Linux strategic routing application

Strategic Routing

Strategy means that the IP packet routing is based on the policies set by the network administrator as needed. For example, we can have A policy like this: "select X path for all packages that come directly from Network A; select Y path for others", or "select path F for all packages whose TOS is; other selected paths K ".

Cisco's network operating system (Cisco IOS) has adopted a new strategic routing mechanism since 11.0. Linux uses a strategic Routing Mechanism in kernel 2.1. Compared with traditional routing algorithms, the strategic routing mechanism mainly introduces the concept of multiple route tables and rules.

Multiple Routing Tables)

Traditional routing algorithms only use one route table. However, in some cases, we need to use multiple route tables. For example, if a subnet is connected to the outside world through a vro, The vro has two lines connected to the outside world, one of which is faster and the other is slower. Most users in the subnet have no special requirements on the speed, so they can use slow routes; however, some special users in the subnet have strict speed requirements, so they need to use fast routes. If you use a route table, the preceding requirements cannot be met. If you use different route tables for different users based on the source address or other parameters, the performance of the router can be greatly improved.

Rule (rule)

Rules are a key new strategic concept. We can use natural language to describe rules like this. For example, we can specify such rules:

Rule 1: "All IP packets from 192.16.152.24 use route table 10. The priority of this rule is 1500"

Rule 2: "All packages use route table 253. The priority of this rule is 32767"

We can see that the rule contains three elements:

What kind of package will apply this rule (the so-called SELECTOR may be a filter that better reflects its role );

What ACTION will a packet comply with this rule take, such as the table used;

Priority of this rule. Rules with higher priority are matched first (smaller values have higher priority ).

How to configure strategic routes

The traditional tool for configuring routes in linux is route, and the tool for implementing strategic routing configuration is iproute2 toolkit. This software package was developed by Alexey Kuznetsov.
This section briefly introduces how to configure strategic routes to better understand the content of the second part. For more information, see ip address-cfref written by Alexey Kuznetsov. The configuration of strategic routes mainly includes interface address configuration, route configuration, and rule configuration.

IP address Addr

You can use the following command to configure the interface:

Usage: ip addr [add | del] IFADDR dev STRING

For example:

Router> # ip addr add 192.168.0.1/24 broadcast 192.168.0.255 label eth0 dev eth0

The above indicates that the address 192.168.0.1 mask assigned to the eth0 interface is 255.255.255.0 (24 indicates the number of 1 in the mask), and the broadcast address is 192.168.0.255.

Route configuration IP Route

Linux supports a maximum of 255 route tables, of which 3 are built-in:

Table 255 the Local table Local interface address, broadcast address, and NAT address are both in this table. The route table is automatically maintained by the system and cannot be directly modified by the Administrator.

Table 254 If the Main table does not specify the table to which the router belongs, all routes are placed in this table by default. Generally, the old routing tool (such as route) all the added routes are added to this table. It is generally a common route.

Table 253 Default table generally stores all the Default routes in this table. However, if this table is specified, all the gateway routes can be used.

Table 0 Reserved

The format of the route configuration command is as follows:
Usage: ip route list SELECTOR
Ip route {change | del | add | append | replace | monitor} ROUTE

To view the content of a route table, run the following command:

Ip route list table table_number

Route operations include change, del, add, append, replace, and monitor. For example, you can add a route:

Router> # ip route add 0/0 via 192.168.0.4 table main
Router> # ip route add 192.168.3.0/24 via 192.168.0.3 table 1

The first command is to add a route entry to the master route table (main table), that is, table 254. The route content is to set 192.168.0.4 as the gateway.

The second command adds a route entry to route table 1. The subnet 192.168.3.0 (subnet mask is 255.255.255.0) and the gateway is 192.168.0.3.

In a multi-route table routing system, all route operations, such as adding a route to a route table or finding a specific route in the routing table, must specify the route table to be operated, if no route table is specified, the operation is performed on the master route table (table 254) by default. In a single table system, route operations do not need to specify the route table.

Rule Configuration IP Rule

In Linux, a priority rule can be defined. A priority level can have only one rule, that is, a total of rules can be defined theoretically. Three of the rules are default. Command usage:

Usage: ip rule [list | add | del] SELECTOR ACTION
SELECTOR: = [from PREFIX] [to PREFIX] [tos]
[Dev STRING] [pref NUMBER]
ACTION: = [table TABLE_ID] [nat ADDRESS]
[Prohibit | reject | unreachable]
[Flowid CLASSID]
TABLE_ID: = [local | main | default | new | NUMBER

First, we can look at all the default rules of the route table:

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

Rule 0 is the highest priority rule. It specifies that all packages must be routed using the local table (254) first. This rule cannot be changed or deleted.

