Gated – Gateway Routing Daemon: A Comprehensive Technical Guide

Table of Contents#

Overview of Gated
Core Features
Architecture
Configuration Fundamentals
Common Use Cases
Best Practices
Example Usage
Troubleshooting
References

Overview of Gated#

Gated is a unified routing daemon that dynamically manages routing tables by integrating information from multiple routing protocols. Unlike running separate daemons for each protocol (e.g., ripd for RIP, ospfd for OSPF), gated consolidates protocol handling, route selection, and kernel routing table updates into a single process. This simplifies management and ensures consistent policy enforcement across protocols.

Key Historical Context#

Developed in the 1980s by the Computer Science Department at Cornell University.
Standardized in RFC 1267 (Gated V2) and RFC 1364 (Gated V3), though later versions (e.g., Gated 3.6) expanded protocol support.
Widely used in BSD, Linux, and Unix systems before the rise of modular daemons like FRR.

Core Features#

Gated’s power lies in its ability to harmonize multiple routing protocols and enforce routing policies. Key features include:

1. Multiprotocol Support#

Gated supports major interior and exterior routing protocols:

Interior Gateway Protocols (IGPs): RIP (v1/v2), OSPF (v2), HELLO (an early IGP).
Exterior Gateway Protocols (EGPs): BGP (v4), EGP (obsolete, replaced by BGP).
Static Routes: Manually defined routes for fallback or specific paths.

2. Route Selection and Policy Enforcement#

Gated uses a route selection engine to evaluate routes from all protocols and select the "best" path based on:

Protocol-specific metrics (e.g., RIP hop count, OSPF cost).
Administrative distance (a priority value assigned to protocols; lower = more preferred).
User-defined policies (e.g., route filters, redistribution rules).

3. Route Redistribution#

Gated enables sharing routes between protocols (e.g., redistributing OSPF routes into BGP for external advertisement). This is critical for hybrid networks (e.g., an OSPF-based internal network connected to the internet via BGP).

4. Kernel Integration#

Gated directly updates the host’s kernel routing table, ensuring that selected routes are used by the operating system for packet forwarding.

Architecture#

Gated’s architecture is modular, with components that work together to process routing information and update the kernel. Key components include:

Note: Diagram placeholder; in practice, visualize components below.

1. Configuration Parser#

Reads and validates the gated.conf configuration file, ensuring syntax correctness and policy consistency.

2. Protocol Modules#

Independent modules for each supported protocol (e.g., ripd, ospfd, bgpd). These modules:

Exchange routing updates with neighboring routers.
Validate incoming routes (e.g., RIP hop count checks).
Pass candidate routes to the route selection engine.

3. Route Selection Engine#

The "brain" of gated. It:

Collects routes from all protocol modules.
Applies user-defined policies (e.g., filters, metrics).
Selects the best route based on administrative distance and metrics.

4. Kernel Interface#

Communicates with the OS kernel to update the routing table with the selected best routes. Uses system calls like ioctl or netlink (on Linux) for kernel interactions.

5. Logging and Debugging#

Generates logs for troubleshooting (e.g., protocol adjacencies, route updates) and supports debug modes for in-depth analysis.

Configuration Fundamentals#

Gated is configured via a plain-text file (typically /etc/gated.conf). The syntax is declarative, with blocks for global settings, protocols, and policies. Below is a breakdown of key configuration elements:

Basic Structure#

# Global options (optional)
options {
  rib yes;  # Enable Routing Information Base (RIB)
  log file "/var/log/gated.log" size 10M versions 5;  # Logging settings
};
 
# Protocol configuration (e.g., RIP, OSPF, BGP)
protocol rip {
  interface eth0 {
    metricout 1;  # Metric for outgoing RIP updates
  };
  network 192.168.1.0/24;  # Network to advertise via RIP
};
 
# Route redistribution
redistribute rip into ospf {
  metric 10;  # OSPF metric for redistributed RIP routes
};

Key Configuration Elements#

Global Options: Set logging, debugging, and RIB (Routing Information Base) behavior.
Protocol Blocks: Define protocol-specific settings (e.g., interfaces, neighbors, metrics).
Redistribution Rules: Control how routes from one protocol are shared with others.
Filters: Restrict which routes are accepted, advertised, or redistributed (e.g., filter in { ... }).

Common Use Cases#

Gated excels in scenarios requiring multiprotocol routing. Common use cases include:

1. Enterprise Gateways#

A corporate network using OSPF for internal routing and BGP to connect to an ISP. Gated redistributes OSPF routes into BGP for internet access and vice versa for external routes.

2. Lab Environments#

Network engineers use gated to test protocol interactions (e.g., RIP-OSPF redistribution) without deploying multiple daemons.

