I've been talking about static routes with someone who comes from an MPLS-TP background and they've said something that's screwed my whole head up. Posting here because maybe some of you can think of some other topology/scenario where this kind of static route is needed (next hop specified, no egress interface).
We're working on a piece of equipment that allows you to configure a static route, but only if you specify the egress interface, and only if that egress interface exists on that device. If those stipulations aren't met you cannot configure a static route. I asked, "What the hell's the point of that?!?" As far as I'm concerned, that's nothing more than an alternate default route, but only for a specific network.
As I see it, a static route that specifies a next hop but no egress interface is basically saying, "I don't care how you get there, if you can get there, go." That relies on there either being a dynamic routing protocol with a summary route that encompasses your next hop, or a default route. Otherwise the static route won't be put into the routing table.
But let's think about that for a minute. If a static route is dependent on (a) the default route, and (b) my upstream connection, then why do I need the static route? Why isn't my default route enough? If my upstream connection is down neither type of static route is going to work. Also, a static route isn't a tunnel. If I put in a static route for 10.0.0.0/8 with a next hop of a public IP my ICMP destination is still 10.0.0.0/8 and will get dropped by my upstream provider. So again, I still have to rely on the upstream provider, so what's wrong with just having a static route?
Now, static routes CAN help optimize routing to blocks that aren't participating in your routing protocol. But those static routes should be configured at the egress point and be propagated into your network by your routing protocol. If so then your static route's on the device with the egress interface and you can use the egress interface in that static route.
In Cisco a default route is a static route itself (ip route 0.0.0.0 0.0.0.0 1.1.1.1), but if the device has some other mechanism for configuring the default gateway (GUI driven) then technically you don't need that static route.
In Cisco static routes are also used to define interesting traffic for things like NAT and route maps, etc. But that's not actual routing, it's only filtering. The equipment we're working on doesn't use static routes for that, it's all GUI driven. So I'm not asking for that, I'm trying to find other actual routing-based requirements that require this kind of static route.
So really, I think, the only reason for a static route with a next hop is if you were in a situation where you had NO default route. But even in an air-gapped network you could (should?) still have a default route / gateway of last resort for managing traffic inside that network. In 12+ years of working in this field I've never run into a network that had NO default route.
A coworker brought up the point that - at least with Cisco devices - using an egress interface on a static route tells the device the destination is off that port, which can cause constant ARP messages, which can cause CAM overload and connectivity issues. That definitely is a good thing to avoid, but I'm just surprised that that's the ONLY example we can come up with that defends a next-hop only static route.
... this is making me question everything I thought I knew about static routes.
No comments:
Post a Comment