Floating Static Routes – Backup Routes, AD & Failover

1. What Is a Floating Static Route?

A floating static route is a static route configured with a deliberately higher Administrative Distance (AD) than the primary route to the same destination. Because the router always installs the route with the lowest AD into the routing table, the floating static route remains invisible — it "floats" in the configuration but is not used for forwarding. Only when the primary route disappears from the routing table does the floating static route surface and take over traffic.

  Normal operation (primary OSPF route active):
  ┌─────────────────────────────────────────────────────┐
  │ Routing Table                                       │
  │  O  192.168.10.0/24 [110/2] via 10.1.1.2, Gi0/0   │ ← OSPF installed (AD 110)
  │                                                     │
  │ (Floating static NOT in table — AD 200 loses)       │
  └─────────────────────────────────────────────────────┘

  Primary link fails (OSPF route removed):
  ┌─────────────────────────────────────────────────────┐
  │ Routing Table                                       │
  │  S  192.168.10.0/24 [200/0] via 10.2.2.2, Gi0/1   │ ← Floating static activates
  └─────────────────────────────────────────────────────┘

2. Administrative Distance — The Mechanism Behind Floating Routes

Administrative Distance (AD) is a trustworthiness rating assigned to every route source on a Cisco router. When multiple routing sources offer a path to the same destination prefix, the router installs only the route from the source with the lowest AD. A higher AD means the route is less preferred.

Route Source	Default AD	Notes
Directly Connected	0	Always preferred — the router is directly attached
Static Route	1	Default for all static routes; beats every dynamic protocol
eBGP	20	External BGP routes
EIGRP Internal	90	Routes learned natively within the EIGRP AS
OSPF	110	All internal OSPF routes regardless of area
RIP	120	Based on hop count; widely considered obsolete
EIGRP External	170	Routes redistributed into EIGRP from another protocol
iBGP	200	Internal BGP routes
Unknown / Unreachable	255	AD 255 means the route is never installed in the routing table

AD is local only: Administrative Distance is a per-router setting used to select between competing route sources. It is never advertised to other routers and plays no role in routing protocol metric calculations. Two routers can have different AD values for the same route source — this is intentional when manipulating path selection between competing protocols.

3. Regular Static Route vs Floating Static Route

Feature	Regular Static Route	Floating Static Route
Default AD	1	Manually set higher than primary (e.g., 10, 100, 200)
Route priority	Primary — always preferred over any dynamic protocol	Backup — only installed when all lower-AD routes to same prefix are gone
Routing table presence	Always present (as long as next-hop is reachable)	Present only when primary route has failed
Typical use	Default routes, stub networks, simple point-to-point links	Redundancy, failover, backup to dynamic routing protocols
Interaction with dynamic protocols	Beats dynamic protocols — can accidentally override OSPF/EIGRP routes if misconfigured	Deliberately loses to dynamic protocols; activates when dynamic protocol route is removed
Configuration syntax	`ip route 10.0.0.0 255.0.0.0 192.168.1.1`	`ip route 10.0.0.0 255.0.0.0 192.168.1.1 200` (AD appended at end)

4. Configuration Syntax and Examples

Command Syntax

ip route <destination-network> <subnet-mask> <next-hop-IP | exit-interface> [AD]

! The AD is the optional final parameter — if omitted, defaults to 1
! Valid AD range: 1–255 (255 = never install; use for poisoning)

Example 1 — Floating Static Backing Up a Regular Static Route

! Primary route — AD 1 (default static)
ip route 192.168.10.0 255.255.255.0 10.1.1.2

! Floating backup — AD 10 (higher, so loses to primary static AD 1)
ip route 192.168.10.0 255.255.255.0 10.2.2.2 10

! Routing table when primary is up:
S  192.168.10.0/24 [1/0] via 10.1.1.2

! Routing table when primary next-hop 10.1.1.2 is unreachable:
S  192.168.10.0/24 [10/0] via 10.2.2.2

Example 2 — Floating Static Backing Up OSPF

! OSPF learns 192.168.20.0/24 via 10.1.1.2 (AD 110)
! Floating static uses secondary path via 10.2.2.2 (AD 200 > 110)

ip route 192.168.20.0 255.255.255.0 10.2.2.2 200

! Routing table (OSPF active):
O  192.168.20.0/24 [110/5] via 10.1.1.2, GigabitEthernet0/0

! Routing table (OSPF neighbour down, route removed):
S  192.168.20.0/24 [200/0] via 10.2.2.2, GigabitEthernet0/1

Example 3 — Floating Default Route (Dual ISP)

