From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb

OECG – Chapter 11

724 Words. Plan about 5 minute(s) to read this.

Ah, our old friend the default route – the catch-all, the safety net. He’s the guy that says “If you don’t know where else to forward this packet, forward it here.” If all else fails, the default route has you covered. For a concept that seems so simple, there are considerations when using a default route. Not that the book mentions it, but security is one. In a highly secure network, do you really want your router forwarding traffic for which it has no specific route? You might think, “Sure, I want my core router to forward all the packets it doesn’t know about to my Internet firewall/router.” Really? Are you sure about that? Are you sure you want everyone in your company to have direct Internet access? More to the point, do you want every PC, laptop, IP phone and wireless handheld device that’s contracted a virus to have direct Internet access? Hmm…thought-provoking isn’t it? I can tell you from experience that one outbreak of a bot bringing down your core, and you’ll have web proxies on order the next day. Sometimes anti-virus just isn’t good enough. And if your corporate environment requires 5 nines uptime and/or you service hundreds or thousands of customers in real-time with your network, direct Internet access is something that other networks have, and you won’t, because you’re smarter than that. And you like to sleep at night.

So back to the book. The default route is listed as the “gateway of last resort”. You can advertise this default route in 5 different ways…you don’t actually put a static default route on every individual router in your network…because that would be silly!

  • Normal route redistribution from one protocol to another is one way, but not the chief method we’re interested in at the moment, since route redistribution was discussed earlier in this chapter.
  • You can use a static route to, with the “redistribute static” command. Works for RIP & EIGRP.
    • The static default route and redistribute static command have to be on the same router. (Duh. You can you redistribute a static route on a *different* router?)
    • There’s a metric for this route, just like any other. You can set it, or allow it to default.
    • You can determine to redistribute this via a route-map if you like.
    • As with any redistribution, EIGRP will consider this an external route with an AD of 170.
    • You can’t do this with OSPF.
  • You can use the “default-information originate” command. Works for RIP & OSPF.
    • This is really an OSPF-targetted command; it doesn’t work with EIGRP.
    • This command will redistribute any default route in the routing table, whether it’s static or learned via some other protocol.
    • You can add the keyword “always” to the end of the command, which means OSPF will advertise a route from that router, whether there’s one to redistribute or not.
    • With RIP, this command behaves similarly, with the notable difference that if there’s a static route in the local routing table, RIP won’t advertise this via the default-information originate. Rather, RIP wants you to “redistribute static”.
  • You can use the “ip default-network” command. Works for RIP & EIGRP. This command allows you to inject default routes under the following conditions and remembering these considerations:
    • The syntax is “ip default-network net-number”, where “net-number” is some classful network number.
    • The classful network must be in the router’s local routing table, the specific method not of concern.
    • If using EIGRP, the classful network must be advertised from that router into the EIGRP AS, however you like.
    • You can’t use this command with OSPF.
    • RIP will inject a route.
    • Contrary to what you might expect, EIGRP will not inject a route. Rather, EIGRP will flag a route to the classful network as a “candidate default” route. You don’t actually see in the remote routing table. Rather you see a classful route with an * next to it, because it’s considered a candidate to act as the default route.
  • You can use a summary route (the biggest summary of all). Works for EIGRP.
    • NOT recommended by Cisco. Remember that when you summarize routes, the summarizing router will create a local route that points the summary to Null0 – the place where packets go to die.
    • You can make it work, but you need to pay attention to your administrative distances.

Ethan Banks writes & podcasts about IT, new media, and personal tech.
about | subscribe | @ecbanks