[apple/network_cmds.git] / routed.tproj / routed.8

.\"	$OpenBSD: routed.8,v 1.8 1997/01/28 07:16:41 deraadt Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)routed.8	8.2 (Berkeley) 12/11/93
.\"
.Dd June 1, 1996
.Dt ROUTED 8
.Os BSD 4.4
.Sh NAME
.Nm routed
.Nd network RIP and router discovery routing daemon
.Sh SYNOPSIS
.Nm
.Op Fl sqdghmpAt
.Op Fl T Ar tracefile
.Oo
.Fl F
.Ar net Ns Op /mask Ns Op ,metric
.Oc
.OP Fl P Ar parms
.Sh DESCRIPTION
.Nm Routed
is a daemon invoked at boot time to manage the network
routing tables.
It uses Routing Information Protocol, RIPv1 (RFC\ 1058),
RIPv2 (RFC\ 1723),
and Internet Router Discovery Protocol (RFC 1256)
to maintain the kernel routing table.
The RIPv1 protocol is based on the reference 4.3BSD daemon.
.Pp
It listens on the
.Xr udp 4
socket for the
.Xr route 8
service (see
.Xr services 5 )
for Routing Information Protocol packets.
It also sends and receives multicast Router Discovery ICMP messages.
If the host is a router,
.Nm
periodically supplies copies
of its routing tables to any directly connected hosts and networks.
It also advertise or solicits default routes using Router Discovery
ICMP messages.
.Pp
When started (or when a network interface is later turned on),
.Nm
uses an AF_ROUTE address family facility to find those
directly connected interfaces configured into the
system and marked "up".
It adds necessary routes for the interfaces
to the kernel routing table.
Soon after being first started, and provided there is at least one
interface on which RIP has not been disabled,
.Nm
deletes all pre-existing
non-static routes in kernel table.
Static routes in the kernel table are preserved and
included in RIP responses if they have a valid RIP metric
(see
.Xr route 8 ).
.Pp
If more than one interface is present (not counting the loopback interface),
it is assumed that the host should forward packets among the
connected networks.
After transmitting a RIP
.Em request
and
Router Discovery Advertisements or Solicitations on a new interface,
the daemon enters a loop, listening for
RIP request and response and Router Discover packets from other hosts.
.Pp
When a
.Em request
packet is received,
.Nm
formulates a reply based on the information maintained in its
internal tables.
The
.Em response
packet generated contains a list of known routes, each marked
with a "hop count" metric (a count of 16 or greater is
considered "infinite").
Advertised metrics reflect the metric associated with interface
(see
.Xr ifconfig 8 ),
so setting the metric on an interface
is an effective way to steer traffic.
.Pp
Responses do not contain routes with a first hop on the requesting
network to implement in part
.Em split-horizon .
.Pp
The routing table maintained by the daemon
includes space for several gateways for each destination
to speed recovery from a failing router.
RIP
.Em response
packets received are used to update the routing tables provided they are
from one of the several currently recognized gateways or
advertise a better metric than at least one of the existing
gateways.
.Pp
When an update is applied,
.Nm
records the change in its own tables and updates the kernel routing table
if the best route to the destination changes.
The change in the kernel routing table is reflected in the next batch of
.Em response
packets sent.
If the next response is not scheduled for a while, a
.Em flash update
response containing only recently changed routes is sent.
.Pp
In addition to processing incoming packets,
.Nm
also periodically checks the routing table entries.
If an entry has not been updated for 3 minutes, the entry's metric
is set to infinity and marked for deletion.
Deletions are delayed until the route has been advertised with
an infinite metric to insure the invalidation
is propagated throughout the local internet.
This is a form of
.Em poison reverse .
.Pp
Routes in the kernel table that are added or changed as a result
of ICMP Redirect messages are deleted after a while to minimize
.Em black-holes .
When a TCP connection suffers a timeout,
the kernel tells
.Nm routed ,
which deletes all redirected routes
through the gateway involved, advances the age of all RIP routes through
the gateway to allow an alternate to be chosen, and advances of the
age of any relevant Router Discovery Protocol default routes.
