[j-nsp] /32 host routes on down interfaces

Paul Stewart paul at paulstewart.org
Thu Apr 22 15:09:22 EDT 2010


Hey Richard...

That is an interesting find - my thought would have been the same.  Don't
install the route OR the host route into the table unless it's active.

Why would you have a route entry exist to an interface that is down and
could never pass traffic?  Just my thoughts...

Would be interesting to hear from JTAC if this was a design "feature" or an
overlooked "oops"....

Paul


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Richard A
Steenbergen
Sent: April-22-10 3:03 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] /32 host routes on down interfaces

So I just noticed an interesting behavior which I think is a bad thing, 
but I want to see what other people think.

If you take an interface and put an IP route on it, like say:

interfaces {
    xe-0/0/0 {
        unit 0 {
            family inet {
                address 1.1.1.1/30;
            }
        }
    }
}

And the above interface is DOWN, the 1.1.1.0/30 route is not installed 
to the routing table like one would expect, but the 1.1.1.1/32 HOST 
ROUTE is:

inet.0: 326321 destinations, 3502101 routes (319320 active, 11 holddown,
316892 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[Local/0] 00:00:05
                      Reject

And if you try to route traffic through the box for 1.1.1.1, it is
rejected. The same is true even if you admin down the interface with
"interface xe-0/0/0 disable", it always installs the /32 local route.

This seems like a bad thing to me. If the interface is down (either link
or admin) I don't see why you'd need the local route installed in the
routing table?

I'm assuming the reason nobody has complained before is it doesn't break
that much stuff, since the only time most people talk to an interface
host route is via the directly conected interface. The only reason I
noticed it at all was we were doing router migrations and pre-staging
the config on new router ports, so the IP existed on multiple routers 
but only 1 link would be active at any given moment. And yes I know you 
can always work around this by deactivating the interface so the IP 
config doesn't go into the parser at all, I'm just wondering why it 
would be designed this way in the first place. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list