Multiple default routes (was: Networking help)

bscott at ntisys.com bscott at ntisys.com
Fri Dec 13 18:07:10 EST 2002


  Okay, I'm coming into this discussion late, but this thread desperately
needs a clue-injection...

  There is nothing wrong with having multiple default routes.  Not only do
they work just fine under every version of Linux I've tried them with
(including Red Hat 5.mumble, 6.2 and 7.3), they also work under MS-Windows,
including Win98!

>From a Win98SE box we have:
> C:\windows>route print
> 
> Active Routes:
> 
>   Network Address          Netmask  Gateway Address        Interface  Metric
>           0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.196       1
>           0.0.0.0          0.0.0.0   192.168.10.112   192.168.10.196       1
>         127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1
>      192.168.10.0    255.255.255.0   192.168.10.196   192.168.10.196       1
>    192.168.10.196  255.255.255.255        127.0.0.1        127.0.0.1       1
>    192.168.10.255  255.255.255.255   192.168.10.196   192.168.10.196       1
>         224.0.0.0        224.0.0.0   192.168.10.196   192.168.10.196       1
>   255.255.255.255  255.255.255.255   192.168.10.196   192.168.10.196       1
> 
> C:\windows>

  Note the two default routes at the top of the list.

  The system uses the routing table to decide where to send packets.  This
is, nominally, a stateless operation.  When a packet enters the routing
code, it scans the routing table looking for a route that matches the
destination address of the packet.  If more than one address matches, the
closest match wins.  If there is still more than one match, the one with the
best metric wins.  If there is still more than one match, the result is
implementation-dependent, but *most* IP stacks simply pick the first one
they find.  Load balancing (such as the round-robin mechanism Kevin Clark
suggested) requires state, and thus is usually an add-on option, rather than
the default behavior.  This is certainly the case for both Linux and
MS-Windows.

  A "default route" is simply a route that happens to match all packets.  
It is *identical*, in both form and function, to *any other* route.  There
is *nothing special* in the routing code to handle a "default route".  More
specific routes match first because more specific routes *always* match
first.

  The idea of multiple routes to a given destination is fundamental to the
way the Internet works.  The reason IP can re-route around fiber cuts,
burning buildings, and the like is that routers have multiple routes to
destinations, and if one goes down, another one will be used.

  This business about multiple default routes being bad is more likely an
indication that the site's routing plan is incomplete or not being
implemented properly.  For example, many systems implement various levels of
route verification, such that packets coming in on an interface they should
not are ignored.  If such filters are not aware of the full IP network, they
could easily mistake a packet coming in via an alternate route as bogus.

  As for the theory that Linux, or a distribution thereof, "automatically
adds a default route for every interface", that is incredibly bogus.  For
one, how the heck does it know what the default route's destination *is* if
you don't tell it?  For another, what if there is *no router at all* on that
interface?  It is quite possible to have a single IP network with no routers
and no outside connection.

  In fact, default routes (and any other static routes that specify an IP
host as a gateway) really have nothing to do with interfaces at all.  All
they do is choose which gateway[1] the router forwards the packet to.  
There must already be a route to said gateway, or the route will not even be
accepted by the kernel.  Trying to add a default route which specifies a
gateway to which there is no route already will result in a "SIOCADDRT:
Network is unreachable" error.

  Most of the time, routing works like this: When an interface is brought
up, a route for that interface's directly-connected network(s) or peer(s) is
automatically added to the kernel routing table.  This is the only time a
route is associated with an interface[2].  All other routes, including any
default routes, specify gateways.

  Now, for Red Hat, at least, you can specify a default route by putting a
"GATEWAY" line in your /etc/sysconfig/network (system-wide network
configuration) or /etc/sysconfig/network-scripts/ifcfg-* (per-interface
configuration) files.  If you put said line in the system-wide file, the
system will *try* to add that gateway for every interface that comes up[3].  
However, only one interface will actually provide a route to that gateway[4]
-- the others will result in errors when the interface comes up[5].

Footnotes
---------
[1] A "gateway", in this context, is an IP node you forward packets to,
    with the intent that said IP node is closer to the destination than
    yourself.  This is as opposed to sending packets out a specific 
    interface, with the intent that the destination is directly connected
    via that interface.
[2] Unless you add an explicit route that specifies an interface.
[3] Unless you add a "GATEWAYDEV" line to restrict it to a single interface.
[4] Unless you have multiple interfaces on the same subnet, or an explicit
    route -- via another gateway -- to the default gateway.
[5] These errors, however, can be safely ignored, assuming one of your
    interfaces actually does provide a route to your default gateway.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |




More information about the gnhlug-discuss mailing list