05-02-2009 02:32 AM - edited 03-06-2019 05:30 AM
Hello,
I have a strange problem.
One of my routers seems to prefer OSPF route over /32 static interface route. I have such route configured
ip route 172.20.240.19 255.255.255.255 GigabitEthernet0/1/0.225
but sh ip route 172.20.240.19 shows:
Routing entry for 172.20.240.16/29
Known via "ospf 1", distance 110, metric 200
Tag 99, type extern 2, forward metric 1
Last update from 172.20.0.7 on FastEthernet0/0.215, 00:22:32 ago
Routing Descriptor Blocks:
* 172.20.0.7, from 172.20.254.7, 00:22:32 ago, via FastEthernet0/0.215
Route metric is 200, traffic share count is 1
Route tag 99
What could cause this ?
Is it possible that static routes without concrete next hop are not preferred over shorter prefixes received from OSPF ?
Solved! Go to Solution.
05-02-2009 03:17 AM
Hello Armin,
when you configure a static route specifying a LAN interface as outgoing interface you are relying on proxy-arp on the other routers in the LAN segment.
proxy-arp is the willingness to answer an ARP request for an ip address that is not part of the IP subnet.
if the router cannot find a valid IP next-hop and MAC address it cannot send valid frames out the interface and so it cannot use the static route.
you can check the other routers using
sh ip int typex/y | incr proxy
there is a line that tells you if the proxy ARP is enabled or not.
Hope to help
Giuseppe
05-02-2009 03:17 AM
Hello Armin,
when you configure a static route specifying a LAN interface as outgoing interface you are relying on proxy-arp on the other routers in the LAN segment.
proxy-arp is the willingness to answer an ARP request for an ip address that is not part of the IP subnet.
if the router cannot find a valid IP next-hop and MAC address it cannot send valid frames out the interface and so it cannot use the static route.
you can check the other routers using
sh ip int typex/y | incr proxy
there is a line that tells you if the proxy ARP is enabled or not.
Hope to help
Giuseppe
05-02-2009 03:49 AM
Thanks Giuseppe,
that helped.
05-02-2009 06:12 AM
Giuseppe:
Im not sure I understand what youre saying.
What you say about proxy ARP being turned on and off in the next hop router is true. Having a static route pointing to a LAN interface will rely on proxy arp to deliver packets, but the static route should be in the routing table as long as the interface is up, up.
I have a router connected to a switch. I have a static route on the router pointing to a LAN interface for the 99.99.99.99 network, a network the switch knows nothing about. Proxy arp is disabled on that next hop interface.
Router#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, FastEthernet0/0
99.0.0.0/32 is subnetted, 1 subnets
S 99.9.99.99 is directly connected, FastEthernet0/0
192.168.5.0/30 is subnetted, 1 subnets
C 192.168.5.0 is directly connected, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
S 10.10.10.10 is directly connected, FastEthernet0/0
Router#
Router#
Router#
I still have the static route in the routers routing table, even though the route is really worthless for 2 reasons:
1.) the network is unreachable because it doesnt exist.
2.) Even if it did on a device outside the directly connected switch, the switch has proxy arp disabled.
Victor
05-02-2009 07:01 AM
Armin:
This is what we are talking about with regard to proxy arp.
Set up:
1.) router has a static route for 99.99.99.99 pointing to the LAN interface.
2.) router is also running eigrp and would have the eigrp-learned route for 99.99.99.99 in the routing table if the static wawerent snt there.
3.) the next hop switch interface has proxy arp DISABLED.
WHen I try to PING 99.99.99.99, because the router will use the static route, which points to the LAN interface that is conected to the switch, it will send out an ARP request for 99.99.99.99, but the switch will not respond. So the PINGS fail.
Router#sh ip eigrp topo 99.99.99.99/32
IP-EIGRP (AS 10): Topology entry for 99.99.99.99/32
State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295
Routing Descriptor Blocks:
192.168.5.2 (FastEthernet0/0), from 192.168.5.2, Send flag is 0x0
Composite metric is (158720/156160), Route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 5200 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Router#sh ip ro 99.99.99.99
Routing entry for 99.99.99.99/32
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via FastEthernet0/0
Route metric is 0, traffic share count is 1
Router#
Router#
Router#
Router#ping 99.99.99.99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 99.99.99.99, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router#debug arp
ARP packet debugging is on
Router#term mon
% Console already monitors
Router#
Router#
Router#ping 99.99.99.99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 99.99.99.99, timeout is 2 seconds:
*Mar 1 01:09:27.335: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,
dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.
*Mar 1 01:09:29.331: IP ARP throttled out the ARP Request for 99.99.99.99.
*Mar 1 01:09:31.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,
dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.
*Mar 1 01:09:33.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,
dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.
*Mar 1 01:09:35.331: IP ARP: sent req src 192.168.5.1 0030.94cb.d261,
dst 99.99.99.99 0000.0000.0000 FastEthernet0/0.
Success rate is 0 percent (0/5)
Router#
HTH
Victor
05-02-2009 02:27 PM
Hello Victor,
"we believe in running code"
rated :)
Armin:
my guess this time was simply wrong.
There is some other reason why your router is not installing that host static route.
For example:
is that interface in global routing table or under a VRF ?
in latter case it is not seen as interface in global routing table.
if you like you can post the relevant parts of your configuration using the attach file option.
For safety mask all public ip addresses and remove username .. passwords.
Hope to help
Giuseppe
05-03-2009 12:44 PM
Hi,
my case is a little more complex than I wanted to get into here, especially if i thought i had solved the problem myself.
Basically the topo is as following. We have one big ethernet network or bb that connects all the routers in one vlan. They all speak ospf on this lan. Also there is a second lan running in parallel on a second pair of fiber and is usually three or more switches connected together via fiber and two routers are on the end of these lans.
router1 -> switch1->switch2->switch3->router2
Now the problem here is that when the fiber breaks between switch2 and switch3 the routers wont know anything about it and probably end up blackholing the traffic behind those switches. Needless to say routers are using HSRP on this lan. So to avoid this blackhole we use tracking of availability from both routers to those switches.
the config is
interface GigabitEthernet0/1/0.225
description Metsak_Switchid
encapsulation dot1Q 225
ip address 172.20.240.19 255.255.255.240
no ip redirects
no ip unreachables
standby 2 ip 172.20.240.17
standby 2 priority 110
standby 2 preempt
standby 2 authentication md5 key-string 7 XXX
standby 2 track FastEthernet0/0 80
ip route 172.20.240.16 255.255.255.248 GigabitEthernet0/1/0.225 tag 98 track 2
ip route 172.20.240.24 255.255.255.248 GigabitEthernet0/1/0.225 tag 98 track 2
router ospf 1
router-id 172.20.254.14
log-adjacency-changes
area 0 authentication message-digest
redistribute static subnets route-map AJ-IP
passive-interface Loopback0
network 172.20.0.0 0.0.0.255 area 0
network 172.20.254.14 0.0.0.0 area 0
route-map AJ-IP permit 10
match tag 98
set metric 100
!
route-map AJ-IP permit 20
match tag 99
set metric 200
so whoever is the HSRP master in this lan gets shorter metric and this way everything flows symmetrically.
Now notice that the static route with the track is with /29 mask instead of /28 as on the interface. That is so because OSPF will not redistribute route that is not the "best" route. What I want is that OSPF would withdraw the route if the track goes down. This works nicely. It withdraws it but the problem is that the other router that still has reachability to this tracked network announces it with /29 mask and therefore considered to be the best on the router that withdrawed the route. That results in blackholing the tracker route on the previous master router even if the connectivity comes back. I hope i made it understandable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide