When you create a route summary, the summary is installed in the routing table with a next hop of null0! So when traffic comes along, which used to route via the default route, it now matches against this more specific summary route rather than to 0.0.0.0/0. And because the next hop of the summary is null0, the traffic ends up getting dropped. Not good.
A good solution to this problem is to create more specific routes to any networks affected by this scenario, prior to creating the summary route. Static or dynamic, either way solves the problem since traffic is always routed via the most specific route. Just don't miss any routes, or the traffic will end up in the old bit bucket. This is easier said than done though since how can you know which networks are located beyond the default route, yet missing from the routing table? You can't just do a show ip route to find them. So you either have to already know what all these networks are, or you must manually check configs on all devices living on the other side of your default route link for private range addresses. Any missed private range routes will lead to routing issues since they will no longer be able to fall back to the default route like traffic to a public address would.
Well...there is another option. You could create three broad range static routes pointing to the default gateway for 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. It's a little crude but it works, because the most specific route always wins, and you'll never realistically have a subnet somewhere else that is less specific than these very broad static routes.
Well...there is another option. You could create three broad range static routes pointing to the default gateway for 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. It's a little crude but it works, because the most specific route always wins, and you'll never realistically have a subnet somewhere else that is less specific than these very broad static routes.
The last and probably best solution of course, is to never have the chance of running into this problem in the first place...By summarizing from an early stage vs. as an afterthought :)
No comments:
Post a Comment