understand routed traffic on switch

[fsck]

I'm trying to understand how switches route traffic in the enterprise.  I know you have the router on a stick method, but I think that's when you have a router + switch.  I'm trying to figure out how the 6509 for example routes the traffic.  I have connected to a test network and I see that they have the following configuration.

Code Select Expand

ip default-gateway 192.168.1.2
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.10.0 255.255.255.0 vlan10
ip route 192.168.11.0 255.255.255.0 vlan11

So the 6509 is the 192.168.1.2 address, and the router is the 192.168.1.1 address followed by a couple VLANs.

So am I correct when saying all the VLANs have static routes and the 0.0.0.0 0.0.0.0 192.168.10.1 routes all traffic to the router which is the gateway?

[Reggle]

For starters, don't specify an interface as a next-hop. Specify an IP address, otherwise the switch will needlessly ARP.
Just give the VLAN interfaces an IP address. They will show up as a connected route in the routing table, just like a physical interface on a router.
And yes, all VLANs will have a defaulte route towards 192.168.1.1 (not 192.168.2.1). Note that a computer in a VLAN must use the IP address of the VLAN interface you configured as a default gateway for the switch to actually route traffic.

[fsck]

For starters, don't specify an interface as a next-hop. Specify an IP address, otherwise the switch will needlessly ARP.

Can you please elaborate on this? This switch has been running like this for awhile so interesting that its actually wrong.  Maybe its not wrong but looks like its not proper. Interesting.  Thanks for the response. I just want to learn it and make sure I understand it correctly.

[fsck]

I'm curious how the switch would ARP needlessly by specifying the interface as next-hop.  Please explain.

[NetworkGroover]

That may not be a great way to learn how switches route traffic in the enterprise, because frankly, it seems like a goofy setup to me.

Generally you only use ip-default gateway on switches that are solely running at L2.  To see that command AND a static default route pointing to the router as a gateway doesn't make a lot of sense.  And you said that 192.168.1.2 resides on the 6509?  Huh?  The switch is pointing to itself?

Ignoring that, I can't say for sure anything about all VLANs, but:

1. Traffic destined for 192.168.10.0/24 will exit VLAN 10
2. Traffic destined for 192.168.20.0/24 will exit VLAN 11
3. Traffic destined anywhere else will take the default route pointing 192.168.1.1

I'm not sure how the ip-default gateway command and that static route interact with each other - I never see them together.  Thinking about it from an OSI model perspective, and the switch transmitting (so top-down) I'd think the default route trumps it...

Check out: https://learningnetwork.cisco.com/thread/25593

However, I can't imagine why you need to do this.  You can just enable IP routing, set up IP addresses on your VLAN SVIs, and the switch will take care of inter-VLAN routing for you.... this seems really odd.

EDIT - Also, it's better to learn show commands to see what the switch is actually doing rather than just looking at configuration.  show ip route may shed some light.

[fsck]

I talked with our senior and he said that's how it's in production too.  I guess it's been like this for awhile and its working so nobody touched it.  I'd like to see this done correctly in test and do it the right way.

Code Select Expand


sh ip route

C    192.168.2.0/24 is directly connected, Vlan20
C    192.168.3.0/24 is directly connected, Vlan30
C    192.168.4.0/24 is directly connected, Vlan40
C    192.168.5.0/24 is directly connected, Vlan50
C    192.168.6.0/24 is directly connected, Vlan60
S*  0.0.0.0/0 [1/0] via 192.168.1.1


So how would you do it?  Am I simply going to remove the ip-default gateway command and just leave the ip route 0.0.0.0 0.0.0.0 192.168.1.1 command?

[NetworkGroover]

I talked with our senior and he said that's how it's in production too.  I guess it's been like this for awhile and its working so nobody touched it.  I'd like to see this done correctly in test and do it the right way.

Code Select Expand


sh ip route

C    192.168.2.0/24 is directly connected, Vlan20
C    192.168.3.0/24 is directly connected, Vlan30
C    192.168.4.0/24 is directly connected, Vlan40
C    192.168.5.0/24 is directly connected, Vlan50
C    192.168.6.0/24 is directly connected, Vlan60
S*  0.0.0.0/0 [1/0] via 192.168.1.1


So how would you do it?  Am I simply going to remove the ip-default gateway command and just leave the ip route 0.0.0.0 0.0.0.0 192.168.1.1 command?

