About Dynamic Routing

A routing protocol is the language a router speaks with other routers to share information about the status of network routing tables. With static routing, routing tables are set and do not change. If a router on the remote path fails, a packet cannot get to its destination. Dynamic routing makes automatic updates to route tables as the configuration of a network changes.

To use dynamic routing, the Firebox must be configured in mixed routing mode.

Dynamic Routing Protocols

Fireware supports the RIP v1, RIP v2, and RIPng protocols. Fireware with a Pro upgrade supports the RIP v1, RIP v2, RIPng, OSPF, OSPFv3, and BGP v4 protocols.

  • For IPv4 dynamic routing, you must use RIP, OSPF or BGP.
  • For IPv6 dynamic routing, you must use RIPng, OSPFv3, or BGP.

For more information about each of the supported routing protocols, see:

In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) routing engine, which replaces Quagga. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade. Some FRR commands appear in a different section than in Quagga.

In Fireware v12.8.x or lower, Fireware uses the Quagga routing software suite v1.2.4, which supports most routing commands available in more recent versions of Quagga.

Dynamic Routing Policies

When you enable a dynamic routing protocol, the required dynamic routing policy is automatically created. The automatically added policies are called:

  • DR-RIP-Allow
  • DR-RIPng-Allow
  • DR-OSPF-Allow
  • DR-OSPFv3-Allow
  • DR-BGP-Allow

In Fireware v12.9 or higher, you can use a simplified implementation of bidirectional forwarding (BFD). You must configure a firewall policy for BFD traffic and enable BFD in the OSPF or BGP configuration on your Firebox. For information about how to implement BFD, see Bidirectional Forwarding.

Monitor Dynamic Routing

When you enable dynamic routing, you can see the current dynamic routes on the Status Report tab in Firebox System Manager.

In Fireware Web UI, select System Status > Routes to see the current static and dynamic routes.

For a FireCluster, the dynamic routes appear on the cluster master.

For more information about how to read the route tables in the Status Report, see Read the Firebox Route Tables.

To troubleshoot dynamic routing, you can change the diagnostic log level setting for dynamic routing to generate more log messages about dynamic routing traffic. You do this in the diagnostic log level settings for the Networking category. For more information about how to set the diagnostic log level, see Set the Diagnostic Log Level.

Link Detection

By default, routes remain installed when the next hop interface is down. In Fireware v12.9 or higher, you can specify a CLI command to automatically uninstall routes when the next hop interface is down:

WG(config)#global-setting routing-link-detect enable

This setting is available only in the Fireware CLI and is disabled by default.

Default Route Distance

If your Firebox has only one external interface (single WAN), the default route distance (metric) is 5. If your Firebox has more than one external interface (multi-WAN), the default route distance is 20 for an external interface that does not participate in multi-WAN.

For an external interface that participates in multi-WAN, the default route distance depends on the multi-WAN configuration:

Multi-WAN Method Default Route Distance (Metric)
Routing Table 5
Round Robin 5
Interface Overflow 5
Failover 10
Failover (secondary external interface) 11

For each additional secondary external interface, increase the distance value by 1. For example, if you have three secondary external interfaces, the distances are 11, 12, and 13.

For more information about the route table, see Read the Firebox Route Tables.

See Also

About Sample Routing Configuration Files