! Primary default route via ISP1 — standard static AD 1
ip route 0.0.0.0 0.0.0.0 203.0.113.1

! Floating backup default via ISP2 — AD 10 (activates only if ISP1 link fails)
ip route 0.0.0.0 0.0.0.0 198.51.100.1 10

! When ISP1 is up:
S*  0.0.0.0/0 [1/0] via 203.0.113.1

! When ISP1 interface goes down:
S*  0.0.0.0/0 [10/0] via 198.51.100.1

AD value selection guidelines: Choose an AD higher than the primary route but unique enough to avoid accidentally matching other protocols. Common choices:

AD 2–89: Floating backup for a regular static route (AD 1)
AD 91–109: Floating backup for EIGRP internal (AD 90)
AD 111–119: Floating backup for OSPF (AD 110)
AD 121–169: Floating backup for RIP (AD 120)
AD 200–254: "Last resort" backup — loses to almost everything

5. The Recursive Lookup Problem — A Critical Caveat

A floating static route configured with a next-hop IP address (rather than an exit interface) may not activate correctly when the primary route fails — if the next-hop IP of the floating static is only reachable through the failed primary route. This is the recursive lookup problem and is one of the most common floating static route failure modes.

  Problematic scenario:

  Router A — Gi0/0 (10.1.1.1) — Primary link to ISP1 (10.1.1.2)
  Router A — Gi0/1 (10.2.2.1) — Backup link to ISP2 (10.2.2.2)

  Configuration:
  ip route 0.0.0.0 0.0.0.0 10.1.1.2           ! Primary default, AD 1
  ip route 0.0.0.0 0.0.0.0 10.2.2.2 10         ! Floating backup, AD 10

  Problem: When Gi0/0 (primary) goes DOWN:
  - Router tries to install floating static via 10.2.2.2
  - Router does a recursive lookup: "How do I reach 10.2.2.2?"
  - 10.2.2.2 is directly connected on Gi0/1 → OK, this works fine

  BUT consider this misconfiguration:
  ip route 0.0.0.0 0.0.0.0 10.1.1.2           ! Primary, AD 1
  ip route 0.0.0.0 0.0.0.0 172.16.0.1 10       ! Floating — 172.16.0.1 only reachable via primary!

  When primary fails:
  - Floating static tries to install via 172.16.0.1
  - Recursive lookup: "How do I reach 172.16.0.1?"
  - Only route to 172.16.0.1 was via 10.1.1.2 — which is also down!
  - Floating static FAILS to install → traffic blackholed

Fix: Always ensure the floating static route's next-hop IP is reachable via a path that is independent of the primary link. The safest approach is to use the exit interface of the backup link, or a next-hop that is directly connected to the backup interface.

Using Exit Interface Instead of Next-Hop IP

! Safer: specify exit interface to avoid recursive lookup dependency
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 10

! This works regardless of what happens to other routes —
! the router simply forwards out Gi0/1 when the floating static activates

6. Failover Behaviour — Step by Step

Understanding exactly what triggers a floating static to activate and deactivate is critical for both exam questions and real deployments.

  Step 1: Normal operation
  ─────────────────────────────────────────────────────────────────
  Primary route: OSPF via Gi0/0 → 192.168.10.0/24 [110/5]
  Floating static: 192.168.10.0/24 via Gi0/1 AD 200 → NOT in table
  Traffic path: → Gi0/0

  Step 2: Primary link failure
  ─────────────────────────────────────────────────────────────────
  Gi0/0 goes DOWN (line protocol down)
  ↓
  OSPF detects neighbour loss (Dead timer expires — default 40 seconds)
  ↓
  OSPF removes 192.168.10.0/24 from routing table
  ↓
  Router scans for next-best route to 192.168.10.0/24
  ↓
  Floating static (AD 200) is now the only route — INSTALLED
  Traffic path: → Gi0/1 (backup)

  Step 3: Primary link restored
  ─────────────────────────────────────────────────────────────────
  Gi0/0 comes back UP
  ↓
  OSPF re-establishes neighbour (Hello + Dead timers)
  ↓
  OSPF re-learns 192.168.10.0/24 [110/5]
  ↓
  OSPF route (AD 110) beats floating static (AD 200)
  ↓
  Floating static removed from routing table
  Traffic path: → Gi0/0 (primary restored)

What triggers primary route removal?

Interface goes down (link failure, cable disconnected) — immediate
OSPF neighbour timeout (Dead timer — default 40s for broadcast, 120s for NBMA) — depends on timers
EIGRP hold timer expires (default 15s LAN, 180s WAN)
Static route next-hop becomes unreachable (recursive lookup fails)
BFD (Bidirectional Forwarding Detection) link failure detection — sub-second

The floating static only activates when the primary route is completely gone from the routing table — not merely degraded. A congested or lossy link that is still "up" will not trigger the failover.

