** From: Routing TCP/IP, Volume I, 2nd Edition **
Lewis#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP,
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area,
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2,
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP,
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default,
U - per-user static route, o - ODR
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
S 10.1.3.0 [1/0] via 10.1.4.1
S 10.1.2.0 [1/0] via 10.1.4.1
S 10.1.1.0 [1/0] via 10.1.4.1
S 10.1.7.0 [1/0] via 10.1.6.2
C 10.1.6.0 is directly connected, Serial1
C 10.1.5.0 is directly connected, Ethernet0
C 10.1.4.0 is directly connected, Serial0
Lewis#
Tigger#show ip route
Gateway of last resort is not set
10.0.0.0 is variably subnetted, 3 subnets, 2 masks
C 10.4.6.0 255.255.255.0 is directly connected, Serial1
S 10.4.7.0 255.255.255.0 is directly connected, Serial1
S 10.1.0.0 255.255.0.0 is directly connected, Ethernet0
192.168.1.0 255.255.255.224 is subnetted, 3 subnets
C 192.168.1.64 is directly connected, Serial0
S 192.168.1.0 is directly connected, Serial0
C 192.168.1.192 is directly connected, Ethernet0
Tigger#
Only exit interface:
Tigger#show ip route static
10.0.0.0/16 is subnetted, 1 subnets
S 10.1.0.0 is directly connected, Ethernet0
Tigger#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.193 - 0004.c150.f1c0 ARPA Ethernet0
Internet 10.1.8.1 0 0010.7b38.37d5 ARPA Ethernet0
Internet 192.168.1.194 24 0010.7b38.37d5 ARPA Ethernet0
Internet 10.1.5.5 0 0010.7b38.37d5 ARPA Ethernet0
Internet 10.1.1.1 0 0010.7b38.37d5 ARPA Ethernet0
Tigger#
Exit interface and next hop:
Tigger#show ip route static
10.0.0.0/16 is subnetted, 1 subnets
S 10.1.0.0 [1/0] via 192.168.1.194, Ethernet0
Tigger#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.193 - 0004.c150.f1c0 ARPA Ethernet0
Internet 192.168.1.194 22 0010.7b38.37d5 ARPA Ethernet0
Honeybee#show cdp neighbor detail
-------------------------
Device ID: Honeytree
Entry address(es):
IP address: 10.4.6.2
IPv6 address: FE80::2B0:64FF:FE30:1DE0 (link-local)
IPv6 address: FEC0::1:2B0:64FF:FE30:1DE0 (site-local)
Platform: cisco 2610, Capabilities: Router
Interface: Serial0/0.2, Port ID (outgoing port): Serial0/0.2
Holdtime : 146 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(6), RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 11-Feb-04 19:24 by kellythw
advertisement version: 2
ipv6 unicast-routing
interface serial 0/0.2 point-to-point
ipv6 address fec0:0:0:3::/64 eui-64
ipv6 route fec0::1:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
ipv6 route fec0::a:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
ipv6 route fec0::8:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
Honeypot#show ipv6 route
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L FE80::/10 [0/0]
via ::, Null0
C FEC0:0:0:3::/64 [0/0]
via ::, Serial0/0.2
L FEC0::3:230:94FF:FE24:B780/128 [0/0]
via ::, Serial0/0.2
S FEC0:0:0:A::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:1::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
C FEC0:0:0:5::/64 [0/0]
via ::, Ethernet0/0
L FEC0::5:230:94FF:FE24:B780/128 [0/0]
via ::, Ethernet0/0
L FF00::/8 [0/0]
via ::, Null0
ipv6 route fec0::a:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::8:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::1:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::20:0:0:0:0/62 Ethernet0/0 FE80::2B0:64FF:FE30:1DE0
Honeypot#show ipv6 route static
S FEC0:0:0:A::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:8::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:1::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:20::/62 [1/0]
via FE80::2B0:64FF:FE30:1DE0, Ethernet0/0
ip route 192.168.1.0 255.255.255.0 192.168.1.193
ip route 10.4.0.0 255.255.0.0 192.168.1.193
ipv6 route fec0::8:0:0:0:0/62 fec0::3:204:c1ff:fe50:f1c0
ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1 50
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1 50
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1 50
Rabbit#show ip route
10.0.0.0 is variably subnetted, 5 subnets, 2 masks
C 10.1.10.0 255.255.255.0 is directly connected, Serial0
S 10.4.0.0 255.255.0.0 [1/0] via 10.1.10.1
S 10.1.5.0 255.255.255.0 [1/0] via 10.1.10.1
