Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 7k installs static routes to route table even if connected interface present?

I have a Nexus 7k with a load balancer connected on trunks. The trunk to the outside port of the lb carries vlan 223 and the inside carries vlan 224. The Nexus has layer 3 SVI's for both vlan223 and vlan224. The lb has IP's for both vlans also.

interface Vlan223

  ip address 10.1.223.3/24

  hsrp 223

    ip 10.1.223.1

interface Vlan224

  ip address 10.1.224.5/24

  hsrp 224

    ip 10.1.224.1

My coworker put a static route in the Nexus 7k for the vlan224 subnet to go to the IP address on the load balancer:

ip route 10.1.224.0/24 10.1.223.254

And now the route table shows the static route is installed instead of the connected interface.

10.1.224.0/24, ubest/mbest: 1/0

    *via 10.1.223.254, [1/0], 21w0d, static

How is this possible? Why is the static route installed in the route table when a connected interface is present? I'm asking because I have to recreate this at a disaster recovery location that uses a 6509 instead of a Nexus 7k, and when I add a static route to the 6509, it doesn't get added to the route table--just the connected interface does.

Any help is greatly appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Nexus 7k installs static routes to route table even if conne

Stephen

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

I can't answer the specific question about the Nexus behaviour but i would agree with what you say above.  if the load balancer is routing between subnets which it obviously is otherwise it wouldn't have different IP subnets on each interface then i wouldn't have thought there should be an SVI for the inside subnet on the L3 switch.

Whether or not having an SVI for the inside subnet would be problematic depends on the VIPs you are using on the load balancer ie. if the VIPs are from the outside subnet then it should still be routed correctly to the outside interface.

And as long as the inside servers are using the load balancer as their default gateway traffic should go back through it. Obviously you don't want the default gateway to be the SVI on the L3 switch otherwise return traffic would route around the load balancer.

That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets.

I should say i have not done much work with the ACE module so it may act differently but i did do a fair bit with it's predecessor, the CSM (or more specifically the CSM-S).

Is there a reason you had to add that route to the Nexus ie. was it not working properly, were the VIPs not in the outside subnet etc. ?

Jon

4 REPLIES
VIP Super Bronze

Nexus 7k installs static routes to route table even if connected

I am curious why you are adding a static route for a connected interface?  Both vlans as you noted are already on the 7k, so what is the static route for?

HTH

New Member

Nexus 7k installs static routes to route table even if connected

The idea is to force the traffic destined for the "inside" of the load balancer through the "outside" interface. I don't understand why it's working though. A connected interface should have an administrative distance of zero and be preferred over a static route with an administrative distance of 1.

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

Hall of Fame Super Blue

Re: Nexus 7k installs static routes to route table even if conne

Stephen

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

I can't answer the specific question about the Nexus behaviour but i would agree with what you say above.  if the load balancer is routing between subnets which it obviously is otherwise it wouldn't have different IP subnets on each interface then i wouldn't have thought there should be an SVI for the inside subnet on the L3 switch.

Whether or not having an SVI for the inside subnet would be problematic depends on the VIPs you are using on the load balancer ie. if the VIPs are from the outside subnet then it should still be routed correctly to the outside interface.

And as long as the inside servers are using the load balancer as their default gateway traffic should go back through it. Obviously you don't want the default gateway to be the SVI on the L3 switch otherwise return traffic would route around the load balancer.

That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets.

I should say i have not done much work with the ACE module so it may act differently but i did do a fair bit with it's predecessor, the CSM (or more specifically the CSM-S).

Is there a reason you had to add that route to the Nexus ie. was it not working properly, were the VIPs not in the outside subnet etc. ?

Jon

New Member

Re: Nexus 7k installs static routes to route table even if conne

"That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets."

That got me to thinking and was able to find the problem. The L3 interface on the switch in production is admin down, so that's why the static route was installed in the route table. When I shutdown the L3 interface on the DR side, everything worked because the static route sent the traffic to the load balancer as expected. You're right, there was no need for a L3 SVI for the inside vlan on the switch. Thanks!

466
Views
0
Helpful
4
Replies
CreatePlease login to create content