Configuring and Using Floating Static Routes

Sometimes it becomes necessary to build static backup routes, where a dynamically learned route is preferred, and the static route is only used if the dynamic route is lost. Common applications of this would be a WAN with a VPN backup, and Dial on Demand Routing (DDR). The route to a remote location is normally learned over the WAN by a routing protocol, but should be routed out an interface configured for VPN if the WAN connection is lost.

Since the default administrative distance of static routes makes them preferred over any routes learned by dynamic protocols, this normally would not work. The router would prefer the route to the VPN all the time.

There are a couple ways around this. One would be to use a less specific route, such as a default route, which would only be preferred if the more specific routes are lost, but this is not always workable. If both internet and VPN traffic should take the same route, often the default route could be used, since the more specific dynamic routes would be preferred if available.

The other option, and the one we will look at here, is a so-called floating static route. Floating static routes are like regular static routes, except that the administrative distance has been manually changed. Since this allows for the static route having a higher administrative distance than the dynamic routes, so they will not be used if there is a dynamic route available.

In the following, we are learning the route to 172.16.2.0/24 from OSPF, pointed to 192.168.12.3. After adding the static route with an administrative distance of 254, we are still routing via OSPF. Then we lose our OSPF neighbor, and the static route takes over, with an Administrative distance of 254.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 254
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
O       172.16.2.0 [110/11] via 192.168.12.3, 00:00:12, FastEthernet0/1
R1(config)#
*Mar  3 05:13:25.666: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.12.3 on 
FastEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
R1(config)#
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
S       172.16.2.0 [254/0] via 192.168.13.3
R1(config)#

While Administrative distances go up to 255, a route with an AD of 255 will not be installed in the routing table, so 254 is effectively the highest you can use. Note that the route is no longer installed in the routing table after having the AD changed to 255.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 255
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Loopback0
R1(config)#

Any administrative distance can be assigned to a static route, but to work as a floating static route, it needs to have an AD between the AD of the routing protocol +1 and 254, inclusive. If it is below the routing protocol it will be preferred, rather than floating, 255 is not used. Below the route is added with an AD of 111, which makes it less preferred than OSPF, but it would be preferred over a RIP route with an AD of 120. If you find yourself needing to do this, it’s probably time to redesign your network, but it is possible.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 111
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
S       172.16.2.0 [111/0] via 192.168.13.3
R1(config)#
*Mar  3 05:19:23.042: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.12.3 on 
FastEthernet0/1 from LOADING to FULL, Loading Done
R1(config)#
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
O       172.16.2.0 [110/11] via 192.168.12.3, 00:02:56, FastEthernet0/1
R1(config)#

Summary.

Floating static allows an administrator to define a static backup route by manipulating the Administrative Distance. Without manipulating the AD, static routes are preferred over any dynamic protocol. The AD needs to be set somewhere between one more than the routing protocol and 254, since routes with an AD of 255 will not get installed in the routing table. While you can set it at a lower number, floating statics normally use 254, which leads to more predictable behavior, and is more likely to be understood if someone else needs to work on the network.

Further Reading:

Sample Configuration: Using Floating Static Routes and Dial-on-Demand Routing – Cisco.com
CCENT/CCNA ICND1 100-105 Official Cert Guide (affiliate link)
Routing TCP/IP Volume 1, Chapter 3. (affiliate link)

Initial Configuration of IOS Devices

In this post we will take a look at the initial configuration that should be performed on a new device before the actual network configuration is performed.

Most Cisco IOS devices come from the factory with a very basic default configuration, and require configuration before the are deployed. The majority come with no IP addresses, and routers even have all their interfaces shut down by default.

To begin the configuration, the first step is to console into the device, using either a serial port and the Cisco rollover serial cable, or the mini USB port on the newer devices. Console settings should be 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. You need terminal emulation software, such as PuTTY or SecureCRT.

Continue reading

Practical OSI Layers – Part 2

In the previous post, we took a look at the basics of the OSI and TCP/IP model layers. In this post we are going to take a closer look at end to end routing of a packet, and the interaction between layers 2 and 3 as a packet is passed between routers to it’s ultimate destination. The following is the general process to route between endpoints. Some operating systems may behave a little different that described, but this is the general process.

This post will use this network, with a telnet session from R1 to R3. R1 is connected to R2 via a serial link running PPP, and R2 is connected to R3 via an Ethernet segment. Continue reading

Default routing options

There are a number of different ways you can implement a default route in IOS. The method you choose depends on the circumstances (routing protocol used, equipment being configured, etc.) and your design goals (such as static vs. dynamic routing.)

ip default-gateway

The ip default-gateway command only works on a device not running IP routing. The most common uses of this command are L2 switches and access points, although it could theoretically be used on something like a voice gateway with only one connection, and the no ip routing command configured. Frankly, I cannot think of any advantage or doing this over a static route. Continue reading