[c-nsp] Crypto and CEF
David Barak
thegameiam at yahoo.com
Tue Jun 12 09:22:45 EDT 2007
--- Adrian Chadd <adrian at creative.net.au> wrote:
> On Tue, Jun 12, 2007, Rikard Stemland Skjelsvik
> wrote:
>
> > Actually we route to the LAN in the other end out
> the WAN interface
> > ip route x.x.x.x 255.255.255.192 FastEthernet0
>
> Why do you do this rather than routing to an IP
> address on the other
> end of the WAN interface?
>
> (Why do people do this? Is it in an example
> somewhere that I've
> never seen?)
I first encountered "route to the (sub) interface" in
the context of frame-relay subinterfaces. If there is
another route to that IP address (for instance, a
tie-down route, or something through another carrier),
when the interface goes down, the /30 is pulled from
the table, and the /19 (or whatever) becomes the
active route. The destination could still be
reachable, which could keep monitoring systems from
seeing alarms.
Kludgy, yes, but it did work.
I'm certain there are corner cases where it's a good
idea, but I agree: in general it'd be better to use
connected rather than static routing for a LAN.
-David Barak
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
More information about the cisco-nsp
mailing list