Linux Strategic routing application _unix Linux

Strategic routing

The strategy is that the routing of IP packets is based on some of the policies that the network administrator has set up according to the needs. For example, we can have this strategy: "All come straight from the net a package, select the x path, the other choice y path", or "all TOS for a package selection path F; Other selector path K".

Cisco's network operating system (Cisco IOS) has been using a new strategic routing mechanism since 11.0. Linux starts with a strategic routing mechanism in kernel 2.1. Compared with traditional routing algorithms, the strategic routing mechanism mainly introduces the concept of multiple routing tables and rules.

Multi-routing table (multiple Routing tables)

The traditional routing algorithm uses only a single routing table. But in some cases, we need to use a multiple routing table. For example, a subnet through a router to connect with the outside world, routers and the outside has two lines connected, one of the speed is relatively fast, a slow speed. For most users in the subnet, there is no special requirement for speed, so they can use slow routing, but some special users in the subnet are more demanding on speed, so they need to use faster routing. If you use a routing table this requirement is not achievable, and if you use a different routing table for different users depending on the source address or other parameters, this can greatly improve the performance of your router.

Rules (rule)

Rules are a key new concept of strategic nature. We can use natural language to describe the rules, for example, we can specify such a rule:

Rule one: "All IP packets from 192.16.152.24, using routing table 10, the priority level of this rule is 1500"

Rule two: "All packages, using routing table 253, the priority level of this rule is 32767"

As we can see, the rule contains 3 elements:

What kind of package will apply this rule (the so-called selector may be more reflective of the filter's role);

What action the package will take (action), for example, with that table, that complies with these rules;

The priority level of this rule. The higher the precedence rule, the more the Rules match first (the higher the value the smaller the precedence).

How to configure Strategic routing

The traditional Linux configuration Routing tool is route, while the tool to implement the strategic routing configuration is the Iproute2 toolkit. This package was developed by Alexey Kuznetsov.
Here is a brief introduction to the configuration of the strategic route to better understand the second part of the content. For detailed use, refer to the Ip-cfref document written by Alexey Kuznetsov. The configuration of the strategic route mainly includes the configuration of the interface address, the configuration of routing, and the configuration of rules.

Configuration IP Addr for interface addresses

The configuration of the interface can be performed with the following command:

Usage:ip Addr [Add | del] ifaddr dev STRING

For example:

router># IP addr Add 192.168.0.1/24 broadcast 192.168.0.255 label Eth0 Dev eth0

The above indicates that the address 192.168.0.1 mask given to the interface eth0 is 255.255.255.0 (24 represents the number of 1 in the mask) and the broadcast address is 192.168.0.255

Configuration IP Route for routing

Linux supports up to 255 routing tables, 3 of which are built in:

Table 255 Local route table (local table) native interface address, broadcast address, and NAT address are placed on this table. The routing table is automatically maintained by the system and cannot be modified directly by the administrator.

Table 254 The main routing table (main table) If you do not indicate the table to which the route belongs, all routes are placed by default in this table, and in general, the routes added by the old routing tool (such as route) are appended to it. is generally a common route.

Table 253 Default routing table (defaults table) in general, the default route is placed in this table, but if it is specified, it can be all gateway routes.

Table 0 Reservations

The routing configuration commands are formatted as follows:
Usage:ip Route list SELECTOR
IP route {Change | del | add | append | replace | monitor} route

If you want to view the contents of the routing table, you can use the command:

IP Route List Table Table_number

The operations for routing include Change, Del, add, append, replace, and monitor. For example, you can add a route by:

router># IP route add 0/0 via 192.168.0.4 table main
router># IP route add 192.168.3.0/24 via 192.168.0.3 table 1

The first command adds a route to the main routing table (main table), table 254, where the content of the route is set 192.168.0.4 to become a gateway.

The second command represents adding a route to Routing table 1, where the subnet 192.168.3.0 (the subnet mask is 255.255.255.0) is 192.168.0.3.

In the routing system of a multiple routing table, all routing operations, such as the network by adding a route to the table, or looking for a specific route in the routing table, need to indicate the routing tables to be manipulated, all without indicating the routing table, and by default, the main routing table (table 254) is operated. In a single table system, the routing operation is not to specify the routing table.

