Previous
Routing Tables and Routing Types
Both routers and hosts maintain a routing table. The routing daemon on each system updates the table with all known routes. The system's kernel reads the routing table before forwarding packets to the local network. The routing table lists the IP addresses of networks that the system knows about, including the system's local, default network. The table also lists the IP address of a gateway system for each known network. The gateway is a system that can receive outgoing packets and forward them one hop beyond the local network. The following is a simple routing table for a system on an IPv4-only network:
Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- default 172.20.1.10 UG 1 532 ce0 224.0.0.0 10.0.5.100 U 1 0 bge0 10.0.0.0 10.0.5.100 U 1 0 bge0 127.0.0.1 127.0.0.1 UH 1 57 lo0 |
You can configure two types of routing on a Solaris system: static and dynamic. You can configure either or both routing types on a single system. A system that implements dynamic routing relies on routing protocols, such as RIP for IPv4 networks, and RIPng for IPv6 networks, to maintain its routing tables. A system that runs only static routing does not rely on a routing protocol for routing information and for updating the routing table. Instead, you must maintain the system's known routes manually through the route command. For complete details, refer to the route(1M) man page.
When you configure routing for the local network or autonomous system, consider which type of routing to support on particular routers and hosts.
The AS that is shown is Figure 5-2 combines both static and dynamic routing.
Configuring Routes
To implement dynamic routing for an IPv4 network, use the routeadm or svcadm command to start the in.routed routing daemon. For instructions, see How to Configure an IPv4 Router. Dynamic routing is the preferred strategy for most networks and autonomous systems. However, your network topology or a particular system on your network might require static routing. In that case, you must manually edit the system routing table to reflect the known route to the gateway. The next procedure shows how to add a static route.
Note - Two routes to the same destination does not automatically cause the system to do load balancing or failover. If you need these capabilities, use IPMP, as explained in Chapter 30, Introducing IPMP (Overview).
How to Add a Static Route to the Routing Table
View the current state of the routing table.
Use your regular user account to run the following form of the netstat command:
% netstat -rn
Your output would resemble the following:
Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.5.125 192.168.5.10 U 1 5879 ipge0 224.0.0.0 198.168.5.10 U 1 0 ipge0 default 192.168.5.10 UG 1 91908 127.0.0.1 127.0.0.1 UH 1 811302 lo0
Assume the Primary Administrator role or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.
(Optional) Flush the existing entries in the routing table.
# route flush
Add a route that persists across system reboots.
# route -p add -net network-address -gateway gateway-address
-p
Creates a route that must persist across system reboots. If you want the route to prevail only for the current session, do not use the -p option.
add
Indicates that you are about to add the following route.
-netnetwork-address
Specifies that the route goes to the network with the address in network-address.
-gatewaygateway-address
Indicates that the gateway system for the specified route has the IP address gateway-address.
Example 5-5 Adding a Static Route to the Routing Table
The following example shows how to add a static route to a system. The system is Router 2, the default router for the 172.20.1.0 network that is shown in Figure 5-2. In Example 5-4, Router 2 is configured for dynamic routing. To better serve as the default router for the hosts on network 172.20.1.0, Router 2 additionally needs a static route to the AS's border router, 10.0.5.150.
To view the routing table on Router 2, you would do the following:
# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- default 172.20.1.10 UG 1 249 ce0 224.0.0.0 172.20.1.10 U 1 0 ce0 10.0.5.0 10.0.5.20 U 1 78 bge0 127.0.0.1 127.0.0.1 UH 1 57 lo0 |
The routing table indicates two routes that Router 2 knows about. The default route uses Router 2's 172.20.1.10 interface as its gateway. The second route, 10.0.5.0, was discovered by the in.routed daemon running on Router 2. The gateway for this route is Router 1, with the IP address 10.0.5.20.
To add a second route to network 10.0.5.0, which has its gateway as the border router, you would do the following:
# route -p add -net 10.0.5.0/24 -gateway 10.0.5.150/24 add net 10.0.5.0: gateway 10.0.5.150 |
Now the routing table has a route for the border router, which has the IP address 10.0.5.150/24.
# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- default 172.20.1.10 UG 1 249 ce0 224.0.0.0 172.20.1.10 U 1 0 ce0 10.0.5.0 10.0.5.20 U 1 78 bge0 10.0.5.0 10.0.5.150 U 1 375 bge0 127.0.0.1 127.0.0.1 UH 1 57 lo0 |
Configuring Multihomed Hosts
In the Solaris OS, a system with more than one interface is considered a multihomed host. A multihomed host does not forward IP packets. However, you can configure a multihomed host to run routing protocols. You typically configure the following types of systems as multihomed hosts:
NFS servers, particularly those servers that function as large data centers, can be attached to more than one network in order to share files among a large pool of users. These servers do not need to maintain routing tables.
Database servers can have multiple network interfaces to provide resources to a large pool of users, just like NFS servers.
Firewall gateways are systems that provide the connection between a company's network and public networks such as the Internet. Administrators set up firewalls as a security measure. When configured as a firewall, the host does not pass packets between the networks that are attached to the host's interfaces. However, the host can still provide standard TCP/IP services, such as ssh to authorized users.
Note - When multihomed hosts have different types of firewalls on any of their interfaces, take care to avoid unintentional disruption of the host's packets. This problem arises particularly with stateful firewalls. One solution might be to configure stateless firewalling. For more information about firewalls, refer to "Firewall Systems" in System Administration Guide: Security Services or the documentation for your third-party firewall.
How to Create a Multihomed Host
On the prospective multihomed host, assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.
Configure and plumb each additional network interface that was not configured as part of the Solaris OS installation.
Refer to How to Configure a Physical Interface After System Installation.
Verify that IP forwarding is not enabled on the multihomed host.
# routeadm
The routeadm command without options reports the state of the routing daemons. The following output from routeadm shows that IPv4 forwarding is enabled:
Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding enabled disabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default"Turn off packet forwarding, if it is enabled on the system.
Use either of the following commands:
For the routeadm command, type the following:
# routeadm -d ipv4-forwarding -u
To use SMF, type the following:
# svcadm disable ipv4-forwarding
(Optional) Turn on dynamic routing for the multihomed host.
Use either of the following commands to enable the in.routed daemon:
For the routeadm command, type the following:
# routeadm -e ipv4-routing -u
To use SMF, type the following:
#svcadm enable route:default
Example 5-6 Configuring a Multihomed Host
The following example shows how to configure the multihomed host that is shown in Figure 5-2. In the example, the system has the host name hostc. This host has two interfaces, which are both connected to network 192.168.5.0 .
To begin, you would display the status of the system's interfaces.
# dladm show-link
hme0 type: legacy mtu: 1500 device: hme0
qfe0 type: legacy mtu: 1500 device: qfe0
qfe1 type: legacy mtu: 1500 device: qfe1
qfe2 type: legacy mtu: 1500 device: qfe2
qfe3 type: legacy mtu: 1500 device: qfe3
# ifconfig -a
# ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.82 netmask ff000000 broadcast 192.255.255.255
ether 8:0:20:c1:1b:c6
|
The dladm show-link command reports that hostc has two interfaces with a total of five possible links. However, only hme0 has been plumbed. To configure hostc as a multihomed host, you must add qfe0 or another link on the qfe NIC . First, you would physically connect the qfe0 interface to the 192.168.5.0 network. Then you would plumb the qfe0 interface, and make the interface persist across reboots.
# ifconfig qf0 plumb up
# ifconfig qfe0 192.168.5.85
# ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.82 netmask ff0000 broadcast 192.255.255.255
ether 8:0:20:c1:1b:c6
qfe0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.85 netmask ff000000 broadcast 192.255.255.255
ether 8:0:20:e1:3b:c4
# vi /etc/hostname.qfe0
192.168.5.85
255.0.0.0
|
Reboot the system, using the reconfiguration command:
# reboot -- -r |
Next, you would add the qfe0 interface to the hosts database:
# vi /etc/inet/hosts 127.0.0.1 localhost 192.168.5.82 host3 #primary network interface for host3 192.168.5.85 host3-2 #second interface |
Then, you would check the state of packet forwarding and routing on host3:
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
|
The routeadm command reports that dynamic routing through the in.routed daemon and packet forwarding are currently enabled. However, you would need to disable packet forwarding:
# svcadm disable ipv4-forwarding |
You can also use the routeadm commands as shown in How to Create a Multihomed Host to turn off packet forwarding. When packet forwarding is disabled, host3 becomes a multihomed host.