C 10.1.30.0 255.255.255.0 is directly connected, Ethernet0
C 10.1.20.0 255.255.255.0 is directly connected, Serial1
S 192.168.0.0 255.255.0.0 [1/0] via 10.1.10.1
Rabbit#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
%LINK-3-UPDOWN: Interface Serial0, changed state to down
Rabbit#show ip route
10.0.0.0 is variably subnetted, 4 subnets, 2 masks
S 10.4.0.0 255.255.0.0 [50/0] via 10.1.20.0
S 10.1.5.0 255.255.255.0 [50/0] via 10.1.20.1
C 10.1.30.0 255.255.255.0 is directly connected, Ethernet0
C 10.1.20.0 255.255.255.0 is directly connected, Serial1
S 192.168.0.0 255.255.0.0 [50/0] via 10.1.20.1
Rabbit#
ipv6 route FEC0::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0::/62 FEC0::2:204:C1FF:FE50:F1C0 50
ipv6 route FEC0:0:0:8::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::2:204:C1FF:FE50:F1C0 50
Honeypot#show ipv6 route static
S FEC0::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
Honeypot#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2, changed state to down
%LINK-3-UPDOWN: Interface Serial0/2, changed state to down
Honeypot#show ipv6 route static
S FEC0::/62 [50/0]
via FEC0::2:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [50/0]
via FEC0::2:204:C1FF:FE50:F1C0
ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1
Rabbit#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default,
U - per-user static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.10.0/24 is directly connected, Serial0
S 10.1.5.0/24 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
S 10.4.0.0/16 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
C 10.1.20.0/24 is directly connected, Serial1
S 192.168.0.0/16 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
Rabbit#
IPv6 works the same way as IPv4.
ipv6 route FEC0::/62 FEC0::2:204:C1FF:FE50:F1C0
ipv6 route FEC0::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::2:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::3:204:C1FF:FE50:F1C0
Honeypot#show ipv6 route static
S FEC0::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
via FEC0::2:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
via FEC0::2:204:C1FF:FE50:F1C0
Piglet#debug ip packet
IP packet debugging is on
Piglet#
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
Piglet#
ip route 10.1.30.0 255.255.255.0 10.1.10.2
ip route 10.1.10.0 255.255.255.0 192.168.1.194
ip route 192.168.1.192 255.255.255.224 192.168.1.66
ip route 10.43.2.0 255.255.255.0 10.87.14.1
ip route 10.10.3.0 255.255.255.0 10.87.14.1
ip route 10.18.196.0 255.255.255.0 10.87.14.1
ip route 172.17.23.0 255.255.255.0 10.87.14.1
ip route 192.168.100.0 255.255.255.0 10.87.14.1
ip route 10.87.14.0 255.255.255.0 10.23.5.95
no ip route 10.87.14.0 255.255.255.0 10.23.5.95
ip route 10.87.14.0 255.255.255.0 10.23.5.20
Route Table
- What happens when a framed packet arrives at one of a router’s interfaces?
- The data-link identifier in the frame’s destination address field is examined.
- If it contains either the identifier of the router’s interface or a broadcast identifier, the router strips off the frame and passes the enclosed packet to the network layer.
- At the network layer, the destination address of the packet is examined.
- If the destination address is either the IP address of the router’s interface or an all-hosts broadcast address, the protocol field of the packet is examined and the enclosed data is sent to the appropriate internal process.
- Any other destination address calls for routing.
- If the packet is to be routed, the router will do a route table lookup to acquire the correct route.
- At a minimum, each route entry in the database must contain two items:
- Destination address: This is the address of the network the router can reach.
- Pointer to the destination: This pointer either will indicate that the destination network is directly connected to the router or it will indicate the address of another router on a directly connected link or the local interface to that link. That router, which will be one router hop closer to the destination, is a next-hop router.
- The router will match the most specific address it can.
- A default address is considered a least-specific address and is matched only if no other match can be found.
