I posted a tweet earlier today that asked this question:
If I shouldn’t use “ip default-network” because it’s classful, then should I redistribute a static default route?
What prompted this question was some work I was doing earlier today in preparation for my CCNA exam. I had a five-site hub-and-spoke network in GNS3 running EIGRP, with lightweight OpenBSD VMs attached behind each router so that I could test end-to-end connectivity (i.e., ping a host behind one router from a host behind another router). This configuration is working fine.
Then I decided I’d take this setup and hide it behind a Vyatta VM performing NAT and see if I could connect it to the rest of my home network. The Vyatta stuff works fine, but now I’m faced with the prospect of configuring this self-contained little environment with a default route that points to the Vyatta. The Vyatta, in turn, points to the physical firewall protecting the home network from the nasty Internet. This configuration doesn’t seem at all too far-fetched from a realistic deployment where an enterprise network would need a default route out to the Internet, presumably through a firewall performing network address translation.
So what’s the best way to do it? I’ve read a couple of articles (older ones, since that’s all that seems to be available) saying that the ip default-network shouldn’t be used because it’s classful. To be honest, I’m not sure I fully understand the behavior of that command anyway, but if I’m not supposed to use that then do I just set a static route and redistribute that into EIGRP for distribution to the rest of the routers?
Sorry, I’m still learning here…
Tags: Cisco, Networking
-
The EIGRP ip-summary-address command on the hub should do what you are looking for:
ip summary-address eigrp 1 0.0.0.0 0.0.0.0
Alternatively, if your spokes only can get back out through the hub, you could configure them as eigrp stub’s and this would also add in a default route to through hub in their routing tables
-
The ip summary-address command on your hub should give you the default route on your spoke routers:
ip summary-address eigrp 1 0.0.0.0 0.0.0.0
Alternatively, if your spoke routers only connect back through your hub, you could configure them as EIGRP stub’s and this would propagate the default route through.
-
Wow. Where to begin?
I am going try to keep this fairly short and say use the:
“ip route 0.0.0.0 0.0.0.0 x.x.x.x” where x.x.x.x is your NAT/Firewall Device
Do this in each router on the same subnet as x.x.x.x then redistribute static…
Or do an “IP summary-address” route for the EIGRP process on the interfaces you want to advertise the “default route”.
Either way you will need the static route to reach the “Internet”.
Take a look here for the exact commands:
http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml#defaultrouting
As far as differences between static, ip default gateway and ip default network take a look here:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml
You could use the “ip default network” command but few people do that.
Now generally in an Enterprise style network you get the default route in your Internet facing router from your ISP (or sometimes the entire Internet routing table). Your internet facing router then *generally* advertises the default route via BGP through a firewall/NAT device to the internal “protected” network. This way if you have several Internet facing routers connecting to different ISPs you can inject multiple default routes from different points into your internal network and allow for failover, load balancing, etc.
Advertising your routes to the Internet and guaranteeing return traffic will come back to the right place/NAT device/Firewall is a different conversation.
Hope this helps.
-
ip default-network is used as a gateway of last resort.
I’d try something like this
ip route 0.0.0.0 0.0.0.0 x.x.x.x (next hop to the internet)
router eigrp 100
redistribute static
default-metric 10000 1 255 1 1500 -
You probably want to do a default-information originate in the eigrp of the router nearest your firewall. Add a default route to that router and it will propagate.
That gets clever with multiple firewalls running ospf or similar – multi-site failoverHope this helps!
-
Background: The ‘ip default-network’ command is legacy and not used in modern networks. It dates back to days before routing (bridging was the default).
To add a default route use:
ip route 0.0.0.0 0.0.0.0 10.1.1.1
would be the most common technique (where 10.1.1.1 is the next hop)
-
In fact, no need for default information originate in eigrp. Eigrp redistributes the default by its self.. You would only need it for rip/ospf/bgp
You just need
Ip route 0.0.0.0 0.0.0.0
then under your eigrp process:
Redistribute staticEasy
-
Hey, great question. Redistributing static routes is never a good idea for obvious reasons. They are difficult to maintain and can often lead to black holed traffic but on the upside they can introduce some stability
With your design however there is no problem with redistruting the default because there is only one way in and out. Have a look at this technote article http://www.defaultroute.co.uk/techguides/files/a7297d4a5204124832942734b3359e0c-6.html Good luck with your studies!
Site Sponsors
8 comments
Comments feed for this article
Trackback link: http://blog.scottlowe.org/2010/08/25/twitter-follow-up-how-to-manage-a-default-route/trackback/