| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | Classes |
| 2 | ------- |
| 3 | |
| 4 | "Class" is a complete routing table in common sense. |
| 5 | I.e. it is tree of nodes (destination prefix, tos, metric) |
| 6 | with attached information: gateway, device etc. |
| 7 | This tree is looked up as specified in RFC1812 5.2.4.3 |
| 8 | 1. Basic match |
| 9 | 2. Longest match |
| 10 | 3. Weak TOS. |
| 11 | 4. Metric. (should not be in kernel space, but they are) |
| 12 | 5. Additional pruning rules. (not in kernel space). |
| 13 | |
| 14 | We have two special type of nodes: |
| 15 | REJECT - abort route lookup and return an error value. |
| 16 | THROW - abort route lookup in this class. |
| 17 | |
| 18 | |
| 19 | Currently the number of classes is limited to 255 |
| 20 | (0 is reserved for "not specified class") |
| 21 | |
| 22 | Three classes are builtin: |
| 23 | |
| 24 | RT_CLASS_LOCAL=255 - local interface addresses, |
| 25 | broadcasts, nat addresses. |
| 26 | |
| 27 | RT_CLASS_MAIN=254 - all normal routes are put there |
| 28 | by default. |
| 29 | |
| 30 | RT_CLASS_DEFAULT=253 - if ip_fib_model==1, then |
| 31 | normal default routes are put there, if ip_fib_model==2 |
| 32 | all gateway routes are put there. |
| 33 | |
| 34 | |
| 35 | Rules |
| 36 | ----- |
| 37 | Rule is a record of (src prefix, src interface, tos, dst prefix) |
| 38 | with attached information. |
| 39 | |
| 40 | Rule types: |
| 41 | RTP_ROUTE - lookup in attached class |
| 42 | RTP_NAT - lookup in attached class and if a match is found, |
| 43 | translate packet source address. |
| 44 | RTP_MASQUERADE - lookup in attached class and if a match is found, |
| 45 | masquerade packet as sourced by us. |
| 46 | RTP_DROP - silently drop the packet. |
| 47 | RTP_REJECT - drop the packet and send ICMP NET UNREACHABLE. |
| 48 | RTP_PROHIBIT - drop the packet and send ICMP COMM. ADM. PROHIBITED. |
| 49 | |
| 50 | Rule flags: |
| 51 | RTRF_LOG - log route creations. |
| 52 | RTRF_VALVE - One way route (used with masquerading) |
| 53 | |
| 54 | Default setup: |
| 55 | |
| 56 | root@amber:/pub/ip-routing # iproute -r |
| 57 | Kernel routing policy rules |
| 58 | Pref Source Destination TOS Iface Cl |
| 59 | 0 default default 00 * 255 |
| 60 | 254 default default 00 * 254 |
| 61 | 255 default default 00 * 253 |
| 62 | |
| 63 | |
| 64 | Lookup algorithm |
| 65 | ---------------- |
| 66 | |
| 67 | We scan rules list, and if a rule is matched, apply it. |
| 68 | If a route is found, return it. |
| 69 | If it is not found or a THROW node was matched, continue |
| 70 | to scan rules. |
| 71 | |
| 72 | Applications |
| 73 | ------------ |
| 74 | |
| 75 | 1. Just ignore classes. All the routes are put into MAIN class |
| 76 | (and/or into DEFAULT class). |
| 77 | |
| 78 | HOWTO: iproute add PREFIX [ tos TOS ] [ gw GW ] [ dev DEV ] |
| 79 | [ metric METRIC ] [ reject ] ... (look at iproute utility) |
| 80 | |
| 81 | or use route utility from current net-tools. |
| 82 | |
| 83 | 2. Opposite case. Just forget all that you know about routing |
| 84 | tables. Every rule is supplied with its own gateway, device |
| 85 | info. record. This approach is not appropriate for automated |
| 86 | route maintenance, but it is ideal for manual configuration. |
| 87 | |
| 88 | HOWTO: iproute addrule [ from PREFIX ] [ to PREFIX ] [ tos TOS ] |
| 89 | [ dev INPUTDEV] [ pref PREFERENCE ] route [ gw GATEWAY ] |
| 90 | [ dev OUTDEV ] ..... |
| 91 | |
| 92 | Warning: As of now the size of the routing table in this |
| 93 | approach is limited to 256. If someone likes this model, I'll |
| 94 | relax this limitation. |
| 95 | |
| 96 | 3. OSPF classes (see RFC1583, RFC1812 E.3.3) |
| 97 | Very clean, stable and robust algorithm for OSPF routing |
| 98 | domains. Unfortunately, it is not widely used in the Internet. |
| 99 | |
| 100 | Proposed setup: |
| 101 | 255 local addresses |
| 102 | 254 interface routes |
| 103 | 253 ASE routes with external metric |
| 104 | 252 ASE routes with internal metric |
| 105 | 251 inter-area routes |
| 106 | 250 intra-area routes for 1st area |
| 107 | 249 intra-area routes for 2nd area |
| 108 | etc. |
| 109 | |
| 110 | Rules: |
| 111 | iproute addrule class 253 |
| 112 | iproute addrule class 252 |
| 113 | iproute addrule class 251 |
| 114 | iproute addrule to a-prefix-for-1st-area class 250 |
| 115 | iproute addrule to another-prefix-for-1st-area class 250 |
| 116 | ... |
| 117 | iproute addrule to a-prefix-for-2nd-area class 249 |
| 118 | ... |
| 119 | |
| 120 | Area classes must be terminated with reject record. |
| 121 | iproute add default reject class 250 |
| 122 | iproute add default reject class 249 |
| 123 | ... |
| 124 | |
| 125 | 4. The Variant Router Requirements Algorithm (RFC1812 E.3.2) |
| 126 | Create 16 classes for different TOS values. |
| 127 | It is a funny, but pretty useless algorithm. |
| 128 | I listed it just to show the power of new routing code. |
| 129 | |
| 130 | 5. All the variety of combinations...... |
| 131 | |
| 132 | |
| 133 | GATED |
| 134 | ----- |
| 135 | |
| 136 | Gated does not understand classes, but it will work |
| 137 | happily in MAIN+DEFAULT. All policy routes can be set |
| 138 | and maintained manually. |
| 139 | |
| 140 | IMPORTANT NOTE |
| 141 | -------------- |
| 142 | route.c has a compilation time switch CONFIG_IP_LOCAL_RT_POLICY. |
| 143 | If it is set, locally originated packets are routed |
| 144 | using all the policy list. This is not very convenient and |
| 145 | pretty ambiguous when used with NAT and masquerading. |
| 146 | I set it to FALSE by default. |
| 147 | |
| 148 | |
| 149 | Alexey Kuznetov |
| 150 | kuznet@ms2.inr.ac.ru |