Linux strategic routing application and in-depth analysis

Article title: Linux strategic routing application and in-depth analysis. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Strategic routing
　　
Strategy means that the IP packet routing is based on the policies set by the network administrator as needed. For example, we can have A policy like this: "select X path for all packages that come directly from Network A; select Y path for others", or "select path F for all packages whose TOS is; other selected paths K ".
　　
Cisco's network operating system (Cisco IOS) has adopted a new strategic routing mechanism since 11.0. Linux uses a strategic routing mechanism in kernel 2.1. Compared with traditional routing algorithms, the strategic routing mechanism mainly introduces the concept of multiple route tables and rules.
　　
Multiple Routing Tables)
　　
Traditional routing algorithms only use one route table. However, in some cases, we need to use multiple route tables. For example, if a subnet is connected to the outside world through a vro, the vro has two lines connected to the outside world, one of which is faster and the other is slower. Most users in the subnet have no special requirements on the speed, so they can use slow routes; however, some special users in the subnet have strict speed requirements, so they need to use fast routes. If you use a route table, the preceding requirements cannot be met. if you use different route tables for different users based on the source address or other parameters, the performance of the router can be greatly improved.
　　
Rule (rule)
　　
Rules are a key new strategic concept. We can use natural language to describe rules like this. for example, we can specify such rules:
　　
Rule 1: "All IP packets from 192.16.152.24 use route table 10. the priority of this rule is 1500"
　　
Rule 2: "All packages use route Table 253. the priority of this rule is 32767"
　　
We can see that the rule contains three elements:
　　
What kind of package will apply this rule (the so-called SELECTOR may be a filter that better reflects its role );
　　
What ACTION will a packet comply with this rule take, such as the table used;
　　
Priority of this rule. Rules with higher priority are matched first (smaller values have higher priority ).
　　
How to configure strategic routes
　　
The traditional tool for configuring routes in linux is route, and the tool for implementing strategic routing configuration is iproute2 toolkit. This software package was developed by Alexey Kuznetsov. its main website is ftp://ftp.inr.ac.ru/ip-routing /.
This section briefly introduces how to configure strategic routes to better understand the content of the second part. For more information, see ip address-cfref written by Alexey Kuznetsov. The configuration of strategic routes mainly includes interface address configuration, route configuration, and rule configuration.
　　
IP address Addr
　　
You can use the following command to configure the interface:
　　
Usage: ip addr [add | del] IFADDR dev STRING
　　
For example:
　　
Router> # ip addr add 192.168.0.1/24 broadcast 192.168.0.255 label eth0 dev eth0
　　
The above indicates that the address 192.168.0.1 mask assigned to the eth0 interface is 255.255.255.0 (24 indicates the number of 1 in the mask), and the broadcast address is 192.168.0.255.
　　
Route configuration IP Route
　　
Linux supports a maximum of 255 route tables, of which 3 are built-in:
　　
Table 255 the Local table Local interface address, broadcast address, and NAT address are both in this table. The route table is automatically maintained by the system and cannot be directly modified by the administrator.
　　
Table 254 if the Main table does not specify the table to which the router belongs, all routes are placed in this table by default. Generally, the old routing tool (such as route) all the added routes are added to this table. It is generally a common route.
　　
Table 253 Default table generally stores all the Default routes in this table. However, if this table is specified, all the Gateway routes can be used.
　　
Table 0 reserved
　　
The format of the route configuration command is as follows:
　　
Usage: ip route list SELECTOR
Ip route {change | del | add | append | replace | monitor} ROUTE
　　
To view the content of a route table, run the following command:
　　
Ip route list table table_number
　　
Route operations include change, del, add, append, replace, and monitor. For example, you can add a route:
　　
Router> # ip route add 0/0 via 192.168.0.4 table main
Router> # ip route add 192.168.3.0/24 via 192.168.0.3 table 1
　　
The first command is to add a route entry to the master route table (main table), that is, table 254. the route content is to set 192.168.0.4 as the gateway.
　　
The second command adds a route entry to route Table 1. the subnet 192.168.3.0 (subnet mask is 255.255.255.0) and the gateway is 192.168.0.3.
