Using Next Hop Versus Exit Interface for Default Route
Resolution
Overview
Static default routes can be configured in two different ways. They can be pointed to take a specific exit interface or a next-hop IP can be used. If you point a static route to an Ethernet interface, the route is inserted into the routing table only when the interface is up. This configuration is not recommended because when the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface.
With this type of configuration, a router performs Address Resolution Protocol (ARP) on the Ethernet for every destination the router finds through the default route because the router considers all of these destinations as directly connected to interface e1/1. This kind of implementation can flood the arp cache with same arp entries for different destinations and eventually lead to arp-related packet drops.
interface ip address hw address port status ttl
-----------------------------------------------------------------------------------
ethernet1/1 4.4.4.4 e4:c7:22:91:a5:c2 ethernet1/1 c 1592
ethernet1/1 8.8.8.8 e4:c7:22:91:a5:c2 ethernet1/1 c 1591
ethernet1/1 10.50.140.53 c8:cb:b8:61:e3:fc ethernet1/1 c 1658
ethernet1/1 23.52.66.106 e4:c7:22:91:a5:c2 ethernet1/1 c 1604
ethernet1/1 23.61.92.204 e4:c7:22:91:a5:c2 ethernet1/1 c 1608
ethernet1/1 31.13.79.128 e4:c7:22:91:a5:c2 ethernet1/1 c 1599
ethernet1/1 46.137.180.155 e4:c7:22:91:a5:c2 ethernet1/1 c 1607
ethernet1/1 54.243.101.130 e4:c7:22:91:a5:c2 ethernet1/1 c 1609
ethernet1/1 74.125.68.188 e4:c7:22:91:a5:c2 ethernet1/1 c 1603
ethernet1/1 74.125.130.84 e4:c7:22:91:a5:c2 ethernet1/1 c 1607
ethernet1/1 74.125.130.95 e4:c7:22:91:a5:c2 ethernet1/1 c 1597
ethernet1/1 74.125.130.99 e4:c7:22:91:a5:c2 ethernet1/1 c 1602
ethernet1/1 74.125.130.100 e4:c7:22:91:a5:c2 ethernet1/1 c 1619
ethernet1/1 74.125.130.103 e4:c7:22:91:a5:c2 ethernet1/1 c 1602
ethernet1/1 74.125.130.104 e4:c7:22:91:a5:c2 ethernet1/1 c 1602
ethernet1/1 74.125.130.113 e4:c7:22:91:a5:c2 ethernet1/1 c 1599
ethernet1/1 74.125.130.132 e4:c7:22:91:a5:c2 ethernet1/1 c 1599
ethernet1/1 74.125.130.138 e4:c7:22:91:a5:c2 ethernet1/1 c 1605
ethernet1/1 74.125.130.139 e4:c7:22:91:a5:c2 ethernet1/1 c 1606
ethernet1/1 74.125.130.155 e4:c7:22:91:a5:c2 ethernet1/1 c 1606
ethernet1/1 74.125.236.110 e4:c7:22:91:a5:c2 ethernet1/1 c 1606
ethernet1/1 74.125.236.120 e4:c7:22:91:a5:c2 ethernet1/1 c 1599
ethernet1/1 74.125.236.199 e4:c7:22:91:a5:c2 ethernet1/1 c 1604
ethernet1/1 74.125.236.205 e4:c7:22:91:a5:c2 ethernet1/1 c 1599
ethernet1/1 74.125.236.208 e4:c7:22:91:a5:c2 ethernet1/1 c 1691
ethernet1/1 74.125.236.215 e4:c7:22:91:a5:c2 ethernet1/1 c 1564
ethernet1/1 74.125.236.217 e4:c7:22:91:a5:c2 ethernet1/1 c 1600
Another method of installing static route is using next-hop IP. Since static routes are recursive in nature this static route should be available in the FIB as long as it has a route to the next-hop. Specifying a next hop on a directly connected interface prevents the firewall from performing ARP on each destination address.
interface ip address hw address port status ttl
--------------------------------------------------------------------------------
ethernet1/1 10.50.140.1 e4:c7:22:91:a5:c2 ethernet1/1 c 1766
> show arp ethernet1/1
maximum of entries supported : 500
default timeout: 1800 seconds
total ARP entries in table : 1
total ARP entries shown : 1
status: s - static, c - complete, e - expiring, i - incomplete
If the network setup has redundant links to reach the next-hop, the best practice is to mention the next-hop along with the exit interface for the floating static routes to work efficiently.
owner: aprasanna