Recognize Martian Addresses for Routing
Understanding Martian Addresses
Martian addresses are host or network addresses about which all routing information is ignored. When received by the routing device, these routes are ignored. They commonly are sent by improperly configured systems on the network and have destination addresses that are obviously invalid.
In IPv6, the loopback address and the multicast resolve and discard routes are the default martian addresses.
In Junos OS Release 10.4R5 and later, the reserved IPv6 multicast address space (ff00::/8 and ff02::/16) is added to the list of martian addresses.
In Junos OS Release 9.6 and later, you can configure Class E
addresses on interfaces. Class E addresses are treated like any other
unicast address for the purpose of forwarding. To allow Class E addresses
to be configured on interfaces, you must remove the Class E prefix
from the list of martian addresses. To remove the Class E prefix from
the list of martian addresses include the martians 240/4 orlonger
allow statement at the [edit routing-options] hierarchy
level.
To view the default and configured martian routes, run the show route martians command.
IPv4 Martian Addresses
user@host> show route martians table inet.
inet.0:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowed
inet.1:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed
inet.2:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowed
inet.3:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- disallowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowed
IPv6 Martian Addresses
user@host> show route martians table inet6
inet6.0:
::1/128 exact -- disallowed
ff00::/8 exact -- disallowed
ff02::/16 exact -- disallowed
inet6.1:
::1/128 exact -- disallowed
inet6.2:
::1/128 exact -- disallowed
ff00::/8 exact -- disallowed
ff02::/16 exact -- disallowed
inet6.3:
::1/128 exact -- disallowed
ff00::/8 exact -- disallowed
ff02::/16 exact -- disallowedExample: Removing the Class E Prefix on Martian Addresses
This example shows how to remove the Class E prefix from the list of martian addresses.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
In this example, Junos OS defaults are modified to allow the 240.0.0.0/4 address block. This block of addresses is known as the experimental Class E addresses. In Junos OS Release 9.6 and later, you can configure Class E addresses on interfaces and use them for forwarding traffic. However, to do this, you must first allow routing on this address block.
This example also shows how to modify the martian addresses in the IPv6 routing table, inet6.0.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set routing-options rib inet.1 martians 240.0.0.0/4 orlonger allow set routing-options rib inet6.0 martians fd00::/8 orlonger set routing-options rib inet.3 martians 240.0.0.0/4 orlonger allow set routing-options rib inet.2 martians 240.0.0.0/4 orlonger allow set routing-options martians 240.0.0.0/4 orlonger allow
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure martian routes:
Allow Class E addresses in the default unicast routing table.
[edit routing-options] user@host# set martians 240.0.0.0/4 orlonger allow
Allow Class E addresses in the routing table that is used for the IPv4 multicast forwarding cache.
[edit routing-options] user@host# set rib inet.1 martians 240.0.0.0/4 orlonger allow
Allow Class E addresses in the routing table that is used for multicast reverse path forwarding (RPF) lookup.
[edit routing-options] user@host# set rib inet.2 martians 240.0.0.0/4 orlonger allow
Allow Class E addresses in the routing table that stores MPLS LSP information.
[edit routing-options] user@host# set rib inet.3 martians 240.0.0.0/4 orlonger allow
Add a disallowed martian route to the IPv6 unicast routing table.
[edit routing-options] user@host# set rib inet6.0 martians fd00::/8 orlonger
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Results
Confirm your configuration by issuing the show
routing-options command. If the output does not display the
intended configuration, repeat the instructions in this example to
correct the configuration.
user@host# show routing-options
rib inet.1 {
martians {
240.0.0.0/4 orlonger allow;
}
}
rib inet6.0 {
martians {
fd00::/8 orlonger;
}
}
rib inet.3 {
martians {
240.0.0.0/4 orlonger allow;
}
}
rib inet.2 {
martians {
240.0.0.0/4 orlonger allow;
}
}
martians {
240.0.0.0/4 orlonger allow;
}
Verification
Confirm that the configuration is working properly.
- Verifying That the 240.0.0.0/4 Routes Are Now Accepted
- Verifying That the fd00::/8 Routes Are Now Rejected
Verifying That the 240.0.0.0/4 Routes Are Now Accepted
Purpose
Make sure that the 240.0.0.0/4 route appears in the routing tables as allowed.
Action
user@host> show route martians table inet.
inet.0:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- allowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowed
inet.1:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- allowed
inet.2:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- allowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowed
inet.3:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger -- disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger -- disallowed
240.0.0.0/4 orlonger -- allowed
224.0.0.0/4 exact -- disallowed
224.0.0.0/24 exact -- disallowedMeaning
The output shows that the 240.0.0.0/4 route is allowed.
Verifying That the fd00::/8 Routes Are Now Rejected
Purpose
Make sure that the fd00::/8 route appears in the IPv6 unicast routing table as disallowed.
Action
user@host> show route martians table inet6.0
inet6.0:
::1/128 exact -- disallowed
ff00::/8 exact -- disallowed
ff02::/16 exact -- disallowed
fd00::/8 orlonger -- disallowedMeaning
The output shows that the fd00::/8 route is disallowed.