A Static Route defines a fixed path that network traffic should take to reach a specific subnet. Unlike dynamic routing, which adjusts paths automatically, static routes are manually configured and remain in place until changed or removed.

When creating a static route, you will always see the following fields:

1. Name – An arbitrary label to quickly identify the purpose of this route.
2. Type – The route type. Options: Next Hop, Interface, or Black Hole.
3. Network – The destination subnet (not only a single IP, use /32 for single IPv4 address routes) in CIDR notation (e.g. 192.168.50.0/24).
4. Metric – A numerical value that determines the route’s priority. Lower values are preferred over higher ones.

Depending on the Type selected, additional fields may appear:

• Next Hop – Requires the IP address of the next hop router.
• Interface – Requires the Interface to send traffic through.
• Black Hole – No additional fields; traffic to the specified subnet is silently discarded.

Route Types Explained

Next Hop

A Next Hop route sends traffic for a specific subnet to another router for further delivery.

When to use:

• Connecting to a remote branch office through a dedicated router, such as a provider-managed router on managed private WAN service.
• Routing to a network segment managed by a different router in the topology.

Example:

• Network: 10.5.0.0/16
• Next Hop: 192.168.1.2 (router at branch office)

Interface

An Interface route sends traffic for a subnet directly out of a specified network interface.

• When to use:
  • Routing across point-to-point interfaces such as VPNs.
  • Not to be used with Ethernet networks, as Ethernet requires a next hop for routing.
• Example:
  • Network: 172.20.10.0/24
  • Interface: wg (Wireguard VPN)

Black Hole

A Black Hole route discards all traffic destined for the specified subnet without notifying the sender.

• When to use:
  • Prevent routing loops.
  • Block traffic to specific IP ranges for security or policy reasons.
• Example:
  • Network: 203.0.113.0/24 (unwanted external network)
  • Networks: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 to prevent routing RFC 1918 networks to the internet. The directly-connected private networks will have more specific routes (usually /24) which win over the less-specific routes, hence this does not break private network connectivity unless you’re using the full 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 as the assignment on one of your VLANs.

Understanding Metrics

The Metric field controls route preference — lower numbers are chosen over higher ones when multiple routes match a destination.

Default metrics vary depending on the type of route:

For example, if you have a connected route to 192.168.1.0/24 (metric 0) and a static route to the same network with metric 1, the connected route will always be preferred.

For example, if you have redundant private WAN service with two provider-managed routers, you would add a static route with a lower metric pointing to the primary router, and a second static route with a higher metric pointing to the secondary router.