WeOSStatic Routing
Introduction
IP routing enables forwarding of data packets between otherwise isolated network segments, allowing end devices to communicate across networks of different type and topology.
All IP based devices, including routers, have a routing table which is consulted for each outbound IP packet. The path, or route, to be taken is determined based on the destination IP address of the packet. The only real difference between an end-device (or switch) and a router is that the forwarding mechanism is enabled on a router, i.e., inbound packets are allowed to be forwarded based on the routing table.
Three criteria must be met for an IP packet to be routed:
- A route must exist, a default route is sufficient
- The TTL of the packet must be > 1
- IP forwarding must be enabled in the router
The routing table can populated manually by setting up static routes, or automatically by using a dynamic routing protocol like OSPF or RIP, or a combination of both. Static IP routing is usually sufficient for small IP networks, or networks with no redundant paths. To manage routing in larger networks, it is preferred to use dynamic IP routing. Here is an example of how the routing table can look:
example:/#> show ip route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPF | R - RIP | [Distance/Metric] | * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.2.1, vlan1, weight 1, 00:01:44 C>* 169.254.0.0/16 is directly connected, vlan1, 00:01:44 C>* 192.168.2.0/24 is directly connected, vlan1, 00:01:44
example:/#> show ipv6 route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPFv6 | R - RIPng | [Distance/Metric] | * - FIB route
S>* ::/0 [1/0] via 2001:db8::1, vlan1, weight 1, 00:00:36 C>* 2001:db8::/64 is directly connected, vlan1, 00:00:36 C * fe80::/64 is directly connected, vlan1, 00:00:36 C>* fe80::/64 is directly connected, br0, 00:00:36
Note
A routing table may contain multiple matching routes for a given
destination. The route is selected based on best match, which means a
/24, for example, is a better match than a /16. If more than one route
matches, the distance acts as a tiebreaker.
Note
If a route is configured with a next-hop address that is not reachable, that route is inactive and may not even be shown in the routing table.
Distance
All routes in the routing table have a distance, which is used to find the best path for a packet if more than one route matches a destination. A lower value is better and a route with distance 0 (connected route) will always be used.
Different routing methods have different default distances which are used unless otherwise specified:
| Distance | Protocol |
|---|---|
| 0 | Connected |
| 1 | Static (manual) |
| 16 | Static (DHCP) |
| 110 | OSPF |
| 120 | RIP |
Table 1: Overview of default route distances for different protocols.
Hence, a route from RIP is worth less than an OSPF route and a static route trumps both. This way multiple routes can be installed to provide automatic fail-over to another routing path in case a router goes down.
The table lists static routes learned from a DHCP server as having the distance value 16. This is to be able to locally override in case the routes (usually just the default route) are wrong or otherwise require adjusting.
IP Forwarding
As mentioned previously, a router must have IP forwarding enabled to be able to route packets. This is the default for products with this capability.
example:/#> configure ip example:/config/ip/#> forwarding example:/config/ip/#> leave
example:/#> config ipv6 example:/config/ipv6/#> forwarding example:/config/ipv6/#> leave
Default behavior regarding IPv6
Currently, both IPv6 in general and IPv6 forwarding are disabled by default. Both of these must be enabled to allow IPv6 traffic to pass through the device.
Static routes
Static routes are configured from the ip/ipv6 context in the CLI:
example:/#> configure ip example:/config/ip/#>
example:/#> config ipv6 example:/config/ipv6/#>
A static route requires a destination network and a next-hop destination. The destination network is the network that the route is for, and the destination is instructions how to reach that network from the router.
Static Route to a Next-Hop Gateway
To configure static routes from a given network to a specific next-hop gateway address, use the following commands:
example:/#> configure ip example:/config/ip/#> route 192.168.10.0/24 192.168.0.1 example:/config/ip/#> leave
example:/config/ipv6/#> route 2001:db8:10::/64 2001:db8::1 example:/config/ipv6/#> leave
Static Route to an Interface
The next-hop can also be specified as an interface instead of an IP address. To configure a static route to an interface, use the following commands:
example:/config/ip/#> route 192.168.10.0/24 ssl1 example:/config/ip/#> leave
example:/config/ipv6/#> route 2001:db8:10::/64 ssl1 example:/config/ipv6/#> leave
Usage
Using an interface as a next-hop can be useful for point-to-point links, where there is only one destination on the other end of the link. As an example, the interface type in this case could be a SSL or GRE interface.
Multi-Access Interfaces
It is generally a good idea to avoid using interfaces as next-hops for multi-access interfaces.
