Chapter 17. Cisco Nexus IPv4 Routing Configuration

This chapter covers the following exam topics:

4.1. Describe and configure basic routing concepts

4.1.a. Packet forwarding

4.1.b. Router look-up process (exec mode, exec commands, configuration mode)

This chapter focuses on how to implement or configure IPv4 routing on a Cisco Nexus switch. The chapter begins by exploring two forms of connected routes you often see on a Nexus switch: direct and local.

The final major section then looks at static routes, which let the engineer tell the router what route(s) to add to the router’s IP routing table. The static route section also shows how to configure a static default route that is used when no other route matches an IP packet. Dynamic routing, using the Open Shortest Path First (OSPF) routing protocol, awaits in Chapter 19, “Nexus Routing Protocol Configuration.”

1. Which implementation on a Cisco Nexus switch turns off all Layer 2 protocol functions on an interface?

a. no switchport under the interface configuration mode

b. interface vlan 1 under the interface configuration mode

c. ip address under the interface configuration mode

d. router ospf under the routing process

2. Which command under an interface on a Layer 3 switch enables a VLAN 10 to be assigned to it?

a. no switchport vlan 10

b. switchport trunk allowed vlan 10

c. switchport access vlan 10

d. vlan 10 switchport

3. Which implementation on a Cisco Nexus switch allows for an IP address to be assigned to a switched virtual interface (SVI) for VLAN 10 if the feature interface-vlan command has already been enabled?

a. ip address command under a physical interface assigned to a VLAN 10

b. ip address command under the interface vlan 10 configuration mode

c. ip address command under the interface configuration mode

d. ip address command assigned to VLAN 10 under the vlan configuration mode

4. A Layer 3 switch has been configured to route IP packets between VLANs 1, 2, and 3, which connect to subnets 172.20.1.0/25, 172.20.2.0/25, and 172.20.3.0/25, respectively. The engineer issues a show ip route command on the Layer 3 switch, listing the connected routes. Which of the following answers lists a piece of information that should be in at least one of the routes?

a. Interface Ethernet 1/1

b. Next-hop router 172.20.4.1

c. Interface VLAN 2

d. Mask 255.255.255.0

5. An engineer configures a static IPv4 route on router R1. Which of the following pieces of information should not be listed as a parameter in the configuration command that creates this static IPv4 route?

a. The destination subnet’s subnet ID

b. The next-hop router’s IP address

c. The next-hop router’s neighboring interface

d. The subnet mask

6. Which of the following commands correctly configures a static route?

a. ip route 10.1.3.0 255.255.255.0

b. ip route 10.1.3.0 Ethernet 1/1

c. ip route 10.1.3.0 0.0.0.255

d. ip route 10.1.3.0 /24 Ethernet 1/2

To make the router be ready to route packets on a particular interface, the router must be configured with an IP address, and the interface must be configured such that it comes up, reaching a “line status up, line protocol up” state. Only at that point can routers route IP packets in and out a particular interface.

After a router can route IP packets out one or more interfaces, the router needs some routes. Routers can add routes to their routing tables through three methods:

Connected routes: Added because of the configuration of the ip address interface subcommand on the local router

Static routes: Added because of the configuration of the ip route global command on the local router

Routing protocols: Added as a function by configuration on all routers, resulting in a process by which routers dynamically tell each other about the network so that they all learn routes

This chapter discusses how to use connected and static routes. Chapter 19 then covers how you can configure routing protocols for use with Cisco Nexus switches.

The interface is in a working state—in other words, the interface status in the show interfaces command lists a line status of up and a protocol status of up.

The interface has an IP address assigned through the ip address interface subcommand.

The two routes, called a direct route and a local route, route packets to the subnet directly connected to that interface. The router, of course, needs to know the subnet number used on the physical network connected to each of its interfaces, so it can route packets to that subnet. The router can simply do the math, taking the interface IP address and mask, and calculate the subnet ID. However, the router needs that route only when the interface is up and working, so the router includes a directly connected route in the routing table only when the interface is working.

Example 17-1 shows the direct and local routes on router R1 in Figure 17-1. The first part of the example shows the configuration of IP addresses on all three of R1’s interfaces. The end of the example lists the output from the show ip route command, which lists these routes with “direct” or “local” as the route code, meaning connected.