.Pp
Hosts acting as internetwork routers gratuitously supply their
routing tables every 30 seconds to all directly connected hosts
and networks.
These RIP responses are sent to the broadcast address on nets that support
broadcasting,
to the destination address on point-to-point links, and to the router's
own address on other networks.
If RIPv2 is enabled, multicast packets are sent on interfaces that
support multicasting.
.Pp
If no response is received on a remote interface, if there are errors
while sending responses,
or if there are more errors than input or output (see
.Xr netstat 8 ),
then the cable or some other part of the interface is assumed to be
disconnected or broken, and routes are adjusted appropriately.
.Pp
The
.Em Internet Router Discovery Protocol
is handled similarly.
When the daemon is supplying RIP routes, it also listens for
Router Discovery Solicitations and sends Advertisements.
When it is quiet and only listening to other RIP routers, it
sends Solicitations and listens for Advertisements.
If it receives
a good Advertisement, it stops listening for broadcast or multicast
RIP responses.
It tracks several advertising routers to speed recovery when the
currently chosen router dies.
If all discovered routers disappear,
the daemon resumes listening to RIP responses.
.Pp
While using Router Discovery (which happens by default when
the system has a single network interface and a Router Discover Advertisement
is received), there is a single default route and a variable number of
redirected host routes in the kernel table.
.Pp
The Router Discover standard requires that advertisements
have a default "lifetime" of 30 minutes.  That means should
something happen, a client can be without a good route for
30 minutes.  It is a good idea to reduce the default to 45
seconds using
.Fl P Cm rdisc_interval=45
on the command line or
.Cm rdisc_interval=45
in the
.Pa /etc/gateways
file.
.Pp
See the
.Cm pm_rdisc
facility described below to support "legacy" systems
that can handle neither RIPv2 nor Router Discovery.
.Pp
By default, neither Router Discovery advertisements nor solicitations
are sent over point to point links (e.g. PPP).

.Pp
Options supported by
.Nm routed :
.Bl -tag -width Ds
.It Fl s
this option forces
.Nm
to supply routing information.
This is the default if multiple network interfaces are present on which
RIP or Router Discovery have not been disabled, and if the kernel switch
ipforwarding=1.
.It Fl q
is the opposite of the
.Fl s
option.
.It Fl d
Do not run in the background.
This option is meant for interactive use.
.It Fl g
This flag is used on internetwork routers to offer a route
to the "default" destination.
It is equivalent to
.Fl F
.Cm 0/0,1
and is present mostly for historical reasons.
A better choice is
.Fl P Cm pm_rdisc
on the command line or
.Cm pm_rdisc in the
.Pa /etc/gateways
file.
since a larger metric
will be used, reducing the spread of the potentially dangerous
default route.
This is typically used on a gateway to the Internet,
or on a gateway that uses another routing protocol whose routes
are not reported to other local routers.
Notice that because a metric of 1 is used, this feature is
dangerous.  It is more commonly accidently used to create chaos with routing
loop than to solve problems.
.It Fl h
This causes host or point-to-point routes to not be advertised,
provided there is a network route going the same direction.
That is a limited kind of aggregation.
This option is useful on gateways to ethernets that have other gateway
machines connected with point-to-point links such as SLIP.
.It Fl m
This causes the machine to advertise a host or point-to-point route to
its primary interface.
It is useful on multi-homed machines such as NFS servers.
This option should not be used except when the cost of
the host routes it generates is justified by the popularity of
the server.
It is effective only when the machine is supplying
routing information, because there is more than one interface.
The
.Fl m
option overrides the
.Fl q
option to the limited extent of advertising the host route.
.It Fl A
do not ignore RIPv2 authentication if we do not care about RIPv2
authentication.
This option is required for conformance with RFC 1723.
However, it makes no sense and breaks using RIP as a discovery protocol
to ignore all RIPv2 packets that carry authentication when this machine
does not care about authentication.
.It Fl T Ar tracefile
increases the debugging level to at least 1 and
causes debugging information to be appended to the trace file.
Note that because of security concerns, it is wisest to not run
.Nm routed
routinely with tracing directed to a file.
.It Fl t
increases the debugging level, which causes more information to be logged
on the tracefile specified with
.Fl T
or standard out.
