Default routes of firewalls

32

Default routes are special routes. Generally, administrators can manually configure default static routes. Default routes can also be generated through dynamic routing protocols, such as OSPF and IS-IS.
Default routes are described as follows:
To put it in a simple way, default routes are used only when packets to be forwarded do not match any routing entry in a routing table. In a routing table, a default route is the route to network 0.0.0.0 (with the mask 0.0.0.0). You can run the display ip routing-table command to check whether a default route is configured.
If the destination address of a packet does not match any entry in the routing table, the packet is sent through a default route. If no default route exists and the destination address of the packet does not match any entry in the routing table, the packet is discarded. An Internet Control Message Protocol (ICMP) packet is then sent, informing the originating host that the destination host or network is unreachable.

Other related questions:
Types of firewall routes
Routing is the basic element of data communication networks. It is the process of selecting paths on a network along which packets are sent from a source to a destination. Routes are classified into the following types based on the destination address: -Network segment route: The destination is a network segment. The subnet mask of an IPv4 destination address is less than 32 bits or the prefix length of an IPv6 destination address is less than 128 bits. -Host route: The destination is a host. The subnet mask of an IPv4 destination address is 32 bits or the prefix length of an IPv6 destination address is 128 bits. Routes are classified into the following types based on whether the destination is directly connected to a router: -Direct route: The router is directly connected to the network where the destination is located. -Indirect route: The router is indirectly connected to the network where the destination is located. Routes are classified into the following types based on the destination address type: -Unicast route: The destination address is a unicast address. -Multicast route: The destination address is a multicast address.

AR router is configured with default routes
The AR router is configured with default routes. If the preference of a static route is not set, the default preference of the static route is 60. When both the destination IP address and mask are 0.0.0.0, the configured route is the default route. If the routing table does not have matching routes, the default route is used to forward packets.
<Huawei> system-view
[Huawei] ip route-static 0.0.0.0 0.0.0.0 172.16.0.1 //Configure the default route and specify the next hop as 172.16.0.1.<

Composition of the static route on a firewall
On the firewall, run the ip route-static command to configure a static route, including: -Destination address and mask -Outbound interface and next-hop address

Differences between policy-based routing and default routing
The operation object of policy-based routing is packets. Even if a routing table is available, packets are not forwarded according to the routing table, and they are forwarded based on a policy according to requirements. According to the conventional routing and forwarding principle, packets are forwarded according to the destination addresses of the packets. Nowadays, more and more users expect that packets are forwarded and routed according to their defined policies on the basis of the conventional routing and forwarding. Policy-based routing enables the network administrator to formulate routing policies according to the source and destination addresses of packets, packet size, and link quality in order to change the forwarding paths of packets and meet user requirements.

Reasons for the fact that the number of default equivalent routes in the routing table is larger than the number of default static routes
The reasons for the fact that the number of default equivalent routes in the routing table is larger than the number of default static routes are as follows: Symptom: Two default equivalent routes are configured. [sysname] display current-configuration | in ip route ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/11 42.x.y.1 ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/10 110.x.y.1 ip route-static 10.0.0.0 255.0.0.0 Eth-Trunk0 10.x.y.249 ...... The routing table has three default equivalent routes. Check whether the following interface is configured with the gateway function: [sysname] display current-configuration interface ...... # interface GigabitEthernet1/0/0 alias Cernet ip address 210.43.47.174 255.255.255.252 service-manage http permit service-manage https permit service-manage ping permit service-manage ssh permit service-manage snmp permit service-manage telnet permit gateway 210.x.y.173 # ...... The gateway command is used to configure the gateway address of the smart routing member interface. By default, the gateway address of the smart routing member interface is invalid. If the interface is used as the smart routing member interface, you must configure the gateway address for it. The firewall delivers the routing entry but does not automatically generate the route configuration command (ip route-static).

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top