Example 17-1 Connected and Local Routes on R1

Click here to view code image

---

! Excerpt from show running-config follows...
!
interface Ethernet1/1
 no switchport
 ip address 172.16.1.1/24
 no shutdown
!
interface Ethernet 1/2
 no switchport
 no shutdown
 ip address 172.16.4.1/24
!
interface Ethernet 1/3
 no switchport
 no shutdown
 ip address 172.16.5.1/24

R1# show ip route
IP Route Table for VRF """""""""""default"
'''''''''''*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.1.0/24, ubest/mbest: 1/0, attached
    *via 172.16.1.1, Eth1/1, [0/0], 2w0d, direct
172.16.1.1/32, ubest/mbest: 1/0, attached
    *via 172.16.1.1, Eth1/1, [0/0], 2w0d, local
172.16.4.0/24, ubest/mbest: 1/0, attached
    *via 172.16.4.1, Eth1/1, [0/0], 2w0d, direct
172.16.4.1/32, ubest/mbest: 1/0, attached
    *via 172.16.4.1, Eth1/1, [0/0], 2w0d, local
172.16.5.0/24, ubest/mbest: 1/0, attached
    *via 172.16.5.1, Eth1/1, [0/0], 2w0d, direct
172.16.5.1/32, ubest/mbest: 1/0, attached
    *via 172.16.5.1, Eth1/1, [0/0], 2w0d, local

---

Focus on the lists with highlights, which focus on the direct and local routes related to R1’s E1/1 interface. First, the output shows a route to subnet 172.16.1.0/24—the subnet off R1’s E1/1 interface—with an ending word of direct. This route represents the entire directly connected subnet. R1 will use this route when forwarding packets to other hosts in subnet 172.16.1.0/24.

The second highlighted route, the local route, lists 172.16.1.1/32. Look back to the top of the example, to R1’s configuration on interface E1/1. Because the configuration shows 172.16.1.1 as the exact IP address on that interface, R1 adds a route with a /32 prefix length for that address, with outgoing interface E1/1. This route matches packets sent to 172.16.1.1 only. R1 then lists this route as a local route, as noted at the end of the second line for that route.

In the configuration in Example 17-1, notice the no switchport command, which is highlighted under each Ethernet interface. You learned in Chapter 16, “IPv4 Routing Concepts,” that there are two ways to configure routing on a Cisco Nexus switch:

A routed interface: This is enabled by using the no switchport command. Remember that when using this command, we are disabling any Layer 2 functionality on an interface.

A switched virtual interface (SVI): You use this when you route between VLANs and support Layer 2 with Layer 3 simultaneously.

Three options exist for connecting a router to each subnet on a VLAN. However, the first option requires too many interfaces and links, and is mentioned only to make the list complete:

Use a router, with one router LAN interface and cable connected to the switch for each and every VLAN (typically not used).

Use a router, with a VLAN trunk connecting to a LAN switch.

Use a Layer 3 switch.

The other option for routing traffic to VLANs uses a device called a Layer 3 switch or multilayer switch. As introduced back in Chapter 6, “VLAN and Trunking Concepts,” a Layer 3 switch is one device that performs two primary functions: Layer 2 LAN switching and Layer 3 IP routing. The Layer 2 switch function forwards frames inside each VLAN, but it will not forward frames between VLANs. The Layer 3 forwarding logic—routing—forwards IP packets between VLANs.

The configuration of a Layer 3 switch mostly looks like the Layer 2 switching configuration, with a small bit of configuration added for the Layer 3 functions. The Layer 3 switching function needs a virtual interface connected to each VLAN internal to the switch. These VLAN interfaces act like router interfaces, with an IP address and mask. The Layer 3 switch has an IP routing table, with connected routes off each of these VLAN interfaces. (These interfaces are also referred to as SVIs.)

Figure 17-2 shows the Layer 3 switch function with a router icon inside the switch, to emphasize that the switch routes the packets. The data center has three server VLANs, so the Layer 3 switch needs one VLAN interface for each VLAN.

The following steps show how to configure Cisco Nexus Layer 3 switching. Note that on some switches (such as the 5500 switches used for the examples in this book), the ability to route IPv4 packets requires the addition of a Layer 3 module with associated licensing, with a reload of the switch required to enable the feature. The rest of the steps after Step 1 would apply to all models of Cisco switches that are capable of doing Layer 3 switching.

Step 1. Enable the feature for configuring interface VLANs (feature interface-vlan).

Step 2. Create a VLAN interface for each VLAN for which the Layer 3 switch is routing packets (interface vlan vlan_id).

Step 3. Configure an IP address and mask on the VLAN interface (in interface configuration mode for that interface), enabling IPv4 on that VLAN interface (ip address address mask).

Step 4. If the switch defaults to placing the VLAN interface in a disabled (shutdown) state, enable the interface (no shutdown).

Example 17-2 shows the configuration to match Figure 17-2. In this case, the switch is a Cisco Nexus switch. The example shows the related configuration on all three VLAN interfaces.

Example 17-2 VLAN Interface Configuration for Layer 3 Switching

---

feature Interface-vlan
!
interface vlan 10
 ip address 10.1.10.1/24
!
interface vlan 20
 ip address 10.1.20.1/24
!
interface vlan 30
 ip address 10.1.30.1/24

---

With the VLAN configuration shown here, the switch is ready to route packets between the VLANs, as shown in Figure 17-2. To support the routing of packets, the switch adds connected IP routes, as shown in Example 17-3. Note that each route is listed as being direct to a different VLAN interface.

