Assuming you have a static default route that is redistributed because redistribute-static parameter is set to yes, do the following:
/routing filter add chain=myfilter prefix=0.0.0.0/0 action=discard
Then set myfilter as the out-filter for BGP instance
/routing bgp instance set default out-filter=myfilter
check-gateway sends pings every 10 seconds. if two successive pings fail, the gateway is considered dead.
In order to include a permanent netmask on your Solaris machine, you must make an entry in the /etc/netmasks file, in the following format: network-address netmask For example: %%%% cat /etc/netmasks 18.104.22.168 255.255.255.0 The above would subnet the class B network, 22.214.171.124, into 254 subnets, from 126.96.36.199 to 188.8.131.52. In 2.5.1 and below, only one entry for the entire class network is allowed to support standard subnetting as specified in RFC-950 It is important to note that the entry in the left hand column must be the original base network number (ie #.0.0.0 for a Class A, #.#.0.0 for a Class B and #.#.#.0 for a Class C), not the subnet. The 2.6 kernel has changed to support VLSM. It is now possible to combine the RFC-950 and RFC-1519 form of subnet masks in the netmasks file. The network address should be the "SUBNETTED" address NOT the standard network number based on the hosts ip address. (see man page for netmasks) Here are a few examples: A host address 184.108.40.206 with a netmask of 255.255.255.224 /etc/netmasks 220.127.116.11 255.255.255.224 A host address 172.31.16.193 with a netmask of 255.255.255.192 /etc/netmasks 172.31.16.192 255.255.255.192
In order to include a permanent netmask on your SunOS machine, you must make an entry in the /etc/netmasks file, in the following format: network-address-without-zeroes netmask For example: %%%% cat /etc/netmasks 150.101 255.255.255.0 The above would subnet the class B network, 18.104.22.168, into 254 subnets, from 22.214.171.124 to 126.96.36.199. It is important to note that the entry in the left hand column must be the original base network number (ie # for a Class A, #.# for a Class B and #.#.# for a Class C), not the subnet.
If you do not want your multiple-interface machine, running Solaris 2.4 or lower, to route packets, you just need to make a small change to the file /etc/init.d/inetinit. Find the following two lines: numifs=`ifconfig -au grep inet wc -l` numptptifs=`ifconfig -au grep inet egrep -e '-->' wc -l` And immediately after them, insert the following: numifs=2 numptptifs=0 After the machine next reboots, it will not act as a router. If you are using Solaris 2.5 or greater, it's even easier to make your machine not route packets. Simply create an /etc/notrouter file: %% touch /etc/notrouter Afterwards, reboot the machine. It may be useful to note, that on Solaris machines, ip_forwarding can have three values: 0 Never Forward 1 Always Forward 2 Only forward when two or more interfaces are up The above steps result in the ndd /dev/ip ip_forwarding variable being changed from "1" to "0", which prevents routing.
If you do not want your multiple-interface SunOS machine to route packets, you will need to rebuild the kernel. In the file /sys/netinet/in_proto.c, change the following line: #define IPFORWARDING 0 to read: #define IPFORWARDING -1 Afterwards, config the kernel, remake it, and then install it. It may be useful to note, that on SunOS machines, IPFORWARDING can have three values: -1 Never forward IP packets 0 Don't forward, but change IPFORWARDING to 1 if there are two or more interfaces 1 Always forward IP packets
If your machine has at least two interfaces in addition to lo0, or if your machine has at least one point-to-point interface, it will automatically be set up as a router. Solaris 2.x: The IP layer will normally act as a router (forwarding datagrams that are not addressed to it, among other things) when the machine has two or more interfaces that are up. This behavior can be overridden by using ndd(1M) to set the /dev/ip variable, ip_forwarding. The value 0 means do not forward; the value 1 means forward.
On a SunOS machine, in.routed will automatically be started if there is no /etc/defaultrouter file and in.rdisc failed to find any Router Discovery compliant routers on the local network. in.routed will automatically start on routers if there is no /etc/defaultrouter file, even if in.rdisc is running. in.routed supports RIPv1 only. You should not need to do anything, other than possibly deleting an /etc/defaultrouter file, in order to get in.routed to run. You can force in.routed to bring up standard network routes by putting entries for them into the file /etc/gateways. The standard format for that file is: net <remote-network-ip> gateway <gateway-ip> metric <hop-count> passive or: net <remote-network-ip> gateway <gateway-ip> metric <hop-count> active remote-network-ip, gateway-ip and hop-count.
The in.rdisc daemon is only available on Solaris machine it depends on multicasting, which is not present on older SunOS machines. If you do not have an /etc/defaultrouter file on a Solaris machine, any routing host will automatically bring up in.rdisc at boot time. As long as there is at least one router on the same network which advertises Router Discovery messages, in.rdisc will continue running. If nothing responds to the initial Router Discovery queries, in.rdisc on a routing host will automatically quit, and the rc files will fall through to in.routed. Solaris routers will also automatically bring up in.rdisc at boot time, if there is no /etc/defaultrouter file. They will not ever exit, but rather will advertise via Router Discovery messages. If you want in.rdisc to run, you should never have to do anything, other than delete the /etc/defaultrouter file, if it exists, and make sure that at least one Router Discovery compliant router exists on the same subnet as your machine. If you want to disable in.rdisc, you should simply rename it: %%%% mv /usr/sbin/in.rdisc /usr/sbin/rdisc.save In general, in.rdisc should only be run on routing hosts if your local network is relatively complex.
At any time, you can add static routes to your machine via the route command. The standard syntax for adding a network route is: route add net "remote-network-ip gateway-ip" 'hop-metric-count' On Solaris 2.6: route add -net "remote-network-ip gateway-ip" -netmask route add -host "host-ip local-intrf-ip" -interface remote-network-ip is the network you are adding a route to, gateway-ip is the ip address of the gateway that leads to that remote-network. hop-count is an integer which identifies the number of gateways that you must go through to get to the remote-network. A network that is directly connected to your machine would have a hop count of 0 (ie, the 188.8.131.52 net in the example below). A remote-network that is directly connected to a gateway-machine that is, in turn, on the same network as your machine would have a hop count of 1 (ie, the 184.108.40.206 net in the example below). Static routes are rarely added for remote-networks with a hop count greater than 1.