7. IP SLA Tracking — Solving the "Link Up but Unreachable" Problem

The single biggest limitation of floating static routes is that they only activate when the interface goes DOWN or the next-hop becomes unreachable via a recursive lookup. If the link stays physically up but the upstream provider has an outage — for example, the ISP router is alive but has no internet connectivity — the floating static never activates.

IP SLA (Service Level Agreement) solves this by continuously sending probe traffic (ICMP pings, UDP jitter tests, HTTP requests) to a target. If the probe fails, an object track changes state and can bring down the static route, forcing the floating backup to activate.

! Step 1: Configure IP SLA probe — ICMP echo to ISP1's upstream target (e.g., 8.8.8.8)
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
 frequency 10                ! Probe every 10 seconds
ip sla schedule 1 life forever start-time now

! Step 2: Create a track object that monitors the SLA probe
track 1 ip sla 1 reachability
!         ↑ object number    ↑ references SLA 1

! Step 3: Attach the track object to the primary static route
! When track 1 goes DOWN (probe fails), the route is removed from table

ip route 0.0.0.0 0.0.0.0 203.0.113.1 track 1    ! Primary — removed if SLA fails
ip route 0.0.0.0 0.0.0.0 198.51.100.1 10         ! Floating backup — activates when above removed

! Verify SLA and track status
show ip sla statistics
show track 1

Dual-ISP scenario with IP SLA:

  ISP1 link is UP (physically) but ISP1 has a BGP outage → internet unreachable
  Without IP SLA: Primary static via ISP1 still in table → traffic blackholed
  With IP SLA:    Probe to 8.8.8.8 via ISP1 fails after timeout
                  → Track 1 goes DOWN
                  → Primary static removed from routing table
                  → Floating backup via ISP2 activates
                  → Traffic routes through ISP2 to internet

8. Common Use Cases

Scenario	Primary Route	Floating Static	Trigger for Failover
Dual ISP internet	Default route via ISP1 (AD 1)	Default route via ISP2 (AD 10)	ISP1 link down or IP SLA probe to internet fails
OSPF backup	OSPF learned route (AD 110)	Static via backup link (AD 200)	OSPF neighbour goes down, route removed from table
EIGRP backup	EIGRP internal route (AD 90)	Static via backup WAN (AD 100)	EIGRP hold timer expires, route removed
Branch office redundancy	MPLS primary WAN (static or dynamic, low AD)	Internet VPN backup (higher AD)	MPLS circuit down, SLA probe detects unreachable HQ
Management OOB access	Normal in-band routing	Static via OOB management network (AD 200+)	Primary network unreachable — last-resort path for SSH/SNMP
Static-to-static redundancy	Static via primary next-hop (AD 1)	Static via secondary next-hop (AD 10)	Primary next-hop device fails — recursive lookup fails, route removed

9. Verifying Floating Static Routes

! View routing table — floating static only appears when active
Router# show ip route

Codes: C - connected, S - static, O - OSPF, D - EIGRP ...

Gateway of last resort is not set

O  192.168.10.0/24 [110/5] via 10.1.1.2, 00:15:32, GigabitEthernet0/0
! ↑ OSPF route is active; floating static NOT shown (hidden by lower AD)

! After simulating failure (shut Gi0/0):
Router# show ip route 192.168.10.0

S  192.168.10.0/24 [200/0] via 10.2.2.2, GigabitEthernet0/1
!  ↑ "S" = Static   ↑ AD=200   ↑ floating static now active

! Show ONLY static routes (including floating ones when active)
Router# show ip route static

! Show running config to confirm the floating static exists even when not in table
Router# show running-config | include ip route

ip route 192.168.10.0 255.255.255.0 10.1.1.2
ip route 192.168.10.0 255.255.255.0 10.2.2.2 200   ← always in config, not always in table

! Detailed route information showing AD and metric
Router# show ip route 192.168.10.0 255.255.255.0 longer-prefixes

Key distinction: The floating static always exists in the router's running-config (configuration). It only appears in the routing table (show ip route) when it is the best available route for that prefix. This is why troubleshooting starts with show running-config to confirm the route is configured, then show ip route to check whether it is active.

10. Floating Static as a Backup to Dynamic Routing Protocols

The most powerful application of floating static routes is as an insurance policy behind dynamic routing protocols. The dynamic protocol handles normal routing, but if it fails completely (neighbour goes down, process crashes, misconfiguration), the floating static provides a guaranteed path — without any protocol overhead.

