7 Replies Latest reply: Dec 6, 2014 10:48 AM by Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+ RSS

    exit interface vs next hop address?

    sabari

      yes what is the difference between exit interface and next hop address?

        • 1. Re: exit interface vs next hop address?
          Ing_Percy

          Hi!

           

          When only an exit interface is specified in an IP route, that makes that the router has to perform only a single lookup is a minor benefit.
          If you use the address of the next hop, you should first check the location of the network address and after may be sent by the corresponding output interface, leading to longer search.
          Note That for the broadcast networks if necessary specify the next hop address. That's because the IP packet is encapsulated in an Ethernet frame with a destination MAC address Ethernet. If the package were to be sent to a next hop router, the destination MAC address is the address of the Ethernet interface of the next hop router. In this case, the Ethernet MAC destination address match the IP address of the next hop

          When only an exit interface is specified in an IP route, that makes that the router has to perform only a single lookup is a minor benefit.

           

          If you use the address of the next hop, you should first check the location of the network address and after may be sent by the corresponding output interface, leading to longer search.

           

          Note That for the broadcast networks if necessary specify the next hop address. That's because the IP packet is encapsulated in an Ethernet frame with a destination MAC address Ethernet. If the package were to be sent to a next hop router, the destination MAC address is the address of the Ethernet interface of the next hop router. In this case, the Ethernet MAC destination address match the IP address of the next hop

          I hope it helps you
          Best regards!
          • 2. Re: exit interface vs next hop address?
            Parvesh

            Exit Interface is: When you specify the a local exit for certain destination. This is somehow not recommended. Certain reasons are there - i.e. ARP overwhelms.

             

            Next hop : You do specify the next hop's ingress ip address which entertains your network.

             

            while in some cases, exit interface may help out on having a change at next hop ip address. In exit interface case, you dont have to worry about the change in ip address at next hop.

            • 3. Re: exit interface vs next hop address?
              vipin

              hi sabari,

               

              i am just complementing what others said.

               

              it is not recommended to use the exit interface for routes. if u apply exit interface, it will behave as if the route is directly connected. it will send proxyARP and build mac address table of remote network which is not good.

               

              vipin

              • 4. Re: exit interface vs next hop address?
                vipin

                Hi Parvesh,

                 

                can you please explain the statement you replied

                 

                while in some cases, exit interface may help out on having a change at next hop ip address. In exit interface case, you dont have to worry about the change in ip address at next hop.

                 

                thanks

                vipin

                • 5. Re: exit interface vs next hop address?
                  Parvesh

                  Sure Vipin,

                   

                  Just consider you have a default route towards ISP and the default route is pointing to an IP address, while changing your ISP will need you to change the next hop ip address, in case.

                   

                  But if you are using exit interface, it leads - no change.

                   

                  -

                  Parvesh

                  • 6. Re: exit interface vs next hop address?
                    sarah

                    If you point a static route to a broadcast interface, the route is inserted into the routing table only when the broadcast interface is up. This configuration is not recommended because when the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface. For example, ip route 0.0.0.0 0.0.0.0 Ethernet0.

                    With this type of configuration, a router performs Address Resolution Protocol (ARP) on the Ethernet for every destination the router finds through the default route because the router considers all of these destinations as directly connected to Ethernet 0.

                    This kind of default route, especially if it is used by a lot of packets to many different destination subnets, can cause high processor utilization and a very large ARP cache (along with attendant memory allocation failures).

                    Specifying a numerical next hop on a directly connected interface prevents the router from performing ARP or each destination address. However, if the interface with the next hop goes down and the numerical next hop is reachable through a recursive route, you should specify both the next hop IP address and the interface through which the next hop should be found. For example, ip route 0.0.0.0 0.0.0.0 Serial 3/3 192.168.20.1.

                    • 7. Re: exit interface vs next hop address?
                      Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+

                      Hi Sabari,

                       

                      Echoing the others, when you point to the exit interface in the default route it would mean that the router would arp for any ip address it would reach via that exit interface, that would consume a lot of cpu and memory resources so would affect the router operations. Please imagine this scenario, router B wants to reach 8.8.8.8 by using the default route pointing to the exit interface f0/1, what would happen is router B would arp for 8.8.8.8 to resolve its mac address before forwarding any traffic, the next hop router A would answer to that arp request received from router B with its mac address (because of the proxy arp on router A), router B then adds that mac address to its arp table associating it to the ip address 8.8.8.8, same concept for any other ip address reachable through the interface f0/1. Instead when pointing the default route to the next hop ip address, router B would arp only the next hop ip address for all those ip address that would be reachable throught that exit interface. Here is a little lab about both scenarios, when using the exit interface and when using the next hop ip address:

                       

                      Topology:

                      Internet <----> (router A) f0/1 <----> f0/1 (router B)

                       

                      Router A IP: 192.168.1.2

                      Router A MAC: aaaa.aaaa.aaaa

                      Router B IP: 192.168.1.1

                      Router B MAC: bbbb.bbbb.bbbb

                       

                       

                      Default route by pointing to the exit interface:

                       

                      Router-B(config)#do sh run | s ip route
                      ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

