About Dynamic Routing
With static routing, routing tables are set and do not change. Dynamic routing makes automatic updates to routing tables as the configuration of a network changes. This makes sure that packets can still reach their intended destination even if a router on the remote path fails.
To use dynamic routing, the Firebox must be configured in mixed routing mode.
Dynamic Routing Protocols
Fireware supports the RIP v1, RIP v2, RIPng, OSPF, OSPFv3, and BGP v4 protocols.
- For IPv4 dynamic routing, you must use RIP, OSPF or BGP.
- For IPv6 dynamic routing, you must use RIPng, OSPFv3, or BGP.
For more information about each of the supported routing protocols, go to:
- About Routing Information Protocol (RIP and RIPng)
- About Open Shortest Path First (OSPF and OSPFv3) Protocol
- About Border Gateway Protocol (BGP)
In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) routing engine, which replaces Quagga. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade. Some FRR commands appear in a different section than in Quagga.
In Fireware v12.8.x or lower, Fireware uses the Quagga routing software suite v1.2.4, which supports most routing commands available in more recent versions of Quagga.
Dynamic Routing Policies
When you enable a dynamic routing protocol, the required dynamic routing policy is automatically created. The automatically added policies are called:
- DR-RIP-Allow
- DR-RIPng-Allow
- DR-OSPF-Allow
- DR-OSPFv3-Allow
- DR-BGP-Allow
In Fireware v12.9 or higher, you can use a simplified implementation of bidirectional forwarding (BFD). You must configure a firewall policy for BFD traffic and enable BFD in the OSPF or BGP configuration on your Firebox. For information about how to implement BFD, go to Bidirectional Forwarding.
Monitor Dynamic Routing
When you enable dynamic routing, you can view the current dynamic routes from:
- Status Report tab in Firebox System Manager
- System Status > Routes in Fireware Web UI
For FireCluster, the dynamic routes appear on the cluster master.
For more information about how to read the route tables in the Status Report, go to Read the Firebox Route Tables.
To troubleshoot dynamic routing, you can change the diagnostic log level setting for dynamic routing to generate more log messages about dynamic routing traffic. You do this in the diagnostic log level settings for the Networking category. For more information about how to set the diagnostic log level, go to Set the Diagnostic Log Level.
Monitor Dynamic Routing with SNMP
In Fireware v12.10 and higher, you can use SNMP to query the dynamic routing process to obtain routing information for RIP, OSPF, and BGP.
To query dynamic routing with SNMP, you must add the command agentx to the end of your dynamic routing configuration file (FRR). This enables the routing engine to connect to an SNMP agent with the AgentX protocol.
SNMP queries can result in high CPU usage if there is a large number of routes.
For more information on how to configure dynamic routing and view the commands for your dynamic routing protocol, go to:
- BGP Commands (FRR)
- OSPF Commands (FRR)
- OSPFv3 Commands (FRR)
- RIP Commands (FRR)
- RIPng Commands (FRR)
The Firebox supports these standard MIB files for the dynamic routing protocols:
- BGP4-MIB
- OSPF-MIB
- OSPFV3-MIB
- RIPv2-MIB
You can query the Firebox from an SNMP monitoring application with these OIDs:
- IP routing table — .1.3.6.1.2.1.4.21
- RIP — .1.3.6.1.2.1.23
- OSPF — .1.3.6.1.2.1.14
- BGP — .1.3.6.1.2.1.15
Link Detection
By default, routes remain installed when the next hop interface is down. In Fireware v12.9 or higher, you can specify a CLI command to automatically uninstall routes when the next hop interface is down:
WG(config)#global-setting routing-link-detect enable
This setting is available only in the Fireware CLI and disabled by default. For more information, go to the Fireware CLI Reference.
Default Route Distance
If your Firebox has only one external interface (single WAN), the default route distance (metric) is 5. If your Firebox has more than one external interface (multi-WAN), the default route distance is 20 for an external interface that does not participate in multi-WAN.
For an external interface that participates in multi-WAN, the default route distance depends on the multi-WAN configuration:
Multi-WAN Method | Default Route Distance (Metric) |
---|---|
Routing Table | 5 |
Round Robin | 5 |
Interface Overflow | 5 |
Failover | 10 |
Failover (secondary external interface) | 11 |
For each additional secondary external interface, increase the distance value by 1. For example, if you have three secondary external interfaces, the distances are 11, 12, and 13.
For more information about the route table, go to Read the Firebox Route Tables.