Solved: Thanks for the correction,

CSCO12472359 · ‎04-02-2016

Hello,

I was asked this in an interview and didn't know the answer and has been driving me crazy ever since.

So you got 2 routers, R1 has a loopback interface of 1.1.1.1

You put two static routes in R2 to get to 1.1.1.1. Specifying the IP of R1 on the other end of the interface, and the other route is the egress interface of R2. Which will the router choose to use in the routing table, and more importantly, WHY?

I tried it in packet tracer, and it seems that both routes are load balancing in the routing table? Is that right? I entered the egress interface route first, then the next hop IP, and the routing table was this:

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1/32 is directly connected, GigabitEthernet0/0
[1/0] via 192.168.1.100
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.150/32 is directly connected, GigabitEthernet0/0

So are they load balancing here? Then I removed them and added the next hop IP route first this time:

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1/32 [1/0] via 192.168.1.100
is directly connected, GigabitEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.150/32 is directly connected, GigabitEthernet0/0

Again, are they load balancing? If not, which one is getting chosen and why? I read that the egress interface route won't work unless Proxy-ARP is enabled as well, is that right?

Thanks guys.

Peter Paluch · ‎04-03-2016

Hi Edwin,

Any static route gets a default AD of 1, even a static route pointing out an egress interface. I do not personally recall working with an IOS version that would assign static routes with an egress interface the AD of 0, but I was told that some old IOSes did behave this way.

So if both static routes are properly configured, one with next-hop IP, the other with an egress interface, then they both have the same AD (and the same metric of 0 which is constant with static routes), and so to the routing table, they are equally good, so they both will be installed.

After they are both installed into the routing table, the router will use them to perform load balancing, and it is outright irrelevant whether any of them is specified using a next-hop or an egress interface. The lookup in the routing table is performed based on the destination IP address, and destination IP address only, so the forwarding information located in the matched routing table entry cannot have any impact on its preference. By default, a router performs per-destination load balancing based on hashing the source and destination IP address, and choosing one particular forwarding path for the hash result:

Router# show ip route static
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

S     192.0.2.0/24 [1/0] via 10.0.12.2
                   is directly connected, Serial1/1
Router# show ip cef 192.0.2.0/24
192.0.2.0/24
  attached to Serial1/1
  nexthop 10.0.12.2 Serial1/0
Router#
Router# show ip cef exact-route 1.1.1.3 192.0.2.1
1.1.1.3 -> 192.0.2.1 =>IP adj out of Serial1/0
Router# show ip cef exact-route 1.1.1.4 192.0.2.1
1.1.1.4 -> 192.0.2.1 =>IP adj out of Serial1/1
Router# show ip cef exact-route 1.1.1.6 192.0.2.1
1.1.1.6 -> 192.0.2.1 =>IP adj out of Serial1/1
Router# show ip cef exact-route 1.1.1.6 192.0.2.2
1.1.1.6 -> 192.0.2.2 =>IP adj out of Serial1/0
Router# show ip cef exact-route 1.1.1.6 192.0.2.5
1.1.1.6 -> 192.0.2.5 =>IP adj out of Serial1/1
Router#

Keep in mind that populating the routing table, and performing lookups in a populated routing table are two independent operations. A routing table is populated by routes based on their lowest AD, and if the AD is the same for two or more candidates, based on their lowest metric. Performing lookups is always done using longest prefix match rule with no exceptions. If this lookup results in a set of forwarding paths (in equal-cost multipath scenarios as shown above), additional rules are used to decide on the particular forwarding path for the particular packet, but this is no longer called "routing table lookup" because the lookup has already been done - it was the lookup that produced the multiple paths in the first place.

Best regards,
Peter

View solution in original post

Edwin Summers · ‎04-03-2016

Edit: See Peter Paluch's reply below for correction to this post.

I believe the answer is that the Cisco router will prefer the route that specifies the exit interface. It considers such routes 'directly connected', as you can see in your show ip route output by the text in bold:

S 1.1.1.1/32 [1/0] via 192.168.1.100
is directly connected, GigabitEthernet0/0

I initially thought the router would assign an Administrative Distance (AD) of 0 to the static route specifying the exit interface, but as your output and my testing shows this is not the case. At least in the IOS version I checked, it is assigning an AD of 1, same as a static route to a next hop. Likely the router prefers the route specifying an exit interface as 'more specific' since it does not need to recurse to find the interface, and therefore selects that route for inclusion in the routing table. Hopefully someone will chime in to confirm or correct.