The debugging level can be increased or decreased
with the
.Em SIGUSR1
or
.Em SIGUSR2
signals.
.It Fl F Ar net[/mask][,metric]
minimize routes in transmissions via interfaces with addresses that match
.Em net/mask ,
and synthesizes a default route to this machine with the
.Em metric .
The intent is to reduce RIP traffic on slow, point-to-point links
such as PPP links by replacing many large UDP packets of RIP information
with a single, small packet containing a "fake" default route.
If
.Em metric
is absent, a value of 14 is assumed to limit
the spread of the "fake" default route.

This is a dangerous feature that when used carelessly can cause routing
loops.
Notice also that more than one interface can match the specified network
number and mask.
See also
.Fl g .
.It Fl P Ar parms
is equivalent to adding the parameter
line
.Em parms
to the
.Pa /etc/gateways
file.
.El
.Pp
Any other argument supplied is interpreted as the name
of a file in which the actions of
.Nm
should be logged.
It is better to use
.Fl T
instead of
appending the name of the trace file to the command.
.Pp
.Nm
also supports the notion of
"distant"
.Em passive
or
.Em active
gateways.
When
.Nm
is started, it reads the file
.Pa /etc/gateways
to find such distant gateways which may not be located using
only information from a routing socket, to discover if some
of the local gateways are
.Em passive ,
and to obtain other parameters.
Gateways specified in this manner should be marked passive
if they are not expected to exchange routing information,
while gateways marked active
should be willing to exchange RIP packets.
Routes through
.Em passive
gateways are installed in the
kernel's routing tables once upon startup and are not included in
transmitted RIP responses.
.Pp
Distant active gateways are treated like network interfaces.
RIP responses are sent
to the distant
.Em active
gateway.
If no responses are received, the associated route is deleted from
the kernel table and RIP responses advertised via other interfaces.
If the distant gateway resumes sending RIP responses, the associated
route is restored.
.Pp
Such gateways can be useful on media that do not support broadcasts
or multicasts but otherwise act like classic shared media like
Ethernets such as some ATM networks.
One can list all RIP routers reachable on the ATM network in
.Pa /etc/gateways
with a series of
"host" lines.
.Pp
Gateways marked
.Em external
are also passive, but are not placed in the kernel
routing table nor are they included in routing updates.
The function of external entries is to indicate
that another routing process
will install such a route if necessary,
and that alternate routes to that destination should not be installed
by
.Nm routed .
Such entries are only required when both routers may learn of routes
to the same destination.
.Pp
The
.Pa /etc/gateways
file is comprised of a series of lines, each in
one of the following formats or consist of parameters described below:
.Pp
.Bd -ragged
.Cm net
.Ar Nname[/mask]
.Cm gateway
.Ar Gname
.Cm metric
.Ar value
.Pf < Cm passive No \&|
.Cm active No \&|
.Cm extern Ns >
.Ed
.Bd -ragged
.Cm host
.Ar Hname
.Cm gateway
.Ar Gname
.Cm metric
.Ar value
.Pf < Cm passive No \&|
.Cm active No \&|
.Cm extern Ns >
.Ed
.Pp
.Ar Nname
or
.Ar Hname
is the name of the destination network or host.
It may be a symbolic network name or an Internet address
specified in "dot" notation (see
.Xr inet 3 ).
(If it is a name, then it must either be defined in
.Pa /etc/networks
or
.Pa /etc/hosts ,
or
.Xr named 8 ,
must have been started before
.Nm routed Ns .)
.Pp
.Ar mask
is an optional number between 1 and 32 indicating the netmask associated
with
.Ar Nname .
.Pp
.Ar Gname
is the name or address of the gateway to which RIP responses should
be forwarded.
.Pp
.Ar Value
is the hop count to the destination host or network.
.Ar " host hname "
is equivalent to
.Ar " net  nname/32 ".
.Pp
One of the keywords
.Cm passive ,
.Cm active
or
.Cm external
must be present to indicate whether the gateway should be treated as
.Cm passive
or
.Cm active
(as described above),
or whether the gateway is
.Cm external
to the scope of the RIP protocol.
