05-08-2014 02:15 AM - edited 03-04-2019 10:56 PM
Hi guys,
I'm sure this has been asked before :) But are there any known issues when using an exit interface in a route statement as opposed to a next hop address?
I have had an issue this morning after a router change whereby some hosts were able to access a web server and some were unable to. My route statement to the web server was pointing to an exit interface and when this was changed to next hop, all users were able to access it. It is very puzzling!
The router is an ASR1001, running 15.4.
Thanks.
05-08-2014 07:14 AM
Hello.
Please provide you configuration with ip route via interface.
Actually it depends on the interface - if it's GRE or PPP or FR p2p interface - that is fine, if it's Ethernet - it's a poor configuration. As router will have to resolve L2 address per destination IP-address it's sending traffic for.
05-08-2014 07:28 AM
Thanks for the reply Vasilii.
To add further context, the circuit is ethernet WAN, but is using tunnels to protect the traffic so the tunnels were being used as the exit interface.
05-08-2014 05:31 PM
I am sure that you added the information hoping that it would help us to understand your situation. But I am still not clear whether you are talking about doing something like
ip route x.x.x.x y.y.y.y Eth0/0
or
ip route x.x.x.x y.y.y.y Tun1 (and if it is Tun1 is this a point to point tunnel or a multipoint tunnel?)
As has been mentioned there are (multiple) issues with a static route which specifies only an exit interface if the interface is multipoint like Ethernet.
HTH
Rick
05-08-2014 11:30 PM
Hi Rick,
It's a point-to-point tunnel, and the route is:
ip route x.x.x.x x.x.x.x. tunX
05-08-2014 11:37 PM
Hello.
If tunX is a p2p interface, then configuration is correct (and best practice).
05-09-2014 12:31 PM
Thanks for the clarification that it is a point to point tunnel and that the route was ip route x.x.x.x x.x.x.x tunX. I do not see a problem with that and am puzzled at your description in the original post that some users had a problem and that the problem was resolved when you changed the static route. Is it possible that there was some kind of problem with the tunnel and that the new version of the static route was not going through that tunnel?
HTH
Rick
05-12-2014 02:09 AM
Thanks Rick.
Yep, it is a puzzler! I was able to verify both the forwarding and reverse path of the route to the web server and there was absolutely no problems.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide