Assuming you have a static default route that is redistributed because redistribute-static parameter is set to yes, do the following:
/routing filter add chain=myfilter prefix=0.0.0.0/0 action=discard
Then set myfilter as the out-filter for BGP instance
/routing bgp instance set default out-filter=myfilter
check-gateway sends pings every 10 seconds. if two successive pings fail, the gateway is considered dead.
In order to include a permanent netmask on your Solaris machine, you must make an entry in the /etc/netmasks file, in the following format: network-address netmask For example: %%%% cat /etc/netmasks 126.96.36.199 255.255.255.0 The above would subnet the class B network, 188.8.131.52, into 254 subnets, from 184.108.40.206 to 220.127.116.11. In 2.5.1 and below, only one entry for the entire class network is allowed to support standard subnetting as specified in RFC-950 It is important to note that the entry in the left hand column must be the original base network number (ie #.0.0.0 for a Class A, #.#.0.0 for a Class B and #.#.#.0 for a Class C), not the subnet. The 2.6 kernel has changed to support VLSM. It is now possible to combine the RFC-950 and RFC-1519 form of subnet masks in the netmasks file. The network address should be the "SUBNETTED" address NOT the standard network number based on the hosts ip address. (see man page for netmasks) Here are a few examples: A host address 18.104.22.168 with a netmask of 255.255.255.224 /etc/netmasks 22.214.171.124 255.255.255.224 A host address 172.31.16.193 with a netmask of 255.255.255.192 /etc/netmasks 172.31.16.192 255.255.255.192
In order to include a permanent netmask on your SunOS machine, you must make an entry in the /etc/netmasks file, in the following format: network-address-without-zeroes netmask For example: %%%% cat /etc/netmasks 150.101 255.255.255.0 The above would subnet the class B network, 126.96.36.199, into 254 subnets, from 188.8.131.52 to 184.108.40.206. It is important to note that the entry in the left hand column must be the original base network number (ie # for a Class A, #.# for a Class B and #.#.# for a Class C), not the subnet.
If you do not want your multiple-interface machine, running Solaris 2.4 or lower, to route packets, you just need to make a small change to the file /etc/init.d/inetinit. Find the following two lines: numifs=`ifconfig -au grep inet wc -l` numptptifs=`ifconfig -au grep inet egrep -e '-->' wc -l` And immediately after them, insert the following: numifs=2 numptptifs=0 After the machine next reboots, it will not act as a router. If you are using Solaris 2.5 or greater, it's even easier to make your machine not route packets. Simply create an /etc/notrouter file: %% touch /etc/notrouter Afterwards, reboot the machine. It may be useful to note, that on Solaris machines, ip_forwarding can have three values: 0 Never Forward 1 Always Forward 2 Only forward when two or more interfaces are up The above steps result in the ndd /dev/ip ip_forwarding variable being changed from "1" to "0", which prevents routing.
If you do not want your multiple-interface SunOS machine to route packets, you will need to rebuild the kernel. In the file /sys/netinet/in_proto.c, change the following line: #define IPFORWARDING 0 to read: #define IPFORWARDING -1 Afterwards, config the kernel, remake it, and then install it. It may be useful to note, that on SunOS machines, IPFORWARDING can have three values: -1 Never forward IP packets 0 Don't forward, but change IPFORWARDING to 1 if there are two or more interfaces 1 Always forward IP packets
If your machine has at least two interfaces in addition to lo0, or if your machine has at least one point-to-point interface, it will automatically be set up as a router. Solaris 2.x: The IP layer will normally act as a router (forwarding datagrams that are not addressed to it, among other things) when the machine has two or more interfaces that are up. This behavior can be overridden by using ndd(1M) to set the /dev/ip variable, ip_forwarding. The value 0 means do not forward; the value 1 means forward.
On a SunOS machine, in.routed will automatically be started if there is no /etc/defaultrouter file and in.rdisc failed to find any Router Discovery compliant routers on the local network. in.routed will automatically start on routers if there is no /etc/defaultrouter file, even if in.rdisc is running. in.routed supports RIPv1 only. You should not need to do anything, other than possibly deleting an /etc/defaultrouter file, in order to get in.routed to run. You can force in.routed to bring up standard network routes by putting entries for them into the file /etc/gateways. The standard format for that file is: net <remote-network-ip> gateway <gateway-ip> metric <hop-count> passive or: net <remote-network-ip> gateway <gateway-ip> metric <hop-count> active remote-network-ip, gateway-ip and hop-count.
