Enterprise Networking Week 7

Spring 2023, Mondays 4:15-6:45 in Crown 105

March 13

Using netem for everything (queue, rate, delay)





Basic lookup algorithm, with prefix lengths

Use of CAM (also for switching)

Linux Policy Routing (see also www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html)

There are actually multiple Linux routing tables. The file /etc/iproute2/rt_tables defines them. Here is the stock configuration; tables are numbered 1-255:

255    local
254    main
253    default

The "normal" IPforwarding table is called "main". The "local" table cannot be modified; it consists of, in effect, a list of interfaces. The "default" table is often empty. You view tables with, eg,

ip route list table main

New tables are created by creating entries for them in the rt_tables file.

Each table can have its own default route, set by something like

    ip route add default via dev eth1 table main

Next we need rules to determine which table is used for what traffic. If we have created a table named "voice", we might have a rule like this:       

	ip rule add from lookup voice

(That IP address is used at my home for a voice phone). This rule allows us to pick the table based on the source address, and thus to do routing on both source and destination.

However, we run into issues if we want to route based on the destination port (which is an excellent indication of traffic type): there simply s no "ip rule" optoin for specifying ports. What we do instead is to use iptables to mark the packets to that port, and then route based on the mark. Because iptables is strongly associated with firewalls, this mark is generally known as fwmark. The example in the book is typical:

iptables --table mangle --append PREROUTING --protocol tcp --dest-port 1020 --jump MARK --set-mark 1

ip rule add fwmark 1 table voice

iptables supports a wide range of packet-matching options. Note the use of the mangle table, used for altering ("mangling") packets.