3. Legacy ISP Edge Routers#

Older ISPs may still use gated to manage BGP for interdomain routing and RIP/OSPF for internal backbones.

Best Practices#

To ensure stable and secure operation, follow these best practices:

1. Validate Configurations#

Always test configurations with gated -C (check syntax) before deploying. Example:

gated -C /etc/gated.conf

2. Limit Protocol Exposure#

Restrict protocol adjacencies to trusted neighbors. For OSPF, use neighbor statements; for BGP, configure explicit peers.

3. Secure Routing Updates#

Use authentication for protocols (e.g., RIP v2 MD5, OSPF HMAC-MD5).
Filter routes with prefix lists or access control lists (ACLs) to prevent route injection attacks.

4. Avoid Default Redistribution#

Blindly redistributing all routes between protocols can cause routing loops. Use explicit redistribution rules with route maps.

5. Monitor and Log#

Enable detailed logging (log file ...) and monitor metrics like route count, adjacency status, and CPU/memory usage. Tools like gatedc (gated control utility) or netstat -r help track routing table changes.

Example Usage#

Let’s walk through a practical example: configuring gated to run RIP on an internal interface and OSPF on an external interface, with route redistribution between them.

Scenario#

Internal Network: 192.168.1.0/24 (eth0), using RIP.
External Network: 10.0.0.0/24 (eth1), using OSPF Area 0.
Goal: Redistribute RIP routes into OSPF and OSPF routes into RIP.

Step 1: Create `gated.conf`#

# Global settings
options {
  rib yes;
  log file "/var/log/gated.log" size 10M versions 5;
};
 
# RIP configuration (internal interface)
protocol rip {
  interface eth0 {
    passive no;  # Actively send/receive RIP updates
    metricout 1;  # Hop count for outgoing routes
  };
  network 192.168.1.0/24;  # Advertise internal network
  import all;  # Accept all RIP routes
  export all;  # Advertise all RIP routes
};
 
# OSPF configuration (external interface)
protocol ospf {
  router-id 10.0.0.1;  # Unique router ID
  area 0 {
    interface eth1 {
      cost 10;  # OSPF interface cost
      authentication simple "ospf-secret";  # Simple password auth
    };
  };
  network 10.0.0.0/24;  # Advertise external network
  import all;  # Accept all OSPF routes
  export all;  # Advertise all OSPF routes
};
 
# Redistribute RIP into OSPF
redistribute rip into ospf {
  metric 20;  # OSPF metric for RIP routes
  metric-type type-2;  # OSPF external type (E2)
};
 
# Redistribute OSPF into RIP
redistribute ospf into rip {
  metric 2;  # RIP hop count for OSPF routes
};

Step 2: Validate and Start Gated#

# Check configuration syntax
gated -C /etc/gated.conf
 
# Start gated (varies by OS; example for SystemV)
service gated start
 
# Verify status
service gated status

Step 3: Verify Routes#

Check the kernel routing table to confirm routes are learned and redistributed:

netstat -r  # Linux
route -n    # Alternative for Linux

Troubleshooting#

Common issues with gated and their solutions:

1. Configuration Errors#

Symptom: Gated fails to start.
Fix: Run gated -C to identify syntax errors (e.g., missing semicolons, invalid protocol names).

2. Missing Routes#

Symptom: Routes from a protocol are not appearing in the routing table.
Fix:
- Check protocol adjacencies (e.g., show ip ospf neighbor in debug mode).
- Verify redistribution rules (ensure redistribute is correctly configured).
- Check filters (e.g., filter in may be blocking routes).

3. High CPU/Memory Usage#

Symptom: Gated consumes excessive resources.
Fix: Reduce debug verbosity, limit the number of routes (e.g., with prefix filters), or upgrade hardware for large networks.

4. Routing Loops#

Symptom: Packets loop between routers.
Fix: Avoid circular redistribution (e.g., RIP → OSPF → RIP). Use route maps to filter redistributed routes.

References#

RFCs:
- RFC 1267 (Gated V2 Specification)
- RFC 1364 (Gated V3 Specification)
- RFC 2453 (RIP v2)
- RFC 2328 (OSPF v2)
- RFC 4271 (BGP v4)
Documentation:
- Gated 3.6 Manual (Linux man page)
- "TCP/IP Network Administration" by Craig Hunt (O’Reilly Media)
Modern Alternatives:
- FRRouting (FRR)
- BIRD Internet Routing Daemon

Gated remains a cornerstone in the history of routing daemons, offering a unified approach to multiprotocol routing. While modern tools have superseded it in many environments, understanding gated’s design and configuration principles provides valuable insight into network routing fundamentals. Whether maintaining legacy systems or learning about routing architecture, gated is a critical topic for network professionals.