[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4.3 System Management Guide: Communications and Networks

TCP/IP Routing

The topics discussed in this section are:

A route defines a path for sending packets through the Internet network to an address on another network. A route does not define the complete path, only the path segment from one host to a gateway that can forward packets to a destination (or from one gateway to another). There are three types of routes:

host route Defines a gateway that can forward packets to a specific host or gateway on another network.
network route Defines a gateway that can forward packets to any of the hosts on a specific network.
default route Defines a gateway to use when a host or network route to a destination is not otherwise defined.

Routes are defined in the kernel routing table, which can hold up to 32 route definitions. These route definitions include information on networks reachable from the local host, gateways that can be used to reach remote networks, and the hop count (or distance metric) to those networks. When a gateway receives a datagram, it checks the routing tables to find out where next to send the datagram along the path to its destination.

Static and Dynamic Routing

In TCP/IP, routing can be one of two types: static or dynamic. With static routing, you maintain the routing table manually using the route command. Static routing is practical for a single network communicating with one or two other networks. However, as your network begins to communicate with more networks, the number of gateways increases, and so does the amount of time and effort required to maintain the routing table manually.

With dynamic routing, daemons update the routing table automatically. Routing daemons continuously receive information broadcast by other routing daemons, and so continuously update the routing table.

TCP/IP provides two daemons for use in dynamic routing, the routed and gated daemons. The gated daemon supports Routing Information Protocol (RIP), Routing Information Protocol Next Generation (RIPng), Exterior Gateway Protocol (EGP), Border Gateway Protocol (BGP) and BGP4+, Defense Communications Network Local-Network Protocol (HELLO), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), and Internet Control Message Protocol (ICMP and ICMPv6)/Router Discovery routing protocols simultaneously. In addition, the gated daemon supports the Simple Network Management Protocol (SNMP). The routed daemon only supports Routing Information Protocol.

Routing daemons can operate in one of two modes, passive or active, depending upon the options you use when starting the daemons. In active mode, routing daemons both broadcast routing information periodically about their local network to gateways and hosts, and receive routing information from hosts and gateways. In passive mode, routing daemons receive routing information from hosts and gateways, but do not attempt to keep remote gateways updated (they do not advertise their own routing information).

These two types of routing can be used not only for gateways, but for other hosts on a network as well. Static routing works the same for gateways as for other hosts. Dynamic routing daemons, however, must be run in the passive (quiet) mode when run on a host that is not a gateway.

Gateways

Gateways are a type of router. Routers connect two or more networks and provide the routing function. Some routers, for example, route at the network interface level or at the physical level.

Gateways, however, route at the network level. Gateways receive IP datagrams from other gateways for delivery to hosts on the local network, and route IP datagrams from one network to another. For example, a gateway connecting two Token-Ring networks has two Token-Ring adapter cards, each with its own Token-Ring network interface. To pass on information, the gateway receives datagrams through one network interface and sends them out through the other network interface. Gateways periodically verify their network connections through interface status messages.

Gateways route packets according to the destination network, not according to the destination host. That is, a gateway machine is not required to keep track of every possible host destination for a packet. Instead, a gateway routes packets according to the network of the destination host. The destination network then takes care of sending the packet to the destination host. Thus, a typical gateway machine requires only limited disk storage capacity (if any) and limited main memory capacity.

The distance a message must travel from originating host to destination host depends upon the number of gateway hops it must make. A gateway is zero hops from a network to which it is directly attached, one hop from a network that is reachable through one gateway, and so on. Message distance is usually expressed in the number of gateway hops required, or hop counts (also called the metric).

Interior and Exterior Gateways

Interior gateways are gateways that belong to the same autonomous system. They communicate with each other using the Routing Information Protocol (RIP), Routing Information Protocol Next Generation (RIPng), Intermediate System to Intermediate System protocol, Open Shortest Path First protocol (OSPF), or the HELLO Protocol (HELLO). Exterior gateways belong to different autonomous systems. They use the Exterior Gateway Protocol (EGP), the Border Gateway Protocol (BGP), or BGP4+.

