10.20.128.0/21 [1/0] via 10.10.10.182
S        10.20.136.0/21 [1/0] via 10.10.10.138
S        10.20.144.0/21 [1/0] via 10.10.10.26
S        10.20.152.0/21 [1/0] via 10.10.10.6
S        10.20.160.0/21 [1/0] via 10.10.10.134
S        10.20.168.0/21 [1/0] via 10.10.10.114
S        10.20.176.0/21 [1/0] via 10.10.10.50
S        10.20.184.0/21 [1/0] via 10.10.10.70
S        10.20.192.0/21 [1/0] via 10.254.91.6
S        10.20.200.0/21 [1/0] via 10.10.10.106
S        10.20.208.0/21 [1/0] via 10.10.10.154
S        10.20.216.0/21 [1/0] via 10.10.10.38
S        10.20.224.0/21 [1/0] via 10.10.10.82
S        10.20.232.0/21 [1/0] via 10.10.10.2
S        10.20.240.0/22 [1/0] via 10.10.10.14
S        10.20.244.0/22 [1/0] via 10.10.10.14
S        10.20.248.0/21 [1/0] via 10.10.10.66
S        10.21.0.0/21 [1/0] via 10.10.10.42
S        10.21.8.0/21 [1/0] via 10.10.10.121
S        10.21.16.0/21 [1/0] via 10.10.10.94
S        10.21.24.0/21 [1/0] via 10.10.10.102
S        10.21.32.0/21 [1/0] via 10.10.10.34
S        10.21.40.0/21 [1/0] via 10.10.10.78
S        10.21.48.0/21 [1/0] via 10.254.91.6
S        10.21.56.0/21 [1/0] via 10.10.10.142
S        10.21.72.0/21 [1/0] via 10.10.10.14
S        10.21.80.0/21 [1/0] via 10.10.10.86
S        10.21.88.0/21 [1/0] via 10.10.10.22
   ........
C        10.254.0.0/24 is directly connected, Vlan89
L        10.254.0.2/32 is directly connected, Vlan89
C        10.254.90.0/28 is directly connected, Vlan90
L        10.254.90.1/32 is directly connected, Vlan90
C        10.254.91.0/29 is directly connected, Vlan91
L        10.254.91.1/32 is directly connected, Vlan91
C        10.254.92.0/29 is directly connected, Vlan92
L        10.254.92.1/32 is directly connected, Vlan92
      172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C        172.16.0.0/24 is directly connected, Vlan38
L        172.16.0.254/32 is directly connected, Vlan38
C        172.16.2.0/24 is directly connected, Vlan39
L        172.16.2.254/32 is directly connected, Vlan39
C        172.16.40.0/24 is directly connected, Vlan40
L        172.16.40.254/32 is directly connected, Vlan40

Traceroute to 11.2.2.2 (major network not in the routing table) -> OK

U:\>tracert 11.2.2.2

Détermination de l'itinéraire vers 11.2.2.2 avec un maximum de 30 sauts.

1     1 ms     3 ms     9 ms 10.21.31.254
2     5 ms    <1 ms     4 ms 10.10.10.101
3    <1 ms    <1 ms    <1 ms ciupfortigate.lan.ciup.fr [10.254.0.254]
4    <1 ms    <1 ms    <1 ms 20.20.20.1
5    <1 ms    <1 ms    <1 ms interco [73.73.73.73]
6     1 ms     1 ms     3 ms vl111.domain.com [73.74.74.74]
7     *        *     ^C

Traceroute to 10.21.96.1 (subnet not in the routing table, major network in the routing table) -> classful routing behaviour

U:\>tracert 10.21.96.1

Détermination de l'itinéraire vers 10.21.96.1 avec un maximum de 30 sauts.

1     2 ms     2 ms     2 ms 10.21.31.254
2     1 ms     8 ms     4 ms 10.10.10.101
3     *        *        *     Délai d'attente de la demande dépassé.
4     *        *        *     Délai d'attente de la demande dépassé.
5 ^C
U:\>

Traceroute to 172.16.3.1 (subnet not in the routing table, major network in the routing table) -> OK

U:\>tracert 172.16.3.1

Détermination de l'itinéraire vers 172.16.3.1 avec un maximum de 30 sauts.

1     2 ms     6 ms     2 ms 10.21.31.254
2     1 ms     5 ms     1 ms 10.10.10.101
3    <1 ms    <1 ms    <1 ms ciupfortigate.domain.com [10.254.0.254]
4    <1 ms    <1 ms    <1 ms 20.20.20.1
5    <1 ms    <1 ms    <1 ms interco [73.73.73.73]
6     1 ms     1 ms     3 ms vl111.domain.com [73.74.74.74]
7     *        *     ^C
U:\>

Richard Burts · ‎09-22-2016

Thank you for clarifying the reference to the link that you posted. I missed the paragraph on page 39 the first time that I was looking but clearly it is there and does say that classful routing is not supported.

The test results that you post are quite helpful. The difference in treatment of 10.21.96.1 and 172.16.3.1 does suggest that there might be something on your firewall that is causing this issue.

HTH

Rick

HTH

Rick

lodovici2012 · ‎10-27-2016

I Richard,

I changed policy on the firewall and all work fine.

Thanks

Richard Burts · ‎10-27-2016

Thank you for posting back to the forum and letting us know that changing policy on the firewall did fix the problem. This has been a very interesting discussion and I hope that other readers in the forum will benefit from it. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions that have helpful information.

HTH

Rick

HTH

Rick

lodovici2012 · ‎09-21-2016

Thank you Richard.

Sorry, I was a little long to reply.

In the running-config (version 03.05.01.E.152-1.E1) I don't see "ip classless" nor "no ip classless".

This is because the default is ip classless ? In this case I wouldn't have this problem.

What happens if I don't modify the classless configuration, but I add a route to the default gateway whit this command ?

ip route 10.52.24.0 255.255.248.0 10.254.0.254

The router will route correctly to the network 10.52.24.0/21 with the actual config ?

Thank you

Regards