Routing in Linux

From docwiki
Jump to: navigation, search


Motivation

We have already seen that IP packages do not only exist on your local network but are routed between networks around the world. How does routing in Linux work? Who do the package know which way to travel? What if you want to build your own router using a Linux system? Here you will learn the basics of how to do this.

How packets find their way

Let's assume you share your house with another family. You life on the first floor and the other family lives on the 2nd floor. You only have one Internet connection abut you want to share it with the other family. Yet you do not completely trust them so you want them on their own network segment.

In between the networks you an old PC that should work as a router. This could be the setup displayed below:

For the 1st floor you use: 192.168.1.0/24 and for the 2nd floor you use 192.168.2.0/24 addresses. The vertical bars symbolize the network. In the drawing we have only drawn one computer in the first network and one in the 2nd and one computer that has legs in both networks that should work as a router.

So when a computer on the 2nd floor, e.g. 192.168.2.37 whats to send packets to the 192.168.1.0/24 network, how do the packets know where to find that network? What is needed is a route, which is kind of a sign post for packets to tell them which way to go. The sign post in the example below would have to look like the one painted there. All packets with a destination in the 192.168.1.0/24 network, please go to the station 192.168.2.1, this station gives you further direction.

All stataions on the 192.168.2.0/24 networks can be reached directly via ethernet and ARP lookup.

Route.png

The machine in the middle has 2 network interfaces. One in each of the two network. This machine is called a multi homed machine, because it has interfaces in more then one network. Per default, if you use a Linux computer with 2 network cards it will not forward any packets from one interface to another interface.


the route command

The tool to see what routes are configured and to change the routes is called route. If you run it without arguments it will display the existing routes. If you want to change routes, you need to be root for that, you can pass it routes that you want to create or delete.

To create the route shown in the signpost above, you could use: 

# route add -net 192.168.1.0/24 gateway 192.168.2.1

To view the entry you could use 

# route -n

In order for the 2 networks above to be able to comunicate, the station 192.167.1.94 would need a route that points to the other direction. That would be e.g.: 

# route add -net 192.168.2.0/24 gateway 192.168.1.7

The most important route in many cases is the default route. The default route tells the machine where to send all packets where it does not have any other route. In fact the order of routes is always in the form that a more specific route (with a smaller range of hosts) has priority over a less specific one. The default route is then where all packets go with no specific route. On most machine, the only route is the default route. We have one router on the network that hopefully knows where to send packets to.

In the example above, the router in the middle might have a 3rd interface that goes to our provider. In this case all stations on both networks would have their default route to the interface on the router that sits in their segment and thus the above routes would not be necessary. Since all packets are sent to the router in the middle anyways, we do not need the specific route.

E.g. on network segment 1 the default route could be set like this: 

# route add default gateway 192.168.1.7

When you have DHCP the DHCP server will also tell you your default gateway.

Like all the other network commands: Everything you do with route is not permanent. It will be lost on reboot. In order to set your routes permanently they need to be configured in the startup files. For /etc/network/interface you can use the gateway keyword to specify a default gateway.

forwarding packets

As stated above: A Linux (or Windows) server does not forward packets between interfaces if not explicitly told to. So in order to setup your own router you need to tell it that it should forward packets. You could either use: 

# echo 1 > /proc/sys/net/ipv4/ip_forward

Which would starting forwarding. But again this would not be permanent, so you would have to run this in a script that is executed at boot time.

For enabling it permanently you would add net.ipv4.ip_forward=1 in /etc/sysctl.conf In order to enable it after you change instead of rebooting you can then run: 

# sysctl --system

Exercise

  • use the route command to see the routing table on your computer. Try to make sense of the output.
  • create a so called black hole route: create a dummy0 network interface (see ip link) and add a route to a service that you can normally reach. See how you are not cut off from reaching that server because the computer has the wrong route.
  • remove that route again.
Retrieved from "https://mond.at/docwiki/index.php?title=Routing_in_Linux&oldid=332"