<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Cisco IOS: Case Study regarding the difference between static route using next-hop IP and using outgoing interface

Published on
5,377 Points
1,977 Views
4 Endorsements
Last Modified:
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outgoing interface.

For this test we are going to use the simple network setup shown in the diagram below:
Network-Diagram.pngStatic Route using outgoing interface.
Let's configure R1 as follows:
R1(config)#int FastEthernet0/0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
R1(config)#end
R1#wr
Building configuration...

*Mar  1 00:15:23.571: %SYS-5-CONFIG_I: Configured from console by console[OK]
R1#

Open in new window

We then try to send a couple of pings from R1 and look at the ARP table:

R1#ping 2.2.2.2 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 68/74/80 ms
R1#ping 3.3.3.3 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 68/68/68 ms
R1#ping 4.4.4.4 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 72/82/92 ms
R1#ping 5.5.5.5 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.!!
Success rate is 66 percent (2/3), round-trip min/avg/max = 68/70/72 ms
R1#
R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  5.5.5.5                 0   c002.28b4.0000  ARPA   FastEthernet0/0
Internet  4.4.4.4                 0   c002.28b4.0000  ARPA   FastEthernet0/0
Internet  3.3.3.3                 0   c002.28b4.0000  ARPA   FastEthernet0/0
Internet  2.2.2.2                 0   c002.28b4.0000  ARPA   FastEthernet0/0
Internet  1.1.1.1                 -   c001.1b8c.0000  ARPA   FastEthernet0/0
R1#

Open in new window

And here is the Wireshark packet capture during the ping test.
Wireshark-of-ARP-due-to-static-route-usi
  • Notice that for every ping we are sending out Fa0/0 due to the default static route, an address resolution protocol (ARP) request is being made for that particular destination IP.
  • Also, every first ping packet is dropped because every time we send traffic for the first time, ARP needs to resolve first the next-hop MAC address.
  • Looking into the ARP table, for each IP an ARP entry is being made. So if we sent out traffic to 100 destinations, the ARP table will include 100 entries.
  • With this being a default route to the Internet and depending on the number of users in your network accessing various stuff on the Internet, this can easily populate your ARP table unnecessarily.
Static Route using next-hop IP.
Same setup:
  • We remove the previous static route using outgoing interface
  • Add the new static route using next-hop IP
  • Then clear the ARP-cache
  • Send some pings and check the ARP table again.
R1(config)#do show run int FastEthernet0/0 | inc interface|ip address
interface FastEthernet0/0
 ip address 1.1.1.1 255.255.255.0
R1(config)#
R1(config)#no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
R1(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2
R1(config)#
R1(config)#end
R1#
*Mar  1 00:26:12.919: %SYS-5-CONFIG_I: Configured from console by console
R1#
R1#clear arp-cache
R1#
R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  1.1.1.1                 -   c001.1b8c.0000  ARPA   FastEthernet0/0
R1#
R1#ping 2.2.2.2 re 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.!
Success rate is 50 percent (1/2), round-trip min/avg/max = 92/92/92 ms
R1#ping 3.3.3.3 re 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 64/66/68 ms
R1#ping 4.4.4.4 re 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 68/98/128 ms
R1#ping 5.5.5.5 re 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 60/86/112 ms
R1#
R1#show ip arp
R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  1.1.1.1                 -   c001.1b8c.0000  ARPA   FastEthernet0/0
Internet  1.1.1.2                 0   c002.28b4.0000  ARPA   FastEthernet0/0
R1#

Open in new window

And here is the Wireshark capture during the ping test.
Wireshark-of-ARP-due-to-static-route-usi
  • Notice that only the first packet for the first traffic is dropped because the ARP needs to be resolved first for 1.1.1.2 as seen on line 33 of the Wireshark capture.
  • Subsequent traffic does not require an ARP request and first packet drops does not occur.
  • The ARP table only shows values for 1.1.1.1 and 1.1.1.2.

Further Analysis and food for thought
  • Who is replying to the ARP queries from R1?
Answer: Thats easy: the upstream router since R1 is directly connected to only one device upstream.
  • Why is the upstream router replying to the ARP queries, even though those IP addresses are not of the upstream router (those IP address can be well further upstream beyond across the Internet)?
Answer: This is due to proxy-ARP. By default proxy-ARP is enabled on all IOS device interfaces, so even though the IP address does not belong to the router itself it replies to the ARP queries.
  • What happens when proxy-ARP is disable on the upstream router or upstream device is not capable of proxy-ARP? Will R1 still be able to send out traffic?
Answer: No, it will not be able to send traffic, since ARP resolution is needed to identify the next-hop MAC address that will be used in the Layer 2 frame header when encapsulating the packet.
Internet#show run int fa0/0 | inc interface|ip address|proxy
interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.0
 no ip proxy-arp


R1#ping 2.2.2.2 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
R1#
R1#
R1#ping 2.2.2.2 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
R1#ping 3.3.3.3 re 3

Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
R1#
R1#
R1#
R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  1.1.1.1                 -   c001.1b8c.0000  ARPA   FastEthernet0/0
R1#

Open in new window

No-proxy-ARP.png

  • If you have two upstream device connected on a LAN to R1 as shown below. Which upstream device will R1 use in case a static default route was configured using an outgoing interface?
Two-upstream-router.png
Answer: Whichever one replies to the ARP queries first. Very undesirable.

Summary and conclusion.
  • Static route configuration using outgoing interface will generate an ARP request for every packet sent out through the interface. This can then populate your ARP table unnecessarily. Depending on the load of the router, router capabilities, number of users and traffic passing, a very populated ARP table can cause issues on the router. Consider an Internet router running a border gateway protocol, a virtual private network, and an internal gateway protocol. An over-populated ARP table can cause a negative impact on the router CPU and memory load that could have been avoided.
  • Static route configuration using outgoing interface relies heavily on proxy-ARP. With proxy-ARP disabled or upstream device is not capable of proxy-ARP, static routes using outgoing interface will not work. Lastly in case of two upstream device replying to ARP queries, this can cause undeterministic results on which route traffic will take.
4
Author:ffleisma
1 Comment
LVL 22

Expert Comment

by:Jody Lemoine
There is actually a third method that combines the two.

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 1.1.1.2

This has all of the same benefits as routing to the next-hop address, but ensures that the traffic doesn't use another interface regardless of the routing table's data for the next hop. It also has other applications, such as statically leaking routes between VRF instances.

Good write-up.
0

Featured Post

HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month