Example 17-3 Connected Routes on a Layer 3 Switch

Click here to view code image

---

SW1# show ip route
! legend omitted for brevity
10.1.10.0/24, ubest/mbest: 1/0, attached
    *via 10.1.10.1, Vlan 0010, [0/0], 2w0d, direct
10.1.10.1/32, ubest/mbest: 1/0, attached
    *via 10.1.10.1, Vlan 0010, [0/0], 2w0d, local
10.1.20.0/24, ubest/mbest: 1/0, attached
    *via 10.1.20.1, Vlan0020, [0/0], 1w6d, direct
10.1.20.1/32, ubest/mbest: 1/0, attached
    *via 10.1.20.1, Vlan0020, [0/0], 1w6d, local
10.1.30.0/24, ubest/mbest: 1/0, attached
    *via 10.1.30.1, Vlan0020, [0/0], 1w6d, direct
10.1.30.1/32, ubest/mbest: 1/0, attached
    *via 10.1.30.1, Vlan0020, [0/0], 1w6d, local

---

The switch also needs additional routes to the rest of the network shown in Figure 17-2, possibly using static routes, as discussed in the final major section of this chapter.

As an example, Figure 17-3 shows a small IP network. The figure shows only the details related to a static route on R1, for subnet 172.16.2.0/24, which sits on the far right. To create that static route on R1, R1 will configure the subnet ID and mask, and either R1’s outgoing interface (Ethernet 1/1), or R2 as the next-hop router IP address (172.16.4.2).

Example 17-4 shows the configuration of a couple of sample static routes. In particular, it shows routes on R1 in Figure 17-4, for the two subnets on the right side of the figure.

Example 17-4 Static Routes Added to R1

Click here to view code image

---

ip route 172.16.2.0 255.255.255.0 172.16.4.2
ip route 172.16.3.0 255.255.255.0 Ethernet 1/1

---

The two sample ip route commands show the two different styles. The first command shows subnet 172.16.2.0, mask 255.255.255.0, which sits in the data center near Nexus R2. That same first command lists 172.16.4.2, R2’s IP address, as the next-hop router. This route basically says this: To send packets to the subnet off Nexus R2, send them to R2.

The second route has the same kind of logic, but instead of identifying the next router by IP address, it lists the local router’s outgoing interface. This route basically states the following: To send packets to the subnet off router R3, send them out my own local Ethernet 1/1 interface (which happens to connect to R3).

The routes created by these two ip route commands actually look a little different in the IP routing table. Both are static routes. However, the route that used the outgoing interface configuration is also noted as a connected route; this is just a quirk of the output of the show ip route command.

Example 17-4 lists these two routes using the show ip route static command. This command lists the details of static routes only, but it also lists a few statistics about all IPv4 routes. For example, the example shows two lines, for the two static routes configured in Example 17-5, but statistics state that this route has routes for ten subnets.

Example 17-5 Static Routes Added to R1

Click here to view code image

---

R1# show ip route static
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.2.0//24, ubest/mbest: 1/0
    *via 172.16.4.2 [1/0], 00:00:05, static
172.16.3.0/24, ubest/mbest: 1/0, attached
    *via Ethernet1/1, [1/0], 00:00:05, static

---

NX-OS adds and removes these static routes dynamically over time, based on whether the outgoing interface is working. For example, in this case, if R1’s Ethernet 1/1 interface fails, R1 removes the static route to 172.16.3.0/24 from the IPv4 routing table. Later, when the interface comes up again, NX-OS adds the route back to the routing table.

Finally, if static routes are used, and dynamic routing protocols are not used at all, all routers would need to have some static routes configured. For example, at this point, in the network in Figure 17-4, PC A would not be able to receive packets back from PC B because router R2 does not have a route for PC A’s subnet. R2 would need static routes for other subnets, as would R3.

Routers can be configured so that they use either a statically configured or a dynamically learned default route. The default route matches all packets, so that if a packet does not match any other more specific route in the routing table, the router can at least forward the packet based on the default route.

NX-OS allows the configuration of a static default route by using special values for the subnet and mask fields in the ip route command: 0.0.0.0 and 0.0.0.0. For example, the command ip route 0.0.0.0 0.0.0.0 vlan 16 creates a static default route on a Cisco Nexus switch—a route that matches all IP packets—and sends those packets out SVI VLAN 16.

Example 17-6 shows a static default route using a Cisco Nexus switch.

Example 17-6 Adding a Static Default Route on Cisco Nexus Switch

Click here to view code image

---

SW1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)# ip route 0.0.0.0 0.0.0.0 Vlan 16
R2(config)# ^Z
SW1# sh ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0, attached

---

VLAN interface

Layer 3 switch

connected route

static route

default route

local route

direct route

feature interface-vlan

show ip route