[j-nsp] /32 host routes on down interfaces

Pavel Lunin plunin at senetsy.ru
Thu Apr 22 15:54:22 EDT 2010


Hi Richard,

My guess is that it is done to catch traffic destined to control plane.

I can not imagine a convincing enough example right now but I can tell I
bumped a few times into a situation when in case of an iface done, some sort
of a session to the router (no matter why it is no destined to loopback)
gets forwarded through default route, what is not good at all.

E. g. you have a multihop eBGP session, the interface goes but the session
reaches the router somehow through another link. What to do, send it further
to somewhere along with aggregate routing and hope that no one will catch it
there, or drop it right here?

--
Regards,
Pavel

2010/4/22 Richard A Steenbergen <ras at e-gerbil.net>

> So I just noticed an interesting behavior which I think is a bad thing,
> but I want to see what other people think.
>
> If you take an interface and put an IP route on it, like say:
>
> interfaces {
>    xe-0/0/0 {
>        unit 0 {
>            family inet {
>                address 1.1.1.1/30;
>            }
>        }
>    }
> }
>
> And the above interface is DOWN, the 1.1.1.0/30 route is not installed
> to the routing table like one would expect, but the 1.1.1.1/32 HOST
> ROUTE is:
>
> inet.0: 326321 destinations, 3502101 routes (319320 active, 11 holddown,
> 316892 hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 1.1.1.1/32         *[Local/0] 00:00:05
>                      Reject
>
> And if you try to route traffic through the box for 1.1.1.1, it is
> rejected. The same is true even if you admin down the interface with
> "interface xe-0/0/0 disable", it always installs the /32 local route.
>
> This seems like a bad thing to me. If the interface is down (either link
> or admin) I don't see why you'd need the local route installed in the
> routing table?
>
> I'm assuming the reason nobody has complained before is it doesn't break
> that much stuff, since the only time most people talk to an interface
> host route is via the directly conected interface. The only reason I
> noticed it at all was we were doing router migrations and pre-staging
> the config on new router ports, so the IP existed on multiple routers
> but only 1 link would be active at any given moment. And yes I know you
> can always work around this by deactivating the interface so the IP
> config doesn't go into the parser at all, I'm just wondering why it
> would be designed this way in the first place. :)
>
> --
> Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list