ROUTED(8) | System Manager's Manual | ROUTED(8) |
routed
, rdisc
—
routed |
[-sqdghmAtv ] [-T
tracefile] [-F
net[/mask[,metric]]] [-P
parms] |
routed
is a daemon invoked at boot time to manage the
network routing tables. It uses Routing Information Protocol, RIPv1 (RFC
1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to
maintain the kernel routing table. The RIPv1 protocol is based on the
reference 4.3BSD daemon.
It listens on the
udp(4) socket for the
route(8) service (see
services(5)) for Routing
Information Protocol packets. It also sends and receives multicast Router
Discovery ICMP messages. If the host is a router,
routed
periodically supplies copies of its routing
tables to any directly connected hosts and networks. It also advertises or
solicits default routes using Router Discovery ICMP messages.
When started (or when a network interface is later turned on),
routed
uses an AF_ROUTE address family facility to
find those directly connected interfaces configured into the system and
marked "up". It adds necessary routes for the interfaces to the
kernel routing table. Soon after being first started, and provided there is
at least one interface on which RIP has not been disabled,
routed
deletes all pre-existing non-static routes in
kernel table. Static routes in the kernel table are preserved and included
in RIP responses if they have a valid RIP metric (see
route(8)).
If more than one interface is present (not counting the loopback interface), it is assumed that the host should forward packets among the connected networks. After transmitting a RIP request and Router Discovery Advertisements or Solicitations on a new interface, the daemon enters a loop, listening for RIP request and response and Router Discovery packets from other hosts.
When a request packet is received,
routed
formulates a reply based on the information
maintained in its internal tables. The response packet
generated contains a list of known routes, each marked with a "hop
count" metric (a count of 16 or greater is considered
"infinite"). The advertised metric for a route reflects the
metrics associated with interfaces (see
ifconfig(8)) through which
it is received and sent, so setting the metric on an interface is an
effective way to steer traffic. See also
adj_inmetric
and
adj_outmetric
parameters below.
Responses do not include routes with a first hop on the requesting network to implement in part split-horizon. Requests from query programs such as rtquery(8) are answered with the complete table.
The routing table maintained by the daemon includes space for several gateways for each destination to speed recovery from a failing router. RIP response packets received are used to update the routing tables provided they are from one of the several currently recognized gateways or advertise a better metric than at least one of the existing gateways.
When an update is applied, routed
records
the change in its own tables and updates the kernel routing table if the
best route to the destination changes. The change in the kernel routing
table is reflected in the next batch of response packets
sent. If the next response is not scheduled for a while, a
flash update response containing only recently changed
routes is sent.
In addition to processing incoming packets,
routed
also periodically checks the routing table
entries. If an entry has not been updated for 3 minutes, the entry's metric
is set to infinity and marked for deletion. Deletions are delayed until the
route has been advertised with an infinite metric to ensure the invalidation
is propagated throughout the local internet. This is a form of
poison reverse.
Routes in the kernel table that are added or changed as a result
of ICMP Redirect messages are deleted after a while to minimize
black-holes. When a TCP connection suffers a timeout, the
kernel tells routed
, which deletes all redirected
routes through the gateway involved, advances the age of all RIP routes
through the gateway to allow an alternate to be chosen, and advances of the
age of any relevant Router Discovery Protocol default routes.
Hosts acting as internetwork routers gratuitously supply their routing tables every 30 seconds to all directly connected hosts and networks. These RIP responses are sent to the broadcast address on nets that support broadcasting, to the destination address on point-to-point links, and to the router's own address on other networks. If RIPv2 is enabled, multicast packets are sent on interfaces that support multicasting.
If no response is received on a remote interface, if there are errors while sending responses, or if there are more errors than input or output (see netstat(1)), then the cable or some other part of the interface is assumed to be disconnected or broken, and routes are adjusted appropriately.
