Knowledge Center Search


 

[ScreenOS] How does route preference occur between the same routing protocol?

  [KB21013] Show KB Properties

  [KB21013] Hide KB Properties

Categories:
Knowledge Base ID: KB21013
Last Updated: 18 Feb 2013
Version: 2.0

Summary:
This article provides information on how route preference occurs between the same routing protocol.

Problem or Goal:
How does a Juniper firewall prefer a route, when there are two or more routes with the same preference and protocol for a single destination?

Cause:

Solution:

Network Diagram:

               eth0/1(2.2.2.1)-------g/w 2.2.2.2---------ISP1
PC A-----------Trust---Firewall
               eth0/2( 3.3.3.1)------g/w 3.3.3.3---------ISP2
  • The firewall has the eth0/1 IP address as 2.2.2.1, which has the default gateway as 2.2.2.2 and is provided by ISP 1.

  • The firewall has the eth0/2 IP address as 3.3.3.1, which has the default gateway as 3.3.3.3 and is provided by ISP 2.

  • For the 4.2.2.2 destination IP address, two routes have been provided over the internet; one is via ISP1 and the other is via ISP2.

  • Both the route are static routes

For the route preference values, refer to pages 30-31 of the Concepts & Examples ScreenOS Reference Guide Volume 7: Routing Release 6.2.0, Rev. 02.


How does the firewall prefer which route has to be taken:

  • Based on the active and inactive route:

    The active route takes preference over the inactive route:
    SSG520-> get route
    --------------------------------------------------------------------------------
                 ID   IP-Prefix      Interface   Gateway   P Pref      Mtr Vsys
    --------------------------------------------------------------------------------
    *           39    4.2.2.2/32     eth0/1    2.2.2.2 S      20       1   Root
                40    4.2.2.2/32     eth0/2    3.3.3.3 S      20       1   Root
    The asterisk (*) symbol is present for  route ID 39, which indicates that it is active. Whereas on route ID 40, no asterisk symbol is present, which indicates that route ID 40 is inactive. So, the traffic for 4.2.2.2 will take the route ID 39, as it is an active route.

  • Based on the subnet mask:

    The more specific route to the destination will take preference.
    SSG520-> get route
    --------------------------------------------------------------------------------
                ID IP-Prefix Interface Gateway P Pref Mtr  Vsys
    --------------------------------------------------------------------------------
    *          39 4.2.2.0/24 eth0/1    2.2.2.2 S 20 1      Root
    *          40 4.2.2.2/32 eth0/2    3.3.3.3 S 20 1      Root
    Both route ID 39 and 40 are active. The subnet mask is /32 for route ID 40, whereas for route ID 39, the subnet mask is /24. Route ID 40 is more specific to the 4.2.2.2 destination. So, the traffic for 4.2.2.2 will take route ID 40, as it is more specific to the destination.

  • Based on preference and metric:

    The lowest preference or lowest metric route will be preferred over higher preference or higher metric route:
    SSG520-> get route
    ---------------------------------------------------------------------------------
                  ID IP-Prefix Interface Gateway P Pref Mtr   Vsys
    --------------------------------------------------------------------------------
               * 39 4.2.2.2/32 eth0/1    2.2.2.2 S  20 1       Root
                 40 4.2.2.2/32 eth0/2    3.3.3.3 S  30 10      Root
    The route with the high preference or the high metric will become inactive. As shown above, route ID 40 has the preference as 30 and the metric as 10, due to which it became inactive. Route ID 39 is active with a lower preference and the metric as 1. So, traffic for the 4.2.2.2 destination will take route ID 39.

  • Based on the active time:

    The route that is active for the longest period of time will take preference:
    SSG520-> get route
    ---------------------------------------------------------------------------------
                       ID   IP-Prefix    Interface Gateway P Pref Mtr  Vsys
    --------------------------------------------------------------------------------
    *                 39    4.2.2.2/32 eth0/1     2.2.2.2 S 20 1       Root
    *                 40    4.2.2.2/32 eth0/2     3.3.3.3 S 20 1       Root
    Both the routes are active and have the same preference and metric. In this scenario, the route that was active for the longest period will take preference over the other. This can be checked by using the following command:
    SSG520-> get route id 39
    route in trust-vr:
    ------------------------------------------------
    id: 39
    IP address/mask: 4.2.2.2/32
    next hop (gateway): 2.2.2.2
    preference: 20
    metric: 1
    description: ISP 1
    outgoing interface: ethernet0/1
    vsys name/id: Root/0
    tag: 0
    flag: 24000040/00100001
    type: static
    Redistributed to:
    status: active (for 49 minutes 14 seconds)

    SSG520-> get route id 40
    route in trust-vr:
    ------------------------------------------------
    id: 40
    IP address/mask: 4.2.2.2/32
    next hop (gateway): 3.3.3.3
    preference: 20
    metric: 1
    description: ISP 2
    outgoing interface: ethernet0/2
    vsys name/id: Root/0
    tag: 0
    flag: 24000040/00100001
    type: static
    Redistributed to:
    status: active (for 48 minutes 35 seconds)
    Route ID 39 is active for the longer period of 49 minutes and 14 seconds, whereas route ID 40 is active for 48 minutes and 35 seconds. Route ID 39 will take preference over route ID 40. So, traffic for 4.2.2.2 will take route ID 39.

Purpose:
Implementation
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.