What I mean, is this legal:
ip route 10.0.0.0 255.255.255.0 g0/0/0
ip route 0.0.0.0 0.0.0.0 g0/0/0
Yes, absolutely. This would be fairly common actually.
A real world scenario where this might come into play is if you have a route for 10.0.0.0 /8 on port 2 but one of your 10.X.X.X networks is reachable off of port 0. This keeps the routing table smaller than if you had to break up the 10.0.0.0 /8 into a bunch of routes.
Best practice though is to use the next hop IP for the destination, not the exit interface.
ip route 10.0.0.0 255.255.255.0 184.108.40.206<--next hop
Great, thanks for the info.
Also a requirement for it to work unless it's a P2P link, proxy-arp is enabled, or a few other corner cases.
Well cisco's best practice is to use outgoing interface AND next-hop IP address on multi access link like Ethernet
That is false.
Well, say this to Cisco Engineers ;) https://www.cisco.com/c/en/us/support/docs/dial-access/floating-static-route/118263-technote-nexthop-00.html
Is it still false ?!
Yes, it is still very much false.
First off, when you say "Cisco Engineers" you imply something like an engineer from a BU, the person who writes code or designs how processes and systems should work. A TAC "Engineer" is very much a different animal, and often so much an engineer but just some troubleshooter pushing cases around. I had a TAC "Engineer" tell one of my customers that PIM only supported a maximum of 2 neighbors for instance. The person in question was a full time US employee, 4 digit CCIE as well (same as the author of this article). Their fix was to pin up static IGMP joins across a large, multi-site corporate network. Neither of those things are correct, and in fact the customer actually had no multicast issue at all, which was able to be diagnosed in about 10 minutes. I've had an AS NCE tell me how you couldn't use devices on Nexus VPC unless they were dual homed, and I know of another AS NCE that went the other way and sold, designed, and implemented a setup that required ASA's L3 IGP peer with Nexus via VPC (which wasn't supported at all at the time and is still strongly discouraged). So while he may be a seasoned engineer, in general I'd say take whatever comes out of TAC with a grain of salt.
Second, the tech note you cite is not a best practice recommendation for all network deployments so much as addressing a corner case that rarely arises. The author is overstepping his bounds by not being more clear on this. It specifically addresses floating static routes being used as two methods of exit form a device, not a single static route or combination of static and dynamic routes. If you have two static paths out of the network on Ethernet and you're not using something like IP SLAs to control traffic, then you're a) doing it wrong and b) route recursion is going to be the least of your problems. Infact you'd probably be better pointing a static route W/O interface at the distant router's loopback and controlling that via IP SLA, EEM, or some other wizardry. TL/DR: Don't use floating static routes in production.
Additionally, having a case where you are running both static and dynamic routing together, with multiple exits, or using two static networks such that recursion like that which is described in the doc occur AND also cause a black-holing of traffic is exceedingly rare, especially if you're not bringing in something like tunnels. So rare in fact that I'd say it it likely to never occur in a well designed network.
So no, authoritatively, it is not the recommended best practice by Cisco to always specify IP and interface on Ethernet links. It is only recommended in a situation where it would be needed, which is rare, and probably warrants a second recommendation to avoid or exit said situation ASAP.
OK. If a CCIE who write several books has wrong... And if a doc authorised for publishing by Cisco is don't relevant ...OK. I work for a service provider and we use floating static route a loot w/o ip SLA or some other shit like that. The network is working well. Ima stick with this idea.
I already explained the CCIE thing (don't mean shit by itself), and just because you're doing something at work don't make it right. And you clearly don't know how Cisco docs work when you talk about "authorized". Pretty much anyone could put out anything, especially in the past. Then again your whole first sentence and lack of any reasonable rebuttal here shows a complete lack of reading comprehension of my prior statement, intentional or otherwise.
ISPs larger than yours have plenty of fucked up shit going on, likely more fucked up than what you guys are doing. But you do what you want with your network there, you wanna type in a whole bunch of extra stuff (and not run an IGP in the first place), be my guest.
You're very negative today.