The Internet Router Discovery Protocol is handled similarly. When the daemon is supplying RIP routes, it also listens for Router Discovery Solicitations and sends Advertisements. When it is quiet and listening to other RIP routers, it sends Solicitations and listens for Advertisements. If it receives a good Advertisement and it is not multi-homed, it stops listening for broadcast or multicast RIP responses. It tracks several advertising routers to speed recovery when the currently chosen router dies. If all discovered routers disappear, the daemon resumes listening to RIP responses. It continues listening to RIP while using Router Discovery if multi-homed to ensure all interfaces are used.
The Router Discovery standard requires that advertisements have a
default "lifetime" of 30 minutes. That means should something
happen, a client can be without a good route for 30 minutes. It is a good
idea to reduce the default to 45 seconds using -P
rdisc_interval=45
on the command line or
rdisc_interval=45
in the
/etc/gateways file.
While using Router Discovery (which happens by default when the
system has a single network interface and a Router Discover Advertisement is
received), there is a single default route and a variable number of
redirected host routes in the kernel table. On a host with more than one
network interface, this default route will be via only one of the
interfaces. Thus, multi-homed hosts running with -q
might need no_rdisc
described below.
See the pm_rdisc
facility described below
to support "legacy" systems that can handle neither RIPv2 nor
Router Discovery.
By default, neither Router Discovery advertisements nor
solicitations are sent over point to point links (e.g. PPP). The netmask
associated with point-to-point links (such as SLIP or PPP, with the
IFF_POINTOPOINT flag) is used by routed
to infer the
netmask used by the remote system when RIPv1 is used.
The following options are available:
-s
routed
to supply routing information. This
is the default if multiple network interfaces are present on which RIP or
Router Discovery have not been disabled, and if the sysctl
net.inet.ip.forwarding=1.-q
-s
option. This is the
default when only one interface is present. With this explicit option, the
daemon is always in "quiet-mode" for RIP and does not supply
routing information to other computers.-d
-g
-F
0/0,1
and is present mostly for historical
reasons. A better choice is -P
pm_rdisc
on the command line or
pm_rdisc
in the
/etc/gateways file. since a larger metric will be
used, reducing the spread of the potentially dangerous default route. This
is typically used on a gateway to the Internet, or on a gateway that uses
another routing protocol whose routes are not reported to other local
routers. Notice that because a metric of 1 is used, this feature is
dangerous. It is more commonly accidentally used to create chaos with a
routing loop than to solve problems.-h
-m
-m
option
overrides the -q
option to the limited extent of
advertising the host route.-A
-t
-T
or standard
out. The debugging level can be increased or decreased with the
SIGUSR1 or SIGUSR2 signals or with the
rtquery(8) command.-T
tracefilerouted
routinely with tracing directed to a file.-v
-F
net[/mask][,metric]-g
.-P
parmsAny other argument supplied is interpreted as the name of a file
in which the actions of routed
should be logged. It
is better to use -T
instead of appending the name of
the trace file to the command.
routed
also supports the notion of
"distant" passive or active
gateways. When routed
is started, it reads the file
/etc/gateways to find such distant gateways which
may not be located using only information from a routing socket, to discover
if some of the local gateways are passive, and to obtain
other parameters. Gateways specified in this manner should be marked passive
if they are not expected to exchange routing information, while gateways
marked active should be willing to exchange RIP packets. Routes through
passive gateways are installed in the kernel's routing
tables once upon startup and are not included in transmitted RIP
responses.
Distant active gateways are treated like network interfaces. RIP responses are sent to the distant active gateway. If no responses are received, the associated route is deleted from the kernel table and RIP responses advertised via other interfaces. If the distant gateway resumes sending RIP responses, the associated route is restored.
Such gateways can be useful on media that do not support broadcasts or multicasts but otherwise act like classic shared media like Ethernets such as some ATM networks. One can list all RIP routers reachable on the HIPPI or ATM network in /etc/gateways with a series of "host" lines. Note that it is usually desirable to use RIPv2 in such situations to avoid generating lists of inferred host routes.
Gateways marked external are also passive, but
are not placed in the kernel routing table nor are they included in routing
updates. The function of external entries is to indicate that another
routing process will install such a route if necessary, and that other
routes to that destination should not be installed by
routed
. Such entries are only required when both
routers may learn of routes to the same destination.
