Forc­ing a route in Solaris?

I have a lit­tle prob­lem find­ing a clean solu­tion to the fol­low­ing prob­lem.

A machine with two net­work inter­faces and no default route. The first inter­face gets an IP at boot time and the cor­re­spond­ing sta­t­ic route is insert­ed dur­ing boot into the rout­ing table with­out prob­lems. The sec­ond inter­face only gets an IP address when the shared-IP zones on the machine are start­ed, dur­ing boot the inter­face is plumbed but with­out any address. The net­works on those inter­faces are not con­nect­ed and the machine is not a gate­way (this means we have a machine-administration net­work and a production-network). The sta­t­ic routes we want to have for the address­es of the zones are not added to the rout­ing table, because the next hop is not reach­able at the time the routing-setup is done. As soon as the zones are up (and the inter­face gets an IP), a re-run of the routing-setup adds the miss­ing sta­t­ic routes.

Unfor­tu­nate­ly I can not tell Solaris to keep the sta­t­ic route even if the next hop is not reach­able ATM (at least I have not found an option to the route com­mand which does this).

One solu­tion to this prob­lem would be to add an address at boot to the inter­face which does not have an address at boot-time ATM (prob­a­bly with the dep­re­cat­ed flag set). The prob­lem is, that this sub­net (/28) has not enough free address­es any­more, so this is not an option.

Anoth­er solu­tion is to use a script which re-runs the routing-setup after the zones are start­ed. This is a prag­mat­ic solu­tion, but not a clean solu­tion.

As I under­stand the in.routed man-page in.routed is not an option with the default con­fig, because the machine shall not route between the net­works, and shall not change the rout­ing based upon RIP mes­sages from oth­er machines. Unfor­tu­nate­ly I do not know enough about it to be sure, and I do not get the time to play around with this. I have seen some inter­st­ing options regard­ing this in the man-page, but play­ing around with this and sniff­ing the net­work to see what hap­pens, is not an option ATM. Any­one with a config/tutorial for this “do not broad­cast any­thing, do not accept any­thing from outside”-case (if pos­si­ble)?

Send to Kin­dle

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.