Ip command Manual (III)
8. IP route-database management commands for routing policies
8. 1. Abbreviations
Rule, Ru
8. 2. Object
The rules of the routing policy database are used to control the routing algorithm.
The routing algorithm used on the Internet is generally based on the destination address of the data packet. Theoretically
The TOS domain is determined, but this is not actually used. For details about the classic routing algorithm, see
RFC-1812.
In some cases, we do not only need to determine the route through the destination address of the data packet, but also
The load of the source address, IP protocol, transport layer port, and even data packets must be passed through other domains. This is called:
Policy routing ).
Note: Policy Routing is not equal to rouing policy ).
In this case, the traditional route table based on the destination address cannot meet the requirements.
Instead of a Policy Database (rpdb), it selects to execute certain routes.
These rules can be in many different states, and they do not have a natural order, which must be determined by the system administrator.
. Rpdb can match the following domains:
The source address of the data packet;
The destination address of the data packet;
Service type (type of service );
Enter the network interface;
It is also possible to match the IP protocol and the transport layer port, but it depends on iptables or ipchains.
Mark some data packets through fwmark and redirect them.
Each routing policy consists of a selector and an action. The system follows
Search for the routing policy database in sequence, including the selection operator and {source address, Destination Address, access interface, TOS,
Fwmark} and other keywords for matching. If the matching is successful, the action-defined operation is executed. Operation or
Return successfully or stop routing policy. Otherwise, the system continues to query the routing policy database.
How is the operation defined? The most primitive operation is to select the next hop (nexthop) and output device (output
Device ). Cisco IOS uses this method. We call this a match & set)
. Linux is more flexible. Linux allows the following operations: route table query based on the destination address.
And select routes from the routing table according to the longest matching principle. Therefore, match and set (match & set)
The method is just the simplest special case.
When the system starts, the kernel will configure three default rules for the routing policy database:
Operation description
0 match any condition query route table local (ID 255) route table local is a special route table, packet
Including high-priority control routes for local and broadcast addresses. Rule 0 is special and cannot be deleted or overwritten.
Cover.
32766 matching any condition query route table main (ID 254) route table main (ID 254) is a common
Table that contains all the no-policy routes. The system administrator can delete or use another rule to overwrite this rule.
.
32767 match any condition query route table default (ID 253) route table default (ID 253) is
Empty table, which is retained for subsequent processing. For data packets that do not match the previous default policy
This policy is used for processing. This rule can also be deleted.
Do not confuse the route table and Policy: Rules direct to the route table. Multiple rules can reference one route table.
And some route tables can point to it without a policy. If the system administrator deletes all
Rule, this table is useless, but it still exists until all the routes in it are deleted.
Disappear.
8. 3. Rule type
The routing policy rule database can include the following types of rules:
Unicast returns the routes found from the referenced routing table
Blackhole discards data packets without any response
Unreachable generates an ICMP error message indicating that the network is unreachable.
Prohibit is forbidden to generate communications (communication is administratively prohibited)
ICMP error message
Nat converts the source address of the datagram to another value. For details, see Appendix C
8. 4. Command
Add, delete, show (or list)
8.5.ip rule add -- Insert a new rule
IP rule Delete -- delete a rule
Abbreviation: add, A; delete, Del, d
Parameters
Type (default) indicates the type of the rule. Valid types have been described in the previous section.
Source Address matched by from prefix
IIF name: select the device to which the data packet enters. If the interface is a loopback device, this rule only matches the source
Local data packets. This means that you can create a separate
Route table to completely isolate the two.
Select the matching TOS value for TOS or dsfield tos.
Fwmark MARK: fwmark value to be matched
Priority preference sets the priority of this rule. The priority of each rule should be clearly set
Is a unique value. In fact, for historical reasons, the IP roule add command does not require any priority.
And do not have to be unique. If you do not provide a priority value in the command, the kernel automatically selects
. If the priority value provided by the user already exists, the kernel will not reject this request.
Level Rules.
Table tableid if the rule matches, the queried route table identifier.
Realms from/to if the rule matches and the route table query is successful, select the realms value.
