Routes and prefix

Answered Question
Apr 26th, 2007

Hi:

I would like to confirm my idea about routing tables.

If a have following entries:

10.0.0.0/16--->Connected

10.0.0.0/24--->GW: 195.25.32.1

as routes in my router.

My internal network 10.0.0.0/16

Route to another private network 10.0.0.0/24 which is reachable through GW in my Wan (this gw is reachable as well).

What I want to confirm is that this config is consistent. Which route would try first or how would manage both routes in case of packet comming from outside to a host with for example this IP: 10.2.2.2?

Is this behaviour same in other routing devices? linux, fortinet....

Thanks and best regards,

Jorge

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 7 months ago

Jorge

Cisco always uses longest match in making routing decisions. There is not any relationship between ip classless or no ip classless and longest match, and they both use longest match.

In general if there is 10.0.0.0/24 which is reached through the gateway and there is also 10.0.0.1 -->10.0.0.254 somewhere else in your network there is a problem. If there is a host 10.0.0.5 and if there is something that puts a host route into the routing table then it would be reachable (but 10.0.0.5 through the gateway would not be reachable).

If you do have the situation where someone is using the same address space that you are using then the usual solution is to use Network Address Translation. NAT can help resolve the issue of overlapping addresses in networks.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Richard Burts Thu, 04/26/2007 - 03:46

Jorge

Your understanding is correct. This config is consistent and reasonable. In routing the IOS uses the concept of longest match. So in your example you have 10.0.0.0/16 and also 10.0.0.0/24. The IOS accepts and uses both of these since they are different prefixes (have different masks). It will prefer the /24 route more than the /16 route. So any packet to be routed which has the first 3 octets of 10.0.0 will be routed to the gateway specified for the /24 route. And any packet to be routed which has the first 2 octets of 10.0 will be routed as specified in the /16 entry. In your question about what happens if a packet has 10.2.2.2 we need a little more information about your environment before we can give an accurate answer. Is there any entry in the routing table for 10.2.x.x/?, is there a route for 10.0.0.0/8, and is there a default route in the table. It also depends on whether your router is configured with ip classless (the default) or with no ip classless. If you have ip classless and if you have a default route then the 10.2.2.2 would be routed using the default route.

HTH

Rick

jorolas Thu, 04/26/2007 - 03:54

Rick, thanks a lot. The example I choose was not apropiate, I made an error. Imagine packet 10.0.0.2. Which route would choose? I think that would have a look to arp table to see whether or not host is local, because first/16, and if finds not answer, would use the next route /24.

Is this correct?

There is a default route in the R.T. and this gw can be reached.

Thanks again for your effords,

Jorge

Richard Burts Thu, 04/26/2007 - 04:02

Jorge

I believe that 10.2.2.2 and 10.0.0.2 both raise interesting questions about routing logic.

To address the 10.0.0.2 question, your understanding here is not quite right. The IOS would look at the destination address of 10.0.0.2 and decide that the best match for it was the 10.0.0.0/24 entry and would forward to the gateway address. It would not look at the ARP table first, it looks at the routing table first and only looks at the ARP table if it has determined that the destination is on a local LAN interface.

HTH

Rick

jorolas Thu, 04/26/2007 - 06:07

Hi again Rick and sorry for asking again, but I need to understand this clear enough :-)

So, ok, I undertand Cisco uses longest match first. So in this example, could be possible for my network having a host with IP 10.0.0.5 in my internal network? Hosts 10.0.0.1-->10.0.0.254 could be in network 10.0.0.0/16 and network 10.0.0.0/24. Those whom belong to 10.0.0.0/16 (my internal network) never could be reached then, because always would follow longest match /24? Could they?

And last question :-) the longest match is for classles policies, isnt it?

Thanks again,

Best regards,

Jorge

Correct Answer
Richard Burts Thu, 04/26/2007 - 07:54

Jorge

Cisco always uses longest match in making routing decisions. There is not any relationship between ip classless or no ip classless and longest match, and they both use longest match.

In general if there is 10.0.0.0/24 which is reached through the gateway and there is also 10.0.0.1 -->10.0.0.254 somewhere else in your network there is a problem. If there is a host 10.0.0.5 and if there is something that puts a host route into the routing table then it would be reachable (but 10.0.0.5 through the gateway would not be reachable).

If you do have the situation where someone is using the same address space that you are using then the usual solution is to use Network Address Translation. NAT can help resolve the issue of overlapping addresses in networks.

HTH

Rick

jorolas Thu, 04/26/2007 - 08:11

Thanks a lot Rick, I understand now, my last question was not necessary, as once I wrote it I realized :-)

Thanks a lot again.

REgards,

Jorge

Richard Burts Thu, 04/26/2007 - 08:48

Jorge

I am glad that my answers have helped you to understand the logic of how routes are selected. This is an important thing to understand and not always obvious in the beginning. Thank you for using the rating system to indicate that your question was resolved. (and thanks for the rating) It makes the forum more useful when people can read a question and can know that there was an answer that did resolve the question. I encourage you to continue your participation in the forum.

HTH

Rick

Actions

This Discussion