Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Default Gateway Exit Interface

Hi All,

Can you explain to me how does default routing out of the exit interface work? for example ip route 0.0.0.0 0.0.0.0 f0/0. I know that if you use the next hop IP address in the default router configuration (ip route 0.0.0.0 0.0.0.0 192.168.1.1), router can resolve the next hop IP to the MAC Address to put in the data link frame as destination. How does router know what to put in data link frame as the destination address if it has no IP address to resolve? How does it work? Thanks a lot

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: Default Gateway Exit Interface

It certainly does allow you to specify an Ethernet interface as the exit in a static route, including a static default route. There are several things that make this a problematic thing to do:

- it means that the router will send an ARP request for EVERY layer 3 destination address, so it is generating lots of traffic.

- it will only be successful in the next hop router has enabled proxy-arp, and increasingly some organizations regard proxy-arp as a security weakness and disable it. This means that now the success of your routing is dependent on something that you may not control.

- if the next hop router does enable proxy-arp then the MAC address gets added to the ARP table which contains ALL of the destination IP addresses to which the router has forwarded, so the ARP table gets very large, consuming memory and CPU cycles to maintain it.

So the best advice is that static routes specifying the exit interface are ok if the exit interface is some point to point link like HDLC, PPP, Frame Relay but otherwise it is much better to specify the nex hop address.

HTH

Rick

22 REPLIES
Hall of Fame Super Gold

Re: Default Gateway Exit Interface

Hi, the data-link destination address never changes. In your example, will be always the mac address for 192.168.1.1.

Re: Default Gateway Exit Interface

Zdrast, Anatoliy!!

If the outgoing interface is multiaccess, it can use the broadcast address.

If it's a point-to-point interface, there doesn't really need to be a laye 2 destination specified since there's only one host at the other end of the link.

In the case of frame relay (where the frames do need a layer 2 value (DLCI) specified), it will use the DLCI that is assigned (via either LMI or static config) to the interface you specified in your ip route statement.

Community Member

Re: Default Gateway Exit Interface

Spasibo! So let me clarify, if you set the default gateway as exit interface, the data link layer will just use broadcast (on multiaccess network) as the destination address instead of resolving next hop IP as in the case if we configured next hop IP as the default gateway?

Hall of Fame Super Gold

Re: Default Gateway Exit Interface

If the outgoing interface is multiaccess, it can use the broadcast address.

Actually that never happens, unless the L3 dst address is subnet bcast, in which case router will use a L2 bcase, or is multicast, in which case router will map to L2 mcast address.

Dasvidania.

Re: Default Gateway Exit Interface

But then wait a minute - that just underlines Anatoliy's question. If it's going out an Ethernet interface, the router's got to put _something_ in the destination address field of the Ethernet frame, doesn't it?

Stolichnaya.

Community Member

Re: Default Gateway Exit Interface

That is exactly what I want to know. What does the router put in the destination address in the frame. We don't have the gateway IP to resolve since we are using the exit interface instead.

Hall of Fame Super Blue

Re: Default Gateway Exit Interface

Well if the route points to an exit interface the router will arp out for every single destination.

On a multi-access network it really isn't a good idea to do this as you may get multiple replies.

As Paolo said the 192.168.1.1 router may well respond with it's own mac-address.

Jon

Community Member

Re: Default Gateway Exit Interface

When you say arp out you mean broadcast?

Hall of Fame Super Blue

Re: Default Gateway Exit Interface

I mean the router sends an arp request to get the mac-address of the next-hop. When it gets a response it can then send the packet.

But it doesn't actually broadcast out the data packet. It uses the arp response to unicast the packet to the next hop.

Jon

Re: Default Gateway Exit Interface

But, what next-hop? Anatoliy's scenario is a gateway-of-last-resort scenario, with an INTERFACE, not a host, specified in the ip route statement.

Community Member

Re: Default Gateway Exit Interface

Exactly, how does the router know where the next hop is? Can somebody explain it to me please, I has been bothering me all day.