Interesting - I found a link to a Wikipedia article indicating that Cisco once assigned an AD of 0 to static routes to an interface. I'd have to find some official documentation to confirm if this is true, regardless that behavior appears to have changed.

Some good info from Ri0N on the difference between next-hop vs egress interface static routes:

https://learningnetwork.cisco.com/blogs/vip-perspectives/2015/01/09/draft-routing-showdown-static-default-route-to-a-next-hop-ip-address-vs-an-exit-interface

Paul Chapman · ‎04-03-2016

Great find, Edwin! I've added that link to my toolbox.

As to your comment about AD, under all current OS versions the default AD for static routes is 1 whereas connected is 0.

PSC

Peter Paluch · ‎04-03-2016

Hi Edwin,

Any static route gets a default AD of 1, even a static route pointing out an egress interface. I do not personally recall working with an IOS version that would assign static routes with an egress interface the AD of 0, but I was told that some old IOSes did behave this way.

So if both static routes are properly configured, one with next-hop IP, the other with an egress interface, then they both have the same AD (and the same metric of 0 which is constant with static routes), and so to the routing table, they are equally good, so they both will be installed.

After they are both installed into the routing table, the router will use them to perform load balancing, and it is outright irrelevant whether any of them is specified using a next-hop or an egress interface. The lookup in the routing table is performed based on the destination IP address, and destination IP address only, so the forwarding information located in the matched routing table entry cannot have any impact on its preference. By default, a router performs per-destination load balancing based on hashing the source and destination IP address, and choosing one particular forwarding path for the hash result:

Router# show ip route static
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

S     192.0.2.0/24 [1/0] via 10.0.12.2
                   is directly connected, Serial1/1
Router# show ip cef 192.0.2.0/24
192.0.2.0/24
  attached to Serial1/1
  nexthop 10.0.12.2 Serial1/0
Router#
Router# show ip cef exact-route 1.1.1.3 192.0.2.1
1.1.1.3 -> 192.0.2.1 =>IP adj out of Serial1/0
Router# show ip cef exact-route 1.1.1.4 192.0.2.1
1.1.1.4 -> 192.0.2.1 =>IP adj out of Serial1/1
Router# show ip cef exact-route 1.1.1.6 192.0.2.1
1.1.1.6 -> 192.0.2.1 =>IP adj out of Serial1/1
Router# show ip cef exact-route 1.1.1.6 192.0.2.2
1.1.1.6 -> 192.0.2.2 =>IP adj out of Serial1/0
Router# show ip cef exact-route 1.1.1.6 192.0.2.5
1.1.1.6 -> 192.0.2.5 =>IP adj out of Serial1/1
Router#

Keep in mind that populating the routing table, and performing lookups in a populated routing table are two independent operations. A routing table is populated by routes based on their lowest AD, and if the AD is the same for two or more candidates, based on their lowest metric. Performing lookups is always done using longest prefix match rule with no exceptions. If this lookup results in a set of forwarding paths (in equal-cost multipath scenarios as shown above), additional rules are used to decide on the particular forwarding path for the particular packet, but this is no longer called "routing table lookup" because the lookup has already been done - it was the lookup that produced the multiple paths in the first place.

Best regards,
Peter

Edwin Summers · ‎04-03-2016

Thanks for the correction, Peter! I misread the output in my verification and showing the cef entries makes it more clear.

CSCO12472359 · ‎04-03-2016

Thanks for the answers everyone! It appears to me that because both routes are in the table, they are load balancing and have the AD of 1 because they are static routes.

Now I also think that if proxy ARP isn't enabled on R1's interface going to R2, then the egress entry won't work. Is that correct?

Peter Paluch · ‎04-07-2016

Hi,

Thanks for the answers everyone! It appears to me that because both routes are in the table, they are load balancing and have the AD of 1 because they are static routes.

Yes, that would be the case.

Now I also think that if proxy ARP isn't enabled on R1's interface going to R2, then the egress entry won't work. Is that correct?

The egress entry on R2 pointing to R1 - right.

Best regards,
Peter

Routing table preference help!