Configuration of rules IP rule

In Linux, you can define a priority rule, a priority can only have one rule, that is, in theory, there is a total rule. 3 of these rules are default. The command usage is as follows:

USAGE:IP Rule [List | add | del] SELECTOR ACTION
SELECTOR: = [from PREFIX] [to PREFIX] [TOS TOS]
[Dev STRING] [Pref number]
ACTION: = [table table_id] [NAT address]
[Prohibit | reject | unreachable]
[Flowid CLASSID]
table_id: = [local | main | default | new | Number

First we can look at all the rules for routing table defaults:

0:from All lookup Local
32766:from All lookup Main
32767:from All Lookup Default

Rule 0, which is the highest priority rule, rules that all packages must first be routed using the local table (254). This rule cannot be changed and deleted.

Rule 32766, which stipulates that all packages are routed using table main. These rules can be changed and deleted.

Rule 32767, which stipulates that all packages are routed using table default. These rules can be changed and deleted.

When routed by default, the route is first found in the local routing table according to rule 0, and if the destination address is the network or broadcast address, the appropriate route can be located here; If the route fails, it matches the next empty rule, where there are only 32766 rules, This will look for routes in the main routing table, and if it fails, it will match the 32767 rule, which is to look for the default routing tables. If it fails, the route fails. Here you can see that the strategic route is forward compatible.

You can also add rules:

router># IP rule add [from 0/0] Table 1 pref 32800
Router > #ip rule add from 192.168.3.112/32 [TOS 0x10] Table 2 pref 1500 prohibit

The first command adds a rule to the chain of rules, where the rule matches all packets, and the action is a route that chooses route table 1, which has a priority of 32800.

The second command adds a rule to the rule chain that matches the packet with IP 192.168.3.112,tos equals 0x10, using routing table 2, which has a priority of 1500, and the action is. After adding, we can look at changes in system rules.

router># IP Rule
0:from All lookup Local
1500 from 192.168.3.112/32 [TOS 0x10] Lookup 2
32766:from All lookup Main
32767:from All Lookup Default
32800:from All lookup 1

The above rule is based on the source address as the keyword, as a match. In addition to the source address, you can use the following information:

From--Source address

To--Destination address (this is used when selecting a rule, also used when locating a routing table)

TOS--tos (type of sevice) domain of the IP header

Dev--Physical interface

Fwmark--Firewall parameters

Action taken in addition to specifying a table, you can specify the following action:

Table indicates which tables are used

Nat Transparent Gateway

The Action prohibit discards the packet and sends the COMM. Adm. ICMP information for prohiited

Reject simply discard the package

Unreachable discards the package and sends the ICMP information for NET unreachable

The application of strategic routing

Based on source address selection (source-sensitive Routing)

If a network through two lines to the Internet, one is relatively fast ADSL, the other is a relatively slow ordinary modem. In this way, the network administrator can provide no differential routing services, or depending on the source address, so that some specific address to use a faster line, while the average user uses a slow line, that is, based on the selection of the source site.

Route selection based on service level (Quality of services)

Depending on the service level domain of the IP header, the network administrator can treat different service requirements to the different requirements for transmission rate, throughput, and reliability by different routes according to the condition of the network.

Cost-saving applications

Network administrators can, according to the status of communications, let some of the larger array of communication using some relatively high bandwidth but more expensive path for a short period of time, and then let basic communications continue to use the original relatively cheap basic lines. For example, an administrator knows that a host communication with a particular address is usually accompanied by a large number of paroxysmal communication, then the network administrator can arrange a number of policies to enable these hosts to use special routes, these routes are on demand dial, high bandwidth of the line, the communication is completed after the end of use, Ordinary communication is not affected. This will not only improve the performance of the network, but also save money.

Load balancing (sharing load)

According to the characteristics of network traffic, network administrators can distribute load balance between different paths.

Implementation of strategic routing under Linux--rpdb (Routing Policy DataBase)

Under Linux, Strategic routing is implemented by RPDB. An understanding of RPDB's internal mechanisms can deepen understanding of the use of strategic routing. The details of the RPDB implementation of Linux 2.4.18 are analyzed here. The main implementation files include:

Fib_hash.c
Fib_rules.c
Fib_sematic
Fib_frontend.c
Route.c

RDPB is mainly composed of multiple routing tables and rules. The routing table and its operation and its external interface are the core parts of the entire rpdb. The routing table is mainly composed of the main data structures of Table,zone,node. Operations on the routing table consist primarily of physical operations and semantic manipulation. In addition to the interfaces that provide routing to the IP layer, the routing table must provide interfaces with several elements: interface with the user (that is, change routes), proc interfaces, IP layer control interfaces, and hardware interfaces (changes in the network interface can result in changes to the contents of the routing table). A rule that is in the center of a RDPB by selecting a table from a rule. The IP layer does not directly use the routing table, but through a routing adaptation layer, the routing adapter layer provides high performance routing services for the IP layer.

