ip route statement

Answered Question
Apr 3rd, 2009

Hello everyone, I have a question and maybe someone can shade some light on it. Why would you want to have an ip route statement from your DMZ switch like the following:

ip route ISP_internetrouter_loopbackinterface 255.255.255.255 ISP_fastethernet0/1

I don't understand the purpose of it. The way I see it is if you want to go the loopback interface go through fa of the same router. Why?

Thank you for any input on this!!!

Cheers!

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 8 months ago

Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.

It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?

Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.

Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JamesLuther Fri, 04/03/2009 - 07:55

Hi,

Is the DMZ switch running BGP? It's normal to have a static route pointing to a BGP peers loopback in order to bring up a BGP session (if update source has been set to loopback).

Regards

Correct Answer
Jon Marshall Fri, 04/03/2009 - 09:13

Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.

It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?

Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.

Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?

Jon

Actions

This Discussion