Shulou(Shulou.com)06/01 Report--

Net- policy routing

1. Policy routing

Strategy means that the routing of IP packets is mainly based on some policies laid down by the network administrator according to the needs.

For example, we can have such a strategy: "all packets from network A, choose X path; other choose Y path", or "all packets whose TOS is A choose path X; other selector path Y".

Cisco's network operating system (Cisco IOS) has adopted a new strategic routing mechanism since 11.0. On the other hand, Linux began to adopt the strategic routing mechanism in kernel 2.1. Compared with traditional routing algorithms, strategic routing mechanism mainly introduces the concept of multiple routing tables and rules.

2.linux mode

2.1Multirouting table (multiple Routing Tables)

Traditional routing algorithms use only one routing table. But in some cases, we need to use multirouting tables. For example, a subnet is connected to the outside world through a router, and the router is connected to the outside world by two lines, one of which is faster and the other is slower. For most users in the subnet, there are no special requirements for speed, so they can use slower routes, but there are some special users in the subnet who are more demanding on speed. so they need to use faster routes. The above requirements cannot be achieved by using a routing table, and if different routing tables are used for different users according to the source address or other parameters, the performance of the router can be greatly improved.

2.2 rules (rule)

Rule is a strategic and critical new concept. We can describe rules like this in natural language. For example, we can specify rules like this:

Rule 1: "all IP packets from 192.16.152.24 use routing table 10, and the priority of this rule is 1500"

Rule 2: "all packets, use routing table 253, the priority of this rule is 32767"

We can see that the rule contains three elements:

What kind of package will apply this rule (the so-called SELECTOR, maybe filter can better reflect its function)

What action (ACTION) will be taken by packages that comply with this rule, such as using that table

The priority of this rule. The higher the priority, the earlier the rules match (the smaller the value, the higher the priority).

3. Linux policy routing configuration

The traditional tool for configuring routing under linux is route, while the tool for implementing strategic routing configuration is the iproute2 toolkit.

Linux can support up to 255routing tables, three of which are built-in:

Table 255 Local routing Table (Local table) Local interface address, broadcast address, and NAT address are all placed in this table. The routing table is automatically maintained by the system and cannot be modified directly by the administrator.

Table 254Primary routing Table (Main table) if it does not specify the table to which the route belongs, all routes are placed in this table by default, and generally speaking, routes added by old routing tools (such as route) will be added to this table. It's usually an ordinary route.

Table 253 default routing table (Default table) generally default routes are placed in this table, but all gateway routes can also be placed if specified.

Table 0 reserved

The format of the route configuration command is as follows: Usage: ip route listSELECTOR

First, we can look at all the default rules in the routing table:

# ip rule list

0: from all lookup local

32766: from all lookup main

32767: from all lookup default

Rule 0, which is the highest priority rule, states that all packets must first be routed using the local table. This rule cannot be changed or deleted.

Rule 32766 specifies that all packets are routed using table main. This rule can be changed and deleted.

Rule 32767 specifies that all packets are routed using table default. This rule can be changed and deleted.

When routing by default, the route is first found in the local routing table according to rule 0. If the destination address is the local network or broadcast address, the appropriate route can be found here. If the route fails, the next rule that is not empty will be matched, where there is only 32766 rule, where the route will be found in the main routing table; if it fails, the 32767 rule will be matched, that is, the default routing table will be found. If it fails, the route will fail. As can be seen here, strategic routing is forward compatible.

4. Application of Policy routing

● routing based on source address (Source-Sensitive Routing)

If a network is connected to the Internet through two lines, one is a faster ADSL and the other is a slower ordinary modem. In this way, network administrators can not only provide undifferentiated routing services, but also make some specific addresses use faster lines depending on the source address, while ordinary users use slower lines, that is, routing based on source addresses.

● routing based on service level (Quality of Service)

According to the service level domain of the IP header, the network administrator can route different datagrams with different requirements for transmission rate, throughput and reliability according to the condition of the network.

Application of ● cost Saving

According to the situation of the communication, the network administrator can let some larger paroxysmal communications use some paths with higher bandwidth but more expensive for a short period of time, and then let the basic communication continue to use the original cheaper basic lines. For example, if the administrator knows that the communication between a host and a particular address is usually accompanied by a large number of paroxysmal communications, the network administrator can arrange policies for these hosts to use special routes. these routes are dialed on demand, and lines with high bandwidth will be discontinued after the communication is completed, while ordinary communication will not be affected. This can not only improve the performance of the network, but also save money.

● load balancing (Load Sharing)

According to the characteristics of network traffic, network administrators can distribute load among different paths to achieve load balancing.

Implementation of Policy routing under 5.linux

Routing 192.168.122.10 Universe 24 based on source address

Client->

Linux GW eth0 192.168.122.20 Compact 24-> eth2 2.2.2.1 Universe 24 10m

-> eth3 3.3.3.1 Compact 24 2m

Client:

# ip route add 0/0 via 192.168.122.20

Linux GW:

Customize 2 routing tables, namely test1,test2

# vim / etc/iproute2/rt_tables

255 local

254 main

253 default

200 test2

100 test1

0 unspec

# ip route add default via 2.2.2.1 tabletest1

# ip route add default via 3.3.3.1 tabletest2

# ip route list table test1

Default via 2.2.2.1 dev eth2

# ip route list table test2

Default via 3.3.3.1 dev eth2

Use the mangle table of the firewall to mark different source address packets

# iptables-t mangle-A PREROUTING-miprange-- src-range 192.168.122.1-192.168.122.100-j MARK-- set-mark 1

# iptables-t mangle-A PREROUTING-miprange-- src-range 192.168.122.101-192.168.122.200-j MARK-- set-mark 2

Invoke the firewall tag in the ip command, and different tags use different routing tables

# ip rule add fwmark 1 table test1

# ip rule add fwmark 2 table test2

Load balancing

/

Client-- > Linux GW-- > eth2 2.2.2.1 Universe 24 10m

192.168.122.10 eth3 24 eth0 192.168.122.254 Compact 24-> eth3 3.3.3.1 Universe 24 2m

Client:

# ip route add 0/0 via 1.1.1.2

Linux GW:

# ip route add default nexthop via 2.2.2.1dev eth2 nexthop via 3.3.3.1 dev eth3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.