- If the destination address of the packet cannot be matched to any route table entry, the packet is dropped and a Destination Unreachable ICMP message is sent to the source address.
- The routing process assumes that the router can match its listed next-hop addresses to its interfaces.
Lewis#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP,
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area,
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2,
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP,
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default,
U - per-user static route, o - ODR
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
S 10.1.3.0 [1/0] via 10.1.4.1
S 10.1.2.0 [1/0] via 10.1.4.1
S 10.1.1.0 [1/0] via 10.1.4.1
S 10.1.7.0 [1/0] via 10.1.6.2
C 10.1.6.0 is directly connected, Serial1
C 10.1.5.0 is directly connected, Ethernet0
C 10.1.4.0 is directly connected, Serial0
Lewis#
- At the top of the table is a statement indicating that the route table knows of seven subnets of the major network address 10.0.0.0, subnetted with a 24-bit mask.
- The entries that are not directly connected—routes for which the packet must be forwarded to a next-hop router—a bracketed tuple indicates [administrative distance/metric] for that route.
- Metrics are a way for multiple routes to the same destination to be rated by preference—the lower the metric, the “shorter” the path and so the more desirable the route.
- Static routes have a metric of 0.
Configuring Static Routes
- The route table acquires information in one of three ways:
- The information can be entered based on what the router knows about its directly connected subnets.
- The information can be entered manually, by means of a static route entry.
- The information can be entered automatically by dynamic routing protocols.
- Certain conditions must be met before a static route is written into the route table. IP routing must be enabled, the next-hop address, if used, must be reachable, the exit interface must have an IP address configured on it, and the exit interface must be up.
- All addresses specified with a static route referring to an exit interface are entered into the table as if they are directly connected to that interface.
- A third option for static routes is to use a combination of the outgoing interface and the next-hop address. The next-hop address is coupled with the specified exit interface. If the exit interface goes down, the route is removed from the route table, even if the next-hop address is recursively reachable via an alternate route. This minimizes table lookups associated with finding the outgoing interface associated with a next-hop address and the entry in the table is not considered a directly connected network.
- Directing a static route to an exit broadcast interface without specifying the next-hop address can cause an excessive amount of traffic on the broadcast network, and also might eat up the router’s memory.
Tigger#show ip route
Gateway of last resort is not set
10.0.0.0 is variably subnetted, 3 subnets, 2 masks
C 10.4.6.0 255.255.255.0 is directly connected, Serial1
S 10.4.7.0 255.255.255.0 is directly connected, Serial1
S 10.1.0.0 255.255.0.0 is directly connected, Ethernet0
192.168.1.0 255.255.255.224 is subnetted, 3 subnets
C 192.168.1.64 is directly connected, Serial0
S 192.168.1.0 is directly connected, Serial0
C 192.168.1.192 is directly connected, Ethernet0
Tigger#
- For example, look at Tigger’s ip route 10.1.0.0 255.255.0.0 E0 command. The router assumes 10.1.0.0 is directly connected.
- Therefore, when attempting to route to any address on the 10.1.0.0/16 subnet, the router sends an ARP request to find the MAC address to which to forward the packet. Each attempt to reach an address on the 10.1.0.0 network, whether the destination is valid or not, will result in an ARP request, an ARP response if a router on the broadcast network is responding on behalf of the 10.1.0.0 network (proxy ARP), and a potentially large ARP cache on the router.
- By appending the next-hop address to the static route entry, ip route 10.1.0.0 255.255.0.0 E0 192.168.1.194, the router no longer assumes that the destination is directly connected. The only ARP traffic is for the next-hop address, which only occurs for the first packet destined to a host on network 10.1.0.0, rather than for every packet destined to a new host on network 10.1.0.0.
- Specify the exit interface and the next-hop address to minimize table lookups associated with finding the exit interface for a specified next-hop address, and to minimize traffic on the broadcast network.