Static Route with a Distance
If a specific distance is required, it can be added as an optional parameter. The following example sets the distance to 2:
example:/config/ip/#> route 192.168.10.0/24 192.168.0.1 2 example:/config/ip/#> leave
example:/config/ipv6/#> route 2001:db8:10::/64 2001:db8::1 2 example:/config/ipv6/#> leave
Unreachable Distance
A route with a distance set to 255 is considered unreachable and will not be added to the routing table.
Default Route
Sometimes referred to as the Default Gateway, the default route is where an IP device sends all packets for which it does not have a more specific route. It acts as a last resort. To configure a default route, use the following commands:
example:/config/ip/#> route default 192.168.0.1 example:/config/ip/#> leave
example:/config/ipv6/#> route default 2001:db8::1 example:/config/ipv6/#> leave
Blackhole Routes
To prevent traffic from being redirected to the default gateway before
routes have been established, you can add a blackhole route. This is is
a route for a network that points to the null0 interface, meaning all
traffic for that network will be silently discarded.
When creating a blackhole route it is important that it should have an higher distance (use 255 for blackhole routes) than the real route to the network.
In the following example, we configure a route for a network to a specific next-hop gateway. Additionally, we add a blackhole route for the same network. This blackhole route will discard traffic if the interface for the next-hop gateway goes down, preventing it from being sent to the default gateway.
example:/config/ip/#> route 172.16.0.0/16 192.168.3.1 example:/config/ip/#> route 172.16.0.0/16 null0 255 example:/config/ip/#> leave Applying configuration. Configuration activated. Remember “copy run start” to save to flash (NVRAM). example:/#> show ip route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPF | R - RIP | [Distance/Metric] | * - FIB route
s>* 0.0.0.0/0 [16/0] via 192.168.0.1, vlan1 C>* 169.254.0.0/16 is directly connected, vlan1 s 172.16.0.0/16 [255/0] is directly connected, Null0, bh s 172.16.0.0/16 [1/0] via 192.168.3.1 inactive C>* 192.168.0.0/24 is directly connected, vlan1
example:/config/ipv6/#> route 2001:db8:10::/64 2001:db8:2::1 example:/config/ipv6/#> route 2001:db8:10::/64 null0 255 example:/config/ipv6/#> leave Applying configuration. Configuration activated. Remember “copy run start” to save to flash (NVRAM). example:/#> show ipv6 route S - Static | C - Connected | K - Kernel route | > - Selected route O - OSPFv6 | R - RIPng | [Distance/Metric] | * - FIB route
S> ::/0 [1/0] via 2001:db8::1, vlan1, weight 1, 00:01:45 C> 2001:db8::/64 is directly connected, vlan1, 00:01:45 C> 2001:db8:2::/64 is directly connected, vlan2, 00:00:03 S> 2001:db8:10::/64 [1/0] via 2001:db8:2::1, vlan2, weight 1, 00:00:03 S 2001:db8:10::/64 [255/0] unreachable (blackhole), weight 1, 00:01:46 C * fe80::/64 is directly connected, vlan2, 00:00:03 C * fe80::/64 is directly connected, vlan1, 00:01:45 C>* fe80::/64 is directly connected, br0, 00:01:45
Tip
Blackhole routes are also referred to as null routes or discard routes.
Route Monitor
Note
Route monitoring is currently only supported for IPv4 static routes.
In cases when there are a multiple paths to a network, it is possible to switch between the available paths using ping trigger alarm, policy route and route monitor.
If the system detects a monitored route target becomes unreachable then it updates the administrative distance of the route to max (255). Making effectivity unreachable and forcing all route on any remaining route(s).
If route became reachable again and the peer is reachable, this clears the alarm and the route monitor update administrative distance to the configured value.
The following example demonstrates how to configure two default routes, with route monitor.
example:/#> configure ip example:/config/ip/#> route default 192.168.1.99 1 track 1> example:/config/ip/#> route default 192.168.2.99 1 track 2> example:/config/ip/#> show route Network Netmask Gateway Iface Dist TrigId ============================================================================== 0.0.0.0 0.0.0.0 192.168.1.99 * 1 1 0.0.0.0 0.0.0.0 192.168.2.99 * 1 2 example:/config/ip/#> leave
This is how the show ip route looks like if both peers are reachable
example:/#> show ip route-monitor Network Gateway Trigger-id Reachable Installed 0.0.0.0/0 192.168.1.99 1 YES YES 0.0.0.0/0 192.168.1.99 2 YES YES