You are here: Home / Dictionary / Network Dictionary – default-free routing

Network Dictionary – Default-Free Routing

14th July 2010 by 3 Comments

The term “default-free routing” relates to network routing where there is no default route used. It’s a convention to set a default route in networking such that packets are always forwarded ‘somewhere’. Typically, that somewhere is the Internet. Because the Internet has hundreds of thousands of routes its not possible to load those routes into Enterprise network routers.

UNLESS

Unless you use proxy servers to access the Internet, in which case your web browsers can be configured to explicitly the proxy servers for all Internet requests and your corporate network will be configured with “default-free routing”.

Default-free routing has many advantages, the most well known is when scanning malware outbreaks occur, the traffic from the scan has almost nowhere to go.

ISP

Typically, Internet backbone routers are also “default-free routing” since they contain all the routes of the Internet in their RIB and the use of the a default route makes no sense.

Filed Under: Dictionary Tagged With:
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • http://blog.ioshints.info Ivan Pepelnjak

    The “scanning malware” benefit applies only if your IP routing covers a small part of the overall IP address space and you use application proxies to get to the outside world.

    If you’re in DFZ because you’re carrying all Internet routes, there’s not much difference, as most of the IP address space is used anyway (and thus reachable from your routers).

  • http://packetlife.net/ stretch

    I’d be interested to see how well this concept works on end hosts. That is, when hosts are fed only a route(s) (via DHCP) for enterprise-owned space in lieu of a default route, and each host application configured to utilize a proxy server.

  • Bourbon

    We have a split DMZ where bastion hosts have two interfaces, an outside, and an inside. The outside nics have normal ip configuration, with default routes pointing to the outside firewall, and back to the Internet for replies.

    However, the inside nic’s on the hosts, pointing to the “inside dmz firewall” do NOT have default routes configured. Instead, the hosts are configured with individual persistent host routes to reach the inside hosts they need to talk to.

    I suppose if the host is infected, the virus or malware might not be able to propagate itself so easily. But if it were hacked a live person, taking a look at the host’s routing table would quickly show what the “hidden default gateway” address is – (the next hop).