Set the IP address segment for network address translation. Address or network address
The IP address segment can be a local address or even 0.
Warning
Any modifications made to the routing policy database using the preceding two Commands will not take effect immediately. Only enable
Use the IP Route flush cach command to refresh the route cache.
Example
Route data packets from the source address 192.203.80/24 through the route table INR. ruhete
IP Ru add from 192.203.80/24 table INR. ruhoo PRIO 220
Convert the source address of the datagram whose source address is 193.233.7.83 to 192.203.80.144, and enter
Line Routing
IP Ru add from 193.233.7.83 Nat 192.203.80.144 Table 1 PRIO 320
Delete useless default rules
IP Ru del PRIO 32767
8.7.ip rule show -- list routing rules
Abbreviations: Show, list, sh, ls, l
Parameters
Good news, this command has no parameters.
Output Format
Kuznet @ AMBER :~ $ IP Ru ls
0: from all lookup local
200: From 192.203.80.0/24 to 193.233.7.0/24 lookup main
210: From 192.203.80.0/24 to 192.203.80.0/24 lookup main
220: From 192.203.80.0/24 lookup INR. rulap realms INR. rulap/radio-MSU
300: From 193.233.7.83 to 193.233.7.0/24 lookup main
310: From 193.233.7.83 to 192.203.80.0/24 lookup main
320: From 193.233.7.83 lookup INR. ruhemap-to 192.203.80.144
32766: from all lookup main
Kuznet @ AMBER :~ $
The number in the first part of each line is the priority of the rule, followed by the selector.
The keyword lookup is followed by the route table identifier.
If the rules require Network Address Translation, you also need a map-to keyword to set the address after conversion.
.
The preceding example is very simple. 192.203.80.0/24 and 193.233.7.0/24 form an internal network,
They send data packets externally through different routes. Host 193.233.7.83 and external session, address
To be converted to 192.203.80.144.
9. IP maddress-multicast address management
9. 1. Object
The object managed by this command is the multicast address.
9. 2. Command
Add, delete, show (or list)
9.3.ip maddress show -- list multicast addresses
Abbreviations: Show, list, sh, ls, l
Parameters
Dev name (defautl) device name
Output Format
Kuznet @ Alisa :~ $ IP maddr ls dummy
2: dummy
Link 33: 33: 00: 00: 00: 01
Link 01: 00: 5E: 00: 00: 01
Inet 224.0.0.1 users 2
Inet6 ff02: 1
Kuznet @ Alisa :~ $
The first line of output is the device index and device name. The following lines are multicast addresses, and each line is identified by the Protocol.
. Keyword link indicates that this is the link layer multicast address.
If a multicast address has several users, the number of users is listed after the users keyword. Above
The keyword static does not appear in the example. It indicates that the address is added by the IP maddr add command.
9.4.ip maddress add -- add multicast address
IP maddress Delete -- delete multicast address
Abbreviation: add, A; delete, Del, d
Introduction
With these two commands, we can add/Delete the link layer multicast address listened on the network interface.
This command can only manage link layer addresses.
Parameters
Address lladdress (default) link layer multicast address
Dev name: the device that joins/disconnects from this multicast address.
Example
Let's continue with the example in the previous section.
Netadm @ Alisa :~ # IP maddr add 33: 33: 00: 00: 00: 01 Dev dummy
Netadm @ Alisa :~ # IP-O maddr ls dummy
2: dummy
Link 33: 33: 00: 00: 00: 01 users 2 static
Link 01: 00: 5E: 00: 00: 01
Netadm @ Alisa :~ # IP maddr del 33: 33: 00: 00: 00: 01 Dev dummy
Note: IP commands and the kernel do not check the validity of multicast addresses. This means you can use
The Unicast address replaces the multicast address. Most drivers ignore the unicast address, but some drivers (for example
For example, tulip) will add this Unicast address to its filter. The effect is somewhat strange if you
When the IP address of another host or router is used as the multicast address, you can receive the data sent to them.
Package. However, this is not a bug, but a feature of the kernel. It can be used for network monitoring.