Interfaces Statement

Interface Syntax

interfaces { options [ strictinterfaces ] [ scaninterval time ] ; interface interface_list [ preference preference ] [ down preference preference ] [ passive ] [ simplex ] [ reject ] [ blackhole ] ; define address [ broadcast address ] | [ pointtopoint address ] [ netmask mask ] [ multicast ] ; } ;

An interface is the connection between a router and one of its attached networks. A physical interface may be specified by interface name, by IP address, or by domain name, (unless the network is an unnumbered point-to-point network.) Multiple levels of reference in the configuration language allow identification of interfaces using wildcard, interface type name, or delete word address. Be careful with the use of interface names as some Unix operating systems may allow more than one address per interface. The interface_list is a list of one or more interface names including wildcard names (names without a number) and names which may specify more than one interface or address, or the token all for all interfaces.

options
Allows configuration of some global options related to interfaces. These are:

strictinterfaces

  Indicates that it is a fatal error to reference an interface in the configuration file that is not present when GateD is started and not listed in a define statement. Without this option a warning message will be issued but GateD will continue.

scaninterval time

  Specifies how often GateD scans the kernel interface list for changes. The default is every 15 seconds on most systems, and 60 seconds on systems that pass interface status changes through the routing socket (e.g. BSD 4.4). Note that GateD will also scan the interface list on receipt of a SIGUSR2.

interface interface list
Sets interface options on the specified interfaces. An interface list is all or a list of interface names (see warning about interface names), domain names, or numeric addresses. Options available on this statement are:

preference preference

Sets the preference for routes to this interface when it is up and appears to be functioning properly. The default preference is 0.

down preference preference

Sets the preference for routes to this interface when GateD does not believe it to be functioning properly, but the kernel does not indicate it is down. The default value is 120.

passive

Prevents GateD from changing the preference of the route to this interface if it is not believed to be functioning properly due to lack of received routing information. GateD will only perform this check if the interface is actively participating in a routing protocol.

simplex

Defines an interface as unable to hear its own broadcast packets. Some systems define an interface as simplex with the IFF_SIMPLEX flag, on others it needs to be specified in the configuration file. On simplex interfaces, packets from myself are assumed to have been looped back in software and are not used as an indication that the interface is functioning properly.

reject

Specifies that the address of the interface which matches these criteria will be used as the local address when installing reject routes in the kernel. Should only be used with systems based on BSD 4.3 Tahoe or earlier which have installed a reject/blackhole pseudo interface.

blackhole

Specifies that the address of the interface which matches these criteria will be used as the local address when installing reject routes in the kernel. Should only be used with systems based on BSD 4.3 Tahoe or earlier which have installed a reject/blackhole pseudo interface.

define address
Defines interfaces that might not be present when GateD is started so they may be referenced in the configuration file when strictinterfaces is defined. Possible define keywords are:

broadcast address

Defines the interface as broadcast capable (e.g. Ethernet or Token Ring) and specifies the broadcast address.

pointopoint address

Defines the interface as a pointopoint interface (e.g. SLIP or PPP) and specifies the address on the local side. The first address on the define statement references the address of the host on the remote end of the interface, the address specified after this pointopoint keyword defines the address on the local side of the interface.

An interface not defined as broadcast or pointopoint is assumed to be non-broadcast multiaccess (NBMA), such as an X.25 network.

netmask mask

Specifies the subnet mask to be used on this interface. This is ignored on pointtopoint interfaces.

multicast

Specifies that the interface is multicast capable.

Interface lists

An interface list is a list of references to interfaces or groups of interfaces. There are four methods available for referring to interfaces. They are listed here from most general to most specific.

all
This refers to all available interfaces.

Interface name wildcard
This refers to all the interfaces of the same type. Unix interfaces consist of the name of the device driver, like ie, and a unit number, like 0, 5 or 22. Reference to the name contain only alphabetic characters and match any interfaces that have the same alphabetic part.

For example, ie on a Sun would refer to all Interlan Ethernet interfaces, le would refer to all Lance Ethernet interfaces. But ie would not match iel0.

Interface name
This refers to a specific interface, usually one physical interface. These are specified as an alphabetic part followed by a numeric part. This will match one specific interface. But be aware that on many systems, there can be more than one protocol (i.e. IP) address on a given physical interface.

For example, ef1 will match an interface named ef1, but not an interface named ef10.

Interface address
This matches one specific interface. The reference can be by protocol address (i.e. 10.0.0.51), or by symbolic host name (i.e. nic.ddn.mil). Note that a symbolic host name reference is only valid when it resolves to only one address. Use of symbolic host names is not recommended.

If many interface lists are present in the config file with more than one parameter, these parameters are collected at run-time to create the specific parameter list for a given interface. If the same parameter is specified on more than one list, the parameters with the most specific interface is used.

For example, consider a system with three interfaces, le0, le1 and du0.

rip yes { interface all noripin noripout ; interface le ripin ; interface le1 ripout ; } ;

RIP packets would only be accepted from interfaces le0 and le1, but not from du0. RIP packets would only be sent on interface le1.

IP Interface addresses and routes

The BSD 4.3 and later networking implementations allow four types of interfaces. Some implementations allow multiple protocol addresses per physical interface, these are mostly based on BSD 4.3 Reno or later.

loopback

   This interface must have the address of 127.0.0.1. Packets sent to this interface are sent back to the originator. This interface is also used as a catch all interface for implementing other features, such as reject and blackhole routes. Although a netmask is reported on this interface, it is ignored. It is useful to assign an additional address to this interface that is the same as the OSPF or BGP router id; this allows routing to a system based on the router id which will work if some interfaces are down.

broadcast

   This is a multi-access interface capable of a physical level broadcast, such as Ethernet, Token Ring and FDDI. This interface has an associated subnet mask and broadcast address. The interface route to an broadcast network will be a route to the complete subnet.

point-to-point

   This is a tunnel to another host, usually on some sort of serial link. This interface has a local address, and a remote address. Although it may be possible to specify multiple addresses for a point-to-point interface, there does not seem to be a useful reason for doing so.

The remote address must be unique among all the interface addresses on a given router. The local address may be shared among many point-to-point and up to one non- point-to-point interface. This is technically a form of the router id method for address-less links. This technique conserves subnets as none are required when using this technique.

If a subnet mask is specified on a point-to-point interface, it is only used by RIP version 1 and HELLO to determine which subnets may be propagated to the router on the other side of this interface.

non-broadcast multi-access or nbma

  This type of interface is multi-access, but not capable of broadcast. And example would be frame relay and X.25. This type of interface has a local address and a subnet mask.

GateD insures that there is a route available to each IP interface that is configured and up. Normally this this done by the ifconfig command that configures the interface; GateD does it to insure consistency.

For point-to-point interfaces, gated installs some special routes. If the local address on one or more point-to-point interfaces is not shared with a non- point-to-point interface, gated installs a route to the local address pointing at the loopback interface with a preference of 110. This insures that packets originating on this host destined for this local address are handled locally. OSPF prefers to route packets for the local interface across the point-to-point link where they will be returned by the router on the remote end. This is used to verify operation of the link. Since OSPF installs routes with a preference of 10, these routes will override the route installed with a preference of 110.

If the local address of one or more point-to-point interfaces is shared with a non- point-to-point interface, gated installs a route to the local with a preference of 0 that will not be installed in the forwarding table. This is to prevent protocols like OSPF from routing packets to this address across a serial interface when this system could be functioning as a host.

When the status of an interface changes, GateD notifies all the protocols, which take the appropriate action. GateD assumes that interfaces which are not marked UP do not exist. While this might not be the most correct action, it is the way things currently work.

GateD ignores any interfaces that have invalid data for the local, remote or broadcast addresses or the subnet mask. Invalid data includes zeros in any field. GateD will also ignore any point-to-point interface that has the same local and remote addresses, it assumes it is in some sort of loopback test mode.