OSPF vs static interface routes

Answered Question

Hello,

I have a strange problem.

One of my routers seems to prefer OSPF route over /32 static interface route. I have such route configured

ip route 172.20.240.19 255.255.255.255 GigabitEthernet0/1/0.225

but sh ip route 172.20.240.19 shows:

Routing entry for 172.20.240.16/29

Known via "ospf 1", distance 110, metric 200

Tag 99, type extern 2, forward metric 1

Last update from 172.20.0.7 on FastEthernet0/0.215, 00:22:32 ago

Routing Descriptor Blocks:

* 172.20.0.7, from 172.20.254.7, 00:22:32 ago, via FastEthernet0/0.215

Route metric is 200, traffic share count is 1

Route tag 99

What could cause this ?

Is it possible that static routes without concrete next hop are not preferred over shorter prefixes received from OSPF ?

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 7 months ago

Hello Armin,

when you configure a static route specifying a LAN interface as outgoing interface you are relying on proxy-arp on the other routers in the LAN segment.

proxy-arp is the willingness to answer an ARP request for an ip address that is not part of the IP subnet.

if the router cannot find a valid IP next-hop and MAC address it cannot send valid frames out the interface and so it cannot use the static route.

you can check the other routers using

sh ip int typex/y | incr proxy

there is a line that tells you if the proxy ARP is enabled or not.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Giuseppe Larosa Sat, 05/02/2009 - 03:17

Hello Armin,

when you configure a static route specifying a LAN interface as outgoing interface you are relying on proxy-arp on the other routers in the LAN segment.

proxy-arp is the willingness to answer an ARP request for an ip address that is not part of the IP subnet.

if the router cannot find a valid IP next-hop and MAC address it cannot send valid frames out the interface and so it cannot use the static route.

you can check the other routers using

sh ip int typex/y | incr proxy

there is a line that tells you if the proxy ARP is enabled or not.

Hope to help

Giuseppe

lamav Sat, 05/02/2009 - 06:12

Giuseppe:

Im not sure I understand what youre saying.

What you say about proxy ARP being turned on and off in the next hop router is true. Having a static route pointing to a LAN interface will rely on proxy arp to deliver packets, but the static route should be in the routing table as long as the interface is up, up.

I have a router connected to a switch. I have a static route on the router pointing to a LAN interface for the 99.99.99.99 network, a network the switch knows nothing about. Proxy arp is disabled on that next hop interface.

Router#sh ip ro

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 is directly connected, FastEthernet0/0

99.0.0.0/32 is subnetted, 1 subnets

S 99.9.99.99 is directly connected, FastEthernet0/0

192.168.5.0/30 is subnetted, 1 subnets

C 192.168.5.0 is directly connected, FastEthernet0/0

10.0.0.0/32 is subnetted, 1 subnets

S 10.10.10.10 is directly connected, FastEthernet0/0

Router#

Router#

Router#

I still have the static route in the routers routing table, even though the route is really worthless for 2 reasons:

1.) the network is unreachable because it doesnt exist.

2.) Even if it did on a device outside the directly connected switch, the switch has proxy arp disabled.

Victor

lamav Sat, 05/02/2009 - 07:01

Armin:

This is what we are talking about with regard to proxy arp.

Set up:

1.) router has a static route for 99.99.99.99 pointing to the LAN interface.

2.) router is also running eigrp and would have the eigrp-learned route for 99.99.99.99 in the routing table if the static wawerent snt there.

3.) the next hop switch interface has proxy arp DISABLED.

WHen I try to PING 99.99.99.99, because the router will use the static route, which points to the LAN interface that is conected to the switch, it will send out an ARP request for 99.99.99.99, but the switch will not respond. So the PINGS fail.