  Network design — OSPF with floating static backup:
  ┌─────────┐   OSPF (primary)    ┌─────────┐
  │ Router  │ ──────────────────▶ │ Router  │
  │    A    │                     │    B    │
  │         │ ──────────────────▶ │         │
  └─────────┘  backup WAN link    └─────────┘

  Router A config:
  ! OSPF will advertise 10.10.0.0/16 and learn it via Router B
  router ospf 1
   network 10.1.1.0 0.0.0.255 area 0

  ! Floating static backup — AD 200 loses to OSPF AD 110
  ip route 10.10.0.0 255.255.0.0 10.3.3.2 200

  Normal operation:
  O  10.10.0.0/16 [110/3] via 10.1.1.2    ← OSPF preferred

  OSPF fails (peer router down, protocol crash):
  S  10.10.0.0/16 [200/0] via 10.3.3.2    ← Floating static activates

Choosing the Right Floating AD for Each Protocol

Primary Protocol	Primary AD	Recommended Floating AD	Reasoning
Regular static route	1	5–10	Higher than 1 but well below any dynamic protocol
EIGRP internal	90	95–100	Activates only if EIGRP completely loses the route
OSPF	110	115–200	Must be above 110; 200 is a common "last resort" choice
RIP	120	125–200	Must be above 120
EIGRP external	170	175–200	Above 170; used when backing up redistributed routes

11. Troubleshooting Floating Static Routes

Symptom	Likely Cause	Diagnostic & Fix
Floating static never activates when primary fails	AD set too low (still lower than primary); recursive lookup failure; next-hop not reachable via backup path	`show running-config \| include ip route` — verify AD value. `show ip route <prefix>` — confirm primary is gone when failure simulated. Ping backup next-hop to confirm reachability.
Floating static stays active after primary recovers	Primary route not reinstalled (dynamic protocol not re-converged; interface still showing down; OSPF/EIGRP adjacency not reformed)	`show ip ospf neighbor` / `show ip eigrp neighbors` — confirm adjacency re-established. Check interface status with `show interfaces`.
Both primary and floating static in routing table simultaneously	AD values are identical (both same AD = ECMP load balancing, not backup relationship)	Verify: `show ip route <prefix>` — both routes showing the same AD. Fix by changing floating static AD to be higher than primary.
Floating static not in running-config after reload	Configuration not saved before reload	`copy running-config startup-config` after configuration changes. Floating statics must be in startup-config to survive reload.
Primary link stays up but internet unreachable — no failover	No IP SLA configured — floating static only activates on interface down, not on path quality degradation	Configure IP SLA probe with ICMP echo to upstream target; attach track object to primary static route so it is removed when probe fails.
Routing loop when floating static activates	Floating static next-hop points back toward the failed path; both ends have symmetrical floating statics forming a loop	Trace the path with `traceroute`. Review next-hop destinations — ensure each router's floating static points toward a genuinely different path, not back through the failed network.

Verification Command Reference

show ip route                              ! Full routing table — check if floating static is active
show ip route static                       ! Show only static routes (active ones)
show ip route 192.168.10.0                 ! Specific prefix — shows AD in brackets [AD/metric]
show running-config | include ip route     ! All configured static routes (active or floating)
show ip sla statistics                     ! IP SLA probe results (reachability, RTT)
show track                                 ! Track object states (Up/Down)
debug ip routing                           ! Real-time routing table changes — use in lab only

! See also: show ip route | show running-config | traceroute

12. Common Misconceptions

"A floating static route is always in the routing table."
False. The floating static exists in the running-configuration permanently, but it only appears in the routing table when the primary route is gone. Seeing it absent from show ip route when the primary is active is correct behaviour — it is not a misconfiguration.
"Floating static routes provide instant failover."
Not necessarily. The failover speed depends on how quickly the primary route is removed from the routing table. For a dynamic protocol like OSPF, this depends on the Dead timer (default 40 seconds). For a physical link-down event, it is nearly instant. For an upstream provider failure with the link still up, it never happens without IP SLA.
"The same AD on both routes creates a floating relationship."
False. If both routes have the same AD and the same prefix, the router installs both and load-balances (ECMP) — not a primary/backup relationship. The floating static must have a strictly higher AD than the primary.
"Floating static routes work the same with next-hop IP or exit interface."
Not exactly. Using a next-hop IP requires a recursive lookup — if that next-hop is only reachable via the failed path, the floating static also fails to install. Using an exit interface directly avoids this problem.

