2007 11 20 jaxlug iproute2 and advanced linux routing
TRANSCRIPT
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
1/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
iproute2 andiproute2 and
Advanced Linux RoutingAdvanced Linux Routing
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
2/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
What is iproute2What is iproute2
A collection of utilities for controlling TCP/IP networking and trafficcontrol in Linux
Usually shipped in a package called iproute or iproute2 and conists ofseveral tools !ainly ip and tc"
ip controls IPv# and IPv$ configuration replaces arp ifconfig and route co!!ands
tc stands for traffic control % not discussed or covered & Availa'le in !ost distri'utions (e)uires IP features to 'e ena'led in kernel
*etworking +ptions C+*,I-.IP.
*etworking 01 *etworking +ptions 01 IP
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
3/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
Why iproute2Why iproute2
arp ifconfig and route co!!ands are venera'le +ne co!!and does it all ip
Consistent 'ehaviour under Linux 2"2 and up Uses the redesigned network su'syste! in 2"2 and a'ove Linux
3ernels A'ility to do -(4 tunnels
IP in IP tunneling Transport !ulticast traffic and IPv$ through a -(4 tunnel
(o'ust features (outing filtering and classifying
(ivals dedicated routers firewalls and traffic shaping products
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
4/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
Interface ManagementInterface Management
5isplaying links address routes and arp ip link list
ip address show
ip route show
ip neigh'our/neigh show
6anage!ent ip link set eth7 up/down
ip addr add/delete 892"8$:"7"8$8/2; 'rd 892"8$:"7"898 dev eth7
ip route add/change/delete/replace default via 892"8$:"7"892 dev eth7
ip neigh'our add/change/delete/replace 892"8$:"7"8 lladdr777777777777 dev eth7 nud per!anent
ip link/addr/route/neigh flush
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
5/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
Policy RoutingPolicy Routing
Policy routing consists of rules and ta'les
(ules are defined to !atch patterns ip interfaces co!'o (ules are given priorities and are followed in order till a pattern is!atched
(ules point to ta'les that contain routes the!selves (e)uired for !achines with !ultiple networks and gateways
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
6/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
RulesRules
5efault rules %'e careful with flushing or !odifying&< ip rule
7 fro! all lookup local
=2;$$ fro! all lookup !ain
=2;$; fro! all lookup default
Custo! rulesip rule add prio > ta'le !ain
ip rule add prio 87 fro! 892"8$:"7"7/2# ta'le 87
ip rule add prio 88 fro! 892"8$:"8"7/2# ta'le 88
ip rule add prio 82 fro! 892"8$:"2"7/2# ta'le 82
ip rule add prio =7 to $:":;"$:"=7 ta'le =7
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
7/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
TablesTables
5efault ta'les % 'e careful with flushing or !odifying& local !ain default % ip route show ta'le ?local!aindefault@ &
Custo! ta'lesip route del default ta'le !ain
ip route add default via 87"7"7"8 dev eth7 ta'le proto static 87
ip route add default via 87"7"8"8 dev eth8 ta'le proto static 88
ip route add default via 87"7"2"8 dev eth2 ta'le proto static 82
ip route add vid dev eth= proto static ta'le =7
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
8/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
Putting it all together live examplePutting it all together live example
ip link set lo upip link set eth7 upip link set eth8 up
ip link set eth2 up
ip addr add 82;"7"7"8/: 'rd 82;"7"7"2>> dev loip addr add 892"8$:"8"2>7/2# 'rd 892"8$:"8"2>> dev eth7ip addr add 87"8"7"2/8$ 'rd 87"8"2>>"2>> dev eth8ip addr add 87"8"7"9;/8$ 'rd 87"8"2>>"2>> dev eth8ip addr add 87"2"7"2/8$ 'rd 87"2"2>>"2>> dev eth2ip addr add 87"2"7">;/8$ 'rd 87"2"2>>"2>> dev eth2
ip route add 82;"7"7"7/: dev lo
ip rule add prio 87 ta'le !ainip route del default ta'le !ain
ip rule add prio 27 fro! 87"8"7"7/8$ ta'le 27ip route add default via 87"8"7"8 dev eth8 src 87"8"7"2 proto static ta'le 27ip route append prohi'it default ta'le 27 !etric 8 proto static
ip rule add prio =7 fro! 87"2"7"7/8$ ta'le =7ip route add default via 87"2"7"8 dev eth2 src 87"2"7"2 proto static ta'le =7ip route append prohi'it default ta'le =7 !etric 8 proto static
< et up load 'alancing gatewaysip rule add prio >7 ta'le >7ip route add default ta'le >7 proto static B nexthop via 87"8"7"8 dev eth8 B nexthop via 87"2"7"8 dev eth2
-
7/25/2019 2007 11 20 Jaxlug Iproute2 and Advanced Linux Routing
9/9
Presenter William L. Thomson Jr. 2007 Obsidian-Studios, Inc.
Where to go from hereWhere to go from here
help argu!ent ip help ip route help ip rule help
6an page !an ip 5istri'ution specific docu!entation -eneral docu!entation and resources for this presentation
http//www"lartc"org/howto/
http//www"policyrouting"org/iproute20toc"ht!l
http//www"docu!"org/docu!"org/fa)/cache/>;"ht!l
4veryones friend -oogle Local Users -roup Ask the presenter via e!ail
Dillia! L" Tho!son Er" wltFo'sidian0studios"co!
http://www.lartc.org/howto/http://www.policyrouting.org/iproute2-toc.htmlhttp://www.docum.org/docum.org/faq/cache/57.htmlmailto:[email protected]:[email protected]://www.docum.org/docum.org/faq/cache/57.htmlhttp://www.policyrouting.org/iproute2-toc.htmlhttp://www.lartc.org/howto/