Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | Classes ------- "Class" is complete routing table in common sence. I.e. it is tree of nodes (destination prefix, tos, metric) with attached information: gateway, device etc. This tree is looked up as specified in RFC1812 5.2.4.3 1. Basic match 2. Longest match 3. Weak TOS. 4. Metric. (should not be in kernel space, but they are) 5. Additional pruning rules. (not in kernel space). We have two special type of nodes: REJECT - abort route lookup and return an error value. THROW - abort route lookup in this class. Currently number of classes is limited by 255 (0 is reserved for "not specified class") Three classes are builtin: RT_CLASS_LOCAL=255 - local interface addresses, broadcasts, nat addresses. RT_CLASS_MAIN=254 - all normal routes are put there by default. RT_CLASS_DEFAULT=253 - if ip_fib_model==1, then normal default routes are put there, if ip_fib_model==2 all gateway routes are put there. Rules ----- Rule is record of (src prefix, src interface, tos, dst prefix) with attached information. Rule types: RTP_ROUTE - lookup in attached class RTP_NAT - lookup in attached class and if a match is found, translate packet source address. RTP_MASQUERADE - lookup in attached class and if a match is found, masquerade packet as sourced by us. RTP_DROP - silently drop the packet. RTP_REJECT - drop the packet and send ICMP NET UNREACHABLE. RTP_PROHIBIT - drop the packet and send ICMP COMM. ADM. PROHIBITED. Rule flags: RTRF_LOG - log route creations. RTRF_VALVE - One way route (used with masquerading) Default setup: root@amber:/pub/ip-routing # iproute -r Kernel routing policy rules Pref Source Destination TOS Iface Cl 0 default default 00 * 255 254 default default 00 * 254 255 default default 00 * 253 Lookup algorithm ---------------- We scan rules list, and if a rule is matched, apply it. If route is found, return it. If it is not found or THROW node was matched, continue to scan rules. Applications ------------ 1. Just ignore classes. All the routes are put to MAIN class (and/or to DEFAULT class). HOWTO: iproute add PREFIX [ tos TOS ] [ gw GW ] [ dev DEV ] [ metric METRIC ] [ reject ] ... (look at iproute utility) or use route utility from current net-tools. 2. Opposite case. Just forget all that you know about routing tables. Every rule is supplied with its own gateway, device info. record. This approach is not appropriate for automated route maintanance, but it is ideal for manual configuration. HOWTO: iproute addrule [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ dev INPUTDEV] [ pref PREFERENCE ] route [ gw GATEWAY ] [ dev OUTDEV ] ..... Warning: just now size of routing table in this approach is limited by 256. If someone will like this model, I'll relax this limitation. 3. OSPF classes (see RFC1583, RFC1812 E.3.3) Very clean, stable and robust algorithm for OSPF routing domains. Unfortunately, it is not used widely in the Internet. Proposed setup: 255 local addresses 254 interface routes 253 ASE routes with external metric 252 ASE routes with internal metric 251 inter-area routes 250 intra-area routes for 1st area 249 intra-area routes for 2nd area etc. Rules: iproute addrule class 253 iproute addrule class 252 iproute addrule class 251 iproute addrule to a-prefix-for-1st-area class 250 iproute addrule to another-prefix-for-1st-area class 250 ... iproute addrule to a-prefix-for-2nd-area class 249 ... Area classes must be terminated with reject record. iproute add default reject class 250 iproute add default reject class 249 ... 4. The Variant Router Requirements Algorithm (RFC1812 E.3.2) Create 16 classes for different TOS values. It is funny, but pretty useless algorithm. I listed it just to show power of new routing code. 5. All the variaty of combinations...... GATED ----- Gated does not understand classes, but it will work happily in MAIN+DEFAULT. All policy routes can be set and maintained manually. IMPORTANT NOTE -------------- route.c has compilation time switch CONFIG_IP_LOCAL_RT_POLICY. If it is set, locally originated packets are routed using all the policy list. It is not very convenient and pretty ambiguous, when used with NAT and masquerading. I set it to FALSE by default. Alexey Kuznetov kuznet@ms2.inr.ac.ru |