For example, consider two autonomous systems. The first is all the networks administered by the Widget Company. The second is all the networks administered by the Gadget Company. The Widget Company has one machine, called apple, which is Widget's gateway to the Internet. The Gadget Company has one machine, called orange, which is Gadget's gateway to the Internet. Both companies have several different networks internal to the companies. The gateways connecting the internal networks are interior gateways. But apple and orange are exterior gateways.

Each exterior gateway does not communicate with every other exterior gateway. Instead, the exterior gateway acquires a set of neighbors (other exterior gateways) with which it communicates. These neighbors are not defined by geographic proximity, but rather by their established communications with each other. The neighboring gateways, in turn, have other exterior gateway neighbors. In this way, the exterior gateways' routing tables are updated and routing information is propagated among the exterior gateways.

The routing information is sent in a pair, (N,D), where N is a network and D is a distance reflecting the cost of reaching the specified network. Each gateway advertises the networks it can reach and the costs of reaching them. The receiving gateway calculates the shortest paths to other networks and passes this information along to its neighbors. Thus, each exterior gateway is continually receiving routing information, updating its routing table and then passing that information to its exterior neighbors.

Gateway Protocols

All gateways, whether interior or exterior, use protocols to communicate with each other. Here are brief descriptions of the more commonly used TCP/IP gateway protocols:

HELLO Protocol (HELLO)
HELLO is one protocol that the interior gateways use to communicate among themselves. HELLO calculates the shortest path to other networks by determining the path that has the least delay time.
Routing Information Protocol (RIP)
Routing Information Protocol is a protocol that the interior gateways use to communicate among themselves. Like the HELLO Protocol, RIP calculates the shortest path to other networks. Unlike HELLO, RIP estimates distance not by delay time, but by hop counts. Because the gated daemon stores all metrics internally as time delays, it converts RIP hop counts into time delays.
Routing Information Protocol Next Generation
RIPng is the RIP protocol that is enhanced to support IPv6.
Open Shortest Path First (OSPF)
OPSF is a protocol that the interior gateways use to communicate among themselves. It is a link-state protocol that is bettter suited than RIP for complex networks with many routers. It provides equal cost multipath routing.
Exterior Gateway Protocol (EGP)
The exterior gateways can use the Exterior Gateway Protocol to communicate among themselves. The EGP does not calculate the shortest path to other networks. Instead, it merely indicates whether a particular network is reachable or not.
Border Gateway Protocol (BGP)
The exterior gateways can use this protocol to communicate among themselves. It exchanges reachability information between automomous systems, but provides more capabilities than EGP. BGP uses path attributes to provide more information about each route as an aid in selecting the best route.
Border Gateway Protocol 4+
BGP4+ is the BGP protocol version 4, which supports IPv6 and has other enhancements over past versions of the protocol.
Intermediate System to Intermediate System (IS-IS)
Interior gateways use IS-IS protocol to communicate among themselves. It is a link-state protocol that can route IP and ISO/CLNP packets and, like OSPF, uses a "shorter path first" algorithm to determine routes.

Planning for Gateways

Before you configure the gateways for your network, you must first:

  1. Consider the number of gateways to use.
  2. Decide on the type of routing to use.

Consider the Number of Gateways to Use

The number of gateways you need to configure will depend upon:

For example, suppose users on Network 1, Network 2, and Network 3 all need to communicate with each other (as illustrated in the Sample Gateway Configuration figure). To connect Network 1 directly to Network 2, you would use a single gateway (Gateway A). To connect Network 2 directly to Network 3, you would use another gateway (Gateway B). Now, assuming the proper routes are defined, all the users on all three networks can communicate.