The in.rdisc daemon is only available on Solaris machine it depends on multicasting, which is not present on older SunOS machines. If you do not have an /etc/defaultrouter file on a Solaris machine, any routing host will automatically bring up in.rdisc at boot time. As long as there is at least one router on the same network which advertises Router Discovery messages, in.rdisc will continue running. If nothing responds to the initial Router Discovery queries, in.rdisc on a routing host will automatically quit, and the rc files will fall through to in.routed. Solaris routers will also automatically bring up in.rdisc at boot time, if there is no /etc/defaultrouter file. They will not ever exit, but rather will advertise via Router Discovery messages. If you want in.rdisc to run, you should never have to do anything, other than delete the /etc/defaultrouter file, if it exists, and make sure that at least one Router Discovery compliant router exists on the same subnet as your machine. If you want to disable in.rdisc, you should simply rename it: %%%% mv /usr/sbin/in.rdisc /usr/sbin/rdisc.save In general, in.rdisc should only be run on routing hosts if your local network is relatively complex.
At any time, you can add static routes to your machine via the route command. The standard syntax for adding a network route is: route add net "remote-network-ip gateway-ip" 'hop-metric-count' On Solaris 2.6: route add -net "remote-network-ip gateway-ip" -netmask route add -host "host-ip local-intrf-ip" -interface remote-network-ip is the network you are adding a route to, gateway-ip is the ip address of the gateway that leads to that remote-network. hop-count is an integer which identifies the number of gateways that you must go through to get to the remote-network. A network that is directly connected to your machine would have a hop count of 0 (ie, the 220.127.116.11 net in the example below). A remote-network that is directly connected to a gateway-machine that is, in turn, on the same network as your machine would have a hop count of 1 (ie, the 18.104.22.168 net in the example below). Static routes are rarely added for remote-networks with a hop count greater than 1.
If you want to define a default router, so that you can send all of your non-local packets through one standard machine, simply create the file /etc/defaultrouter. It should have as its sole contents, the hostname or ipnumber of your router: %%%% cat /etc/defaultrouter router-1 or: 22.214.171.124 Note that any machine listed as a defaultrouter _must_ be on the same subnet as your machine and the name listed in /etc/hosts. On Solaris 2.4, and later, you can actually list multiple routers in the /etc/defaultrouter file, one default router per line: %%%% cat /etc/defaultrouter router-1 router-2 router-3 You also need to make sure that every name which appears in /etc/defaultrouter has an entry in your /etc/hosts file: %%%% cat /etc/hosts ... 126.96.36.199 router-1 188.8.131.52 router-2 184.108.40.206 router-3 After you have created /etc/defaultrouter, and made sure that any names listed in that file are also listed in /etc/hosts, you can reboot your machine. When it comes back up, it will automatically be routing through the defaultrouter that you have defined. If you have a simple network, or if you are just trying to get routing to work after your Sun machine is first installed, you probably want to set up a defaultrouter, as is described here. Some further advice on what type of routing to use. How does multiple default routes work?
If you can't solve your routing problems by looking at the routing tables and interfaces, a useful program for helping solve the problem is traceroute. Solaris 2.7 software bundles the popular traceroute utility. Unfortunately, this program is not shipped with SunOS or Solaris prior to 2.7, and as a result is not supported by SunService. However, you can easily find a copy on the internet. The ftp site ftp.dfn.de contains traceroute under the /pub/tools directory. If you consult 'archie' or other searching programs, it is likely that you will be able to find a more local copy. Traceroute works by sending out a set of 3 UDP packets. These packets are initially given a Time-To-Live of 1 hop, which is then increased to 2 hops, then to 3, etc.... until the packets reach the remote machine. This has the effect of stepping through the routers leading towards a destination machine, one at a time. However, it also causes you to only see a unidirectional route, from your client to the destination machines. It's quite possible for routes to be different going from and to a machine, and traceroute will not standardly show this. For example, if packets followed the following path: --> C --> A B <-- D <-- A traceroute from A to B would show: A, C, B, while a traceroute from B to A would show: B, D, A.
