IPv4 unicast routing configuration

This chapter describes how to configure routing functions for IPv4. It requires only some knowledge of the basic principles of IPv4 features.

Routing is more the art to advertise how to be reachedrather than the art to learn how to reach.

Routing configuration overview

You can configure routing functions via static routes or any dynamic routing protocol. The IPv4 routing protocols that are provided within the Turbo IPsec software are:

  • BGP 4
  • OSPF v2
  • RIP v1 and RIP v2

Displaying routing configuration

Routing configuration such as IPv4 or IPv6 static routes are stored into the rtg context.

  • Display routing configuration:

    router{}edit conf myconfig


    router{conf:myconfig}display rtg


         router rip
           default-information originate
       router ripng
       network 3ffe:1000::/64
       network eth1_0
      route default-ipv4
      route default-ipv6 3ffe:0:0:1808::19
    # IPV4 ROUTE
    # IPV6 ROUTE
      route 3ffe:304:107:1800::/64 1111::2

Showing the unicast routing tables (RIBs and router’s FIB)

The FIB contains the aggregated information from all the RIBs that have been discovered by the dynamic routing protocols or that have been set statically. There is one RIB for each routing protocol: a RIP RIB, an OSPF v2 RIB, and an IPv4 BGP 4 RIB.

You can monitor IPv4 unicast FIBs via the show routing ip route command.

Displaying the IPv4 unicast routes

The show routing ip route command displays the IPv4 unicast routes (the IPv4 FIB) currently used by the routers. Routes can be statically configured or automatically learnt by a routing protocol.

router{}show routing ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       B - BGP, D - DEP, > - selected route, * - FIB route

C>* is directly connected, eth0_0
C>* is directly connected, eth1_0
C>* is directly connected, lo0
C>* is directly connected, eth1_0
R>* [120/2] via, eth0_0, 17:21:48
R>* [120/2] via, eth0_0, 1d00h47m

Displaying the dynamic routing protocols’s RIBs

  1. Display the RIBs of the dynamic routing protocols:

    router{}show routing ip {rip|bgp|ospf}

    Displays the RIP RIB


    Displays the BGP 4 RIB


    Displays the OSPF v2 RIB

IPv4 static routes


Once the IPv4 addresses have been configured, communication is possible between the nodes (hosts or routers) directly connected to the same IPv4 sub-network. It is a one hop communication. To communicate with other nodes that are connected to a different sub-network, a dedicated node, the router, requires routes. For example, you can define static IPv4 routes to link sub-networks.

Static routes do not scale and are not error-free. They should be used only when dynamic routing protocols cannot be deployed, or in case of very simple topologies.

You can implement static routing by directly manipulating the equipment routing table. It may be used with any dynamic routing protocol. When both static and dynamic routes are set, the FIB prefers the static ones because their administrative distance is 1.

Configuring static routes

IPv4 static default route

Configuring the static default-route [1] provides output information to Turbo IPsec to forward a packet that cannot be processed locally.

For example, the default route of a CPE is usually the way through the public interface.

router{conf:myconfig-rtg}route default-ipv4 {gwaddress|iface} [distance]
Directly connected address. It means that it can be joined without any recursive routing lookup. If the gateway address is not directly connected, this route is down.
An interface. This route is up when the interface is up. It will be redistributed into the routing protocols only when this point-to-point interface is up.
[1]An IPv4 default route is noted An IPv6 default route is noted 0::0/0, or ::0/0.

Regular static routes

  • Add a static IPv4 route:

    router{}edit conf myconfig
    router{conf:myconfig-rtg}route network/M gwaddress [blackhole|reject] [distance] [mark <value>/<mask>]


    router{conf:myconfig-rtg}route network/M IFACE-PtP [distance] [mark <value>/<mask>]


    router{conf:myconfig-rtg}route network/M IFACE-BROADCAST [distance] [mark <value>/<mask>]

    The IPv4 prefix and prefix length.


    Next-hop address to which packets should be forwarded. This next-hop MUST be directly connected. If the gwaddress is down, the route is down.


    A logical or physical point-to-point interface. The packet will be routed into the interface and naturally be sent to the remote endpoint.

    IFACE-BROADCAST A broadcast interface. This will result in a connected route,

    which means that packet that need to be routed through this interface will be subject to ARP.


    The packet sent through that route will be silently dropped.


    An ICMP unreachable is emitted when a packet is sent through that route.


    Optional. Specifies the administrative distance (1-255). If unspecified, it is set to 1.

    mark optional 6WIND next hop marking instead of Netfilter marking. Value can be between 1 and (2 32 -1). If nexthop mark field is 0, it means that we do not add a mark. The mark and mask are unsigned 32-bit integers.


    The gateway address is the next-hop address of a remote router. This router must be directly connected to one of the router’s interfaces, otherwise the route remains inactive.

  • Delete a static route:

    router{conf:myconfig-rtg}delete route network/M gwaddress


    router{conf:myconfig-rtg}delete route network/M IFACE-PtP


    router{conf:myconfig-rtg}delete route network/M IFACE-BROADCAST


ECMP is supported. This feature allows defining several paths which have the same cost. It is mainly used for load balancing.

It is assumed the Operating System has been compiled with the appropriate enable-multipath option.

Virtual routers

By default, static routes are configured in VRF 0. To handle virtual routers, you can specify another VRF. The route will be stored in the corresponding forwarding table.

router{conf:myconfig-rtg}route network/M gwaddress [blackhole|reject] [mark <value>/<mask>] vrf-id VR
router{conf:myconfig-rtg}route network/M IFACE-PtP [mark <value>/<mask>] vrf-id VR
router{conf:myconfig-rtg}route network/M IFACE-BROADCAST [mark <value>/<mask>] vrf-id VR
VR identifier.