policy-based Routing in Linux environments

Summary

This article based on a large number of instances based on the Linux2.2 of the powerful routing function, it provides the routing function is a lot of router products are unmatched, if considering its free, its performance price ratio is no product can be compared.

At present, the traditional routing algorithms used in computer network are routing based on IP packet destination address. However, in practical applications there is often such a requirement: routing is not only based on the destination of the datagram address, and according to other features of the datagram such as: Source Address, IP protocol, Transport layer port, Even the load part of the packet, this type of routing is called policy-based routing.

In Linux, support for policy-based routing is implemented from the 2.1 version of the kernel, which is implemented using a routing strategy database (rpdb,routing policy db) instead of a traditional, destination based routing table. RPDB Select the appropriate IP route by including some rules. These rules may contain a number of different types of health values (keys), so there is no default specific order for these rules, and the rule lookup order or rule priority is set by the network or system administrator.

Linux's rpdb is a list of linear rules sorted by numeric priority values. RPDB can match the datagram source address, destination address, TOS, access and Fwmark values. Each routing policy rule consists of a selector and an action indicator. Rpdb are scanned in ascending order of precedence, and the selector for each rule contained in RPDB is applied to the source address, destination address, entry interface, TOS, and fwmark value of the datagram. If the datagram matches the rule, the action that corresponds to the rule is executed. If the action returns successfully, the rule output is either a valid route or a route lookup failure indicator, otherwise the next rule for the RPDB is found.

What actions do you perform when the selector and a datagram match successfully? The standard action of routing software is to select the next hop address and output interface, which can be called "Matching & Setting" type action. However, Linux takes a more flexible approach, and there are a variety of actions to choose from in Linux. The default action is to query a specific routing table based on the destination address.

So the match & setup action becomes the simplest scenario for Linux routing. Linux supports multiple routing tables, and each routing table contains multiple routing information. That is, every routing table in Linux is equivalent to the System routing table of other operating systems. Linux supports up to 255 routing tables. (Linux 2.2.12 supports 255 routing tables, 255 converged domains, and 232 policy rule priorities.)