WeOSStatic Routing
Introduction
IP routing enables forwarding of data packets between otherwise isolated network segments, allowing end devices to communicate across networks of different type and topology.
All IP based devices, including routers, have a routing table which is consulted for each outbound IP packet. The path, or route, to be taken is determined based on the destination IP address of the packet. The only real difference between an end-device (or switch) and a router is that the forwarding mechanism is enabled on a router, i.e., inbound packets are allowed to be forwarded based on the routing table.
Three criteria must be met for an IP packet to be routed:
- A route must exist, a default route is sufficient
- The TTL of the packet must be > 1
- IP forwarding must be enabled in the router
The routing table can populated manually by setting up static routes, or automatically by using a dynamic routing protocol like OSPF or RIP, or a combination of both. Static IP routing is usually sufficient for small IP networks, or networks with no redundant paths. To manage routing in larger networks, it is preferred to use dynamic IP routing. Here is an example of how the routing table can look:
example:/#> show ip route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPF | R - RIP | [Distance/Metric] | * - FIB route s>* 0.0.0.0/0 [1/0] via 192.168.2.1, vlan1 C>* 169.254.0.0/16 is directly connected, vlan1 C>* 192.168.2.0/24 is directly connected, vlan1
Note: A routing table may contain multiple matching routes for a
given destination. The route is selected based on best
match, which means a /24, for example, is a better match
than a /16. If more than one route matches, the distance
acts as a tiebreaker.
Distance
All routes in the routing table have a distance, which is used to find the best path for a packet if more than one route matches a destination. A lower value is better and a route with distance 0 (connected route) will always be used.
Different routing methods have different default distances which are used unless otherwise specified:
| Distance | Protocol |
|---|---|
| 0 | Connected |
| 1 | Static (manual) |
| 16 | Static (DHCP) |
| 110 | OSPF |
| 120 | RIP |
Table 1: Overview of default route distances for different protocols
Hence, a route from RIP is worth less than an OSPF route and a static route trumps both. This way multiple routes can be installed to provide automatic fail-over to another routing path in case a router goes down.
The table lists static routes learned from a DHCP server as having the distance value 16. This is to be able to locally override in case the routes (usually just the default route) are wrong or otherwise require adjusting.
IP Forwarding
As mentioned previously, a router must have IP forwarding enabled to be able to route packets. This is the default for products with this capability.
example:/#> configure ip example:/config/ip/#> forwarding example:/config/ip/#> leave
Static routes
To route all trafic to subnet 192.168.10.0/24 in a specific direction, use the following commands:
example:/#> configure ip example:/config/ip/#> route 192.168.10.0/24 192.168.0.1 example:/config/ip/#> leave
Default Route
Sometimes also referred to as Default Gateway, the default route is where an IP device sends all packets for which it does not have a better route for. A sort of last resort.
example:/#> configure ip example:/config/ip/#> route default 192.168.0.1 example:/config/ip/#> leave
Blackhole Routes
To prevent traffic from being redirected to the default gateway before
routes have been established, you can add a blackhole route. This is is
a route for a network that points to the null0 interface, meaning all
traffic for that network will be silently discarded.
When creating a blackhole route it is important that it should have an higher distance (use 255 for blackhole routes) than the real route to the network.
In the following example a neighbouring network 172.16.0.0/16 can be usually be reached via the neigbouring router 192.168.3.1. However, that interface is currently down and to prevent traffic from instead being sent to the default gateway 192.168.2.42, we add a blackhole route.
example:/#> configure ip example:/config/ip/#> route 172.16.0.0/16 192.168.3.1 example:/config/ip/#> route 172.16.0.0/16 null0 255 example:/config/ip/#> leave Applying configuration. Configuration activated. Remember "copy run start" to save to flash (NVRAM). example:/#> show ip route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPF | R - RIP | [Distance/Metric] | * - FIB route s>* 0.0.0.0/0 [16/0] via 192.168.0.1, vlan1 C>* 169.254.0.0/16 is directly connected, vlan1 s 172.16.0.0/16 [255/0] is directly connected, Null0, bh s 172.16.0.0/16 [1/0] via 192.168.3.1 inactive C>* 192.168.0.0/24 is directly connected, vlan1
Blackhole routes are also referred to as null routes or discard routes.
Route Monitor
In cases when there are a multiple paths to a network, it is possible to switch between the available paths using ping trigger alarm, policy route and route monitor.
If the system detects a monitored route target becomes unreachable then it updates the administrative distance of the route to max (255). Making effectivity unreachable and forcing all route on any remaining route(s).
If route became reachable again and the peer is reachable, this clears the alarm and the route monitor update administrative distance to the configured value.
The following example demonstrates how to configure two default routes, with route monitor.
example:/#> configure ip example:/config/ip/#> route default 192.168.1.99 1 track 1> example:/config/ip/#> route default 192.168.2.99 1 track 2> example:/config/ip/#> show route Network Netmask Gateway Iface Dist TrigId ============================================================================== 0.0.0.0 0.0.0.0 192.168.1.99 * 1 1 0.0.0.0 0.0.0.0 192.168.2.99 * 1 2 example:/config/ip/#> leave
This is how the show ip route looks like if both peers are reachable
example:/#> show ip route-monitor Network Gateway Trigger-id Reachable Installed 0.0.0.0/0 192.168.1.99 1 YES YES 0.0.0.0/0 192.168.1.99 2 YES YES