Westermo RedFox Series User Manual
Page 594
Westermo OS Management Guide
Version 4.17.0-0
R1
Static routes at R2:
"192.168.0.0/22 via null0"
"0.0.0.0/0 via 172.16.0.1"
"192.168.0.0/22 via 172.16.0.2"
"0.0.0.0/0 via 1.2.3.4"
Static routes at R1:
.1
.2
172.16.0.0/30
R2
(Next Hop
Internet
1.2.3.4)
Other parts of 192.168.0.0/22
are sent to "null0"
.1
.1
.1
192.168.2.0/24
192.168.1.0/24
192.168.0.0/24
Figure 26.2: Use of blackhole route at router R2 to avoid a routing loop for ad-
dresses within range 192.168.2.0-192.168.255.255.
Use of blackhole routes is also useful when setting up SSL VPNs or IPsec VPNs.
By use of blackhole routes, you can avoid that private traffic to the peer side is
routed (unencrypted) towards the Internet when the VPN tunnel is down. See
for an example of using blackhole routes with SSL VPNs.
26.1.5
Limitations When Using RSTP and Routing
As of WeOS v4.17.0 a single RSTP instance per WeOS unit is supported. This
works fine in a switched environment where all VLANs on a switch can be added
to inter-switch ports, see also
(VLAN) and
(RSTP/STP).
However, when using RSTP in a routed environment it is often needed to run a
separate instance of RSTP per VLAN. Otherwise there is a risk that RSTP incor-
rectly detects a loop (at layer-2) and blocks some port, even though there is a
”routing barrier”, which already handles the loop. The result of RSTP blocking
ports may be loss of connectivity at layer-3.
RSTP is typically enabled on all ports by default. When using the WeOS device as
a router, it is therefore recommended either to
❼ disable RSTP as a whole, or
❼ disable RSTP on all ports but one VLAN, or a group of VLANs with a shared
layer-2 backbone (such as a ring).
Support for multiple RSTP/STP instances is planned but not yet implemented.
594
➞ 2015 Westermo Teleindustri AB