Only exit interface:
Tigger#show ip route static
10.0.0.0/16 is subnetted, 1 subnets
S 10.1.0.0 is directly connected, Ethernet0
Tigger#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.193 - 0004.c150.f1c0 ARPA Ethernet0
Internet 10.1.8.1 0 0010.7b38.37d5 ARPA Ethernet0
Internet 192.168.1.194 24 0010.7b38.37d5 ARPA Ethernet0
Internet 10.1.5.5 0 0010.7b38.37d5 ARPA Ethernet0
Internet 10.1.1.1 0 0010.7b38.37d5 ARPA Ethernet0
Tigger#
Exit interface and next hop:
Tigger#show ip route static
10.0.0.0/16 is subnetted, 1 subnets
S 10.1.0.0 [1/0] via 192.168.1.194, Ethernet0
Tigger#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.193 - 0004.c150.f1c0 ARPA Ethernet0
Internet 192.168.1.194 22 0010.7b38.37d5 ARPA Ethernet0
- The first route table and ARP cache show that the static route entry was created with an exit interface and no next-hop address. The route is directly connected and there are multiple ARP cache entries for destinations on the 10.1.0.0 network. The MAC address for each entry is the same. It is the hardware address of the router with IP address 192.168.1.194. The router is sending ARP replies for all hosts on the 10.1.0.0 network. This proxy ARP is enabled by default in IOS.
- The second set of tables shows the route table and ARP cache when the next-hop address is specified in addition to the exit interface. Notice the route is no longer directly connected. It is known via 192.168.1.194 and the exit interface is Ethernet 0. The ARP cache has no entries for the 10.1.0.0 network, only for the addresses that actually exist on the directly connected network, including 192.168.1.194.
IPv6 Static Routes
- IPv6 static routes are configured the same way as IPv4 static routes. The only difference is using network/prefix length with IPv6 and not network/subnet mask as with IPv4.
- Unlike IPv4, however, IPv6 routing is not enabled by default. Before entering a static route, IPv6 must be enabled using the ipv6 unicast-routing command.
- As with IPv4, an IPv6 address must be configured on the exit interface and the interface must be up before the static entry will be added to the route table.
- The command used to create a static route is ipv6 route followed by the network to be entered into the route table, the length, in bits of the prefix, and the address of the next-hop router, or the exit interface to be used to reach this destination.
- If the interfaces on the data link are configured to use EUI-64 interface IDs, you only specify the first 64 bits of the address. The router determines the final 64 bits based on a MAC address.
- One way to identify the full 128-bit IPv6 address of a neighbor router is to use the Cisco Discovery Protocol (CDP) statistics. CDP displays information about neighboring routers, such as the router’s hostname, router type, IOS, and the IP addresses configured on the remote end of the link.
Honeybee#show cdp neighbor detail
-------------------------
Device ID: Honeytree
Entry address(es):
IP address: 10.4.6.2
IPv6 address: FE80::2B0:64FF:FE30:1DE0 (link-local)
IPv6 address: FEC0::1:2B0:64FF:FE30:1DE0 (site-local)
Platform: cisco 2610, Capabilities: Router
Interface: Serial0/0.2, Port ID (outgoing port): Serial0/0.2
Holdtime : 146 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(6), RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 11-Feb-04 19:24 by kellythw
advertisement version: 2
- As with IPv4, IPv6 static routes can use the outbound interface rather than next-hop address. There is an option to enter an address after the interface as there is with IPv4. You can put either the link-local address here or a configured address. This next-hop address should be used when the exit interface is a broadcast interface, such as Ethernet.
ipv6 unicast-routing
interface serial 0/0.2 point-to-point
ipv6 address fec0:0:0:3::/64 eui-64
ipv6 route fec0::1:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
ipv6 route fec0::a:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
ipv6 route fec0::8:0:0:0:0/64 fec0::3:204:c1ff:fe50:f1c0
Honeypot#show ipv6 route
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L FE80::/10 [0/0]
via ::, Null0
C FEC0:0:0:3::/64 [0/0]
via ::, Serial0/0.2
L FEC0::3:230:94FF:FE24:B780/128 [0/0]
via ::, Serial0/0.2
S FEC0:0:0:A::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:1::/64 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
C FEC0:0:0:5::/64 [0/0]
via ::, Ethernet0/0
L FEC0::5:230:94FF:FE24:B780/128 [0/0]
via ::, Ethernet0/0
L FF00::/8 [0/0]
via ::, Null0
- The router must determine the exit interface associated with this IPv6 address recursively, as it does with IPv4. The entry for FEC0:0:0:A::/64 has a next-hop address of FEC0::3:204:C1FF:FE50:F1C0. Looking further into the route table, FEC0:0:0:3::/64 is connected on Serial0/0.2.