Re: Default Gateway Exit Interface

Jon do you mean it well send an arp query on the L3 address that is the packet's FINAL destination? Doesn't that furthermore mean that if the packet's final destination isn't on the same subnet as the default-exit-interface, the packet is blackholed?

'Cause the whole (or at least major) point of having default gateways is for the packet to transit to a place that has (or might have) sturdier routing for it.

Hall of Fame Super Blue

Re: Default Gateway Exit Interface

"Jon do you mean it well send an arp query on the L3 address that is the packet's FINAL destination ?"

Edit - actually yes i do mean that't what it does. See below for proxy-arp details.

It's to do with proxy-arp. If none of the routers accessible from the router interface are running proxy-arp then no router would respond with it's mac-address and the arp would fail.

This is why on a multi-access network like ethernet you should never use the exit interface as the next-hop. You should only do this on P2P links.

Jon

Hall of Fame Super Blue

Re: Default Gateway Exit Interface

Just as an addition. I have never actually tested whether a router will allow you to use an ethernet interface as next-hop. Assume it would and if anoher router is using proxy-arp it would respond but perhaps i should test it sometime :-)

Jon

Community Member

Re: Default Gateway Exit Interface

I tested it today and it does allow you to do that, thats why it is stuck on my brain.

Hall of Fame Super Gold

Re: Default Gateway Exit Interface

As mentioned above, the mac address for next hop.

Hall of Fame Super Gold

Re: Default Gateway Exit Interface

It certainly does allow you to specify an Ethernet interface as the exit in a static route, including a static default route. There are several things that make this a problematic thing to do:

- it means that the router will send an ARP request for EVERY layer 3 destination address, so it is generating lots of traffic.

- it will only be successful in the next hop router has enabled proxy-arp, and increasingly some organizations regard proxy-arp as a security weakness and disable it. This means that now the success of your routing is dependent on something that you may not control.

- if the next hop router does enable proxy-arp then the MAC address gets added to the ARP table which contains ALL of the destination IP addresses to which the router has forwarded, so the ARP table gets very large, consuming memory and CPU cycles to maintain it.

So the best advice is that static routes specifying the exit interface are ok if the exit interface is some point to point link like HDLC, PPP, Frame Relay but otherwise it is much better to specify the nex hop address.

HTH

Rick

Community Member

Re: Default Gateway Exit Interface

So proxy-ARP is how it is possible. In my scenario I had 3 1841s hooked up through the Ethernet interfaces (1841----1841----1841) and one of the edge routers had default gateway set as an interface and it worked fine. So is proxy ARP enabled by default because I didn't enable anything for it to work.

Hall of Fame Super Gold

Re: Default Gateway Exit Interface

Yes proxy-arp is enabled by default in IOS. This means that a static route specifying only the exit interface can work. But note that just because something can be done does not necessarily mean that it should be done.

If you set this up as you describe and if you ping 50 remote addresses you wind up with 50 entries in your arp cache. If you ping 500 remote addresses you wind up with 500 entries in your arp cache. If you ping 5000 remote addresses you wind up with 5000 entries in your arp cache. Give it a test.

Another thing to think about: how long do the entries stay in the arp cache? You might want to test for this also.

HTH

Rick

Community Member

Re: Default Gateway Exit Interface

Thanks Richard! I think it makes more sense now. I am actually not going to use this scenario in production. In production we are using ADSL set up with PPPoE which is a point to point link so setting the default gateway as the interface should be just fine. I wanted to test a few things in the lab so thats why I set up the default gateway on the Ethernet interface.

Hall of Fame Super Gold

Re: Default Gateway Exit Interface

I am glad that it makes more sense now. Some times things work and we do not look closely to see how they work and whether there are implications that we should be aware of in how they work. Setting things up in the lab and testing is a very good way to learn how they really work.

HTH

Rick

Community Member

Re: Default Gateway Exit Interface

One other issue that you may run into. If you have unicast reverse-path forwarding enabled on the egress interface, then setting a static-default route to the interface will fail. I ran into this a while back and it really bugged me...

2369
Views
0
Helpful
22
Replies
CreatePlease to create content