[j-nsp] /32 host routes on down interfaces
Richmond, Jeff
Jeff.Richmond at frontiercorp.com
Thu Apr 22 15:31:35 EDT 2010
This has been there for a while, so if it was overlooked it has been ongoing. :)
We ran in to this when migrating from some M20s/M40e's to M320s. Had to remember to deactivate the interface on the old router as it was still showing the /32 side of the connected as active even when the fiber was pulled...
-Jeff
On Apr 22, 2010, at 12:09 PM, Paul Stewart wrote:
> Hey Richard...
>
> That is an interesting find - my thought would have been the same. Don't
> install the route OR the host route into the table unless it's active.
>
> Why would you have a route entry exist to an interface that is down and
> could never pass traffic? Just my thoughts...
>
> Would be interesting to hear from JTAC if this was a design "feature" or an
> overlooked "oops"....
>
> Paul
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Richard A
> Steenbergen
> Sent: April-22-10 3:03 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] /32 host routes on down interfaces
>
> So I just noticed an interesting behavior which I think is a bad thing,
> but I want to see what other people think.
>
> If you take an interface and put an IP route on it, like say:
>
> interfaces {
> xe-0/0/0 {
> unit 0 {
> family inet {
> address 1.1.1.1/30;
> }
> }
> }
> }
>
> And the above interface is DOWN, the 1.1.1.0/30 route is not installed
> to the routing table like one would expect, but the 1.1.1.1/32 HOST
> ROUTE is:
>
> inet.0: 326321 destinations, 3502101 routes (319320 active, 11 holddown,
> 316892 hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 1.1.1.1/32 *[Local/0] 00:00:05
> Reject
>
> And if you try to route traffic through the box for 1.1.1.1, it is
> rejected. The same is true even if you admin down the interface with
> "interface xe-0/0/0 disable", it always installs the /32 local route.
>
> This seems like a bad thing to me. If the interface is down (either link
> or admin) I don't see why you'd need the local route installed in the
> routing table?
>
> I'm assuming the reason nobody has complained before is it doesn't break
> that much stuff, since the only time most people talk to an interface
> host route is via the directly conected interface. The only reason I
> noticed it at all was we were doing router migrations and pre-staging
> the config on new router ports, so the IP existed on multiple routers
> but only 1 link would be active at any given moment. And yes I know you
> can always work around this by deactivating the interface so the IP
> config doesn't go into the parser at all, I'm just wondering why it
> would be designed this way in the first place. :)
>
> --
> Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list