tech-net: Re: down interfaces, link detection, and connected routes

Subject: Re: down interfaces, link detection, and connected routes
To: None <tech-net@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-net
Date: 01/18/2005 19:28:49
--pgp-sign-Multipart_Tue_Jan_18_19:28:38_2005-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "mh" == Martin Husemann <martin@duskware.de> writes:

    mh> Wether this routes should go away on behalf of the kernel or
    mh> the routing daemon should explicitly prune them

we already send unreachables for ARP negative-caching.  it seems
reasonable to do this when link-detection says a site is unreachable,
so i would say yes, they should go away.  

The problem is, if the kernel takes the cloning route away, packets
will follow the default route, won't they?  What does Cisco do when it
loses link-detect to a network, but has a ``gateway of last resort''
on another interface?  Does it call the network unreachable, or use
one of its matching shorter-prefix routes?

I think it is good to keep it so RIB and FIB are separate, and the FIB
should not contain any inactive routes.  For every prefix the FIB
should contain one REJECT route, one BLACKHOLE route, or n equal-cost
forwarding routes.  Inactive routes, like REJECT routes where we have
a higher-priority/lower-metric feasible route, belong in RIB only, and
not in the NetBSD kernel FIB.  userland daemon will store them in RIB
and swap them in and out of FIB as appropriate.

If you agree with this, then:

 If losing link-detect is going to imply a REJECT route, so packets
 destined to the network without link-detect will NOT follow a route
 with a shorter prefix (default route), then the userland daemon
 should manage the whole thing.

 If it is ok for packets to follow default or shorter-prefix route,
 then the kernel should simply remove the cloning route and all routes
 cloned from it whenever link-detect goes away.

I don't know what makes more sense, or if we are trying to copy Cisco
or what.

for me, just so long as whatever gets done, the whole system with
quagga and dhclient and crufty ifwatchd scripts and whatever else
watches link-detect doesn't cause open TCP connections to get
instantly shut down when link detection is lost like on Windows ExPee,
I'm happy.

-- 
We are highly confident that once all the facts are presented in the
upcoming trial, no court will issue a ruling eliminating a consumers'
right to decide for themselves what is displayed on their own computer
screens.	-- Gator Chief Executive and President Jef McFadden

--pgp-sign-Multipart_Tue_Jan_18_19:28:38_2005-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQCVAwUAQe2pwYnCBbTaW/4dAQL/xgP/YAMU9+SksPcEcnkjxIhHNaGFyhm2Qz2u
DHH8OtSXFRU3OvlHH6lZifLrvAJvc4qxz06hiyzRvv8Bf38fAKUh8eqxWXXhg+xY
vKtB/ncZxpRFnwxIiWrrTUgGjHX29th+B8KFpZjXvQuKhwCFVrE1GKQ5PnkVAdk+
FS9SC03RNBk=
=3Yxw
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Tue_Jan_18_19:28:38_2005-1--