Yep, see, that's why I wanted you to do that command... those static IP route entries you have in configuration are doing absolutely nothing, except for your default route. So actually, traffic destined to those two subnets (192.168.10.0/24 and 192.168.11.0/24) will take your default route.   Yes, you can get rid of your ip-default gateway command.  The fact you have connected routes tells me if you do a show ip interface brief, you will have a VLAN interface in each of those listed VLANs with an assigned IP within those subnets... which tells me you're not running that switch in pure L2.

[fsck]

So basically all traffic(all VLANs) are pointing to 192.168.1.1.  No need really to define each VLAN to the default gateway, unless its a different destination like another router or some server for monitoring or something.  Is that correct?  Not sure why they added all those ip routes, probably thinking they were needed to route the traffic.
Does this mean the switch is still ARPing needlessly?

[fsck]

I talked with our senior and he said that's how it's in production too.  I guess it's been like this for awhile and its working so nobody touched it.  I'd like to see this done correctly in test and do it the right way.

Code Select Expand


sh ip route

C    192.168.2.0/24 is directly connected, Vlan20
C    192.168.3.0/24 is directly connected, Vlan30
C    192.168.4.0/24 is directly connected, Vlan40
C    192.168.5.0/24 is directly connected, Vlan50
C    192.168.6.0/24 is directly connected, Vlan60
S*  0.0.0.0/0 [1/0] via 192.168.1.1


So how would you do it?  Am I simply going to remove the ip-default gateway command and just leave the ip route 0.0.0.0 0.0.0.0 192.168.1.1 command?

Yep, see, that's why I wanted you to do that command... those static IP route entries you have in configuration are doing absolutely nothing, except for your default route. So actually, traffic destined to those two subnets (192.168.10.0/24 and 192.168.11.0/24) will take your default route.   Yes, you can get rid of your ip-default gateway command.  The fact you have connected routes tells me if you do a show ip interface brief, you will have a VLAN interface in each of those listed VLANs with an assigned IP within those subnets... which tells me you're not running that switch in pure L2.

You are absolutely correct. I ran a 'show ip interface brief' and I see them all.  I'm starting to understand this much better now.  Thanks for taking time to explain and walk me through it.

[ChestHair]

I've got an old 3560 like this. A half dozen vlans/svi's acting as the default gateway for each respective subnet, dishing out dhcp for each network, and a trunk port to the router. I don't have a lot of inter-vlan traffic but it's nice that they can all communicate when necessary. I'm trying to remember why I used a trunk since it would already pass traffic. Maybe I didn't want to/couldn't change the default vlan on the soho router. I seem to remember doing it with and without before. Maybe another beer will jog my memory...

Oh, and I'm using just a single ip route  0.0.0.0 0.0.0.0 x.x.x.x as well. No static routing or "default-gateway" here.

[NetworkGroover]

So basically all traffic(all VLANs) are pointing to 192.168.1.1.  No need really to define each VLAN to the default gateway, unless its a different destination like another router or some server for monitoring or something.  Is that correct?  Not sure why they added all those ip routes, probably thinking they were needed to route the traffic.
Does this mean the switch is still ARPing needlessly?

I think you understand this now, but to respond to this post, not ALL traffic is pointing to 192.168.1.1.  Only traffic outside of what's listed in your routing table hits the default route. 

So, if you have traffic destined for 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24, etc. - those will take the specific routes listed in your routing table.  However, traffic destined for anything else... there are no more specific routes, so that traffic will take the default route pointing to 192.168.1.1.

As for ARPing behavior... I'm not sure where that was going, but I don't do a lot of static routing (especially pointing to a VLAN), so hopefully Reggle elaborates.  I can't think of what that means off the top of my head.

[routerdork]

What Reggle was referring to can be found here. Read through the section called "Background Theory"

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/27082-ip-static-routes.html

[NetworkGroover]

What Reggle was referring to can be found here. Read through the section called "Background Theory"

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/27082-ip-static-routes.html

Thanks.

Eesh - holy christ that's ugly.  Why even make the command available?

[SimonV]

The ability to configure a static route was introduced in Cisco IOS® Software Release 10.0.

So what were people doing before version 10 then

[NetworkGroover]

The ability to configure a static route was introduced in Cisco IOS® Software Release 10.0.

So what were people doing before version 10 then

Sneaker-net