| 1 |
1275 |
phoenix |
Classes
|
| 2 |
|
|
-------
|
| 3 |
|
|
|
| 4 |
|
|
"Class" is a complete routing table in common sense.
|
| 5 |
|
|
I.e. it is tree of nodes (destination prefix, tos, metric)
|
| 6 |
|
|
with attached information: gateway, device etc.
|
| 7 |
|
|
This tree is looked up as specified in RFC1812 5.2.4.3
|
| 8 |
|
|
1. Basic match
|
| 9 |
|
|
2. Longest match
|
| 10 |
|
|
3. Weak TOS.
|
| 11 |
|
|
4. Metric. (should not be in kernel space, but they are)
|
| 12 |
|
|
5. Additional pruning rules. (not in kernel space).
|
| 13 |
|
|
|
| 14 |
|
|
We have two special type of nodes:
|
| 15 |
|
|
REJECT - abort route lookup and return an error value.
|
| 16 |
|
|
THROW - abort route lookup in this class.
|
| 17 |
|
|
|
| 18 |
|
|
|
| 19 |
|
|
Currently the number of classes is limited to 255
|
| 20 |
|
|
(0 is reserved for "not specified class")
|
| 21 |
|
|
|
| 22 |
|
|
Three classes are builtin:
|
| 23 |
|
|
|
| 24 |
|
|
RT_CLASS_LOCAL=255 - local interface addresses,
|
| 25 |
|
|
broadcasts, nat addresses.
|
| 26 |
|
|
|
| 27 |
|
|
RT_CLASS_MAIN=254 - all normal routes are put there
|
| 28 |
|
|
by default.
|
| 29 |
|
|
|
| 30 |
|
|
RT_CLASS_DEFAULT=253 - if ip_fib_model==1, then
|
| 31 |
|
|
normal default routes are put there, if ip_fib_model==2
|
| 32 |
|
|
all gateway routes are put there.
|
| 33 |
|
|
|
| 34 |
|
|
|
| 35 |
|
|
Rules
|
| 36 |
|
|
-----
|
| 37 |
|
|
Rule is a record of (src prefix, src interface, tos, dst prefix)
|
| 38 |
|
|
with attached information.
|
| 39 |
|
|
|
| 40 |
|
|
Rule types:
|
| 41 |
|
|
RTP_ROUTE - lookup in attached class
|
| 42 |
|
|
RTP_NAT - lookup in attached class and if a match is found,
|
| 43 |
|
|
translate packet source address.
|
| 44 |
|
|
RTP_MASQUERADE - lookup in attached class and if a match is found,
|
| 45 |
|
|
masquerade packet as sourced by us.
|
| 46 |
|
|
RTP_DROP - silently drop the packet.
|
| 47 |
|
|
RTP_REJECT - drop the packet and send ICMP NET UNREACHABLE.
|
| 48 |
|
|
RTP_PROHIBIT - drop the packet and send ICMP COMM. ADM. PROHIBITED.
|
| 49 |
|
|
|
| 50 |
|
|
Rule flags:
|
| 51 |
|
|
RTRF_LOG - log route creations.
|
| 52 |
|
|
RTRF_VALVE - One way route (used with masquerading)
|
| 53 |
|
|
|
| 54 |
|
|
Default setup:
|
| 55 |
|
|
|
| 56 |
|
|
root@amber:/pub/ip-routing # iproute -r
|
| 57 |
|
|
Kernel routing policy rules
|
| 58 |
|
|
Pref Source Destination TOS Iface Cl
|
| 59 |
|
|
|
| 60 |
|
|
254 default default 00 * 254
|
| 61 |
|
|
255 default default 00 * 253
|
| 62 |
|
|
|
| 63 |
|
|
|
| 64 |
|
|
Lookup algorithm
|
| 65 |
|
|
----------------
|
| 66 |
|
|
|
| 67 |
|
|
We scan rules list, and if a rule is matched, apply it.
|
| 68 |
|
|
If a route is found, return it.
|
| 69 |
|
|
If it is not found or a THROW node was matched, continue
|
| 70 |
|
|
to scan rules.
|
| 71 |
|
|
|
| 72 |
|
|
Applications
|
| 73 |
|
|
------------
|
| 74 |
|
|
|
| 75 |
|
|
1. Just ignore classes. All the routes are put into MAIN class
|
| 76 |
|
|
(and/or into DEFAULT class).
