Link to home
Start Free TrialLog in
Avatar of jskfan
jskfanFlag for Cyprus

asked on

In Which situation we need to add static routes

In Which situation we need to add static routes

I have seen situation where people add static routes to windows computers.
I am not sure if this situation is valid only if the computer has 2 or more Network adapters connected to 2 or more different networks.

If I understand , when a computer is connected to the Network, the routes are provided dynamically based on the gateway that is set up for the computer.

Any clarifications ?

Thank you
SOLUTION
Avatar of Bob Alvarez
Bob Alvarez
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hypercube
While often site-to-site VPNs are implemented in the site gateway using a single public IP address, this isn't always the case.
Suppose that there are multiple public IP addresses available and that the plan might be to put a site-to-site VPN device on the network separate from the site gateway.  In that case, any traffic destined for the remote site subnet will be directed to the local VPN device LAN address using a static route.  

That said, this isn't the preferred method.  The preferred method is to put the route in the gateway router so the packets "bounce back onto the wire destined for the VPN device.  This is preferred because as computers change, they don't have to be specially configured.

But, when there are but a few computers that need a particular route, it may be fine to put those routes in the computers.  It may even be required by some "requirements".

MPLS links offer similar circumstances.
Avatar of jskfan

ASKER

it makes sense when you add static routes on the router, since you are in control of routing most subnets through that router.

However Windows PCs follow whatever is dictated by the Gateway(Router)
Ex:
if my PC has IP 10.10.10.100/24 and DG is 10.10.10.1/24

Then which  static route can be added to the PC?
Avatar of jskfan

ASKER

any follow up ?
The PC and the gateway are on the same subnet.  
So, if the PC has a static route, it would be something like this:
Case 1: PC has a static route:
192.168.3.3 mask 255.255.255.0 to 10.10.10.99 via 10.10.10.100
This means that 10.10.10.99 has a connection or path to 192.168.3.0/24
So, packets destined to 192.168.3.0/24 should go out on 10.10.10.100 and the next hop be 10.10.10.99 so the packet is "on the wire" for its final hop.
Case 2: Router has a static route:
192.168.3.3 mask 255.255.255.0 to 10.10.10.99 via 10.10.10.1
So, packets destined to 192.168.3.0/24 should go out on 10.10.10.1 and the next hop be 10.10.10.99 so the packet is "on the wire" for its final hop.
But, in this case, there could first be a hop from 10.10.10.100 if that computer didn't have the static route.

So, any static route can be added to a PC.  If it is added, then the same static route on the router won't be used as the router is NOT the next hop.  The packets go directly to the final destination on the LAN subnet.

The routes can be both places.  This may seem like overkill because it is.  However, if a new PC is added then it wouldn't need special treatment because the router will do the job.  So it's less work and less maintenance to put the route on the router.  But in some cases it may be useful to put the route on the PC.  Example:  There seems to be a problem.  We want to skip the routing in the router to make sure the next hop is working.  If it is then maybe the router isn't doing its job or needs the route to be added.

Is that what you wanted to know?
Avatar of jskfan

ASKER

in Most of the networks, the PC resides in a specific VLAN and has a DG setup, which means the PC can go just through that DG.

MyPC: IP 10.10.10.100/24 and DG is 10.10.10.1/24

I cannot just add another  static route to myPC  and let myPC go through the new static route. If I understand if a PC is in VLAN10 user cannot change it by adding static route on the PC and make it belong to VLAN20.
This whole issue of VLANs is a new aspect that had not been mentioned - so maybe the answers have been inadequate so far.

The simplest form of VLAN is that some ports on a switch are separated from other ports on a switch - as if there were two switches.
More elaborate forms of VLANs work at Layer 3 with routing in the switch or router that will allow you to set up inter-VLAN routing.

It's not a matter of "belonging" to a VLAN.  It's more a matter of "being connected on" a VLAN.  You're connected on VLAN10 and it would be a matter of moving cables or changing ports on the switch/router to being connected on VLA20.  But then you'd no longer be connected on VLAN10.  So, the solution to reaching VLAN20 is with a route.  
And, yes, you're correct that a static route on your PC won't do that because the PC doesn't know where VLAN20 is. i.e. there is no "next hop" address on VLAN10.

You mention multiple NICS.  That might be a good way to connect into VLAN20 from your PC directly.  Not elegant but certainly should be effective.  Just don't enter a gateway address on the VLAN20-addressed NIC.  Also, you may need to use a static address on that NIC as you don't want DHCP confusion - and mostly to avoid a 2nd gateway address.  Then cable that NIC into a switch on VLAN20 - perhaps one of the VLAN20 ports on the main switch.
If you do this then you don't need to add a route as the PC will know where the VLAN20 addresses connect.  You can verify this with a command prompt:
route print
This is not a good solution for multiple PCs of course.

The other way is to add a route in a Layer 3 switch or a router that understands the VLANs.  It could be as specific as myPC IP on VLAN10 to theirPC IP on VLAN20 (and the reverse).  Or it could be more global and cover the entire VLAN address space.
Avatar of jskfan

ASKER

Fred,

I am trying to understand the scenario where it is relevant to  add static routes to a PC.
If a PC has one NIC and is on VLAN 10
MyPC: IP 10.10.10.100/24 and DG is 10.10.10.1/24
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

Thank you for the explanation..I know it is hard to understand it if you do not see the case happened