A route can specify various targets for the packet :-
Table 7.1. Example route targets
Target | Notes |
an Ethernet interface (locally-attached subnet) | requires ARP or ND to find the device on the LAN to which the traffic is to be sent. |
a specific IP address (a "gateway") | the packet is forwarded to another router (gateway) ; routing is then determined based on the gateway's IP address instead |
tunnel interface such as L2TP, PPPoE or FB105 tunnels. | such routes are created as part of the config for the interface and relate to the specific tunnel. |
special targets | e.g. the FB9000 itself, or to a black hole (causes all traffic to be dropped) |
These are covered in more detail in the following sections.
Whenever you define a subnet or one is created dynamically (e.g. by DHCP), an associated route is automatically created for the associated prefix.
Packets being routed to a subnet are sent to the Ethernet interface
that the subnet is associated with. Traffic routed to the subnet
will use ARP or ND to find the final MAC address to send the packet to.
In addition, a subnet definition creates a very specific single IP (a "/32" for IPv4, or a "/128" for IPv6) route for the IP address of the FB9000 itself on that subnet. This is a separate loop-back route which effectively internally routes traffic back into the FB9000 itself - i.e. it never appears externally.
A subnet can also have a gateway specified, either in the config or by DHCP or RA. This gateway is just like creating a route to 0.0.0.0/0 or ::/0 as a specific route configuration. It is mainly associated with the subnet for convenience. If defined by DHCP or RA then, like the rest of the routes created by DHCP or RA, it is removed when the DHCP or RA times out.
Example: <subnet ip="192.168.0.1/24"/>
creates a route for destination 192.168.0.0/24
to the interface
associated with that subnet. A loop-back route to 192.168.0.1
(the FB9000's own IP address on that subnet) is also created.
Routes can be defined to forward traffic to another IP address, which will typically be another router (often also called a gateway)
For such a routing target, the gateway's IP address is then used to determine how to route the traffic, and another routing decision is made.
This subsequent routing decision usually identifies an interface
or other data link to send the packet via - in more unusual cases, the subsequent routing decision
identifies another gateway, so it is possible for the process to be 'recursive' until a 'real' destination is found.
Example: <route ip="0.0.0.0/0" gateway="192.168.0.100"/>
creates a default IPv4 route that forwards traffic to 192.168.0.100
.
The routing for 192.168.0.100
then has to be looked up to find the final target, e.g. it may be to an Ethernet interface, in which case an ARP is done for 192.168.0.100
to find the MAC to send the traffic.
There is logic to ensure that the next-hop is valid - the gateway specified must be routable somewhere and if that is via an Ethernet interface then the endpoint must be answering ARP or ND packets. If not, then the route using the gateway is suppressed and other less specific routes may apply.
It is possible to define two special targets :-
The blackhole
and nowhere
top-level objects are used to specify prefixes which are routed to these special targets.
In the User Interface, these objects can be found under the Routes category icon.