Router#sh ip eigrp topo 99.99.99.99/32

IP-EIGRP (AS 10): Topology entry for 99.99.99.99/32

State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295

Routing Descriptor Blocks:

192.168.5.2 (FastEthernet0/0), from 192.168.5.2, Send flag is 0x0

Composite metric is (158720/156160), Route is Internal

Vector metric:

Minimum bandwidth is 100000 Kbit

Total delay is 5200 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 2

Router#sh ip ro 99.99.99.99

Routing entry for 99.99.99.99/32

Known via "static", distance 1, metric 0 (connected)

Routing Descriptor Blocks:

* directly connected, via FastEthernet0/0

Route metric is 0, traffic share count is 1

Router#

Router#

Router#

Router#ping 99.99.99.99

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 99.99.99.99, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Router#debug arp

ARP packet debugging is on

Router#term mon

% Console already monitors

Router#

Router#

Router#ping 99.99.99.99

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 99.99.99.99, timeout is 2 seconds:

*Mar 1 01:09:27.335: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,

dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.

*Mar 1 01:09:29.331: IP ARP throttled out the ARP Request for 99.99.99.99.

*Mar 1 01:09:31.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,

dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.

*Mar 1 01:09:33.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,

dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.

*Mar 1 01:09:35.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,

dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.

Success rate is 0 percent (0/5)

Router#

HTH

Victor

Giuseppe Larosa Sat, 05/02/2009 - 14:27

Hello Victor,

"we believe in running code"

rated :)

Armin:

my guess this time was simply wrong.

There is some other reason why your router is not installing that host static route.

For example:

is that interface in global routing table or under a VRF ?

in latter case it is not seen as interface in global routing table.

if you like you can post the relevant parts of your configuration using the attach file option.

For safety mask all public ip addresses and remove username .. passwords.

Hope to help

Giuseppe

Hi,

my case is a little more complex than I wanted to get into here, especially if i thought i had solved the problem myself.

Basically the topo is as following. We have one big ethernet network or bb that connects all the routers in one vlan. They all speak ospf on this lan. Also there is a second lan running in parallel on a second pair of fiber and is usually three or more switches connected together via fiber and two routers are on the end of these lans.

router1 -> switch1->switch2->switch3->router2

Now the problem here is that when the fiber breaks between switch2 and switch3 the routers wont know anything about it and probably end up blackholing the traffic behind those switches. Needless to say routers are using HSRP on this lan. So to avoid this blackhole we use tracking of availability from both routers to those switches.

the config is

interface GigabitEthernet0/1/0.225

description Metsak_Switchid

encapsulation dot1Q 225

ip address 172.20.240.19 255.255.255.240

no ip redirects

no ip unreachables

standby 2 ip 172.20.240.17

standby 2 priority 110

standby 2 preempt

standby 2 authentication md5 key-string 7 XXX

standby 2 track FastEthernet0/0 80

ip route 172.20.240.16 255.255.255.248 GigabitEthernet0/1/0.225 tag 98 track 2

ip route 172.20.240.24 255.255.255.248 GigabitEthernet0/1/0.225 tag 98 track 2

router ospf 1

router-id 172.20.254.14

log-adjacency-changes

area 0 authentication message-digest

redistribute static subnets route-map AJ-IP

passive-interface Loopback0

network 172.20.0.0 0.0.0.255 area 0

network 172.20.254.14 0.0.0.0 area 0

route-map AJ-IP permit 10

match tag 98

set metric 100

!

route-map AJ-IP permit 20

match tag 99

set metric 200

so whoever is the HSRP master in this lan gets shorter metric and this way everything flows symmetrically.

Now notice that the static route with the track is with /29 mask instead of /28 as on the interface. That is so because OSPF will not redistribute route that is not the "best" route. What I want is that OSPF would withdraw the route if the track goes down. This works nicely. It withdraws it but the problem is that the other router that still has reachability to this tracked network announces it with /29 mask and therefore considered to be the best on the router that withdrawed the route. That results in blackholing the tracker route on the previous master router even if the connectivity comes back. I hope i made it understandable.

Actions

This Discussion