sanity check on route selection

[jimfixit]

say you have this in your route table:

Gateway of last resort is 10.8.1.1 to network 0.0.0.0

137.135.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 137.135.128.0/24 [1/0] via 10.8.1.1
C 137.135.128.0/23 is directly connected, FastEthernet0/0
10.0.0.0/16 is subnetted, 1 subnets
C 10.8.0.0 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 10.8.1.1

Now, say you ping the address 137.135.128.209...where would you expect it to go to find that address?

Don't ask...this is a horrible config. I was called in to solve a problem with why one device can't ping another. The more I dug the more I wanted to sell bannanas instead of fixing networks for a living. This routing table is the tip of the iceberg, the list of "what's wrong with this picture" is so long a life sentence looks good.

By the way, in this instance the ping works but it choses the connected route for 137 and I expected it to select the more specific route (the static route with the 24 bit mask)....

 

[burtsbees]

Connected routes have a metric of 0, static=1, so the connected route. Directly connected are always first, lowest metric.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[leedsit]

Surely admin distance only comes into play when you have two Exact prefixes from two different protocols to be entered into the routing table, these are already in there, Im surpised and cannot figure out why S 137.135.128.0/24 [1/0] via 10.8.1.1 is not used!

Lee

LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[burtsbees]

What about floating static routes? That is how they work.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[leedsit]

Absolutely!!!! as longs as the prefix is the same

If you had

Connected 10.52.1.0 /24
and a static entry 10.52.1.0/25 then the static would not appear unless the connected route disapears

But

Connected 10.52.1.0 /23
and a static 10.52.1.0 /24, both would appear in the routing table.

still confused.



LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[leedsit]

Heres is an example labbed up

Routing table

Gateway of last resort is not set


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.52.0.0/23 is directly connected, GigabitEthernet1/0/1
S 10.52.1.0/24 [1/0] via 192.168.1.2

Switch#show ip route 10.52.0.1
Routing entry for 10.52.0.0/23
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet1/0/1
Route metric is 0, traffic share count is 1

Switch#show ip route 10.52.1.1
Routing entry for 10.52.1.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 192.168.1.2
Route metric is 0, traffic share count is 1

Even though the 10.52.1.1 is covered under the 10.52.0.0 /23 connected route, because 10.52.1.0 is covered also under the more specific /24 static entry that route is chosen.


LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[leedsit]

Sorry the above post should read

Absolutely!!!! as longs as the prefix is the same

If you had

Connected 10.52.1.0 /24
and a static entry 10.52.1.0/24 then the static would not appear unless the connected route disapears

But

Connected 10.52.1.0 /23
and a static 10.52.1.0 /24, both would appear in the routing table.



LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[NetworksMD]

What is the ip address/subnet of FA0/0? If it is in the same subnet of the IP Address you are trying to ping (which I am guessing it is) then when you use a ping command directly on the router it is going to use the arp table or send an arp out on that interface, which I believe is why the ping is going out that interface. Do you see the IP in the arp table?

By the way how do you know the ping is going out that interface, by debug messages or an external sniffer? If you use the extended ping command and specify a different source address what happens?

 

[jimfixit]

Sorry, got interupted for a more important 'crisis du jour' which ended up taking much longer than 'du jour'.

I should have included extended pings in the first note because I did in fact do them.

from the router, if I ping say 137.135.128.255 (yeah, they used that address with an appropriate mask but for no good reason seeing as it's a PRIVATE network internal to their own...)

from 10.8.1.5, which is one connected interface, it pings that address fine. It goes to 10.8.1.1 and right on over. If I source it from 137.135.128.205, it of course does not ping because it wants to send it out it's own connected interface and the device at 137.135.128.255 is not on that network, it's across an MPLS cloud reachable by that 10.8.1.1 network.

The whole thing is stupid. They've pulled pools of TEN network addresses out of that 137 address range for phone devices in each office and NOW they want to route between them. I've told them that they have to either go with static routes or, frankly, go through the pain of cleaning up the mess. These addresses should never have been used, and in anycase should have been divided up better.

Okay, I think I at least get the reason why it choses it's path. I've always known why it can't route, just didnt' know why in some cases it works at all.

 

[burtsbees]

137.135.128.255

23 bit mask?lol

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!