However, if Network 2 is very busy, communication between Network 1 and Network 3 may suffer unacceptable delays. Furthermore, if most of the inter-network communication occurs between Network 1 and Network 3, you may want to connect Network 1 directly to Network 3. To do this, you could use an additional pair of gateways, Gateway C (on Network 1) and Gateway D (on Network 3), with a direct connection between these two additional gateways. This may be an inefficient solution, however, because one gateway can connect more than two networks.

A more efficient solution may be to connect Gateway A to Gateway B directly, as well as to Network 2. This would require a second network adapter in both Gateway A and Gateway B. In general, the number of networks you connect through a single gateway is limited by the number of network adapter cards the gateway machine can support.

Decide on the Type of Routing to Use

If your network is small, and its configuration rarely changes, you will probably want to use static routing. But if you have a large network whose configuration changes frequently, you will probably want to use dynamic routing. You may decide to use a combination of static and dynamic routing. That is, you might want to give static definitions to a few specific routes, while allowing other routes to be updated by the daemons. The static routes you create are not advertised to other gateways and are not updated by the routing daemons.

If Using Dynamic Routing

Choose the routing daemon according to the type of gateway you need and the protocols your gateway must support. If the gateway is an interior gateway, and only needs to support RIP, choose the routed daemon. If the gateway must support any other protocol, or is an exterior gateway, choose the gated daemon.

Note: Unpredictable results can occur if the gated and routed daemons run on the same host at the same time.

Configuring a Gateway

To configure a machine to act as a gateway, use the following the instructions below. For clarity, this procedure assumes that the gateway machine will connect two networks, and that the gateway machine has already been minimally configured (see "Configuring TCP/IP") on one of the networks.

  1. Install and configure the second network adapter, if you have not done so already. (See "Installing a Network Adapter", "Configuring a High-Performance Token-Ring Adapter", and "Configuring a High-Performance Ethernet Adapter".)

  2. Choose an IP address for the second network interface, and then configure the network interface by following the instructions in "Managing Network Interfaces".

  3. Add a route to the second network.

  4. To use an AIX machine as an internetwork router over TCP/IP networks, enter:
    no -o ipforwarding=1

  5. The gateway machine can now access both of the networks to which it is directly attached.
    1. If you want to use static routing to communicate with hosts or networks beyond these two networks, add any other routes you want.

    2. If you want to use dynamic routing, follow the instructions in either "Configuring the routed Daemon" or "Configuring the gated Daemon". If your internetwork will join the Internet, you should also follow the instructions in "Getting an Autonomous System Number".
      Configuring a Gateway Tasks
      Web-based System Manager: wsm network fast path
      (Network application)

      -OR-
      Task SMIT Fast Path Command or File
      Displaying the Routing Table smit lsroute netstat -rn1
      Adding a Static Route smit mkroute route add destination gateway2
      Removing a Static Route smit rmroute route delete destination gateway2
      Flushing the Routing Table smit fshrttbl route flush
Notes:
  1. The table is divided into columns for destination address, gateway address, flags, reference count (hop count), and network interface. (For a detailed discussion of each of these columns, see the netstat command in the AIX Version 4.3 Commands Reference.) If frames are not reaching their destination and the routing tables indicate the correct route, there is a good chance that one or more of the following conditions exist:
    • Network is failing.
    • Remote host or gateway is failing.
    • Remote host or gateway is down or not ready to receive frames.
    • Remote host does not have a route back to the source network.

  2. The destination value is the dotted decimal address or symbolic name of the destination host or network, and the gateway value is the dotted decimal address or symbolic name of the gateway. (A default route specifies 0 as the destination.)

Restricting Route Use

Routes can be restricted so they can be used only by some users. The restrictions are based on the primary and auxiliary group IDs of users. Using the route command, you can specify a list of up to 32 group IDs that are allowed or not allowed to use a route. If the list is of allowed groups, any user that belongs to any group on the list can use the route. If the list is of disallowed groups, only users that do not belong to any of the groups on the list can use the route. The root user can use any route.

Groups may also be associated with an interface using the ifconfig command. In this case, a forwardable packet may use any route allowed for the groups associated with its incoming interface.