Routing tables (Fib table)

Data:

In the framework of the entire strategic routing, the routing table is the most important data structure, and we have clearly explained the concept and structure of the routing table. Linux is implemented through the following major data structures.

Main data structure action position
struct fib_table routing table ip_fib.h 116
struct Fn_hash routing table hash data fib_hash.c 104
struct Fn_zone zone domain fib_hash.c 85
struct Fib_node Routing node fib_hash.c 68
struct Fib_info routing information ip_fib.h 57
struct Fib_result Routing Results ip_fib.h 86

The main relationships between data structures are as follows. The routing table consists of the routing table number and the action function pointer of the routing table and the table data. It should be noted that the routing table structure does not directly define the zone domain, but instead points to fn_hash through a data pointer. Only when there is data in the zone will it be connected to the fn_zone_list.

All of the system's routing tables are maintained by the array variable *fib_tables[rt_table_max+1], where the system definition Rt_table_max is 254, which means the system's largest routing table is 255, and all routing table operations are performed on this array. At the same time, the system also defines three long paths by table *local_table; *main_table.

Operation of the routing table:

The main part of the Linux Policy Routing code is the operation of the routing table. For the operation of the routing table, physical operations are intuitive and easy to understand. The operation of the table is simply adding, deleting, updating, and so on. There is also an operation, the so-called semantic operation, semantic operation is mainly refers to such as the calculation of the next address, the node is converted to route items, to find the route of the specified information.

1. Physical operation (operation):

The physical operations of the routing table mainly include the following functions:

Routing mark operation realizes function position
New routing Table
To delete a routing table
Search Route Fn_hash_lookup fib_hash.c 269
Insert route to routing table Fn_hash_insert fib_hash.c 341
Remove routing fn_hash_delete for routing tables
Fn_hash_dump
FIB_HASH.C 433
FIB_HASH.C 614
Updating routes for routing tables Fn_hash_flush fib_hash.c 729
Display routing information for routing tables Fn_hash_get_info FIB_HASH.C 750
Select default route fn_hash_select_default fib_hash.c 842

2, semantic operation (semantics operation):

Semantic manipulation does not involve the understanding of the overall framework of the routing table, and the function name is self-evident, so please refer to FIB_SEMANTICS.C.

3, interface (front end)

The key to understanding the routing table interface is to understand where there is

Ip

The first is the interface that routes the table to the IP layer. Routing in the current sense of Linux, the most important is the IP layer routing, so the interface with the IP layer is the most important interface. and the IP layer interface is mainly to provide the IP layer to find routes, routing control, looking for the specified IP interfaces.

Fil_lookup
Ip_rt_ioctl FIB_FRONTEND.C 286; "F
Ip_dev_find 145

Inet

The routing table must also provide a configuration interface, that is, the interface where the user directly operates the route, such as adding and removing a route. Of course, in the strategic route, there are rules to add and delete.

Inet_rtm_delroute 351
Inet_rtm_newroute 366
Inet_check_attr 335

Proc

Display routing information in/proc/net/route.
Fib_get_procinfo

4, network equipment (NET Dev event)

Routing is associated with hardware, and when a network device is started or shut down, you must notify the routing table's management program and update the routing table's information.

FIB_DISABLE_IP 567
Fib_inetaddr_event 575
Fib_netdev_event

5. Internal Maintenance (Magic)

As we mentioned above, the maintenance of the local routing table (locally table) is done automatically by the system. This means that when the user sets the IP address for the hardware, the system automatically adds the local interface address and the broadcast address to the local routing table.

Fib_magic 417
FIB_ADD_IFADDR 459
FIB_DEL_IFADDR 498

Rule

1. Data structure

The rules are defined as struct fib_rule in the 52 lines of FIB_RULES.C. And all the routes in RPDB are stored in 101 rows of variable fib_rules, note that this variable is critical, it governs all the rules, the addition and deletion of the rules are on this variable.

2. System definition Rules:

Fib_rules is defined to give three default rules: default, local, and main.

U Local rule local_rule
Fib_rule static struct Local_rule = {
R_next: &main_rule,/* The next rule is the main rule * *
R_clntref:atomic_init (2),
R_table:rt_table_local,/* point to local routing table * *
R_action:rtn_unicast,/* action is return route * *
};

U main rule main_rule
struct static Fib_rule Main_rule = {
R_next: &default_rule,/* The next rule is the default rule * *
R_clntref:atomic_init (2),
R_preference:0x7ffe,/* Precedence of default rules 32766*/
R_table:rt_table_main,/* point to the main routing table * *
R_action:rtn_unicast,/* action is return route * *
};
U Default rule
struct Fib_rule default_rule = {
R_clntref:atomic_init (2),
r_preference:0x7fff,/* the precedence of the default rule 32767*/
r_table:rt_table_default,/* refers to the default routing table * *
r_action:rtn_unicast,/* action is to return the route * *
};

The chain header of the rule chain points to the local rule.