- Routes can also be entered with the outgoing interface toward the destination network. The outgoing interface and the next-hop address can be entered together, too.
ipv6 route fec0::a:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::8:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::1:0:0:0:0/64 serial 0/0.2
ipv6 route fec0::20:0:0:0:0/62 Ethernet0/0 FE80::2B0:64FF:FE30:1DE0
Honeypot#show ipv6 route static
S FEC0:0:0:A::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:8::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:1::/64 [1/0]
via ::, Serial0/0.2
S FEC0:0:0:20::/62 [1/0]
via FE80::2B0:64FF:FE30:1DE0, Ethernet0/0
- One thing to notice in the route table is that the routes do not appear to be directly connected as it does with IPv4.
- The “::” means that the next hop is unspecified, but the outgoing interface is Serial 0/0.2.
- On a point-to-point serial interface, an unspecified next-hop address is not a problem. There is only one other device on that point-to-point network, and all packets are forwarded out the interface and reach the other device.
- On a broadcast interface, the router must find a neighbor to which to send the packet. The router multicasts a neighbor solicitation message on the Ethernet and waits for a neighbor advertisement from the next-hop device.
- For this reason, when using an exit interface to configure a static route on a broadcast network, a next-hop address must also be specified.
- The recommended address to use as the next-hop address is the link-local address of the next-hop router. One reason to use the link-local address is that it is not likely to change.
Summary Routes
- A summary route is an address that encompasses several more specific addresses in a route table.
- For example, subnets 10.4.6.0/24 and 10.4.7.0/24 could be specified with a single entry of 10.4.0.0/16.
- Likewise, subnets 192.168.1.0/27 and 192.168.1.64/27 could be accounted for in its route table with a single entry pointing to 192.168.1.0/24.
- These two route entries, 10.4.0.0/16 and 192.16.1.0/24, are summary routes.
ip route 192.168.1.0 255.255.255.0 192.168.1.193
ip route 10.4.0.0 255.255.0.0 192.168.1.193
ipv6 route fec0::8:0:0:0:0/62 fec0::3:204:c1ff:fe50:f1c0
- By summarizing a group of subnets or even major networks, the number of static route entries may be reduced drastically
- However, caution must be used when summarizing addresses; when done incorrectly, unexpected routing behavior may occur.
Floating Static Routes
- A floating static route is less preferred than other routes in the route table. It appears in the table only under the special circumstance of the failure of a more-preferred route.
ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1 50
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1 50
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1 50
- The router has double entries for every route.
- Notice that all static routes using subnet 10.1.20.0 are followed by a 50.
- This number specifies an administrative distance, which is a measure of preferability.
- When duplicate paths to the same network are known, the router will prefer the path with the lower administrative distance.
- At first this idea sounds like a metric; however, a metric specifies the preferability of a route, whereas an administrative distance specifies the preferability of the means by which the route was discovered.
- By increasing the administrative distances of the static routes traversing subnet 10.1.20.0 to 50, they become less preferred than the routes traversing subnet 10.1.10.0.
Rabbit#show ip route
10.0.0.0 is variably subnetted, 5 subnets, 2 masks
C 10.1.10.0 255.255.255.0 is directly connected, Serial0
S 10.4.0.0 255.255.0.0 [1/0] via 10.1.10.1
S 10.1.5.0 255.255.255.0 [1/0] via 10.1.10.1
C 10.1.30.0 255.255.255.0 is directly connected, Ethernet0
C 10.1.20.0 255.255.255.0 is directly connected, Serial1
S 192.168.0.0 255.255.0.0 [1/0] via 10.1.10.1
Rabbit#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
%LINK-3-UPDOWN: Interface Serial0, changed state to down
Rabbit#show ip route
10.0.0.0 is variably subnetted, 4 subnets, 2 masks
S 10.4.0.0 255.255.0.0 [50/0] via 10.1.20.0
S 10.1.5.0 255.255.255.0 [50/0] via 10.1.20.1
C 10.1.30.0 255.255.255.0 is directly connected, Ethernet0
C 10.1.20.0 255.255.255.0 is directly connected, Serial1
S 192.168.0.0 255.255.0.0 [50/0] via 10.1.20.1
Rabbit#
- The primary link connected to Serial 0 has changed to “down,” indicating a failure.
