Route priority

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Normally, the most specific route is used. If two routes have the same destination, equal-cost multi-path routing is employed. If two interfaces share the same address, the implicit subnet route (which clones into L2 address resolution entires) will clash, resulting in random, undefined behaviour.

There are however instances when route priorities are needed; such as dynamic routing configurations with BGP and OSPF. It's also possible to control static and implicit (interface) routes' priorities manually, using the interface and route priority keyword.

In the example below, two interfaces share the same subnet and default route. Static and implicit routes automatically receive the interface priority plus 8 (the default for static routes). The system will "use" vic0 (its routes, and learn ARP), since it has higher priority (a lower number). If vic0 is disconnected, all ARP entires on that interface are discarded, and its routes are marked as down. Consequently, vic1 will be used instead.

interface vic0 {
	address 10.2.0.2/16
	route default 10.2.0.1
}
interface vic1 {
	address 10.2.0.3/16
	priority 4
	route default 10.2.0.1
}