The central function of RPDB fib_lookup

Now it's time to discuss the central function of RPDB's implementation fib_lookup. RPDB by providing an interface function Fib_lookup as an entry point for routing, there is a need to discuss this function in detail here, which is the source code:

310 int fib_lookup (const struct Rt_key *key, struct fib_result)
311 {
312 int err;
313 struct Fib_rule *r, *policy;
struct fib_table *TB;
315
316 U32 daddr = key->dst;
317 U32 saddr = key->src;
318
321 Read_lock (&fib_rules_lock);
322 for (R = fib_rules. R r=r->r_next) {/* Scan rule chain fib_rules every rule until the match. *
323 if ((SADDR^R->R_SRC) & R->r_srcmask) | |
324 ((DADDR^R->R_DST) & R->r_dstmask) | |
325 #ifdef Config_ip_route_tos
326 (R->r_tos && r->r_tos!= key->tos) | |
327 #endif
328 #ifdef Config_ip_route_fwmark
329 (R->r_fwmark && r->r_fwmark!= key->fwmark) | |
#endif
331 (R->r_ifindex && r->r_ifindex!= key->iif))
332 continue;/* above to determine whether the rule is matched, if not match, scan the next rule, or Continue * *

335 switch (r->r_action) {/* OK, start processing action. *
336 case rtn_unicast:/* did not set the action * *
337 Case RTN_NAT:/* Action NAT address*/
338 policy = R;
339 break;
Rtn_unreachable Case:/* Action unreachable*/
341 Read_unlock (&fib_rules_lock);
342 Return-enetunreach;
343 Default:
344 Case rtn_blackhole:/* Action Reject * *
345 Read_unlock (&fib_rules_lock);
346 Return-einval;
347 Case rtn_prohibit:/* Action prohibit * *
348 Read_unlock (&fib_rules_lock);
349 return-eacces;
350}
351/* Select routing Table * *
352 if (TB = fib_get_table (r->r_table)) = = NULL)
353 continue;
* * Find the specified route in the routing table/
354 err = Tb->tb_lookup (TB, key, RES);
355 if (err = = 0) {/* hit target * *
356 Res->r = policy;
357 if (policy)
358 atomic_inc (&POLICY->R_CLNTREF);
359 read_unlock (&fib_rules_lock);
360 return 0;
361}
362 if (Err < 0 && err!=-eagain) {/* Routing failure/*
363 Read_unlock (&fib_rules_lock);
364 return err;
365}
366}
368 read_unlock (&fib_rules_lock);
369 Return-enetunreach;
370}

The idea of the code above is very clear. First, the program scans all the rules from high to low, and if the rules match, the action of the rule is processed. If it is a normal route addressing or a NAT address translation exchange, the routing table is first obtained from the rule and then the routing table is manipulated. So rpdb finally clear to show up.

IP layer route adaptation (IP route)

The routing table and the rule system, can complete the route management and the search work, but in order to make the IP layer routing work more efficient, Linux's routing system, route.c completes most IP layer and RPDB's adaptation work, as well as the route buffer (route cache) function.

Calling interface

The routing interface of IP layer is divided into sending routing interface and receiving routing interface:

Send Routing interface

The IP layer calls the Ip_route_out function when it needs to be routed when it sends data. This function, after completing a simple conversion of some key values, calls the Ip_route_output_key function, which first finds the route in the cache, and if it fails, it calls the Ip_route_output_slow,ip_route_output_ Slow call fib_lookup in the routing table to find routes, if hit, first add the route in the cache, and then return the result.

Ip_route_out route.h
Ip_route_output_key route.c 1984;
Ip_route_output_slow route.c 1690; "

Receive routing interface

IP layer after receiving a packet, if you need to route, call the function Ip_route_input,ip_route_input now in the cache to find, if the failure of the IP_ROUTE_INPU call Ip_route_input_slow, IP_ Route_input_slow call Fib_lookup in the routing table to find routes, if hit, first add the route in the cache, and then return the result.

Ip_route_input_slow route.c 1312; "F
Ip_route_input route.c 1622; "F

Cache

The routing cache holds the most recently used routes. When IP routes a routing table, a hit increases the route in the routing cache. The system also periodically checks that the items in the routing cache are invalidated, and if they fail, they are cleared.