If you’re very old (like me) you’ll likely remember the halcyon days when IP routing was not enabled by default on Cisco routers. Younger gamers may find this hard to believe, which makes it even stranger when I keep bumping into an apparently common misconception about how routers work. Let’s take a look at what I’m beefing about.
No IP Routing?
To put this in context for the younger gamers, it’s worth noting that at the time, a typical “enterprise” might be running IP, but was equally likely to run IPX, AppleTalk, DECnet or some other protocol which may – or may not – support routing. Yes, there was life before the Internet Protocol became ubiquitous. If you’re curious, the command to enable IP routing is, well:
Guess how IPX routing was enabled:
DECnet Phase IV?
decnet [network-number] routing <decnet-address>
Ok, so the pattern isn’t entirely consistent, but it’s close enough. In one way things are much simpler now because routers tend to handle IP (and IPv6) and nothing else. On the other hand there are so many more IP-related features available, I think we should just be grateful that there’s only one underlying protocol to worry about.
Assuming that a router has IP routing enabled by default, here’s my gripe. Consider this simple network topology:
The image shows a router with two connected subnets, each of which connected to a switch with a PC connected to it. The PCs each have an IP address on their respective networks, and a default gateway pointing to the router interface. I’ve used this diagram to ask a variety of simple interview questions over the last ten years or so, and as part of that I’ve asked a number of candidates to consider the scenario where PC-A cannot ping PC-B, and to describe troubleshooting steps that might be taken to determine the cause.
On a number of those occasions, a candidate has said they would check the routing table on R1. When asked to explain what they would be looking for, the candidate explains that perhaps the router didn’t have a route for one side or the other, so they’d check that it had routes. “What kind of routes?” you might ask (and I did). The candidates would then explain that there needed to be either static routing or dynamic routing on the router. Some are hesitant on the dynamic routing part, but all who go down this path explain the need for a static route to each of the attached subnets.
I really struggle to understand this. I have wondered whether it’s something inherited from the linux world, where a
netstat -rn or
route shows the subnet seemingly pointing to an interface, e.g.:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags Iface
10.1.1.0 0.0.0.0 255.255.255.0 U eth0 <---
0.0.0.0 10.1.1.1 0.0.0.0 UG eth0
What’s interesting is that most candidates can also explain how Cisco’s administrative distance (AD) is used, and cite some common values, for example:
AD | Protocol
0 | Connected
1 | Static
The candidates are typically clear that where multiple routes exist for a destination, the route with the lower AD will be selected. They’re also clear that an attached interface counts as “Connected”. The fact that a connected route would override the proposed static route doesn’t seem to process, or at least it does not until the conflict is pointed out at which point it’s like their understanding of the whole world was just turned upside down.
Origins of Confusion?
If this were something presented only by a very occasional candidate, I’d say it was just one of those things, but this misunderstanding has been offered up so many times over the years, I have begun to feel a little bit sorry for the candidates, because clearly somebody is out there spreading misinformation which they unfortunately have accepted in the absence of anything to contradict it.
Part of this problem, I suspect, is book learning. Ask a candidate to state AD values for a list of protocols, and it’s like looking the information up in a mental table, and the answer will be rattled off with confidence. Ask how AD works or what it does, and the candidate can give a textbook definition of administrative distance on Cisco routers. This is what I can probably best define as “book smarts.” We’ve all been there; we had to learn a product or protocol without the ability at that time to be hands on, so we’ve learned all about something in theory, but have never used it in practice.
I’ve been a Grumpy Old Man about this before, and if you go to that post, jump to the heading “Rote Memorization” to get my views on it. Does Feynman’s story sound familiar? This problem is in part due to the way many vendor tests are structured, favoring trivia over actual understanding, and I can’t really blame the candidates for memorizing in this manner when that’s what will let them pass the trivia test.
Nonetheless, for the sake of my sanity, please let’s be clear that a router – with IP routing enabled – will by default route packets between its connected interfaces without help from static or dynamic routes. Yes there are some exceptions I can think of (usually revolving around same-interface routing), but in this simple scenario, this is how it is.
My 0x10 Bits
I really have wondered if there’s a CCENT-type textbook doing the rounds out there which tells the students that they need static routes for connected subnets; it seems strange that so many candidates seem to have had the same bad hallucination about how routers work. Perhaps a disgruntled student created the Free Study Guide equivalent of Monty Python’s Hungarian Phrase Book?
As for the inability to apply what has been learned, it’s possible that this is a result of a lack of practical experience and an excess of test cramming. However, unlike when I was young, optimistic and trying to learn networking, virtualized network devices are now readily available for use, so there’s little excuse for up and coming network engineers not to get some time and experience at the command line.
Or will the next generation only know how to point and click? That’s probably a topic for another rant.