1Classes 2------- 3 4 "Class" is a complete routing table in common sense. 5 I.e. it is tree of nodes (destination prefix, tos, metric) 6 with attached information: gateway, device etc. 7 This tree is looked up as specified in RFC1812 5.2.4.3 8 1. Basic match 9 2. Longest match 10 3. Weak TOS. 11 4. Metric. (should not be in kernel space, but they are) 12 5. Additional pruning rules. (not in kernel space). 13 14 We have two special type of nodes: 15 REJECT - abort route lookup and return an error value. 16 THROW - abort route lookup in this class. 17 18 19 Currently the number of classes is limited to 255 20 (0 is reserved for "not specified class") 21 22 Three classes are builtin: 23 24 RT_CLASS_LOCAL=255 - local interface addresses, 25 broadcasts, nat addresses. 26 27 RT_CLASS_MAIN=254 - all normal routes are put there 28 by default. 29 30 RT_CLASS_DEFAULT=253 - if ip_fib_model==1, then 31 normal default routes are put there, if ip_fib_model==2 32 all gateway routes are put there. 33 34 35Rules 36----- 37 Rule is a record of (src prefix, src interface, tos, dst prefix) 38 with attached information. 39 40 Rule types: 41 RTP_ROUTE - lookup in attached class 42 RTP_NAT - lookup in attached class and if a match is found, 43 translate packet source address. 44 RTP_MASQUERADE - lookup in attached class and if a match is found, 45 masquerade packet as sourced by us. 46 RTP_DROP - silently drop the packet. 47 RTP_REJECT - drop the packet and send ICMP NET UNREACHABLE. 48 RTP_PROHIBIT - drop the packet and send ICMP COMM. ADM. PROHIBITED. 49 50 Rule flags: 51 RTRF_LOG - log route creations. 52 RTRF_VALVE - One way route (used with masquerading) 53 54Default setup: 55 56root@amber:/pub/ip-routing # iproute -r 57Kernel routing policy rules 58Pref Source Destination TOS Iface Cl 59 0 default default 00 * 255 60 254 default default 00 * 254 61 255 default default 00 * 253 62 63 64Lookup algorithm 65---------------- 66 67 We scan rules list, and if a rule is matched, apply it. 68 If a route is found, return it. 69 If it is not found or a THROW node was matched, continue 70 to scan rules. 71 72Applications 73------------ 74 751. Just ignore classes. All the routes are put into MAIN class 76 (and/or into DEFAULT class). 77 78 HOWTO: iproute add PREFIX [ tos TOS ] [ gw GW ] [ dev DEV ] 79 [ metric METRIC ] [ reject ] ... (look at iproute utility) 80 81 or use route utility from current net-tools. 82 832. Opposite case. Just forget all that you know about routing 84 tables. Every rule is supplied with its own gateway, device 85 info. record. This approach is not appropriate for automated 86 route maintenance, but it is ideal for manual configuration. 87 88 HOWTO: iproute addrule [ from PREFIX ] [ to PREFIX ] [ tos TOS ] 89 [ dev INPUTDEV] [ pref PREFERENCE ] route [ gw GATEWAY ] 90 [ dev OUTDEV ] ..... 91 92 Warning: As of now the size of the routing table in this 93 approach is limited to 256. If someone likes this model, I'll 94 relax this limitation. 95 963. OSPF classes (see RFC1583, RFC1812 E.3.3) 97 Very clean, stable and robust algorithm for OSPF routing 98 domains. Unfortunately, it is not widely used in the Internet. 99 100 Proposed setup: 101 255 local addresses 102 254 interface routes 103 253 ASE routes with external metric 104 252 ASE routes with internal metric 105 251 inter-area routes 106 250 intra-area routes for 1st area 107 249 intra-area routes for 2nd area 108 etc. 109 110 Rules: 111 iproute addrule class 253 112 iproute addrule class 252 113 iproute addrule class 251 114 iproute addrule to a-prefix-for-1st-area class 250 115 iproute addrule to another-prefix-for-1st-area class 250 116 ... 117 iproute addrule to a-prefix-for-2nd-area class 249 118 ... 119 120 Area classes must be terminated with reject record. 121 iproute add default reject class 250 122 iproute add default reject class 249 123 ... 124 1254. The Variant Router Requirements Algorithm (RFC1812 E.3.2) 126 Create 16 classes for different TOS values. 127 It is a funny, but pretty useless algorithm. 128 I listed it just to show the power of new routing code. 129 1305. All the variety of combinations...... 131 132 133GATED 134----- 135 136 Gated does not understand classes, but it will work 137 happily in MAIN+DEFAULT. All policy routes can be set 138 and maintained manually. 139 140IMPORTANT NOTE 141-------------- 142 route.c has a compilation time switch CONFIG_IP_LOCAL_RT_POLICY. 143 If it is set, locally originated packets are routed 144 using all the policy list. This is not very convenient and 145 pretty ambiguous when used with NAT and masquerading. 146 I set it to FALSE by default. 147 148 149Alexey Kuznetov 150kuznet@ms2.inr.ac.ru 151