13. Best Practices

Choose AD carefully: Set the floating static's AD to be clearly above the primary route's AD, but below AD 255. Common choices: AD 200 as a "last resort" behind any dynamic protocol; AD 91–109 to back up EIGRP while still losing to OSPF.
Use IP SLA for end-to-end path monitoring: Physical link state alone is insufficient in environments with upstream failures. IP SLA probes to a well-known address (8.8.8.8, a DNS server) provide true reachability verification.
Test failover in a maintenance window: Simulate the failure (shut the primary interface, disconnect the cable) and verify with show ip route and ping/traceroute that the backup path activates and traffic flows correctly.
Test recovery too: Restore the primary path and confirm that traffic returns to the primary route automatically, and the floating static is removed from the routing table.
Document all floating statics: Include the AD value, the purpose of the backup, the primary route it is designed to back up, and the last test date. Configuration comments (! lines) and a change log are both essential.
Avoid symmetric floating statics that create loops: If Router A has a floating static pointing to Router B and Router B has one pointing back to Router A for the same prefix, a loop forms when both primary routes fail simultaneously. Use a hub-and-spoke or clear directional design.

14. Key Points & Exam Tips

A floating static route = a static route with a manually set higher AD than the primary route. It is always in config but only in the routing table when primary is gone.
AD selection: lower = more preferred. Connected=0, Static=1, EIGRP=90, OSPF=110, RIP=120. Choose floating AD above the primary's AD.
Syntax: ip route <network> <mask> <next-hop> <AD> — the AD is the final optional parameter.
Floating static is NOT in show ip route when primary is active — this is correct. It IS always in show running-config.
Failover triggers: interface down (immediate), dynamic protocol timer expires (seconds to minutes), or recursive next-hop unreachable.
IP SLA + track enables failover even when the physical link stays up but the upstream path fails — essential for real dual-ISP redundancy.
Recursive lookup problem: next-hop IP of floating static must be reachable independently of the failed primary link. Use exit interface if in doubt.
Equal AD on two routes = ECMP load balancing, NOT a backup relationship. Floating static must have strictly higher AD.
Floating statics backing up OSPF typically use AD 200; backing up EIGRP internal typically use AD 91–109.
Failover is automatic — no manual intervention required once configured correctly.

15. Floating Static Routes Quiz

1. A router has these two routes for 10.0.0.0/8 in its running-config:
`ip route 10.0.0.0 255.0.0.0 192.168.1.2`
`ip route 10.0.0.0 255.0.0.0 192.168.2.2 200`
Both next-hops are currently reachable. What does `show ip route` display for 10.0.0.0/8?

A. Both routes shown — the router load-balances between them B. The AD 200 route is shown — higher AD means higher priority C. S 10.0.0.0/8 [1/0] via 192.168.1.2 — only the AD 1 route appears; the AD 200 floating static is hidden in the routing table (but still in running-config) D. Neither route appears — conflicting ADs cause both to be rejected

Correct answer is C. When two routes exist for the same prefix, the router installs only the one with the lowest Administrative Distance. The AD 1 static route beats the AD 200 floating static decisively. Only the AD 1 route appears in the routing table as S 10.0.0.0/8 [1/0] via 192.168.1.2. The AD 200 route exists in running-config and would appear in

show running-config | include
                  ip route

, but it does NOT appear in show ip route while the primary is active. This "hidden but configured" behaviour is the defining characteristic of a floating static route.

2. A network engineer configures a floating static route to back up an OSPF-learned route. The OSPF route has AD 110. Which AD should the floating static use, and what happens if the engineer accidentally sets it to 90?

A. AD 200 is correct; AD 90 would also be fine as backup since it is a static route B. AD 100 is correct; AD 90 would create a loop C. AD 110 matches OSPF so both routes tie and load-balance D. AD must be greater than 110 (e.g., 200) to back up OSPF; if set to AD 90, the static route beats OSPF (90 < 110) and becomes the permanent primary, defeating the purpose of having OSPF at all

Correct answer is D. The floating static must have a higher AD than the protocol it is backing up. OSPF has AD 110. If the floating static is given AD 90, then 90 < 110 — the static route is more preferred than OSPF and will always be installed in the routing table, permanently overriding the dynamically learned OSPF route. The router would always use the static path regardless of OSPF convergence — the opposite of the intended backup behaviour. The correct choice is any AD greater than 110 (e.g., AD 200 is a common safe choice for "last resort" backup behind any dynamic protocol).

3. A branch router has a primary default route via ISP1's next-hop (203.0.113.1). ISP1's physical link stays UP but ISP1 loses connectivity to the internet. The floating backup route via ISP2 does NOT activate. What must be added to trigger automatic failover in this scenario?

