I see what you're saying, but this is a router not a server. It's my job to stop the routing loop. That shorter prefix might actually work. This isn't how it works on other routers I've used.
Why remove the UP flag from the route then? Older versions of OpenBSD would still announce the connected route via BGP even though the interface was down. I haven't tested this lately. On Fri, Apr 8, 2016 at 11:15 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2016/04/08 10:05, Doran Mori wrote: > > Could you give an example of how that it could cause a routing loop? > > Say you have a directly connected /27 on an interface, and a covering > /22, or a default route or something. > > If the interface holding that /27 goes down (for example the switch > fails, or somebody unplugs the cable, etc), in most setups you won't > be able to reach it. Host unreachable / net unreachable. > > If you "fall back" to a shorter prefix or especially to a default > route, in many setups, the router that you send it to will send it > right back to you, causing a loop. Consider the case where you > take a local interface down. Normally you want the traffic to be > dropped, not sent to a transit provider. > > Considering phessler's suggestion, which I haven't tested but makes > sense, if you would usually have another route to the *same prefix* > i.e. the /27 from somewhere else (bgp, ospf, static route) then > that should be used. > > > I'm used to the world of actual routers where the related routes from > > an interface get removed from the FIB when it goes down. The kernel > > already removes the UP flag. I don't understand why that's still a > > valid route? > > > > On Fri, Apr 8, 2016 at 1:53 AM, Stuart Henderson <s...@spacehopper.org> > > wrote: > > > > On 2016-04-07, Doran Mori <dhm...@gmail.com> wrote: > > > Running 5.9. > > > > > > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 > > reachable > > > via bgp. > > > > > > # route -n get x.x.141.13 > > > route to: x.x.141.13 > > > destination: x.x.141.0 > > > mask: 255.255.255.128 > > > interface: em3 > > > if address: x.x.141.112 > > > priority: 4 (connected) > > > flags: <UP,DONE,CLONING> > > > > > > # ifconfig em3 down > > > jawaka# route -n get x.x.141.13 > > > route to: x.x.141.13 > > > destination: 66.117.141.0 > > > mask: 255.255.255.128 > > > interface: em3 > > > if address: x.x.141.112 > > > priority: 4 (connected) > > > flags: <DONE,CLONING> > > > > > > I see the UP flag is removed but it has no effect. > > > > > > # ping x.x.141.13 > > > PING x.x.141.13 (x.x.141.13): 56 data bytes > > > ping: sendto: Network is down > > > > > > I would expect this route to be used instead: > > > # route -n get x.x.141.0/24 > > > route to: x.x.141.0 > > > destination: x.x.141.0 > > > mask: 255.255.255.0 > > > gateway: x.x.144.154 > > > interface: em2 > > > if address: x.x.144.153 > > > priority: 48 (bgp) > > > flags: <UP,GATEWAY,DONE> > > > > > > I searched the archives but didn't see this specific case > > mentioned. Can > > > someone enlighten me? > > > > That is how things normally work. > > > > Sometimes the behaviour you want would be useful (especially for > > machines that move between wired and wireless connectivity) but in > > other > > cases (e.g. the usual case with a bgp router) it would be > > undesirable as > > it would cause a routing loop, so there's no one-size-fits-all > > answer. > > > > I'm not sure if there is any way to manipulate the route entry to > > do > > what you want. If there is, it's non-obvious at least!
