Routing Question

[ddutton44]

I have two questions regarding routing on a core switch.

I am looking at a configuration and I see several entries like this:

ip route 10.1.17.0 255.255.255.255 10.1.1.4

Is this a valid routing statement? I dont think it is but I need verification from the experts.

Also, can you route the same subnets to two different next hops?

i.e.

10.1.17.1 255.255.255.0 10.1.1.4
10.1.17.1 255.255.255.0 10.1.1.5

I think I know but I want a second opinion (s).

Thanks

 

[jeter]

ip route 10.1.17.0 255.255.255.255 10.1.1.4 this is odd.

I would have done it like this

ip route 10.1.17.0 255.255.255.0 10.1.1.4

ip route 10.1.17.0 255.255.255.0 10.1.1.5 5

the second route has a higher metric set to 5

The question is. What are you trying to do?

If we knew that, we could be more specific....






Spc NVARNG
Tek-TIP Member 19,650

 

[ddutton44]

Thanks. I agree with you since .0 and 255 are not usable addresses. I saw this in our config and was scratching my head.

We have two firewalls in our network. One that goes from the core to our main firewall and dmz and the other goes to our internal firewall that our VPN concentrator is attached.

I added the second route and wanted it to have a higher priority so your suggestion works perfect in this scenario.

Thanks again.

 

[burtsbees]

You can have a 255.255.255.255 as a host, but 10.1.17.0 would not work.

Burt

 

[jneiberger]

10.1.17.0 is absolutely usable. It just depends on the mask. It would not be a valid host if you're using a /24 mask, but change that to a /23 or smaller subnet mask and it's perfectly valid, in which case a host route (/32) might be needed for some reason.

That routing statement is valid and useful as long as the subnet mask for that network is /23 or shorter.

 

[ddutton44]

Thanks a bunch for the replies. The line on our core switch was definitely setup as a 255.255.255.255 address which as I have seen by the posts would make it an invalid mask for that route.

I see several of these entries on the sh ip route result and I wasnt sure if this was a mistake or if there was some mitigating reason why that was setup. I use that mask for individual addresses and certainly not .0 for routing purposes. I wanted to make sure there was not a reason to use a .0 /32 mask.

Thanks all.

Dan

 

[jneiberger]

No, it's not an invalid mask! Please read what I posted. It is a valid route as long as the subnet it refers to is /23 or shorter. This is a perfectly valid host route depending on the size of the subnet that 10.1.17.0 belongs to.

 

[BuckWeet]

Dan,

It is possible to use 10.1.17.0/32 as an IP if you have subnet zero enabled (which it is by default on newer IOS) if you were to ping that IP does anything respond?

In reading your post I don't see any possible use for that route in the manner it was deployed unless that IP is being used as a loopback address.

BuckWeet

 

[jneiberger]

IP subnet-zero doesn't even come into play here, really. That allows you to subnet a supernet and then use the subnet that has an all-zero mask. That isn't the case here. In this case, the last octet just happens to be zero, which is no big deal if the subnet mask for that network is a /23 or shorter. It's perfectly valid. It just looks weird.

 

[burtsbees]

Sorry guys---that is true. I was going on that it was a /24, by reading the second post by jeter.

Burt

 

[BuckWeet]

ip route 10.1.17.0 255.255.255.255 10.1.1.4"

That is a host route.. The fact that you're talking about it only working with a /23 or shorter is partly true. As its a host route /32 mask it is perfectly valid to use. However as we know it's just uncommon to use this as an active host IP in a network.

I would just advise for him to see where the route ultimately ends up.. If nothing is using it, it can probably be removed. I would also verify that there isn't some kind of NMS system looking for that route for be in the table.


BuckWeet

 

[jneiberger]

Yes, I know it's a host route. That's partially my point. But it's only valid and useful if that host resides on a network with a subnet mask /23 or less. If this were a /24 subnet, that host route would not be valid.

 

[burtsbees]

Buckweet---if it were being a host, then that host, ending with .0, would only be a host and not a wire address if it were part of a /23 or lower subnet. If the mask were 24 bits or higher, it would be a wire address every time.

Burt

 

[ddutton44]

Thanks everyone. Thats the reason I posted this item because initially my instinct told me that it was not a valid address but in fact (based on this discussion) there are some valid points using the .0 in the fourth Octet. I guess the main thing is to a. ping the address and b. verify that it is a "good" route. In practice, I probably would not have put that in for a routing statement unless there was a specific reason to do so. That seems to be the way in the networking world and as I am still a novice in many ways, I certainly appreciate everyones thoughts. It adds to my database of networking knowledge.

Dan