Manual:Using scope and target-scope attributes: Difference between revisions
m Protected "Using scope and target-scope attributes": will be in manual [edit=sysop:move=sysop] |
(No difference)
|
Revision as of 11:37, 19 February 2008
The problem
No all routes in present in routing table are active. One of thing neccessary for a route to become active, is that it's nexthop can be resolved. Inactive routes are not used for packet forwarding and are not redistributed to routing protocols. They do nothing useful, just waste memory :)
Route scope and target scope attributes can be used to change nexthop resolving. Normally nexthops can be resolved only through routes that are on link. On the other hand, routes in BGP updates frequently has nexthops from networks that are not directly connected. By default, these routes will be installed in routing table but will not be active:
[admin@A] > ip route pr detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, B - blackhole, U - unreachable, P - prohibit 0 Db dst-address=3.0.0.0/8 gateway=192.65.184.3 interface="" gateway-state=unreachable distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,7018,701,703,80" bgp-local-pref=100 bgp-origin=igp received-from=10.0.0.128 1 Db dst-address=4.0.0.0/8 gateway=192.65.184.3 interface="" gateway-state=unreachable distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,3356" bgp-local-pref=100 bgp-atomic-aggregate=yes bgp-origin=igp received-from=10.0.0.128 2 Db dst-address=4.21.104.0/24 gateway=192.65.184.3 interface="" gateway-state=unreachable distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,7018,26207,26207,26207,26207" bgp-local-pref=100 bgp-origin=igp received-from=10.0.0.128 3 Db dst-address=4.21.112.0/23 gateway=192.65.184.3 interface="" gateway-state=unreachable distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,7018,26207,26207,26207,26207" bgp-local-pref=100 bgp-origin=igp received-from=10.0.0.128
Solution using scope attribute
One way to make all routes active is to allow to resolve nexthops through default route. To do that, you can make use of recursive nexthop resolving. Add default route with scope < target-scope of BGP routes:
[admin@A] > ip route add gateway=10.0.0.1 scope=10 [admin@A] > ip route pr detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=10.0.0.1 interface=ether1 gateway-state=reachable distance=1 scope=10 target-scope=10 1 ADb dst-address=3.0.0.0/8 gateway=192.65.184.3 interface=ether1 gateway-state=recursive distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,7018,701,703,80" bgp-local-pref=100 bgp-origin=igp received-from=10.0.0.128 2 ADb dst-address=4.0.0.0/8 gateway=192.65.184.3 interface=ether1 gateway-state=recursive distance=20 scope=255 target-scope=30 bgp-as-path="513,8220,3356" bgp-local-pref=100 bgp-atomic-aggregate=yes bgp-origin=igp received-from=10.0.0.128
Solution using target-scope attribute
When there is need to change target-scope? Possible problems with previously described approach are that all routes in the table always will be active. This may be not what you want.
An example: router with two interfaces, ethernet and wireless. All BGP routes are resolved through ethernet; wireless interface has some additional static routes. You want these static routes to be active only when wireless interface is in running state. Normally this is the case. However, when there is a default route with low enough scope, all routes will be switched to ethernet interface after wireless interface loses it's running bit.
One possible solution is to leave the scope of default route intact and modify the target-scope of BGP routes.
[admin@A] > ip route set 0 scope=255 [admin@A] > routing filter add chain=bgp-in set-target-scope=255 [admin@A] > routing bgp peer set peer1 in-filter=bgp-in [admin@A] > ip route pr detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=10.0.0.1 interface=ether1 gateway-state=reachable distance=1 scope=255 target-scope=10 1 ADb dst-address=3.0.0.0/8 gateway=192.65.184.3 interface=ether1 gateway-state=recursive distance=200 scope=255 target-scope=255 bgp-as-path="513,8220,7018,701,703,80" bgp-local-pref=100 bgp-origin=igp received-from=10.0.0.128 2 ADb dst-address=4.0.0.0/8 gateway=192.65.184.3 interface=ether1 gateway-state=recursive distance=200 scope=255 target-scope=255 bgp-as-path="513,8220,3356" bgp-local-pref=100 bgp-atomic-aggregate=yes bgp-origin=igp received-from=10.0.0.128
How not to use them
Possibility to set both scope and target scope of nexthops is a powerful feature and as such can be easily abused. It is possible to create nexthop resolving loops. If there will be a logical loop in the routing table, RouterOS will not freeze, it will simply stop nexthop resolving at some point.
Simple loop example (three routes, each one wanting to resolve through another):
[admin@A] > /ip route add dst-address=1.1.1.0/24 gateway=2.2.2.2 scope=10 target-scope=10 [admin@A] > /ip route add dst-address=2.2.2.0/24 gateway=3.3.3.3 scope=10 target-scope=10 [admin@A] > /ip route add dst-address=3.3.3.0/24 gateway=1.1.1.1 scope=10 target-scope=10 [admin@A] > /ip route pr Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE 0 S 1.1.1.0/24 2.2.2.2 1 1 S 2.2.2.0/24 3.3.3.3 1 2 S 3.3.3.0/24 1.1.1.1 1 3 ADC 10.0.0.0/24 10.0.0.133 0 ether1
Change the gateway of any of the first three routes to 10.0.0.x and they all will become active.
More complex loop example:
[admin@A] > ip route add dst-address=1.1.1.0/24 gateway=3.3.3.3 scope=10 target-scope=10 [admin@A] > ip route add dst-address=1.1.1.0/24 gateway=10.0.0.1 scope=10 target-scope=10 distance=3 [admin@A] > ip route add dst-address=3.3.3.0/24 gateway=1.1.1.1 scope=10 target-scope=10 [admin@A] > ip route pr detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, B - blackhole, U - unreachable, P - prohibit 0 S dst-address=1.1.1.0/24 gateway=3.3.3.3 interface=ether1 gateway-state=recursive distance=1 scope=10 target-scope=10 1 A S dst-address=1.1.1.0/24 gateway=10.0.0.1 interface=ether1 gateway-state=reachable distance=3 scope=10 target-scope=10 2 A S dst-address=3.3.3.0/24 gateway=1.1.1.1 interface=ether1 gateway-state=recursive distance=1 scope=10 target-scope=10 3 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.133 interface=ether1 distance=0 scope=10 target-scope=0
Note that now the active route has larger (i.e. worse) distance.
Interface routes, unreachable routes and nexhops
Nexthops cannot be resolved through interface routes (i.e. routes that have interface index instead of gateway address as nexthop). Nexthops also cannot be resolved through unreachable routes (with type B, U, or P) even when they are active. They also do not have nexthops themselves.