If your problem is not obvious from examining 'ifconfig -a' and 'netstat -rn', the ping command can be very useful in diagnosing it further. Try running 'ping -s machine-with-no-route'. There are two possibilities. If you get some type of 'network unreachable' or 'host unreachable' error, this typically means that there is no route on your machine to the machine you are trying to ping. You will probably need to define a static route for that machine's network, or possibly a default route. Following are a few examples. Under SunOS, you'll just get the basic '... unreachable' errors: %%%% ping -s lab-manta PING lab-manta: 56 data bytes sendto: Network is unreachable ping: wrote 220.127.116.11 64 chars, ret=-1 At this point, you should return to looking at your 'netstat -r' table.
You can examine your current routing tables by running the command netstat, as follows: %%%% netstat -rn
It is always best to start investigating routing problems by making sure that your interfaces are set up correctly. By running ifconfig, you can see your current interface setup: # ifconfig -a lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000 le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 18.104.22.168 netmask ffffff00 broadcast 22.214.171.124 ether 8:0:20:10:78:d When an interface is brought up, it automatically creates a route. This route will be to the local network for multipoint interfaces (ether, FDDI, TR, etc), or to a host for point-to-point interfaces (PPP). If your main interface (le0 in the above example) is not UP and RUNNING, clearly no routing will be occurring through it. If the interface is UP, you will also want to examine the inet and netmask entries of your main interface, and make sure they are set correctly. If the inet is set wrong, check your /etc/hostname.interfacename file (ie, hostname.le0) and your /etc/hosts file. If the netmask is set wrong, check your /etc/netmasks file
All IP ADDRESSES are divided into two portions: the NETWORK ADDRESS, and the HOST ADDRESS. The network portion of the IP address defines the level at which routing is done this means that all machines with the same network address are on the same network. For example, if we had the IP address a.b.c.d, we might learn that the network portion of that address was a.b, and the host portion of that address was c.d. In that case, all machines with the IP address a.b.*.* would be on the same network. We would typically see a route to the network a.b.0.0. By default, Internet IP addresses are divided into 3 Classes. Each of these ranges has a different portion of the IP address reserved as the network and host addresses. Class IP Range Network Host
Class A 1.*.*.* to 127.*.*.* a b.c.d
Class B 128.*.*.* to 191.*.*.* a.b c.d
Class C 192.*.*.* to 223.*.*.* a.b.c d
Multicast: Class D 126.96.36.199 to 188.8.131.52.
Reserved: Class E 240.0.0.0 to 247.255.255.255
Solaris and SunOS each have a specific order which they use to start up routing: If an /etc/defaultrouter file exists, only static routing will be used, and a static default route will be created to the machine listed in the defaultrouter file. If there is no /etc/defaultrouter file, and the machine is a router, both in.routed and in.rdisc will be started, and they will advertise routing information. SunOS machines will only start up in.routed, as in.rdisc is not available under SunOS. If there is no /etc/defaultrouter file, and the machine is a host, in.rdisc is initially started. If any machines on the same network advertise via Routing Discovery, in.rdisc will be used as the dynamic routing program if there are no machines advertising via Routing Discovery, in.rdisc will quickly quit. SunOS skips this step. Finally, if there is no /etc/defaultrouter file, and either the machine is running SunOS, or in.rdisc has failed, then in.routed is started. It will listen for other in.routed programs advertising via RIP packets. This is the default manner in which most out-of-the-box Suns will operate.
ARP, the ADDRESS RESOLUTION PROTOCOL. ARP is the protocol which converts the IP address to an address appropriate to the hardware type (ie, Ethernet addresses on an ether network). After normal routing protocols have done their work, ARP springs in to action. It's what actually gets packets from one machine to another. Usually, you should not have to worry about ARP at all. Except in special setups, it should work totally transparently.
The ROUTING TABLE is a table maintained in the kernel that determines how packets are routed to other systems. A number of programs may add or delete routes from the routing tables, including route, ifconfig, in.routed and in.rdisc. The routing table consists of three types of routes: HOST ROUTES are checked first and define a route to just one host. NETWORK ROUTES are checked second and define a route to all the hosts on one network. DEFAULT ROUTES are used as a catch-all, when no host or network routes are found to a destination. They usually send to a more knowledgeable routing machine, which has a better chance of being able to find a host or network route to the destination.