Configuring Network Routing
The system provides a single IP routing table, consisting of a collection of routing
table entries. When an IP packet needs to be sent to a given destination, the system
selects the routing entry whose destination most closely matches the packet's
destination address (subject to the system's multihoming policy; see below). It then
uses the information in the routing entry to determine what IP interface to send the
packet on and, if the destination is not directly reachable, the next-hop gateway to
use. If no routing entries match the destination, the packet will be dropped. If
multiple routing entries tie for closest match (and are not otherwise prioritized by
multihoming policy), the system will load-spread across those entries on a
per-connection basis.
The system does not act as a router.
The routing table is comprised of routing entries, each of which has the following
fields:
Table 19 Routing Entry Fields
|
|
|
|
Destination
|
Range of IP destination addresses (in CIDR notation) that can
match the route
|
192.168.0.0/22
|
|
Gateway
|
Next hop (IP address) to send the packet to (except for "system"
routes -- see below)
|
192.168.2.80
|
|
Family
|
Internet protocol
|
IPv4, IPv6
|
|
Type
|
Origin of the route
|
dhcp, direct, static, system
|
|
Status
|
Route status
|
active, inactive (static or direct route associated with a
disabled or offline IP interface)
|
|
Interface
|
IP interface the packet will be sent on
|
igb0
|
|
A routing entry with a "destination" field of 0.0.0.0/0 matches any
packet (if no other route matches more precisely), and is thus known as a 'default'
route. In the BUI, default routes are distinguished from non-default routes by an
additional property:
Table 20 Distinguishing Default from Non-default Routes
|
Kind
|
Route kind
|
Default, Network
|
|
As above, a given packet will be sent on the IP interface specified in the routing
entry's "interface" field. If an IPMP interface is specified, then one of the active IP
interfaces in the IPMP group will be chosen randomly on a per-connection basis and
automatically refreshed if the chosen IP interface subsequently becomes unusable.
Conversely, if a given IP interface is part of an IPMP group, it cannot be specified in
the "interface" field because such a route would not be highly-available.
Routing entries come from a number of different origins, as identified by the "type"
field. Although the origin of a routing entry has no bearing on how it is used by the
system, its origin does control if and how it can be edited or deleted. The system
supports the following types of routes:
Table 21 Supported Route Types
|
|
|
Static
|
Created and managed by the appliance administrator.
|
|
Dynamic
|
Created automatically by the appliance via the RIP and RIPng
dynamic routing protocols (if enabled).
|
|
DHCP
|
Created automatically by the appliance part of enabling an IP
interface that is configured to use DHCP. A DHCP route will be
created for each default route provided by the DHCP server.
|
|
System
|
Created automatically by the appliance as part of enabling an IP
interface. A system route will be created for each IP subnet the
appliance can directly reach. Since these routes are directly
reachable, the "gateway" field instead identifies the appliance's IP
address on that subnet.
|
|
Direct
|
Created and managed as a network interface property: Directly
Reachable Network(s). Directly reachable subnet that the local IP
address is not a member of, but to which the datalink of its
interface is physically connected. This improves scalability by
conserving IP addresses, and could ease traffic congestion through
core switches and routers.
|
|
Note that direct routes are configured as network interfaces using either the
Configuration > Network BUI screen or the configuration net
interfaces CLI context. Direct routes are not managed via the Routing BUI
screen nor the routing CLI context.
Table 22 Routing Properties
|
|
|
Multihoming model
|
Controls the system policy for accepting and transmitting IP
packets when multiple IP interfaces are simultaneously enabled.
Allowed values are "loose" (default), "adaptive", and "strict". See
the discussion below.
|
|
If a system is configured with more than one IP interface, then there may be multiple
equivalent routes to a given destination, forcing the system to choose which IP
interface to send a packet on. Similarly, a packet may arrive on one IP interface, but
be destined to an IP address that is hosted on another IP interface. The system's
behavior in such situations is determined by the selected multihoming policy. Three
policies are supported:
Table 23 Multihoming Policies
|
|
|
Loose
|
Do not enforce any binding between an IP packet and the IP
interface used to send or receive it: 1) An IP packet will be
accepted on an IP interface so long as its destination IP address is
up on the appliance. 2) An IP packet will be transmitted over the IP
interface tied to the route that most specifically matches an IP
packet's destination address, without any regard for the IP
addresses hosted on that IP interface. If no eligible routes exist,
drop the packet.
|
|
Adaptive
|
Identical to loose, except prefer routes with a gateway address on
the same subnet as the packet's source IP address: 1) An IP packet
will be accepted on an IP interface so long as its destination IP
address is up on the appliance. 2) An IP packet will be transmitted
over the IP interface tied to the route that most specifically
matches an IP packet's destination address. If multiple routes are
equally specific, prefer routes that have a gateway address on the
same subnet as the packet's source address. If no eligible routes
exist, drop the packet.
|
|
Strict
|
Require a strict binding between an IP packet and the IP interface
used to send or receive it: 1) An IP packet will be accepted on an
IP interface so long as its destination IP address is up on that IP
interface. 2) An IP packet will only be transmitted over an IP
interface if its source IP address is up on that IP interface. To
enforce this, when matching against the available routes, the
appliance will ignore any routes that have gateway addresses on a
different subnet from the packet's source address. If no eligible
routes remain, drop the packet.
|
|
When selecting the multihoming policy, a key consideration is whether any of the
appliance's IP interfaces will be dedicated to administration (for example, for
dedicated BUI access) and thus accessed over a separate administration network. In
particular, if a default route is created to provide remote access to the administration
network, and a separate default route is created to provide remote access to storage
protocols, then the default system policy of "loose" may cause the administrative
default route to be used for storage traffic. By switching the policy to "adaptive" or
"strict", the appliance will consider the IP address associated with the request as part
of selecting the route for the reply. If no route can be found on the same IP interface,
the "adaptive" policy will cause the system to use any available route, whereas the
"strict" policy will cause the system to drop the packet.