Rule 32766 specifies that all packages are routed using the Table main. This rule can be changed or deleted.

Rule 32767 specifies that all packages use the table default for routing. This rule can be changed or deleted.

When routing is performed by default, routes are first searched in the local routing table based on rule 0. If the destination address is the current network or broadcast address, you can find a suitable route here. If the route fails, it will match the next non-null rule. Here there is only 32766 rule, and the route will be searched in the main route table; if it fails, the 32767 rule is matched, that is, the default route table is searched. If it fails, the route will fail. Here we can see that strategic routing is forward compatible.

You can also add rules:

Router> # ip rule add [from 0/0] table 1 pref 32800
Router> # ip rule add from 192.168.3.112/32 [tos 0x10] table 2 pref 1500 prohibit

The first command adds a rule to the rule chain. The rule matches all data packets, and the action is to select the route entry in route table 1. The rule has a priority of 32800.

The second command adds a rule to the rule chain. The rule matches a packet whose IP address is 192.168.3.112 and tos is equal to 0x10. Use route table 2. The rule has a priority of 1500 and the action is. After adding the rule, we can see the changes in the system rules.

Router> # ip rule
0: from all lookup local
1500 from 192.168.3.112/32 [tos 0x10] lookup 2
32766: from all lookup main
32767: from all lookup default
32800: from all lookup 1

The preceding rule uses the source address as the keyword to determine whether to match the rule. In addition to the source address, you can also use the following information:

From -- Source Address

To -- Destination Address (used for rule selection and used for route table search)

Tos -- the TOS (type of sevice) domain of the IP Header

Dev -- physical interface

Fwmark-firewall Parameters

In addition to specifying a table, you can also specify the following actions:

Table indicates the Table used

Nat transparent gateway

Action prohibit discards the packet and sends ICMP information of COMM. ADM. PROHIITED

Reject simply discards this package

Unreachable discards the packet and sends the ICMP information of the net unreachable.

Application of strategic Routing

Source-Sensitive Routing)

If a network accesses the Internet through two lines, one is relatively fast ADSL, and the other is a relatively slow common Modem. In this way, the network administrator can provide a non-differentiated routing service, or make some specific addresses use fast lines based on different source addresses, while ordinary users use slow lines, source Address-based routing.

Quality of Service)

Network administrators can route data packets with different requirements on transmission rate, throughput, and Reliability Based on the service-level domain of the IP header.

Cost-saving applications

Network administrators can enable some relatively large bursts of communications to use some relatively high-bandwidth but relatively expensive paths for a short period of time based on their communication conditions, then let the basic communication continue to use the basic line that was originally cheaper. For example, the Administrator knows that communication between a host and a specific address is usually accompanied by a large number of bursts of communication, so the network administrator can arrange some policies to make these hosts use special routes, these routes are on-demand dial-up lines with relatively high bandwidth. After the communication is completed, they will be stopped, while normal communication will not be affected. This not only improves network performance, but also saves costs.

Load Sharing)

According to the characteristics of network traffic, network administrators can allocate loads between different routes to achieve load balancing.

Implementation of strategic Routing in Linux-RPDB (Routing Policy DataBase)

In Linux, strategic routing is implemented by RPDB. The understanding of the internal mechanism of RPDB can deepen the understanding of strategic routing. The details of RPDB implementation in linux 2.4.18 are analyzed here. The main implementation files include:

Fib_hash.c
Fib_rules.c
Fib_sematic
Fib_frontend.c
Route. c

RDPB consists of multiple route tables and rules. The route table, its operations, and its external interfaces are the core components of the entire RPDB. The route table consists of tables, zones, and nodes. Operations on the route table mainly include physical operations and semantic operations. In addition to providing the routing query interface to the IP layer, the route table must also provide interfaces with several elements: interfaces with users (that is, changing routes) and proc interfaces, IP layer control interfaces, and hardware interfaces (changes in network interfaces will lead to changes in route table content ). The rule that is in the center of RDPB is selected from the rule selection table. The IP layer does not directly use the route table, but uses a routing adaptation layer to provide high-performance routing services for the IP layer.

