The Discard Route

In most cases, when we summarise a route, Cisco IOS will inject the summary route pointing to the Null0 interface. This is what is called a discard-route – i.e. all packets sent to the summary route will be discarded. Cisco IOS also provides the option of disabling this default behaviour.

To be noted that this injection happens on the router originating the summary route … and this is ok, since the router will have more specific routes anyway! At the end of the day, it is the router summarising the routes. 

It is all nice to understand what Cisco IOS does. However, we ought to ask the question: Why? This blog answers this question.


WHY DOES IOS INJECT THE DISCARD ROUTE? 

To answer this question, let’s look at the following scenario:

Here the router to the left (R1) is connected to eight /24 networks configured on different routers in the network. These are summarised and sent over to R1 so that it can only “see” two /22 networks – 1.1.0.0/22 and 1.1.4.0/22. R1 is also sending a summary down to R2 (router on the right) – 1.1.0.0/29.

Now let’s assume that there is an outage on the network and all 1.1.4.0/22 routes are lost. Since we are sending a summary to R2, it will have no visibility of such event. As far as router R2 is concerned, route 1.1.0.0/29 is healthy! R1 however, will loose the 1.1.4.0/22 network.

In this case, when R2 sends a packet to any of the component networks (say for example, to IP  1.1.4.10), R1 gets the packet and since 1.1.4.0/22 is not in the routing table anymore, it uses it’s default gateway – so it sends the packet back to R2…. and the process repeats into a L3 loop until TTL reaches 0.


Now, let’s look at the same scenario, only this time, a discard route is injected by R1:

In this case, R2 will also forward the packet to R1. This time though, R1 has a route to Null0 for that subnet which includes 1.1.4.10 /24 prefix. Since this is the longest match, it will drop the packet.

Below are the two respective traces:

Whilst this post focuses mainly on discard-route injection triggered by network summarisation, we could also manually inject a discard-route for security purposes – say for instance, if you need to explicitly drop packets to specific destinations or coming from specific sources (using policy routing).This would be processed faster than using using access-lists.

CONCLUSION

  1. The discard route is, by default, automatically injected in order to avoid routing loops
  2. The default behaviour can be disabled – however, this must be done thoughtfully

 

Thank you,

Rafael A. Couto Cabral • LinkedIn Profile
Cisco​ | F5 | VMware Certified • PRINCE2 Practitioner

Originally posted 2017-11-20 20:40:16.

Related Post

Comments are closed.