If there are two or more routes to the same destination, any ICMP redirects that are received for that destination will be ignored and path MTU discovery will not be done on those routes.

Manually Removing Dynamic Routes

If you are using the routed daemon, a manually deleted route is not replaced by incoming RIP information (since ioctl's are used). If you are using the gated daemon, and the -n flag is not used, the manually deleted route is replaced by the route as discovered in incoming RIP information.

Configuring the routed Daemon

To configure the routed daemon:

  1. Remove the comment symbol (#) and modify the routed clause in the /etc/rc.tcpip shell script. This automatically starts the routed daemon with each system startup.
  2. Identify any known networks by listing them in the /etc/networks file. Refer to "Networks File Format for TCP/IP" in the AIX Version 4.3 Files Reference for more information. A sample networks file is located in the /usr/samples/tcpip directory.

  3. Set up routes in the /etc/gateways file to any known gateways that are not directly connected to your network. Refer to "Gateways File Format for TCP/IP" in AIX Version 4.3 Files Reference for detailed examples of entries in the /etc/gateways file. A sample gateways file is located in the /usr/samples/tcpip directory.
Attention: Do not run the routed daemon and the gated daemon on the same machine. Unpredictable results may occur.

Configuring the gated Daemon

To configure the gated daemon:

  1. Decide which gateway protocols are most appropriate for your system. The choices for routing protocols are EGP, BGP, RIP, RIPng, HELLO, OSPF, ICMP/Router Discovery, and IS-IS. You can also use SNMP, a protocol allowing you to change or show management information for a network element from a remote host.
    Note: Use EGP, BGP, or BGP4+ to advertise addresses of networks in an autonomous system to gateways in other autonomous systems. If you are on the Internet, EGP, BGP, or BGP4+ must be used to advertise network reachability to the core gateway system. Use the interior routing protocols to advertise reachability information within an autonomous system.
  2. Identify any known networks by listing them in the /etc/networks file. Refer to "Networks File Format for TCP/IP" in AIX Version 4.3 Files Reference for more information. A sample networks file is located in the /usr/samples/tcpip directory.

  3. Edit the /etc/gated.conf file to reflect the desired gated daemon configuration.
    1. Specify the level of trace output you want. If tracing is needed before the gated.conf file is parsed, use the -t flag to turn tracing on when the daemon starts. Refer to "gated Daemon" in AIX Version 4.3 Commands Reference for more information.
    2. Specify the routing protocols you want to use. Each protocol has its own protocol statement. Remove the comment symbols (#) and modify the statements corresponding to the protocols you want to use.
      • If using EGP:
        • Set up the EGP autonomoussystem clause. Obtain an autonomous system number from the Internet authority if you are on the Internet, or if not, assign an autonomous system number considering the autonomous system numbers of other systems on your network.
        • Set the EGP statement to yes.
        • Set up a group clause for each autonomous system.
        • Set up a neighbor clause for each neighbor in that autonomous system. For example:
          autonomoussystem 283 ; 
           
          egp yes { 
                  group maxup 1 { 
                       neighbor nogendefault 192.9.201.1 ; 
                       neighbor nogendefault 192.9.201.2 ; 
                 } ; 
                 group { 
                       neighbor 192.10.201.1 ; 
                       neighbor 192.10.201.2 ; 
                 } ; 
          } ;
      • If using RIP or HELLO:
        • Set the RIP or HELLO statement to yes.
        • Specify quiet in the RIP or HELLO statement if you want the gateway only to accept routing information, not broadcast information. Or specify supplier in the RIP or HELLO statement if you want the gateway to broadcast routing information as well as accept routing information.
        • Specify pointopoint if you want the gateway to broadcast only to source gateways specified in the sourcegateways statement. If not, omit this value. If you include pointopoint, specify a gateway name or Internet address in dotted decimal in the sourcegateways clause. For example:
          # Broadcast to specific gateways 
           
          rip/hello pointopoint { 
                    sourcegateways 
                          101.25.32.1 
                          101.25.32.2 ; 
          } ; 
           