- All nonconnected routes now point to a next-hop address of 10.1.20.1.
- Because the more-preferred entry is no longer available, the router has switched to the less-preferred backup link, with the administrative distance of 50 indicated in the brackets.
IPv6 Floating Static Routes
- IPv6 floating static route statements work the same way as IPv4.
ipv6 route FEC0::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0::/62 FEC0::2:204:C1FF:FE50:F1C0 50
ipv6 route FEC0:0:0:8::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::2:204:C1FF:FE50:F1C0 50
- Honeypot’s route table with the routes known via the fec0::3:0:0:0:0/64 subnet installed. Both routes have an administrative distance of 1. Then, interface S0/0.2 goes down. The backup routes, with administrative distance of 50, get installed in the route table.
Honeypot#show ipv6 route static
S FEC0::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
Honeypot#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2, changed state to down
%LINK-3-UPDOWN: Interface Serial0/2, changed state to down
Honeypot#show ipv6 route static
S FEC0::/62 [50/0]
via FEC0::2:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [50/0]
via FEC0::2:204:C1FF:FE50:F1C0
Load Sharing
- The problem with the configuration used in the previous section is that under normal circumstances the second link is never utilized. The bandwidth available on the link is wasted.
- Load sharing allows routers to take advantage of multiple paths to the same destination by sending packets over all the available routes.
- Load sharing can be equal cost or unequal cost, where cost is a generic term referring to whatever metric (if any) is associated with the route:
- Equal-cost load sharing distributes traffic equally among multiple paths with equal metrics. In this case, load sharing can also be called load balancing.
- Unequal-cost load sharing distributes packets among multiple paths with different metrics. The traffic is distributed in inverse proportion to the cost of the routes. That is, paths with lower costs are assigned more traffic, and paths with higher costs are assigned less traffic.
- Some routing protocols support both equal-cost and unequal-cost load sharing, whereas others support only equal cost.
- Static routes, which have no metric, support only equal-cost load sharing.
- Load sharing is either per destination or per packet.
ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1
Rabbit#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default,
U - per-user static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.10.0/24 is directly connected, Serial0
S 10.1.5.0/24 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
S 10.4.0.0/16 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
C 10.1.20.0/24 is directly connected, Serial1
S 192.168.0.0/16 [1/0] via 10.1.10.1
[1/0] via 10.1.20.1
Rabbit#
IPv6 works the same way as IPv4.
ipv6 route FEC0::/62 FEC0::2:204:C1FF:FE50:F1C0
ipv6 route FEC0::/62 FEC0::3:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::2:204:C1FF:FE50:F1C0
ipv6 route FEC0:0:0:8::/62 FEC0::3:204:C1FF:FE50:F1C0
Honeypot#show ipv6 route static
S FEC0::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
via FEC0::2:204:C1FF:FE50:F1C0
S FEC0:0:0:8::/62 [1/0]
via FEC0::3:204:C1FF:FE50:F1C0
via FEC0::2:204:C1FF:FE50:F1C0
Load Sharing and Cisco Express Forwarding (CEF)
- Per destination load sharing distributes the load according to destination address.
- Given two paths to the same network, all packets for one destination may travel over the first path, all packets for a second destination on the same network may travel over the second path.
- This is the default type of load sharing used by Cisco Express Forwarding (CEF).
- On most platforms, CEF is the default switching mode for IPv4, but not IPv6.
- CEF is a very efficient switching process. Its forwarding information is obtained and stored in tables before any packet needs to use the information.
- CEF builds a forwarding information base (FIB) with information obtained from the route table.
- CEF uses a separate table, the adjacency table, to maintain Layer 2 forwarding information for each entry in the FIB.
- Both the FIB and adjacency table are created before packets need to be forwarded.
- CEF performs per-destination load sharing by default.
- This is actually per source-destination pair load sharing. All traffic that has a particular source address and is destined to a specific destination address will exit the same interface.
- Per packet load sharing is another method available to CEF switched IPv4 packets.
- IPv6 CEF only supports per destination load sharing.
- Per packet load sharing means that one packet is sent over one link, the next packet is sent over the next link, even if this next packet is to the same destination.