A. Lower the floating static's AD to make it more competitive with the primary route B. Configure IP SLA to probe a reachable internet address via ISP1, attach a track object to the primary static route — when the probe fails, the primary route is removed and the floating backup activates automatically C. Configure OSPF between the branch and ISP1 — dynamic protocols detect the failure automatically D. Manually shut the ISP1 interface when the outage is detected

Correct answer is B. This is the key limitation of floating static routes without IP SLA. A floating static only activates when the primary route is removed from the routing table. If the physical link to ISP1 remains UP, the static route via 203.0.113.1 remains in the table with AD 1 — the floating backup never appears regardless of the upstream outage. IP SLA (Service Level Agreement) solves this: it sends regular ICMP probes to a target beyond ISP1 (e.g., 8.8.8.8). When probes fail, a tracking object changes state to Down, which removes the tracked primary route from the routing table, causing the floating backup to activate — even though the ISP1 link is physically still up.

4. Router A has these routes configured:
`ip route 172.16.0.0 255.255.0.0 10.1.1.2` (AD 1 — primary)
`ip route 172.16.0.0 255.255.0.0 10.5.5.2 150` (floating)
The only route to 10.5.5.2 is via 10.1.1.2. What happens when the primary interface to 10.1.1.2 goes down?

A. The floating static also fails to activate — the router cannot reach 10.5.5.2 because the recursive lookup for the floating static's next-hop also fails when the primary interface goes down B. The floating static activates normally — it uses a different path to 10.5.5.2 C. The router finds an alternate path to 10.5.5.2 automatically using the default gateway D. Both routes fail simultaneously and the router enters a backup mode

Correct answer is A. This is the recursive lookup problem with floating static routes. When the primary interface goes down: (1) The primary static via 10.1.1.2 is removed from the table. (2) The router tries to install the floating static via 10.5.5.2. (3) Recursive lookup: "How do I reach 10.5.5.2?" — the only route to 10.5.5.2 was via 10.1.1.2, which is now gone. (4) No route to 10.5.5.2 → floating static cannot be installed → both routes fail. The fix: the floating static's next-hop (10.5.5.2) must be reachable via a path independent of the failed primary link. Use an exit interface (ip route 172.16.0.0 255.255.0.0 GigabitEthernet0/1 150) or a next-hop on the backup interface's subnet.

5. An engineer wants two equal paths to 10.0.0.0/8 (ECMP load balancing) but instead configures: `ip route 10.0.0.0 255.0.0.0 192.168.1.2` and `ip route 10.0.0.0 255.0.0.0 192.168.2.2 5`. What actually happens?

A. Both routes are installed — AD difference does not matter when both are static routes B. The router load-balances but slightly prefers the AD 1 route C. Only the AD 1 route is installed — different ADs means NO load balancing; the AD 5 route becomes a floating backup that only activates if the AD 1 route fails D. The higher AD route is always preferred for security reasons

Correct answer is C. ECMP (equal-cost multipath) requires that routes have exactly the same Administrative Distance AND the same metric to the same prefix. Even a difference of 1 in AD (AD 1 vs AD 5) means only the lower-AD route is installed. The AD 5 route becomes a floating static backup, not an ECMP partner. To achieve load balancing, both routes must have identical AD: ip route 10.0.0.0 255.0.0.0 192.168.1.2 and ip route 10.0.0.0 255.0.0.0 192.168.2.2 (both AD 1 — default). This is a common misconfiguration when engineers confuse the AD parameter's purpose.

6. A network admin runs `show ip route` and does NOT see the floating static route for 192.168.50.0/24 that they configured yesterday. `show running-config` confirms the route is present with AD 200. The primary OSPF route to 192.168.50.0/24 is also visible in the routing table. Is there a problem?

A. Yes — the floating static was not saved to startup-config and was lost B. No — this is correct behaviour. The floating static (AD 200) loses to the OSPF route (AD 110) so it correctly does not appear in the routing table while OSPF is active. It will appear when OSPF fails. C. Yes — AD 200 is too high; reduce it to 50 so it appears in the routing table D. Yes — show ip route static must be run instead

Correct answer is B. This is entirely expected and correct floating static route behaviour. The floating static (AD 200) is present in the running-config — confirmed. The OSPF route (AD 110) to the same prefix is currently active. Since AD 110 < AD 200, only the OSPF route appears in the routing table. The floating static is suppressed — correctly. If you were to simulate an OSPF failure (shut the interface, clear the OSPF process), the OSPF route would disappear from the routing table and the AD 200 floating static would immediately surface and take over. The absence of the floating static from show ip route while the primary is active is not a problem — it is working exactly as designed.

