Subject: Re: cloned route handling
To: Jun-ichiro itojun Hagino <itojun@iijlab.net>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-net
Date: 01/26/2001 13:52:19
> 	Here are proposed changes: (1), (2) should be perfectly adequate
> 	change.  (3) needs some debate, I'm not sure at this moment.
> 	Related to (4), we may want to put DoS prevention code for redirect
> 	floods.

ok.

On 3), I would go further, and say that you should be able to
override/replace any cloned route (even a complete ARP or ND entry)
with an uncloned route.  (this appears to be the FreeBSD and BSD/OS
behavior).

Cloned routes are cache entries; if you delete them, they may come
back.  There's an inherent race condition if you want to add a
more-specific static route -- the cloned route could come back between
when you delete the clone and add the real one.

This also gets in the way of PPP configurations where a ppp server is
allocated address space for its remote clients from a directly
connected ethernet subnet and proxy arps for the remote addresses..

on (4), the inactivity timer(s) should be tunable if they aren't
already.

    (2) Even when clone parent gets removed (by "ifconfig -alias" clone
    children stays there (it is hard to do since we do not mark
    clone children)

This also gets in the way of renumbering (rt_ifa of the arp entry
points to the old address).

As I believe cloned routes are always more-specifics of a subnet
route, with the radix tree structure it should be possible to avoid
scanning the entire route table looking for the clones... you just
need to find the clone parent and then start a tree walk of the
subtree rooted at the parent.

					- Bill