　　
In a multi-route table routing system, all route operations, such as adding a route to a route table or finding a specific route in the routing table, must specify the route table to be operated, if no route table is specified, the operation is performed on the master route table (Table 254) by default. In a single table system, route operations do not need to specify the route table.
　　
Rule configuration IP Rule
　　
In Linux, a priority rule can be defined. a priority level can have only one rule, that is, a total of rules can be defined theoretically. Three of the rules are default. Command usage:
　　
Usage: ip rule [list | add | del] SELECTOR ACTION
SELECTOR: = [from PREFIX] [to PREFIX] [tos]
[Dev STRING] [pref NUMBER]
ACTION: = [table TABLE_ID] [nat ADDRESS]
[Prohibit | reject | unreachable]
[Flowid CLASSID]
TABLE_ID: = [local | main | default | new | NUMBER
　　
First, we can look at all the default rules of the route table:
　　
Root @ netmonster # ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
　　
Rule 0 is the highest priority rule. it specifies that all packages must be routed using the local table (254) first. This rule cannot be changed or deleted.
　　
Rule 32766 specifies that all packages are routed using the table main. This rule can be changed or deleted.
　　
Rule 32767 specifies that all packages use the table default for routing. This rule can be changed or deleted.
　　
When routing is performed by default, routes are first searched in the local routing table based on Rule 0. if the destination address is the current network or broadcast address, you can find a suitable route here. if the route fails, it will match the next non-null rule. here there is only 32766 rule, and the route will be searched in the main route table; if it fails, the 32767 rule is matched, that is, the default route table is searched. If it fails, the route will fail. Here we can see that strategic routing is forward compatible.
　　
You can also add rules:
　　
Router> # ip rule add [from 0/0] table 1 pref 32800
Router> # ip rule add from 192.168.3.112/32 [tos 0x10] table 2 pref 1500 prohibit
　　
The first command adds a rule to the rule chain. The rule matches all data packets, and the action is to select the route entry in route Table 1. The rule has a priority of 32800.
　　
The second command adds a rule to the rule chain. The rule matches a packet whose IP address is 192.168.3.112 and tos is equal to 0x10. use route Table 2. The rule has a priority of 1500 and the action is. After adding the rule, we can see the changes in the system rules.
　　
Router> # ip rule
0: from all lookup local
1500 from 192.168.3.112/32 [tos 0x10] lookup 2
32766: from all lookup main
32767: from all lookup default
32800: from all lookup 1
　　
The preceding rule uses the source address as the keyword to determine whether to match the rule. In addition to the source address, you can also use the following information:
　　
From -- source address
　　
To -- destination address (used for rule selection and used for route table search)
　　
Tos -- the TOS (type of sevice) domain of the IP header
　　
Dev -- physical interface
　　
Fwmark-firewall parameters
　　
In addition to specifying a table, you can also specify the following actions:
　　
Table indicates the Table used
　　
Nat transparent gateway
　　
Action prohibit discards the packet and Sends ICMP information of COMM. ADM. PROHIITED
　　
Reject simply discards this package
　　
Unreachable discards the packet and sends the ICMP information of the net unreachable.
　　
Application of strategic routing
　　
Source-Sensitive Routing)
　　
If a network accesses the Internet through two lines, one is relatively fast ADSL, and the other is a relatively slow common modem. In this way, the network administrator can provide a non-differentiated routing service, or make some specific addresses use fast lines based on different source addresses, while ordinary users use slow lines, SOURCE address-based routing.
　　
Quality of Service)
　　
Network administrators can route data packets with different requirements on transmission rate, throughput, and reliability based on the service-level domain of the IP header.
　　
Cost-saving applications
　　
Network administrators can enable some relatively large bursts of communications to use some relatively high-bandwidth but relatively expensive paths for a short period of time based on their communication conditions, then let the basic communication continue to use the basic line that was originally cheaper. For example, the administrator knows that communication between a host and a specific address is usually accompanied by a large number of bursts of communication, so the network administrator can arrange some policies to make these hosts use special routes, these routes are on-demand dial-up lines with relatively high bandwidth. after the communication is completed, they will be stopped, while normal communication will not be affected. This not only improves network performance, but also saves costs.
　　
Load Sharing <