7. What is the primary difference between a floating static route failover triggered by an interface going DOWN versus one backed by IP SLA tracking?

A. Interface-down failover is slower; IP SLA is faster B. IP SLA is required for Layer 2 failover; interface down works only at Layer 3 C. IP SLA monitors the physical layer; interface down monitors the application layer D. Interface-down failover only triggers when the physical/logical link fails; IP SLA detects end-to-end path failures even when the link stays physically UP (upstream ISP outage, routing black hole, provider congestion)

Correct answer is D. This distinction is critical for real-world dual-ISP deployments. An interface-down event only occurs when the physical or logical link fails — the cable is disconnected, the remote device goes offline, or the interface is manually shut. The static route is removed from the routing table as soon as the interface goes down. However, the most common real-world failure scenario is an upstream provider outage where the local link to the ISP stays physically up but the path to the internet is broken. In this case, the interface never goes down, the static route never leaves the routing table, and the floating backup never activates — all traffic is blackholed. IP SLA probes a destination beyond the local link (8.8.8.8, a DNS server). When probes fail, the track object removes the primary static route from the routing table regardless of interface state, triggering failover.

8. A router running OSPF learns a route to 10.10.10.0/24 via OSPF. A floating static is configured: `ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/1 200`. The OSPF neighbour goes down. How long (approximately) before the floating static activates with default OSPF timers on a broadcast network?

A. Approximately 40 seconds — the default OSPF Dead interval on broadcast networks is 4 × Hello (4 × 10s = 40s); the route is removed after the Dead interval expires B. Immediately — OSPF detects neighbour failure instantly C. 120 seconds — OSPF default Dead interval is 2 minutes D. 30 minutes — OSPF waits for the LSA to expire before removing routes

Correct answer is A. OSPF default timers on broadcast (Ethernet) networks: Hello interval = 10 seconds; Dead interval = 40 seconds (4 × Hello). When an OSPF neighbour goes silent, the router waits the full Dead interval (40 seconds by default) before declaring the neighbour down and removing its routes from the routing table. Only after the OSPF route is removed does the floating static (AD 200) surface and take over — so approximately 40 seconds of downtime before failover. On point-to-point and NBMA links the default Dead interval is 120 seconds. Fast OSPF convergence (Hello 1s, Dead 3s) or BFD can reduce this to sub-second. This convergence delay is a key consideration when evaluating floating static routes vs BFD- assisted failover.

9. After configuring a floating static route backup for a branch office, an engineer wants to test the failover without a real outage. What is the correct test procedure?

A. Reload the router and check if the floating static appears in the routing table B. Delete the primary static route from running-config and check the routing table C. Shut the primary interface with shutdown, verify with show ip route that the floating static is now installed, run ping or traceroute to confirm traffic flows via the backup, then no shutdown and verify primary is restored D. Run debug ip routing and wait for a natural failure

Correct answer is C. This is the correct and complete failover test procedure. Step 1: shutdown the primary interface (simulates a link failure cleanly without risking production impact). Step 2: show ip route <prefix> — confirm the floating static is now installed in the routing table with its higher AD. Step 3: ping <destination> and traceroute <destination> — confirm traffic is flowing through the backup path (not just that the route is in the table). Step 4: no shutdown on the primary interface — confirm the primary route returns and the floating static is removed. Both failover AND recovery must be tested. Simply deleting the primary route from config would work for testing but is destructive — shutdown is the safe and reversible approach.

10. A floating static default route `ip route 0.0.0.0 0.0.0.0 10.2.2.2 10` is configured as backup for a primary default route `ip route 0.0.0.0 0.0.0.0 10.1.1.2`. After the primary interface fails and the floating static activates, the primary link recovers. An engineer checks and finds the floating static is STILL in the routing table alongside the primary route. What is most likely wrong?

A. The floating static AD of 10 is too low — it is now competing with the primary instead of backing it up B. Both AD 1 (primary) and AD 10 (floating) cannot coexist in the routing table — if both are showing, the primary may actually be missing and what appears to be "primary" is a different route; or the primary static was manually re-entered without the AD, defaulting to AD 1, but the floating at AD 10 should not be visible simultaneously C. This is normal — both routes coexist during the recovery period for a few minutes D. The router needs to be reloaded to clear the floating static

Correct answer is B. It is not possible for both an AD 1 static route and an AD 10 static route to the same prefix (0.0.0.0/0) to coexist in the routing table — the router only installs the lowest-AD route. If both appear to be in the routing table, there are several possible explanations: (1) The "primary" showing is actually a different route (e.g., a default learned from DHCP or another source with different AD). (2) The engineer is misreading the output — the table shows the AD in brackets [AD/metric] and they should verify the actual AD values. (3) The primary interface came back but the static route was re-entered incorrectly. Use show ip route 0.0.0.0 and check the [AD/metric] values in brackets carefully for each route shown.