- Per packet load sharing may distribute the load more evenly than per destination load sharing, depending upon the number of different source-destination pairs, but because the packets to a given destination will be taking different paths, the packets are likely to arrive out of order, which is unacceptable for some applications, such as Voice over IP.
- To enable CEF for IPv6, first enable CEF for IPv4, then use the command ipv6 cef.
- If for some reason the packet cannot be CEF switched, CEF punts the packet down to the next-best and available switching method. For IPv4, this would be fast switching, if it is enabled on the interface. For IPv6, this would be process switching.
- Process switching simply means that for every packet, the router performs a route table lookup, selects an interface, and then looks up the data link information. Because each routing decision is independent for each packet, all packets to the same destination are not forced to use the same interface.
- To enable process switching on an interface, use the command no ip route-cache for IPv4. You don’t have to do anything to enable process switching for IPv6. It is enabled by default.
- The debug ip packet command displays only process switched packets.
Piglet#debug ip packet
IP packet debugging is on
Piglet#
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial0), g=10.1.10.2, forward
IP: s=10.1.30.25 (Serial0), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
IP: s=192.168.1.15 (Ethernet0), d=10.1.30.25 (Serial1), g=10.1.20.2, forward
IP: s=10.1.30.25 (Serial1), d=192.168.1.15 (Ethernet0), g=192.168.1.193, forward
Piglet#
- This router is alternating between S0 and S1 to send packets to the same destination. Notice that the router on the other end of the two links is doing the same thing with the reply packets.
- IOS makes switching decisions based on the configuration of the inbound interface first. If CEF is configured on an inbound interface, the packet will be CEF switched regardless of the configuration on the outbound interface.
- If CEF is not enabled on the inbound interface, then IOS processes and forwards the packet, and based on the configuration of the outbound interface, subsequent packets will be fast-switched or process switched.
- IOS will switch a packet using CEF only if CEF is enabled on the inbound interface. If CEF is not configured on the inbound interface, the configuration of the exit interface determines the switching method.
- Notice that when process or fast-switching is configured inbound and CEF is configured on the outbound interface, fast-switching is used.
- For IPv4, fast-switching is enabled outbound, even if CEF is enabled on the interface.
- There are times when a packet will not be switched using CEF even if it is enabled (for example, if access-list logging is enabled and a packet will be logged). Packets will be punted down to the next fastest switching method. For IPv4, the next fastest switching method is fast-switching. For IPv6, this is process switching.
Recursive Table Lookups
- All route entries do not necessarily need to point to the next-hop router.
ip route 10.1.30.0 255.255.255.0 10.1.10.2
ip route 10.1.10.0 255.255.255.0 192.168.1.194
ip route 192.168.1.192 255.255.255.224 192.168.1.66
- If the router needs to send a packet to host 10.1.30.25, it will look into its route table and find that the subnet is reachable via 10.1.10.2.
- Because that address is not on a directly connected network, the router must again consult the table to find that network 10.1.10.0 is reachable via 192.168.1.194.
- That subnet is also not directly connected, so a third table lookup is called for. The router will find that 192.168.1.192 is reachable via 192.168.1.66, which is on a directly connected subnet. The packet can now be forwarded.
- Because each table lookup costs processor time, under normal circumstances forcing a router to perform multiple lookups is a poor design decision.
- Routing can easily be modified to forward all routes through a different next-hop router simply by changing one static route entry.
ip route 10.43.2.0 255.255.255.0 10.87.14.1
ip route 10.10.3.0 255.255.255.0 10.87.14.1
ip route 10.18.196.0 255.255.255.0 10.87.14.1
ip route 172.17.23.0 255.255.255.0 10.87.14.1
ip route 192.168.100.0 255.255.255.0 10.87.14.1
ip route 10.87.14.0 255.255.255.0 10.23.5.95
no ip route 10.87.14.0 255.255.255.0 10.23.5.95
ip route 10.87.14.0 255.255.255.0 10.23.5.20
- Had all the static routes referenced 10.23.5.95 as the next-hop address directly, it would have been necessary to delete and retype all the lines that contained that next hop and change it to 10.23.5.20.
- Nevertheless, the effort saved in retyping static routes must be weighed carefully against the extra processing burden that recursive lookups put on the router.
Comments
Post a Comment