Cisconinja’s Blog

Some Strange Static Routing Issues

Posted by Andy on April 8, 2009

In this post we will look at two static routing issues that I have yet to find an explanation for.  R1 and R2 are connected by 3 serial interfaces, one using a subnet of a class A network, one a class B, and one a class C:

static-routing-topology2

R1:
interface Serial0/0
 ip address 10.0.12.1 255.255.255.252
interface Serial0/1
 ip address 172.16.12.1 255.255.255.252
interface Serial0/2
 ip address 192.168.12.1 255.255.255.252

R2:
interface Serial0/0
 ip address 10.0.12.2 255.255.255.252
interface Serial0/1
 ip address 172.16.12.2 255.255.255.252
interface Serial0/2
 ip address 192.168.12.2 255.255.255.252

The first issue occurs when all of the following are true:

 

  • The static route is configured with a next-hop address

 

  • At least 1 subnet of the major network specified by the next-hop address in the static route statement is present in the routing table, but no subnets that match the specific IP address

 

  • The best match for the IP address specified in the static route is the default route

 

  • The default route is configured with an exit interface

 

Static routes matching all of these conditions are not entered in the routing table even though there is a match for the next-hop address using the default route.  If no subnets of the major network exist in the routing table, or if the best match is anything but the default route and is configured with an exit interface, the static route will be installed.  Let’s look at a few examples.  First we will add the default route using an exit interface:

R1:
ip route 0.0.0.0 0.0.0.0 Serial0/0

1-show-ip-route

Next we will add a couple static routes with random next-hop addresses:

R1:
ip route 1.0.0.0 255.0.0.0 21.1.1.1
ip route 2.0.0.0 255.0.0.0 22.1.1.1

The next-hop for both routes resolves to the default route.  No subnets of 21.0.0.0/8 or 22.0.0.0/8 exist in the routing table.  Both routes are installed:

R1#debug ip routing
Mar 1 00:25:16.899: RT: SET_LAST_RDB for 1.0.0.0/8
NEW rdb: via 21.1.1.1
Mar 1 00:25:16.899: RT: add 1.0.0.0/8 via 21.1.1.1, static metric [1/0]
Mar 1 00:25:16.903: RT: NET-RED 1.0.0.0/8
Mar 1 00:25:19.275: RT: SET_LAST_RDB for 2.0.0.0/8
NEW rdb: via 22.1.1.1
Mar 1 00:25:19.275: RT: add 2.0.0.0/8 via 22.1.1.1, static metric [1/0]
Mar 1 00:25:19.275: RT: NET-RED 2.0.0.0/8

Next we will try to add static routes with next-hop addresses in the same major networks as the directly connected subnets used on the serial links:

R1:
ip route 3.0.0.0 255.0.0.0 10.255.255.50
ip route 4.0.0.0 255.0.0.0 172.16.255.50
ip route 5.0.0.0 255.0.0.0 192.168.12.50

One subnet of each classful network exists, but none of them match the next-hop address.  The best match on all 3 next-hop addresses should be the default route.  However, none of these 3 routes are installed in the routing table:

2-show-ip-route

If we add a static route to 21.21.21.0/24 with a next-hop of another random address, the route is added just like the first 2 routes because no subnets of the major network exist.  However, this also causes the 1.0.0.0 network to be removed after several seconds when the router realizes it now has a subnet of 21.0.0.0/8, but no specific subnet of the classful network to reach 21.1.1.1 – the next-hop for 1.0.0.0:

R1:
ip route 21.21.21.0 255.255.255.0 23.1.1.1

R1#debug ip routing
Mar 1 00:38:03.331: RT: SET_LAST_RDB for 21.21.21.0/24
NEW rdb: via 23.1.1.1
Mar 1 00:38:03.331: RT: add 21.21.21.0/24 via 23.1.1.1, static metric [1/0]
Mar 1 00:38:03.335: RT: NET-RED 21.21.21.0/24
Mar 1 00:38:55.619: RT: del 1.0.0.0 via 21.1.1.1, static metric [1/0]
Mar 1 00:38:55.619: RT: delete network route to 1.0.0.0
Mar 1 00:38:55.619: RT: NET-RED 1.0.0.0/8
Mar 1 00:38:55.623: RT: NET-RED 0.0.0.0/0