← Back to Home

Floating Static Routes – Backup Routes, AD & Failover

1. What Is a Floating Static Route?

2. Administrative Distance — The Mechanism Behind Floating Routes

3. Regular Static Route vs Floating Static Route

4. Configuration Syntax and Examples

Command Syntax

Example 1 — Floating Static Backing Up a Regular Static Route

Example 2 — Floating Static Backing Up OSPF

Example 3 — Floating Default Route (Dual ISP)

5. The Recursive Lookup Problem — A Critical Caveat

Using Exit Interface Instead of Next-Hop IP

6. Failover Behaviour — Step by Step

7. IP SLA Tracking — Solving the "Link Up but Unreachable" Problem

8. Common Use Cases

9. Verifying Floating Static Routes

10. Floating Static as a Backup to Dynamic Routing Protocols

Choosing the Right Floating AD for Each Protocol

11. Troubleshooting Floating Static Routes

Verification Command Reference

12. Common Misconceptions

13. Best Practices

14. Key Points & Exam Tips

15. Floating Static Routes Quiz

1. A router has these two routes for 10.0.0.0/8 in its running-config: ip route 10.0.0.0 255.0.0.0 192.168.1.2 ip route 10.0.0.0 255.0.0.0 192.168.2.2 200 Both next-hops are currently reachable. What does show ip route display for 10.0.0.0/8?

2. A network engineer configures a floating static route to back up an OSPF-learned route. The OSPF route has AD 110. Which AD should the floating static use, and what happens if the engineer accidentally sets it to 90?

3. A branch router has a primary default route via ISP1's next-hop (203.0.113.1). ISP1's physical link stays UP but ISP1 loses connectivity to the internet. The floating backup route via ISP2 does NOT activate. What must be added to trigger automatic failover in this scenario?

4. Router A has these routes configured: ip route 172.16.0.0 255.255.0.0 10.1.1.2 (AD 1 — primary) ip route 172.16.0.0 255.255.0.0 10.5.5.2 150 (floating) The only route to 10.5.5.2 is via 10.1.1.2. What happens when the primary interface to 10.1.1.2 goes down?

5. An engineer wants two equal paths to 10.0.0.0/8 (ECMP load balancing) but instead configures: ip route 10.0.0.0 255.0.0.0 192.168.1.2 and ip route 10.0.0.0 255.0.0.0 192.168.2.2 5. What actually happens?

6. A network admin runs show ip route and does NOT see the floating static route for 192.168.50.0/24 that they configured yesterday. show running-config confirms the route is present with AD 200. The primary OSPF route to 192.168.50.0/24 is also visible in the routing table. Is there a problem?

7. What is the primary difference between a floating static route failover triggered by an interface going DOWN versus one backed by IP SLA tracking?

8. A router running OSPF learns a route to 10.10.10.0/24 via OSPF. A floating static is configured: ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/1 200. The OSPF neighbour goes down. How long (approximately) before the floating static activates with default OSPF timers on a broadcast network?

9. After configuring a floating static route backup for a branch office, an engineer wants to test the failover without a real outage. What is the correct test procedure?

1. A router has these two routes for 10.0.0.0/8 in its running-config:
`ip route 10.0.0.0 255.0.0.0 192.168.1.2`
`ip route 10.0.0.0 255.0.0.0 192.168.2.2 200`
Both next-hops are currently reachable. What does `show ip route` display for 10.0.0.0/8?

4. Router A has these routes configured:
`ip route 172.16.0.0 255.255.0.0 10.1.1.2` (AD 1 — primary)
`ip route 172.16.0.0 255.255.0.0 10.5.5.2 150` (floating)
The only route to 10.5.5.2 is via 10.1.1.2. What happens when the primary interface to 10.1.1.2 goes down?

5. An engineer wants two equal paths to 10.0.0.0/8 (ECMP load balancing) but instead configures: `ip route 10.0.0.0 255.0.0.0 192.168.1.2` and `ip route 10.0.0.0 255.0.0.0 192.168.2.2 5`. What actually happens?

6. A network admin runs `show ip route` and does NOT see the floating static route for 192.168.50.0/24 that they configured yesterday. `show running-config` confirms the route is present with AD 200. The primary OSPF route to 192.168.50.0/24 is also visible in the routing table. Is there a problem?