.Pp
Lines that start with neither "net" nor "host" must consist of one
or more of the following parameter settings, separated by commas or
blanks:
.Bl -tag -width Ds
.It Cm if Ns \&= Ns Ar ifname
indicates that the other parameters on the line apply to the interface
name
.Ar ifname .
.It Cm subnet Ns \&= Ns Ar nname[/mask][,metric]
advertises a route to network
.Ar nname
with mask
.Ar mask
and the supplied metric (default 1).
This is useful for filling "holes" in CIDR allocations.
This parameter must appear by itself on a line.
.Pp
Do not use this feature unless necessary.  It is dangerous.
.It Cm passwd Ns \&= Ns Ar XXX
specifies a RIPv2 password that will be included on all RIPv2
responses sent and checked on all RIPv2 responses received.
The password must not contain any blanks, tab characters, commas
or '#' characters.
.It Cm no_ag
turns off aggregation of subnets in RIPv1 and RIPv2 responses.
.It Cm no_super_ag
turns off aggregation of networks into supernets in RIPv2 responses.
.It Cm passive
is equivalent
.Cm no_rip Cm no_rdisc .
.It Cm no_rip
disables all RIP processing on the specified interface.
If no interfaces are allowed to process RIP packets,
.Nm
acts purely as a router discovery daemon.
.Cm No_rip
is equivalent to
.Cm no_ripv1_in no_ripv2_in no_ripv1_out no_ripv2_out .
.Pp
Note that turning off RIP without explicitly turning on router
discovery advertisements with
.Cm rdisc_adv
or
.Fl s
causes
.Nm routed
to act as a client router discovery daemon, not advertising.
.It Cm no_ripv1_in
causes RIPv1 received responses to be ignored.
.It Cm no_ripv2_in
causes RIPv2 received responses to be ignored.
.It Cm ripv2_out
turns off RIPv1 output and causes RIPv2 advertisements to be
multicast when possible.
.It Cm no_rdisc
disables the Internet Router Discovery Protocol.
.It Cm no_solicit
disables the transmission of Router Discovery Solicitations.
.It Cm send_solicit
specifies that Router Discovery solicitations should be sent,
even on point-to-point links,
which by default only listen to Router Discovery messages.
.It Cm no_rdisc_adv
disables the transmission of Router Discovery Advertisements
.It Cm rdisc_adv
specifies that Router Discovery advertisements should be sent,
even on point-to-point links,
which by default only listen to Router Discovery messages
.It Cm bcast_rdisc
specifies that Router Discovery packets should be broadcast instead of
multicast.
.It Cm rdisc_pref Ns \&= Ns Ar N
sets the preference in Router Discovery Advertisements to the integer
.Ar N .
.It Cm rdisc_interval Ns \&= Ns Ar N
sets the nominal interval with which Router Discovery Advertisements
are transmitted to N seconds and their lifetime to 3*N.
.It Cm fake_default Ns \&= Ns Ar metric
has an identical effect to
.Fl F Ar net[/mask][,metric]
with the network and mask coming from the specified interface.
.It Cm pm_rdisc
is similar to
.Cm fake_default .
When RIPv2 routes are multicast, so that RIPv1 listeners cannot
receive them, this feature causes a RIPv1 default route to be
broadcast to RIPv1 listeners.
Unless modified with
.Cm fake_default ,
the default route is broadcast with a metric of 14.
That serves as a "poor man's router discovery" protocol.
.El
.Pp
Note that the netmask associated with point-to-point links (such as SLIP
or PPP, with the IFF_POINTOPOINT flag) is used by
.Nm routed
to infer the netmask used by the remote system when RIPv1 is used.
.Pp
.Sh FILES
.Bl -tag -width /etc/gateways -compact
.It Pa /etc/gateways
for distant gateways
.El
.Sh SEE ALSO
.Xr udp 4 ,
.Xr icmp 4 .
.Rs
.%T Internet Transport Protocols
.%R XSIS 028112
.%Q Xerox System Integration Standard
.Re
.Sh BUGS
It does not always detect unidirectional failures in network interfaces
(e.g., when the output side fails).
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.2 .