Route Table (Fib Table)

Data structure:

In the entire strategic routing framework, the route table is the most important data structure. We have made a clear description of the concept and structure of the route table. Linux is implemented through the following main data structures.

Main data structure position
Struct fib_table route table ip_fib.h 116
Struct fn_hash the hash data of the route table. Fig 104
Struct fn_zone domain maid 85
Struct fib_node route node fib_hash.c 68
Struct fib_info route information ip_fib.h 57
Struct fib_result route result ip_fib.h 86

The main relationships between data structures are as follows. The route table consists of the route table number, the operation function pointer of the route table, and table data. Note that the zone domain is not directly defined in the route table structure, but is directed to fn_hash through a data pointer. Only when data in the zone is connected to fn_zone_list.

All route tables of the system are maintained by the array variable * fib_tables [RT_TABLE_MAX + 1]. The system defines RT_TABLE_MAX as 254, that is, the maximum route table of the system is 255, all route table operations are performed on this array .. The system also defines the Three-length route table * local_table; * main_table.

Route table operation:

The main part of the Linux policy routing code is the operation on the route table. Physical Operations on Route tables are intuitive and easy to understand. The operations on tables are like adding, deleting, and updating tables. There is also an operation called semantic operation, which mainly refers to computing the next address, converting a node to a route entry, and searching for a route with specified information.

1. Physical Operations (operation ):

The Physical Operations of a route table mainly include the following functions:

Routing label operation implementation Function Location
Create a route table
Delete route table
Search route fn_hash_lookup fig 269
Insert a route entry to the route table fn_hash_insert fig 341
Delete the route table's route table fn_hash_delete
Fn_hash_dump
Fiber _ hash.c 433
Fiber _ hash.c 614
Update the route table's route table fn_hash_flush fig 729
Display route table information fn_hash_get_info fib_hash.c 750
Select the default route fn_hash_select_default fib_hash.c 842

2. semantics operation ):

Semantic operations do not involve the understanding of the overall framework of the route table, and the function name is self-explanatory. Therefore, please refer to fib_semantics.c.

3. front end)

The key to understanding the route table interface is to understand

IP

The first is the IP layer interface of the route table. In the sense of linux, the most important route is the IP layer routing, so the interface with the IP layer is the most important interface. The connection with the ip layer is mainly to provide the IP layer with interfaces for finding routes, controlling routes, and searching for specified ip addresses.

Fil_lookup
Ip_rt_ioctl fig 286; "f
Ip_dev_find 145

Inet

The route table must also provide the configuration interface, that is, the user can directly operate the routing interface, such as adding or deleting a route. Of course, rules are added and deleted in strategic routes.

Inet_rtm_delroute 351
Inet_rtm_newroute 366
Inet_check_attr335

Proc

The routing information is displayed in/proc/net/route.
Fib_get_procinfo

4. net dev event)

A route is associated with hardware. When a network device is started or shut down, the route table manager must be notified to update the route table information.

Fib_disable_ip 567
Fib_inetaddr_event 575
Fib_netdev_event

5. Internal maintenance (magic)

As mentioned above, the maintenance of the local table is automatically performed by the system. That is to say, when you set an IP address for the hardware, the system automatically adds the local interface address and broadcast address to the local routing table.

Fiber _ magic 417
Fiber _ add_ifaddr 459
Fiber _ del_ifaddr 498

Rule

1. Data Structure

The rule is defined as struct fib_rule in row 52 of fib_rules.c. All the routes in RPDB are stored in the variable fib_rules of row 101. Note that this variable is critical and takes charge of all the rules, this variable is used to add or delete rules.

2. System-defined rules:

After fib_rules is defined, three default rules are assigned: default rules, local rules, and master rules.

U local rule local_rule
94 static struct maid = {
R_next: & main_rule,/* The next rule is the primary rule */
R_clntref: ATOMIC_INIT (2 ),
R_table: RT_TABLE_LOCAL,/* pointing to the local route table */
R_action: RTN_UNICAST,/* the action is to return the route */
};

U master rule main_rule
86 static struct maid = {
R_next: & default_rule,/* The next rule is the default rule */
R_clntref: ATOMIC_INIT (2 ),
R_preference: 0x7FFE,/* default rule priority: 32766 */
R_table: RT_TABLE_MAIN,/* pointing to the master route table */
R_action: RTN_UNICAST,/* the action is to return the route */
};
U default rule
79 static struct maid = {
R_clntref: ATOMIC_INIT (2 ),
R_preference: 0x7FFF,/* default rule priority 32767 */
R_table: RT_TABLE_DEFAULT,/* indicates the default route table */
R_action: RTN_UNICAST,/* the action is to return the route */
};

The chain header of the Rule chain points to the local rule.