                       

                       

                      Router-B(config)#do sh ip route | in S

                      S*   0.0.0.0/0 is directly connected, FastEthernet0/1

                       

                       

                      Router-B(config)#do ping 8.8.8.8

                       

                      Type escape sequence to abort.
                      Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

                       

                      IP ARP: creating incomplete entry for IP address: 8.8.8.8 interface FastEthernet0/1
                      IP ARP: sent req src 192.168.1.1 bbbb.bbbb.bbbb,
                                       dst 8.8.8.8 0000.0000.0000 FastEthernet0/1
                      IP ARP: rcvd rep src 8.8.8.8 aaaa.aaaa.aaaa, dst 192.168.1.1 FastEthernet0/1.!!!!
                      Success rate is 80 percent (4/5), round-trip min/avg/max = 68/68/68 ms

                       

                       

                      Router-B(config)#do ping 4.2.2.2

                       

                      Type escape sequence to abort.
                      Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

                       

                      IP ARP: creating incomplete entry for IP address: 4.2.2.2 interface FastEthernet0/1
                      IP ARP: sent req src 192.168.1.1 bbbb.bbbb.bbbb,
                                       dst 4.2.2.2 0000.0000.0000 FastEthernet0/1
                      IP ARP: rcvd rep src 4.2.2.2 aaaa.aaaa.aaaa, dst 192.168.1.1 FastEthernet0/1.!!!!
                      Success rate is 80 percent (4/5), round-trip min/avg/max = 68/68/68 ms

                       

                       

                      Router-B(config)#do sh arp
                      Protocol  Address          Age (min)  Hardware Addr   Type   Interface
                      Internet  8.8.8.8                 1   aaaa.aaaa.aaaa  ARPA   FastEthernet0/1
                      Internet  4.2.2.2                 0   aaaa.aaaa.aaaa  ARPA   FastEthernet0/1

                       

                       

                      Router-B(config)#do sh ip route 0.0.0.0
                      Routing entry for 0.0.0.0/0, supernet
                        Known via "static", distance 1, metric 0 (connected), candidate default path
                        Routing Descriptor Blocks:
                        * directly connected, via FastEthernet0/1
                            Route metric is 0, traffic share count is 1

                       

                       

                      The default route to any is seen as connected.

                       

                       

                      Now I'm going to disable the proxy arp on router A and try again to ping 8.8.8.8 after clearing the arp table on router B:

                       

                      Router-B(config)#do ping 8.8.8.8

                       

                      Type escape sequence to abort.
                      Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

                       

                      IP ARP: sent req src 192.168.1.1 bbbb.bbbb.bbbb,
                                       dst 8.8.8.8 0000.0000.0000 FastEthernet0/1.
                      IP ARP: sent req src 192.168.1.1 bbbb.bbbb.bbbb,
                                       dst 8.8.8.8 0000.0000.0000 FastEthernet0/1.

                       

                       

                      As you can see, no arp replies are received from router A because I disabled the proxy arp on its interface.

                       


                      Router-B(config)#do ping 8.8.8.8

                       

                      Type escape sequence to abort.
                      Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
                      .....
                      Success rate is 0 percent (0/5)

                       

                       

                      In fact all the ping packets are failed, so if you disable the proxy arp on the next hop router (router A) the arping would not be completed anymore and router B would not be able to reach 8.8.8.8.

                       

                       

                       

                      Default route by pointing to the next hop ip address of router A:

                       


                      Router-B(config)#do ping 8.8.8.8

                       

                      Type escape sequence to abort.
                      Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

                       

                      IP ARP: creating incomplete entry for IP address: 192.168.1.2 interface FastEthernet0/1
                      IP ARP: sent req src 192.168.1.1 bbbb.bbbb.bbbb,
                                       dst 192.168.1.2 0000.0000.0000 FastEthernet0/1
                      IP ARP: rcvd rep src 192.168.1.2 aaaa.aaaa.aaaa, dst 192.168.1.1 FastEthernet0/1.!!!!
                      Success rate is 80 percent (4/5), round-trip min/avg/max = 40/41/44 ms

                       

                       

                      As you can see, router B now arps for the ip address of the next hop router A, it is not arping for 8.8.8.8 anymore, because in this case it would not consider the host 8.8.8.8 as directly connected. Even if you ping other ip addresses that are reachable via f0/1 interface, router B would not arp again for them because it has already arped the next hop ip address of router A, and in its arp table it would have only that arp entry.

                       

                       

                      Router-B(config)#do sh arp
                      Protocol  Address          Age (min)  Hardware Addr   Type   Interface
                      Internet  192.168.1.2           1   aaaa.aaaa.aaaa  ARPA   FastEthernet0/1

                       


                      Router-B(config)#do sh ip route 0.0.0.0
                      Routing entry for 0.0.0.0/0, supernet
                        Known via "static", distance 1, metric 0, candidate default path
                        Routing Descriptor Blocks:
                        * 192.168.1.2
                            Route metric is 0, traffic share count is 1

                       

                      The default route to any now is not seen as connected anymore.

                       

                       

                       

                      I hope this would be of help.

                       

                      Regards,

                      Aref