0

I'm setting up a bunch of static routes (this is a security requirement so don't ask why I'm not using routing protocols).

A static route can either be created by specifying the next hop

199.199.199.0 255.255.255.0 199.199.200.1

Or by secifying the outgoing interface

199.199.199.0 255.255.255.0 GigabitEthernet0/23

In this case Gi 0/23 has an ip of 199.199.200.2 and is directly connected to 199.199.200.1. There are multiple other static routes going out this same interface.

What is the best practice in this situation?

Edit: Based on the difference of answers I had to dig into this some more. From my experience Cisco doesn't give you two ways to do the same thing and this is what I found. Specifying an interface is not recommended if the interface has many destinations. Here are the links I found and thanks Vlad H for the accurate answer.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800ef7b2.shtml http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfindp1.html#wp1054112

murisonc
  • 2,968
  • 2
  • 20
  • 30
  • I agree with joeqwerty's answer; there really isn't a best practice here, the use of a next hop address vs. a next hop interface really comes down to what you want to achieve in terms of your routing policy. One minor point; it's actually possible to specify both a next hop IP address *and* an outgoing interface. Such a static route will only be valid if the outgoing interface is up and a route to the next hop exists via that interface. – Murali Suriar Jan 25 '11 at 23:53

4 Answers4

2

If you don't specify a next-hop, the next-hop router should be configured to do proxy ARP. What will happen is that your router will do an ARP request whenever a packet is sent to a new destination which is not in the ARP table and the next-hop router should respond with its MAC on behalf of destination. This configuration is not recommended as there will be both a delay initially to do the ARP and if you have many routes like this (or even worse, I saw default routes like this!) you'll see memory and high cpu issues.

There will be no double route lookup or anything like that because on all decently modern routers, packets will be forwarded by CEF. Specifying just the interface will create a glean adjacency in CEF (which is similar to what happens for normal directly connected broadcast network) for the whole route. Then more specific /32 will be populated when ARPs arrive.

Vlad H
  • 136
  • 3
  • So to make sure I understand. If I use the interface the router will send an ARP for every packet which would be really bad if it's the gateway of last resort. This is partially mitigated with ip cef and completely eliminated when using the next hop ip address? – murisonc Jan 26 '11 at 00:00
  • 1
    No, it won't send an ARP for each packet. Just for each new destination (host). It is not mitigated at all by CEF, but gelraen mentioned the double route table lookup and wanted to clear that up, that forwarding is done in CEF and there won't be a routing table (RIB) lookup. In short, always use next-hop, unless you have a very good reason not to. – Vlad H Jan 26 '11 at 00:26
1

I have to agreed with Vlads point on this one - we once had a router crashing randomly and took ages to figure out why. Because we'd set the default route as outgoing interface it was caching all these ARP entries until eventually CEF process crashed. When CEF crashed other stuff failed, such as our VPNs.

user723748
  • 11
  • 1
0

Is there a best practice? It would seem that this is wholly dependent on your network design needs and goals. My thinking is that if you don't care what physical path the traffic takes then you specifiy the next hop and if you want to specify the physical path that the traffic takes, and make it always take a specific pre-defined path then you specify the interface.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Network design needs do matter but it appears that specifying the interface is not recommended in most cases. Of course exceptions are always possible. – murisonc Jan 26 '11 at 01:13
0

Generally specifying out interface is better because it avoids second routing table lookup. In case of ethernet you may need to specify both outgoing interface and next-hop IP address.

gelraen
  • 2,311
  • 20
  • 19
  • It appears that specifying the interface is not recommended in most cases. Reference the links I added to the question after reading Vlad H's answer and digging into that further. – murisonc Jan 26 '11 at 01:15