nexthop via IP or interface?

When we define static routes or policy routes, we must specify nexthop, and we have the option to configure either IP address or exit interface as nexthop, eg.

ip route 0.0.0.0/0 nexthop 192.168.1.1 <----(192.168.1.1 is the upstream router IP address)

OR

ip route 0.0.0.0/0 nexthop eth0 <----(eth0 is exit/egress interface, uplink to nexthop router)

So which one is correct?

Understanding the fundamentals

For a router (in this case CMG/HSG/HSA) to forward a packet to its destination

  • first, it will check if there's a match in it's routing table for the destination IP

    • if there is no match (eg. no specific route, no default route), the packet is dropped;

    • if there is a match (eg. either through a specific route learn from static/OSPF/BGP, or at least have a default route 0.0.0.0/0), then move to next step

  • next, it will determine the exit interface.

    • If the nexthop is configured as an IP address, it will do a local look up (check connected routes) to auto determine exit interface;

    • If the next nexthop is configured as exit interface, then it's directly determined.

  • finally, the router must check the exit interface type and decide how to forward out the packet.

      • if the exit interface is an Ethernet/multipoint link,

        1. if the nexthop if configured as IP address, it will do an ARP request to determine the nexthop router MAC address and "wrap" the packet into an Layer-2 frame using its exit interface MAC as the source and nexthop router MAC as the destination, and successfully forward out the frame.

        2. if the nexthop is configured as exit interface, the router will assume the destination host is directly connected/attached to the exit interface and try to do an ARP request for the destination IP directly (instead of ARP for nexthop router IP, as in #1), then the ARP request will fail because no one will reply to the ARP request (the actual destination host is in a distant network). Therefore this will end up reachability failure.

      • if the exit interface is an point-to-point link (eg. PPPoE or LTE), the router only expects one host/router next to it, and will always forward all packets to next router, therefore, we can configure nexthop as either IP address or exit interface. Both will work.

Conclusion

If the uplink is Ethernet/multipoint interface, we must configure IP address as nexthop, eg.

ip route 0.0.0.0/0 nexthop x.x.x.x (where x.x.x.x is nexthop router IP).

If the uplink is point-to-point interface (PPPoE or 3g-lte0/1), we can configure either IP or exit interface as nexthop, but for simplicity we usually just use exit interface (so that we can save the trouble of having to find out the nexthop IP address), eg.

ip route 0.0.0.0/0 nexthop ppp0

ip route 0.0.0.0/0 nexthop 3g-lte0

ip route 0.0.0.0/0 nexthop 3g-lte1