          # Broadcast to all 
           
          rip/hello supplier { 
                   interface en0 noripout ; 
                   trustedgateways 
                          101.25.33.1 
                          101.25.33.2 ; 
          } ;
          These first two examples could both be active in the gated.conf file.
          # Broadcast to no one 
           
          rip/hello quiet { 
                   interface tr0 noripin ; 
          } ;
      • If using BGP:
        • Set up the BGP autonomoussystem clause. Obtain an autonomous system number from the Internet authority if you are on the Internet, or if not, assign an autonomous system number considering the autonomous system numbers of other systems on your network.
        • Set the BGP statement to yes.
        • Set up a peer clause for each neighbor in that autonomous system. For example:
          # Perform all BGP operations 
           
          bgp yes { 
                  peer 192.9.201.1 ; 
          } ;
      • If using SNMP:
        • Set the SNMP statement to yes.
          snmp yes ;

Configuring the gated Daemon To Run IPv6

To configure the gated daemon to run under Internet Protocol version 6 (IPv6), first ensure that your system has been configured for IPv6 and IPv6 routing:

  1. Run autoconf6 to automatically configure your interfaces for IPv6.
  2. Configure site local addresses for each IPv6 interface on which you want to use IPv6 routing using the following command:
    ifconfig interface inet6 fec0:n::address/64 alias

    where

    interface
    Is the name of the interface, such as tr0 or en0.
    n
    Is any decimal number; for example, 11
    address
    Is the portion of the IPv6 interface address that follows the double colons; for example, given the IPv6 address fe80::204:acff:fe86:298d, the address entry would be 204:acff:fe86:298d.
    Note: You can use the command netstat -i to see what your IPv6 address is for each configured interface.

    So, if token ring tr0 has an IPv6 address of fe80::204:acff:fe86:298d, you would issue the following command:

    ifconfig tr0 inet6 fec0:13::204:acff:fe86:298d/64 alias
  3. Turn on IPv6 forwarding with the following command:
    no -o ip6forwarding=1
  4. Start ndpd-router with the following command:
    ndpd-router -g

    See ndpd-router to determine which flags to use for your network configuration.

    Starting ndpd-router will allow your system to act as a router for the Neighbor Discovery Protocol. Neighbor Discovery Protocol routers inform Neighbor Discovery hosts with routing information so hosts can route IPv6 packets.

    Any hosts on the network that you want to be part of the IPv6 network must run ndpd-host. Hosts on the network that run ndpd-host will recognize themselves as part of an IPv6 network and use Neighbor Discovery Protocol, which allows them to determine and monitor link-layer addresses both to allow neighbor routing and to find neighboring routers for forwarding packets.

    See ndpd-router, ndpd-host, or read RFC 1970, Neighbor Discovery, for more information.

Next, configure the gated daemon:

  1. Decide which IPv6 gateway protocols are most appropriate for your system. The choices for IPv6 routing protocols are Border Gateway Protocol enhanced for IPv6 (BGP4+) and Routing Information Protocol Next Generation (RIPng).
  2. Edit the etc/gated.conf file to reflect the desired gated daemon configuration.
    Note: AIX versions 4.3.2 and later run gated version 3.5.9. The syntax of the gated.conf file has changed slightly from earlier versions. Read the gated.conf documentation or use the sample file that is shipped in the /usr/sample/tcpip directory for correct syntax.

    When configuring BGP4+ or RIPng, use IPv6 addresses in which the syntax specifies an IP address.

    Note: By default, RIPng multicasts its packets.

Once the /etc/gated.conf file has been modified, the gated daemon can be started.

Getting an Autonomous System Number

If you use EGP or BGP, you should obtain an official autonomous system number for your gateway. To obtain an official autonomous system number, contact the NIC at INFO@INTERNIC.NET, or at 1-800-444-4345 (USA).


[ Previous | Next | Contents | Glossary | Home | Search ]