3-show-ip-route

This classful behavior only occurs when the best match is the default route.  If we add two /1 networks to cover the entire range covered by the default route and configure them with exit interfaces just like the default route, all of the static routes we configured match one of the two /1 static routes and are added to the routing table:

R1:
ip route 0.0.0.0 128.0.0.0 Serial0/0
ip route 128.0.0.0 128.0.0.0 Serial0/0

4-show-ip-route

 

 

 

 

The second issue occurs when all of the following things are true:

 

  • The static route is configured with a next-hop address

 

  • The best match for the IP address specified in the static route is another static route configured with a next-hop address or a route learned from a routing protocol

 

  • The best match route uses a less specific mask than the route being configured

 

  • The range of the best match route includes the range of the route being configured

 

Static routes meeting all of these conditions are not installed in the routing table, even though the next-hop address may resolve to a valid route.  Let’s look at a couple examples of this.  First we will remove all of the static route statements from the previous example:

R1:
no ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip route 0.0.0.0 128.0.0.0 Serial0/0
no ip route 1.0.0.0 255.0.0.0 21.1.1.1
no ip route 2.0.0.0 255.0.0.0 22.1.1.1
no ip route 3.0.0.0 255.0.0.0 10.255.255.50
no ip route 4.0.0.0 255.0.0.0 172.16.255.50
no ip route 5.0.0.0 255.0.0.0 192.168.12.50
no ip route 21.21.21.0 255.255.255.0 23.1.1.1
no ip route 128.0.0.0 128.0.0.0 Serial0/0

We will enable RIP between R1 and R2 on S0/0 and create a loopback interface on R2 to be advertised with RIP. We will also create a static route with a next-hop of R2’s S0/0 interface IP address:

R1:
router rip
 network 10.0.0.0
!
ip route 4.0.0.0 255.0.0.0 10.0.12.2

R2:
interface Loopback0
 ip address 2.2.2.2 255.0.0.0
!
router rip
 network 2.0.0.0
 network 10.0.0.0

R1 adds both routes with a next-hop of 10.0.12.2:

5-show-ip-route

Next we will create some static routes with next-hop addresses that match these 2 routes:

R1:
ip route 2.0.0.0 254.0.0.0 2.255.255.1
ip route 2.0.0.0 255.128.0.0 2.255.255.1
ip route 4.0.0.0 254.0.0.0 4.255.255.1
ip route 4.0.0.0 255.128.0.0 4.255.255.1
ip route 4.0.0.0 255.128.0.0 4.1.1.1

Only the 1st and 3rd routes are installed in the routing table.  These two routes both use a less specific mask than the best match for their next-hop addresses:

6-show-ip-route

The three /9 routes, which use a more specific mask than the best match for their next-hop, are not installed.  There is the risk that a route could be self-recursive if, after being installed, the best route to it’s next hop is itself.  We can see that this is true for the 4.0.0.0/9 route with a next-hop of 4.1.1.1.  If installed, the best route to it’s next-hop address would be itself.  However the other two /9 routes do not have this problem since their next-hop addresses are both outside of their own range.  If installed, their next-hop would resolve to the two /8 routes, both of which are valid. 

This issue only occurs when the matching route uses a next-hop address.  If we change 4.0.0.0/8 to use an exit interface rather than a next-hop address, R1 installs the route to 4.0.0.0/9 via 4.255.255.1 several seconds later after it’s next scan of the routing table.  The other, self-recursive route to 4.0.0.0/9 via 4.1.1.1 remains uninstalled, as it should:

R1:
no ip route 4.0.0.0 255.0.0.0 10.0.12.2
ip route 4.0.0.0 255.0.0.0 Serial0/0

R1#debug ip routing
Mar 1 01:24:57.171: RT: SET_LAST_RDB for 4.0.0.0/8
NEW rdb: is directly connected
Mar 1 01:24:57.171: RT: add 4.0.0.0/8 via 0.0.0.0, static metric [1/0]
Mar 1 01:24:57.171: RT: NET-RED 4.0.0.0/8
Mar 1 01:25:34.571: RT: network 4.0.0.0 is now variably masked
Mar 1 01:25:34.571: RT: SET_LAST_RDB for 4.0.0.0/9
NEW rdb: via 4.255.255.1
Mar 1 01:25:34.575: RT: add 4.0.0.0/9 via 4.255.255.1, static metric [1/0]
Mar 1 01:25:34.575: RT: NET-RED 4.0.0.0/9

7-show-ip-route

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: