TNSR fails to create a default route on the underlying host
TNSR does not create an underlying default route on the CentOS 7 host, and thereby fails to ping, even using the Clixon command.
How to reproduce:
- Follow https://docs.netgate.com/tnsr/en/latest/setup/setup-interfaces.html
- Follow https://docs.netgate.com/tnsr/en/latest/interfaces/configure.html
- Follow https://docs.netgate.com/tnsr/en/latest/routing/default.html
After following those guides, if you run 'show ro' on TNSR, you see:
tnsr.demo tnsr# show ro Route table ipv4-VRF:0 AF:ipv4 ---------------------------------------- Prefix: 0.0.0.0/0 IF name: GigabitEthernet1/0/0 weight: 0 flags: next-hop: X.X.X.1 <...>
But if you drop to a CentOS shell, you see:
bash-4.2$ ip ro X.X.X.0/24 dev vpp1 proto kernel scope link src X.X.X.Y Z.Z.Z.0/24 dev vpp2 proto kernel scope link src Z.Z.Z.W 169.254.0.12/30 dev vpp3 proto kernel scope link src 169.254.0.13 169.254.0.16/30 dev vpp4 proto kernel scope link src 169.254.0.17
Pinging anywhere gets
tnsr.demo tnsr# ping 22.214.171.124 Mar 10 11:00:19: clixon_xml_parseerror: 198: XML error: xml_parse: line 10: syntax error: at or before: Mar 10 11:00:19: be_downcall: 594: Protocol error: failed BE RPC system-ping Protocol error: failed BE RPC system-ping tnsr.demo tnsr# shell bash-4.2$ ping 126.96.36.199 connect: Network is unreachable
Adding the proper route gets ping working.
bash-4.2$ sudo ip ro add default via X.X.X.1 dev vpp1 bash-4.2$ ip ro default via X.X.X.1 dev vpp1 X.X.X.0/24 dev vpp1 proto kernel scope link src X.X.X.Y Z.Z.Z.0/24 dev vpp2 proto kernel scope link src Z.Z.Z.W 169.254.0.12/30 dev vpp3 proto kernel scope link src 169.254.0.13 169.254.0.16/30 dev vpp4 proto kernel scope link src 169.254.0.17 bash-4.2$ ping -c1 188.8.131.52 PING 184.108.40.206 (220.127.116.11) 56(84) bytes of data. 64 bytes from 18.104.22.168: icmp_seq=1 ttl=58 time=5.42ms --- 22.214.171.124 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev: 5.421/5.421/5.421/0.000 ms
In my testing I have found that TNSR requires a valid default route 0.0.0.0/0 to be able to ping and route outbound traffic. A default route it not required to set at the host level.
Once the route is setup correctly, pinging from the VPP CLI will work properly. Another item of note that I discovered, if you are using a DHCP client on your WAN port it is not necessary to create the default route and it is done automatically. This route can be seen after you WAN NIC receives the DHCP assignment and by using the "route" command at VPP CLI.
@talwell Any router requires a default route pointing to a gateway that connects to the wider Internet.
And DHCP address assignement also typically assigns a default route too.
So, what we are talking here is basics of networking, nothing to write home about.
I think maybe talwell is after the capt obvious award? ;)
@netblues - yes of course all routers need a default route. What I am saying is that a default route does not need to be created at the host as the OP stated.
@talwell Any host needs a default route if it is to reach anything not localy resolvable by arp. It is also called the default gateway.
In many linux systems the default gateway is defined as a default (static) route and it IS required in most situations.
The discussion here is about tensor (tnsr). Even though my knowledge on tensor is close to none, it seems that it has its own routing table and is not using the routing table of its centos7 host os. So it is like having two machines in one, and obviously static routing is required for the two systems to route traffic.
I believe this is by design.