I have a network with static routing enabled. We have remote offices that are connected to the central office via ethernet which is plugged directly into a 6509. There is a WAN VLAN and the port that the ethernet is plugged into is assigned to this VLAN. We have static routes to get to all of our branch offices. The issue I am having is when I try to ping a network that has not been configured in the remote branches, I get a routing loop rather than a timeout. Please let me know how to get rid of this.
Sounds like the destination you are trying to ping is a part of a larger routing table entry.
Can you provide an example ie.
1) sh ip route from the 6509
2) traceroute to looped subnet
The problem you have is that in your routing table you have -
S 172.24.0.0/16 [1/0] via 172.26.0.4
so when you traceroute to 172.24.4.1 then it uses the above entry from your routing table.
If you don't want it to do this you have 2 choices
1) make your static routes more specific ie. only add static routes for the networks that actually exist. This could however get rather tiresome depending on how many networks you have
2) the far more preferable way to do this is to run a dynamic routing protocol between your branch and HQ sites
I would recommend going with option 2.
This was where I was getting at but I would like to have an immediate fix for it. Running a dynamic routing protocol will happen only later.
I have added the ip verify unicast source to get rid of the routing loops but at one location I have a network that is being reached via two different paths. As a result of me adding that command, I am not able to ping or ssh into the devices, even though traffic passes through it. Do you have any other ideas?
Think we might disagree on this one :-), but then it may be because you have a more complicated setup than you have described.
Turning on a dynamic routing protocol such as EIGRP is relatively straightforward and is probably no more complex than having to configure "ip verify unicast ..." on devices. Also if i came to a device configured this way it would not occur to me that you have added this config to avoid a routing loop to be honest.
I totally agree with you but my issue is that I have turned on ip verify.. only on the WAN interface. Its a band aid, not a perfect solution.
"Its a band aid, not a perfect solution."
Agreed, and if you read the vast majority of my posts you'll see that i will always try to fit in with what the poster needs.
It's just that in this case you have added a band aid which kind of works but not totally. So you are now looking to make it even more complex by another band aid.
I can understand your reluctance to just enable a dynamic routing protocol although it would almost certainly work without having band aids.
I'm also slightly confused as to why you are doing this ie. does it really matter that you get routing loop, it will time out when the TTL dies. Most of your clients/servers should not be trying to contact non-existent subnets so routing loop traffic should be minimal.
Not trying to create an argument just trying to give good advice :-)
I totally agree with you on this and I guess I will live with it. Is it possible to reduce the TTL on just a VLAN? Are there any caveats to it? Thanks a lot for your help.
"Is it possible to reduce the TTL on just a VLAN?"
Unfortunately none that i am aware of. Unless you are seeing a large amount of traffic due to these loops i would just live with it as you say, with a view to upgrading to a dynamic routing protocol as soon as possible.
"Thanks a lot for your help."
No problem and appreciate this may not have been exactly what you wanted to hear :-)