The /etc/gateways file is comprised of a series of lines, each in one of the following two formats or consist of parameters described later. Blank lines and lines starting with '#' are comments.
net
Nname[/mask] gateway
Gname metric
value <passive
| active
| extern
>host
Hname
gateway
Gname
metric
value
<passive
|
active
|
extern
>Nname or Hname is the
name of the destination network or host. It may be a symbolic network name
or an Internet address specified in "dot" notation (see
inet(3)). (If it is a name, then
it must either be defined in /etc/networks or
/etc/hosts, or
named(8), must have been
started before routed
.)
Mask is an optional number between 1 and 32 indicating the netmask associated with Nname.
Gname is the name or address of the gateway to which RIP responses should be forwarded.
Value is the hop count to the destination host or network. Host hname is equivalent to net nname/32 .
One of the keywords passive
,
active
or external
must be
present to indicate whether the gateway should be treated as
passive
or active
(as
described above), or whether the gateway is external
to the scope of the RIP protocol.
As can be seen when debugging is turned on with
-t
, such lines create pseudo-interfaces. To set
parameters for remote or external interfaces, a line starting with
if=alias(Hname)
,
if=remote(Hname)
, etc. should be used.
if
=ifnamesubnet
=nname[/mask][,metric]Do not use this feature unless necessary. It is dangerous.
ripv1_mask
=nname/mask1,mask2nname/mask1
is a subnet should be
mask2
. For example
ripv1_mask
=192.0.2.16/28,27
marks 192.0.2.16/28 as a subnet of 192.0.2.0/27 instead of 192.0.2.0/24.
It is better to turn on RIPv2 instead of using this facility, for example
with ripv2_out
.passwd
=XXX[|KeyID[start|stop]]KeyID
must be unique but is ignored for cleartext
passwords. If present, start
and
stop
are timestamps in the form
year/month/day@hour:minute. They specify when the password is valid. The
valid password with the most future is used on output packets, unless all
passwords have expired, in which case the password that expired most
recently is used, or unless no passwords are valid yet, in which case no
password is output. Incoming packets can carry any password that is valid,
will be valid within the next 24 hours, or that was valid within the
preceding 24 hours. To protect the secrets, the passwd settings are valid
only in the /etc/gateways file and only when that file
is readable only by UID 0.md5_passwd
=XXX|KeyID[start|stop]KeyID
is required, this keyword is similar to
passwd
.no_ag
no_super_ag
passive
no_rip
routed
acts
purely as a router discovery daemon.
Note that turning off RIP without explicitly turning on router
discovery advertisements with rdisc_adv
or
-s
causes routed
to act
as a client router discovery daemon, not advertising.
no_rip_mcast
no_ripv1_in
no_ripv2_in
ripv2_out
ripv2
no_ripv1_in
and
no_ripv1_out
. This enables RIPv2.no_rdisc
no_solicit
send_solicit
no_rdisc_adv
rdisc_adv
bcast_rdisc
rdisc_pref
=Nrdisc_interval
=Nfake_default
=metric-F
net[/mask][=metric] with the network and mask coming
from the specified interface.pm_rdisc
fake_default
. When RIPv2 routes are
multicast, so that RIPv1 listeners cannot receive them, this feature
causes a RIPv1 default route to be broadcast to RIPv1 listeners. Unless
modified with fake_default
, the default route is
broadcast with a metric of 14. That serves as a "poor man's router
discovery" protocol.adj_inmetric
=deltaadj_outmetric
=deltaadj_inmetric
delta of
the receiving interface, the metric set for the interface by which it is
transmitted with
ifconfig(8), and the
adj_outmetric
delta of the
transmitting interface.trust_gateway
=rname[|net1/mask1|net2/mask2|...]trust_gateway
keywords to
be accepted, and packets from other routers to be ignored. If networks are
specified, then routes to other networks will be ignored from that
router.redirect_ok
Internet Transport Protocols, XSIS 028112, Xerox System Integration Standard.
routed
command appeared in
4.2BSD.
May 17, 2004 | NetBSD 9.4 |