Discard Routes and Avoiding Routing Loops CCNA/CCNP Rick Graziani Cabrillo College
Cisco IP Routing by Alex Zinin Addison-Wesley Pub Co ISBN: 0201604736 This book is highly recommended for instructors and CCNP students. Special thanks to the author, Alex Zinin, for his help. Rick Graziani graziani@cabrillo.edu
Topics Situation: Normal Link Down Solution #1 – no ip classless Solution #2 – discard route What about packets destined for 192.168.1.0/24? Final Notes Rick Graziani graziani@cabrillo.edu
Scenario Rick Graziani graziani@cabrillo.edu
Scenario Customer Network is running a dynamic routing protocol. All subnets within the 172.16.0.0 network are contained in this “Customer Network.” (There are no discontiguous 172.16.0.0 subnets via ISP.) Remote Office has 172.16.4.0/24 and 192.168.1.0/24 networks. All default traffic is sent to ISP, via 0.0.0.0/0 default route on RTA that is propagated to RTB and RTC. ISP has static routes pointing to RTA for 172.16.0.0/16 and 192.168.1.0/24 networks. Rick Graziani graziani@cabrillo.edu
Situation Normal Situation: Normal As long as all the networks are up, everything should work fine. Actually, we will see later that even when all of our links are up, there could be a problem. Rick Graziani graziani@cabrillo.edu
Link Down X Link down What would happen if our link between RTB and RTC failed? Obviously, the Remote Office networks would be cut-off from the Central Office. After the routing tables are updated, where would RTA or RTB send packets with the destination IP address 172.16.4.10? Rick Graziani graziani@cabrillo.edu
Link Down X After the routing tables are updated, where would RTA or RTB send packets with the destination IP address 172.16.4.10? If the router is running “ip classless,” it will forward the packet using the default route. (For information on the ip classless command, see the presentation on Routing Table Structure.) These packets will eventually be sent from RTA to ISP. Now what will the ISP router do with these packets for 172.16.4.1? Rick Graziani graziani@cabrillo.edu
Link Down X Now what will the ISP router do with these packets for 172.16.4.10? Since it has a route for this network pointing back to RTA, it will send it back to RTA. This is known as a “blackhole” in the network. Now we have a routing loop! Theses packets will eventually be dropped when the TTL (Time-to-live) field, in the IP headers, is decremented to 0. Is there a solution? Rick Graziani graziani@cabrillo.edu
Link down – Solution #1: no ip classless One solution could be to change from classless routing behavior to classful routing behavior using the command: “no ip classless” on RTA and RTB. The affect of this modification is: The router would search its routing table for a best-match for 172.16.4.10. The router would find the “parent network,” 172.16.0.0, and search the known subnets, “child routes,” 172.16.1.0/24 and 172.16.2.0/24, but would not find the route 172.16.4.0/24. The affect of the “no ip classless” command makes the router drop any packets within the 172.16.0.0 network where there is no known subnet, but there is a parent network. (In this case 172.16.4.0/24 is not known.) With the “no ip classless” command, the router does not use any supernet or default route when the there is at least one known subnet. The packets for 172.16.4.10 would be dropped by RTA and RTB. Rick Graziani graziani@cabrillo.edu
Link down – Solution #1: no ip classless Although this is a remedy, this method cannot always be used. We will see that this does not solve the problem for packets destined for 192.168.1.0/24 when this link is down. In some situations you may need to have classless routing enabled (ip classless): May have discontiguous subnets and relying on default routing to reach them. May be using route summarization and relying on supernet routes to reach those specific destinations. In any case, modifying the route look-up process with “no ip classless” is not an ideal solution when you are only trying to solve a specific problem, as this might have other affects on the routing behavior in your network that you did not foresee. Rick Graziani graziani@cabrillo.edu
