【轉】 Difference between defining static routes with next-hop address or exit interface
For a long time I was confused about this. It was not clear to me what is the difference between setting the static route using next hop interface IP address instead of exit interface (outgoing interface) syntax. It seemed that both methods are the same and that you have basically two different ways to define static route on specific device for no particular reason.
It was not clear to me why would someone do this kind of option on networking device OS if there were no reason for doing so. In other words I was strongly convinced that there must be some difference between two configs and learning more detail about the process of routers recursive searches and Proxy ARP function did answer all my doubts.
So now is time to put it all on paper for you to see it:
YOU CAN DEFINE STATIC ROUTE LIKE THIS:
R1(config)#ip route 10.0.0.0 255.255.255.0 10.10.2.1
This means that all packets from R1 with destination address from 10.0.0.0/24 subnet will be forwarded out the interface leading to next hop device with 10.10.2.1 address on its interface.
Other way is to define the same static route like this:
R1(config)#ip route 10.0.0.0 255.255.255.0 fastEthernet 0/0
If fastEthernet 0/0 is the interface on R1 router that leads to next hop router with best path to 10.0.0.0/24
WHAT’S THE DIFFERENCE, WHICH IS BETTER?
If you use next-hop address, you can conclude that your router will not have the information which interface must he use in order to route those packets out towards destination. R1 must then find an interface that is having 10.10.2.1 on other side. If there is no such interface the router will not install this static route into forwarding table. Second thing that is also important, if the router finds the outbound interface, it will check if this is multipoint interface or point-to-point interface. If this is a multipoint interface then the router needs to find layer 2 address of 10.10.2.1 so it can send the packets only to one specific neighbor on that segment. That is the case with Ethernet segment. On Ethernet segment the router will use ARP to find layer 2 MAC address of 10.10.2.1 and it will use that MAC address for all packets destined to any address from 10.0.0.0/24 range.
If you use outgoing interface, the router doesn’t need to do recursive lookup to find outgoing interface because it is written in the route. But the router doesn’t know which layer 2 neighbour address exist on that link. If we are speaking about Ethernet or some other multipoint interfaces, to get this information router needs to make layer 2 lookup for the final destination. It means that the router needs to find MAC address of let’s say 10.0.0.1 and not from 10.10.2.1
It furthermore means that router will need to have layer 2 (MAC) address resolved for every host from 10.0.0.0/24 and you will need proxy-ARP for this to be possible on Ethernet segments. When we see this it is clear that we should not use this kind of configuration on multipoint interfaces but only on point-to-point segments. If some interface is point-to-point then there is only one host on the other side and then there is no layer 2 resolution needed. PPP or HDLC are not having MAC addresses in their headers! In this case outgoing interface is better option so our router does not need to do recursive lookup to get the outgoing interface from next-hop address.
DEFAULT ROUTING THE RIGHT WAY
If you have default route defined with next-hop you are making right configuration choice. In this way you will need to have only one MAC resolved to all unknown destinations in ARP table. ARP will get your router the MAC of the next hop and all future ARP request will already have that answer in ARP cache.
If you have default route defined with outgoing interface you will possibly have some issues. Router does not have next-hop IP address nor destination MAC address. The router will need Proxy ARP response from his default neighbor router. Using Proxy ARP, ARP table will have many entries pointing to same MAC. Router will actually build the ARP entry every time MAC for unknown destination is needed. Little later ARP table will grow so huge that it will be filled up. When that happens there will be some ARP timeout and connection issues. And yes, one more thing. If proxy ARP is not working and that can easily be the case all this will not work at all.
【轉】 Difference between defining static routes with next-hop address or exit interface