The central function of RPDB is fiber _ lookup.

Now we have discussed the central function fiber _ lookup for RPDB implementation. RPDB provides the interface function fiber _ lookup as the entry point for finding routes. It is necessary to discuss this function in detail here. The source code is as follows :,

310 int maid (const struct rt_key * key, struct maid * res)
311 {
312 int err;
313 struct maid * r, * policy;
314 struct fib_table * tb;
315
316 u32 daddr = key-> dst;
317 u32 saddr = key-> src;
318
321 read_lock (& fig );
322 for (r = fib_rules; r = r-> r_next) {/* Scan each rule in the fib_rules of the rule chain until it is matched */
323 if (saddr ^ r-> r_src) & r-> r_srcmask) |
324 (daddr ^ r-> r_dst) & r-> r_dstmask) |
325 # ifdef CONFIG_IP_ROUTE_TOS
326 (r-> r_tos & r-> r_tos! = Key-> tos) |
327 # endif
328 # ifdef CONFIG_IP_ROUTE_FWMARK
329 (r-> r_fwmark & r-> r_fwmark! = Key-> fwmark) |
330 # endif
331 (r-> r_ifindex & r-> r_ifindex! = Key-> iif ))
332 continue;/* The above is used to determine whether the rule matches. If the rule does not match, the next rule is scanned; otherwise, the next rule is continued */

335 switch (r-> r_action) {/* OK, start to process the action */
336 case RTN_UNICAST:/* No action set */
337 case RTN_NAT:/* Action nat ADDRESS */
338 policy = r;
339 break;
340 case RTN_UNREACHABLE:/* Action unreachable */
341 read_unlock (& fig );
342 return-ENETUNREACH;
Default 343:
344 case RTN_BLACKHOLE:/* Action reject */
345 read_unlock (& fig );
346 return-EINVAL;
347 case RTN_PROHIBIT:/* Action prohibit */
348 read_unlock (& fig );
349 return-eaccess es;
350}
351/* select a route table */
352 if (tb = fig (r-> r_table) = NULL)
353 continue;
/* Search for the specified route in the routing table */
354 err = tb-> tb_lookup (tb, key, res );
355 if (err = 0) {/* hit target */
356 res-> r = policy;
357 if (policy)
358 atomic_inc (& policy-> r_clntref );
359 read_unlock (& fig );
360 return 0;
361}
362 if (err <0 & err! =-EAGAIN) {/* route failure */
363 read_unlock (& fig );
364 return err;
365}
366}
368 read_unlock (& fig );
369 return-ENETUNREACH;
370}

The above code is very clear. First, the program scans all the rules from the higher priority to the lower priority. If the rules match, it processes the rule action. For normal route addressing or nat address translation, first obtain the route table from the rule and then perform operations on the route table. In this way, RPDB is clearly displayed.

IP route)

A system composed of route tables and rules can be used to manage and search routes. However, to make routing at the IP layer more efficient, in the linux routing system, route. c To adapt most IP layers to RPDB, as well as the routing cache function.

Call Interface

The router interfaces at the IP layer are divided into the send route interface and the receive route interface:

Send route Interface

The IP layer calls the ip_route_out function when routing data is required. After converting some key values, this function will call the ip_route_output_key function. This function first searches for routes in the cache. If it fails, it will call ip_route_output_slow, ip_route_output_slow calls fib_lookup to search for a route in the route table. If a route is hit, add the route in the cache and return the result.

Ip_route_out route. h
Ip_route_output_key route. c 1984;
Ip_route_output_slowroute. c 1690 ;"

Receiving route Interface

After receiving a packet, the IP layer calls the ip_route_input function and ip_route_input function in the cache to find the route. If the cache fails, ip_route_inpu calls ip_route_input_slow and the routing layer calls fib_lookup to find the route in, if the route is hit, add the route to the cache first, and then return the result.

Ip_route_input_slowroute. c 1312; "f
Ip_route_input route. c 1622; "f

Cache

The routing cache stores the recently used routes. After the IP address is routed in the route table, if hit, the route will be added to the route cache. At the same time, the system regularly checks whether the items in the route cache are invalid. If the items are invalid, clear them.