|
| 77 |
|
|
|
| 78 |
|
|
HOWTO: iproute add PREFIX [ tos TOS ] [ gw GW ] [ dev DEV ]
|
| 79 |
|
|
[ metric METRIC ] [ reject ] ... (look at iproute utility)
|
| 80 |
|
|
|
| 81 |
|
|
or use route utility from current net-tools.
|
| 82 |
|
|
|
| 83 |
|
|
2. Opposite case. Just forget all that you know about routing
|
| 84 |
|
|
tables. Every rule is supplied with its own gateway, device
|
| 85 |
|
|
info. record. This approach is not appropriate for automated
|
| 86 |
|
|
route maintenance, but it is ideal for manual configuration.
|
| 87 |
|
|
|
| 88 |
|
|
HOWTO: iproute addrule [ from PREFIX ] [ to PREFIX ] [ tos TOS ]
|
| 89 |
|
|
[ dev INPUTDEV] [ pref PREFERENCE ] route [ gw GATEWAY ]
|
| 90 |
|
|
[ dev OUTDEV ] .....
|
| 91 |
|
|
|
| 92 |
|
|
Warning: As of now the size of the routing table in this
|
| 93 |
|
|
approach is limited to 256. If someone likes this model, I'll
|
| 94 |
|
|
relax this limitation.
|
| 95 |
|
|
|
| 96 |
|
|
3. OSPF classes (see RFC1583, RFC1812 E.3.3)
|
| 97 |
|
|
Very clean, stable and robust algorithm for OSPF routing
|
| 98 |
|
|
domains. Unfortunately, it is not widely used in the Internet.
|
| 99 |
|
|
|
| 100 |
|
|
Proposed setup:
|
| 101 |
|
|
255 local addresses
|
| 102 |
|
|
254 interface routes
|
| 103 |
|
|
253 ASE routes with external metric
|
| 104 |
|
|
252 ASE routes with internal metric
|
| 105 |
|
|
251 inter-area routes
|
| 106 |
|
|
250 intra-area routes for 1st area
|
| 107 |
|
|
249 intra-area routes for 2nd area
|
| 108 |
|
|
etc.
|
| 109 |
|
|
|
| 110 |
|
|
Rules:
|
| 111 |
|
|
iproute addrule class 253
|
| 112 |
|
|
iproute addrule class 252
|
| 113 |
|
|
iproute addrule class 251
|
| 114 |
|
|
iproute addrule to a-prefix-for-1st-area class 250
|
| 115 |
|
|
iproute addrule to another-prefix-for-1st-area class 250
|
| 116 |
|
|
...
|
| 117 |
|
|
iproute addrule to a-prefix-for-2nd-area class 249
|
| 118 |
|
|
...
|
| 119 |
|
|
|
| 120 |
|
|
Area classes must be terminated with reject record.
|
| 121 |
|
|
iproute add default reject class 250
|
| 122 |
|
|
iproute add default reject class 249
|
| 123 |
|
|
...
|
| 124 |
|
|
|
| 125 |
|
|
4. The Variant Router Requirements Algorithm (RFC1812 E.3.2)
|
| 126 |
|
|
Create 16 classes for different TOS values.
|
| 127 |
|
|
It is a funny, but pretty useless algorithm.
|
| 128 |
|
|
I listed it just to show the power of new routing code.
|
| 129 |
|
|
|
| 130 |
|
|
5. All the variety of combinations......
|
| 131 |
|
|
|
| 132 |
|
|
|
| 133 |
|
|
GATED
|
| 134 |
|
|
-----
|
| 135 |
|
|
|
| 136 |
|
|
Gated does not understand classes, but it will work
|
| 137 |
|
|
happily in MAIN+DEFAULT. All policy routes can be set
|
| 138 |
|
|
and maintained manually.
|
| 139 |
|
|
|
| 140 |
|
|
IMPORTANT NOTE
|
| 141 |
|
|
--------------
|
| 142 |
|
|
route.c has a compilation time switch CONFIG_IP_LOCAL_RT_POLICY.
|
| 143 |
|
|
If it is set, locally originated packets are routed
|
| 144 |
|
|
using all the policy list. This is not very convenient and
|
| 145 |
|
|
pretty ambiguous when used with NAT and masquerading.
|
| 146 |
|
|
I set it to FALSE by default.
|
| 147 |
|
|
|
| 148 |
|
|
|
| 149 |
|
|
Alexey Kuznetov
|
| 150 |
|
|
kuznet@ms2.inr.ac.ru
|