Link down – Solution #2: Discard Route X Link down – Solution #2: Discard Route A more elegant and scalable solution is to use a discard route. A discard route is a route that sends packets to null0, the “bit-bucket,” when they do not have a route in the routing table and you do not want them to be sent using the default route. Discard Route on RTA: ip route 172.16.0.0 255.255.0.0 null0 This would cause RTA to drop all packets for subnets in the 172.16.0.0 network, that do not have a specific route in the routing table. Using our failed route example and still using classless routing (ip classless), any 172.16.0.0 packets not matching 172.16.1.0/24 or 172.16.2.0/24, would be routed to null0, using the discard route. Rick Graziani graziani@cabrillo.edu
Link down – Solution #2: Discard Route X Discard Route on RTA: ip route 172.16.0.0 255.255.0.0 null0 Remember when we said earlier, that even when all of our links are up, there could still be a problem. Well, this also fixes any blackholing of traffic we might have for packets that are sent to 172.16.0.0/16 subnets that do not exist, for example, any packets incorrectly sent to 172.30.5.0/24 subnet. (This is even the case when all the links are up.) RTA’s discard route will drop these packets as well! Rick Graziani graziani@cabrillo.edu
Discard Routes X What about packets destined for 192.168.1.0/24? In this case, the “no ip classless” command would not help, as this is not a subnet of a parent network in the routing tables of RTA or RTB. This route would be removed from the routing tables of RTA and RTB and all packets would be sent to ISP. Again, the ISP would send those packets back to RTA, causing another blackhole. Rick Graziani graziani@cabrillo.edu
Discard Routes X What about packets destined for 192.168.1.0/24? In many cases your networks can be summarized within a single supernet. In these cases, your discard route should cover the entire range of your network, without including those routes outside your network. “The discard route should cover all destinations in the central and remote offices, but on the other hand should be as specific as possible to prevent blackholing of traffic going to other subnets of the same summary.” Alex Zinin, Cisco IP Routing Rick Graziani graziani@cabrillo.edu
Discard Routes X What about packets destined for 192.168.1.0/24? (Continued) However, in this case the there are networks between 172.16.0.0/16 and 192.168.1.0/24, so a single discard route will not work. What about adding a second discard route on RTA? 2nd Discard Route: ip route 192.168.1.0 255.255.255.0 null0 Unfortunately, this would cause RTA to drop all packets for 192.168.1.0/24 whether the link was up or not, because this static route would replace any dynamic route for this network in the routing table. (Lower administrative distance) Rick Graziani graziani@cabrillo.edu
Discard Routes X What about packets destined for 192.168.1.0/24? (Continued) What about modifying the administrative distance? 2nd Discard Route: ip route 192.168.1.0 255.255.255.0 null0 200 Now, this route would only enter the routing table for RTA, when the dynamic route to 192.168.1.0/24 is deleted. Rick Graziani graziani@cabrillo.edu
Discard Routes ip route 172.16.0.0 255.255.0.0 null0 So, to protect our network from blackholing traffic for routes that are in our network but no longer reachable (172.16.4.0/24 and 192.168.1.0/24 examples), or for routes (subnets) that our ISP is routing back to us (172.16.5.0/24 example), discard routes can be used. This also is independent of the ip classless or no ip classless configuration. RTA discard routes: ip route 172.16.0.0 255.255.0.0 null0 ip route 192.168.1.0 255.255.255.0 null0 200 Rick Graziani graziani@cabrillo.edu
Discard Routes Final Notes Discard routes can be especially useful for networks that use static routes instead of dynamic routing, in order to prevent routing loops. “Configuring discard routes is the only way to prevent routing loops when several major networks are summarized into a supernet.” Alex Zinin, Cisco IP Routing For examples of these and other scenarios, read Cisco IP Routing, by Alex Zinin. For more information on the affect of the “ip classless” and “no ip classless” commands, read my presentation on “The Routing Table -Structure, Lookups, and the ip classless command.” Rick Graziani graziani@cabrillo.edu
Cisco IP Routing by Alex Zinin Addison-Wesley Pub Co ISBN: 0201604736 Looking for more? This is the book to get! Rick Graziani graziani@cabrillo.edu
Questions? Instructors: If you have any questions or comments, or if you find any mistakes in this presentation, please contact me: Rick Graziani graziani@cabrillo.cc.ca.us www.cabrillo.cc.ca.us/~rgraziani Rick Graziani graziani@cabrillo.edu