> > Manually configuring a static route in router A would achieve the result:
> > ip route 172.16.16.0 255.255.255.0 fa0/0
>
> Why are we doing basic IP routing 101 on NANOG?
OK, since it's so basic why don't you explain how to have router A
dynamically learn from router B that there is a new subnet on the local
ethernet?
It cannot. IP works on layer 3. Ethernet is layer 2. Your local grouping
happens on layer 2. Layer 3 does not know about it unless you TELL it about
it.
So then what do you call a connected route (for an ethernet interface on a
router)? If you use ethernet, at the edges of your network you HAVE to
route IP blocks to the ethernet.
A connected route is installed only when you *CONFIGURE* it, something that
you are refusing to do.
Configure the connected route by assigning a secondary to the interface and
your router will *know* that it can reach that subnet directly.
If you do not want to do that, configure a dynamic routing protocol or
insert a static route pointing to a router which knows how to reach that
network directly.
Alex
> I guess I don't know this because I've never tried it. But, how does the
> router determine where to send the packets for a route statement as
> specified above (ip route a.b.c.d e.f.g.h f0/0) ?
When you setup a secondary ip on an interface
int fa0/0
ip address a.b.c.d e.f.g.h secondary
How does it determine where to send the packets? ARP.
Which is the same as adding the route described above.
No it is not. In this case you defined direct connection. IP does not know
about this direct connection without that. Should you drop that secondary
line.
Alex
Ok, so correct me if I'm wrong here (I'm just trying to paint a picture
of what this thread is trying to conceive), RA-FA1: 10.10.10.1/30,
RB-FA0: 10.10.10.2/30, 172.16.16.1/24 secondary?
iBGP setup between RA & RB, RB announces to RA with a next-hop of the
primary address on FA0, RA announces to RB with a next-hop of the
primary address on FA1. When iBGP announces 172.16.16 to RA, you want
it announce with a next-hop of 172.16.16.1 as opposed to the primary
address 10.10.10.2. Is that right?
Can someone please explain to me *why* are you trying to come up with
*complicated* configurations as opposite to
(a) defining your connected routes on all the routers that would be using
it.
or
(b) letting IP to what it is supposed to do?
Oh, and finally, should you be using such super-intersting methods of
finding where to go, I certainly hope that the network is secure from little
arp games that someone can play.
Alex
Ralph, how do you intend on getting traffic *OUT* of this subnet?
Static arp entries on all the hosts? Proxy arp? It seems like that would
be a lot more work and much more failure prone in the long run.
Step up to the plate, configure a secondary address, and let
normal routing protocols do their job. There is no compelling reason to
implement an intentionally broken network, just to prove to us all how
quirky you are.
Thanks,
--msa
> > > As others are saying... it isn't "local". It's not "local"
> > > unless in the same subnet. Physical topology often correlates
> > > with higher layers, but it's not strictly 1:1.
> >
> > Manually configuring a static route in router A would achieve the result:
> > ip route 172.16.16.0 255.255.255.0 fa0/0
>
> Why are we doing basic IP routing 101 on NANOG?
OK, since it's so basic why don't you explain how to have router A
dynamically learn from router B that there is a new subnet on the local
ethernet?
You don't. Even if you did somehow manage that on the routers, how will
the hosts get packets back to a router for which they have no route?
With no route to get packets back to the router, they're going to use
their default route. Or you could write your own IP stack. I have a
friend who did this for a networked environmental probe. Rather than
utilizing IP routing, this device's primitive IP stack simply sends
replies to the MAC address from which they came. I suspect the IP stack
on Cisco switches may do something similar. I don't think you're going to
find this functionality in many 'normal' IP stacks.
> Don't route IP blocks to the ethernet. That's using ARP as your routing
> protocol and it's horribly fragile. I've seen one ISP do that (they were
> very technically challenged) and it's a setup that broke way too easily.
So then what do you call a connected route (for an ethernet interface on a
router)? If you use ethernet, at the edges of your network you HAVE to
route IP blocks to the ethernet.
I don't have to. Go ahead and do it your way.
What, you don't use a static default route on your end hosts? Are you one
of those crazy types that run RIP on your IIS/NT servers?
-Ralph
Can someone please explain to me *why* are you trying to come up with
*complicated* configurations as opposite to
(a) defining your connected routes on all the routers that would be using
it.
I've asked because I wanted to know if any routing protocol redistributes
information about diretly connected multi-access networks.
It seems pretty obvious to me that if you have a an ethernet segment with
multiple routers on it that adding a secondary IP to each one is more
complicated and error-prone than adding it to one and having a dynamic
routing protocol notify the rest of the routers on the segment.
It also seems that the answer I was looking for, at least as far as iBGP
is concerned, is no. However rather than just saying, "no, BGP can't do
this" many people have decided to brag about how smart they are because
they don't ask questions about how BGP works.
So now I can sit back and watch the chest-thumping continue...
-Ralph
Ralph Doncaster wrote:
What, you don't use a static default route on your end hosts? Are you one
of those crazy types that run RIP on your IIS/NT servers?
Last time I looked (a few years back), M$ Windows [whatever] ran RIP
receive-only whether you wanted it to or not. Made working with old
Pipelines (which ran RIP send whether you wanted them to or not) kind of
a bear.
Peter E. Fry
> (a) defining your connected routes on all the routers that would be using
> it.
I've asked because I wanted to know if any routing protocol redistributes
information about diretly connected multi-access networks.
It seems pretty obvious to me that if you have a an ethernet segment with
multiple routers on it that adding a secondary IP to each one is more
complicated and error-prone than adding it to one and having a dynamic
routing protocol notify the rest of the routers on the segment.
Wrong. It makes you think about "Why am I doing it"
It also seems that the answer I was looking for, at least as far as iBGP
is concerned, is no. However rather than just saying, "no, BGP can't do
this" many people have decided to brag about how smart they are because
they don't ask questions about how BGP works.
Wrong again. They tend to RFTM first.
Alx
Stop. You're the one who wants one router (probably an original default
route for your hosts) to tell other connected routers about new subnets on
an existing segment. If you already have one router on the subnet and
you're adding a second router, what do you care about static defaults?
You're almost asking a dynamic routing protocol to insert a magical HSRP
configuration into any adjacent routers. Wake up and stop dreaming.
Besides the fact that you're asking a layer 3 protocol to handle your
layer 2 and layer 1 issues, you're asking a layer 3 protocol to do magic
reconfiguration. Dangerous stuff, as soon as someone on that network
finds out what sort of havoc they can create.
Pete
They are dynamic routing protocols, not dynamic gateway-creation
protocols. You're asking iBGP to create an interface. iBGP (and other
dynamic routing protocols) don't do that.
Pete
I suppose they *could* - the fun then starts when you get a routing flap and
the other router tells you that you're not on one subnet because the subnet
is unreachable and would you please remove the interface? And I'm willing
to bet that there's a lack of MD5 at the important places in the dataflow... 
What's puzzling me is how anybody has a big enough net that subnets are being
added fast enough that automating the process is needed, but they don't already
have a way to centrally manage the routers so they can just push the needed
'ip route 172.16.16.0 255.255.255.0 fa0/0' out somehow.
[from previous mail]
> Ralph, how do you intend on getting traffic *OUT* of this subnet?
> Static arp entries on all the hosts? Proxy arp? It seems like that would
> be a lot more work and much more failure prone in the long run.
What, you don't use a static default route on your end hosts? Are you one
of those crazy types that run RIP on your IIS/NT servers?
Default route yes, to an IP address yes. You have to configure the IP address on
the router tho!
> Can someone please explain to me *why* are you trying to come up with
> *complicated* configurations as opposite to
>
> (a) defining your connected routes on all the routers that would be using
> it.
I've asked because I wanted to know if any routing protocol redistributes
information about diretly connected multi-access networks.
Yes but only assuming you have a connected IP network or static route, other
routers then have no idea of knowing if they are connected to the same layer 2
media unless you explicity tell them
Regarding the question of statics to multiaccess networks, my personal opinion
on that is that its a bug more than a feature. It shouldnt be allowed as its
messy and by design each station on a multiaccess network should be able to
identify itself and properly map between layers ie IP to MAC via ARP. By static
routing you have no valid source IP...
It seems pretty obvious to me that if you have a an ethernet segment with
multiple routers on it that adding a secondary IP to each one is more
complicated and error-prone than adding it to one and having a dynamic
routing protocol notify the rest of the routers on the segment.
L2 isnt L3 tho
It also seems that the answer I was looking for, at least as far as iBGP
is concerned, is no. However rather than just saying, "no, BGP can't do
this" many people have decided to brag about how smart they are because
they don't ask questions about how BGP works.
I think the real question is more of how L3 to L2 protocols function, the fact
that they dont do what is assumed in the original question means the question
about iBGP isnt really valid..
So now I can sit back and watch the chest-thumping continue...
Oo oo aar aar
Steve
I suppose they *could* - the fun then starts when you get a routing flap and
the other router tells you that you're not on one subnet because the subnet
is unreachable and would you please remove the interface? And I'm willing
to bet that there's a lack of MD5 at the important places in the dataflow...
What's puzzling me is how anybody has a big enough net that subnets are
being
added fast enough that automating the process is needed, but they don't
already
have a way to centrally manage the routers so they can just push the needed
'ip route 172.16.16.0 255.255.255.0 fa0/0' out somehow.
And even so, many of us have learned in very painful ways that running more
than one IP subnet on the same physical network can get you into trouble very
quickly. For a small SOHO network, fine, but then you usually don't use
dynamic routing protocols anyway.
Here's just a small sampling of what can go wrong:
1) A broadcast storm cripples all your subnets and slows some of your
machines to a crawl.
2) A compromise on a machine leads to ARP mischief (such as theft of another
subnet's default gateway IP), leading to TCP hijacking, password theft, or
worse.
3) A DoS attack causes one machine to be completely knocked out (locks up,
or reboots but fails to come back on after shutting itself off, or locks in
an fsck in single user mode or some such). The DoS attack continues until the
switch's table entry for that hardware address epires. Now the DoS attack
pops out every port on every machine.
And on, and on, and on. You want as few machines as possible on a single
Ethernet LAN because Ethernet has no protection against various types of
subterfuge.
DS
Let me see if I got this.
Route A:
unknown networks behind it
uses 10.10.10.2 as a neighbor to router B
Router B:
has a network 172.16.16/24
uses 10.10.10.1 as a neighbor to router A.
Router A's table shows
172.16.16/24 -> 10.10.10.2
You want Router A to ARP and pretend its on the local
broadcast domain for the 172.16.16/24 prefix.
But that prefix is NOT local to router A, thus it must
ROUTE and thus uses the NexHop in its table.
It seems you description is wrong.... But I don't know..
Please clarify
With the right MASK they could be local 
A cisco router with the default (ip proxy-arp) enabled on
the interface will spend all its time doing arp/proxy-arp for the hosts and
it will actually work believe it or not.
I spent quite a few cycles trying to convince Cisco that changing this default in
the next major release is a very good idea. Unfortunately I failed.
Pete