Linux Policy-Based Routing

The fourth project -- again using Mininet -- is to set up, using the layout below, a situation where:


The return-path routing is set up; that is, r2 and r3 each know how to reach subnet

As discussed in class, policy-based routing works by having multiple routing tables, each given a number from 1 to 255. The normal table is main; it has number 254. We could create other table names, but to keep things simple we'll just use the numbers 80 and 81 for these new tables. Table 80 will route to h2; table 81 will route it to h3.

At r1, you must enable three things:

1. create the route entries in the two tables; r1 will have table 80 route to with next_hop (r2), and similarly to table 81 except to r3.

2. Create the "fwmark" rules. We'll use an fwmark of 1 to indicate use of table 80, and an fwmark of 2 for table 81.

3. Create the iptables rules, as in the book (except --dest-port in the book is wrong):

    iptables --table mangle --append PREROUTING --protocol tcp --dport 80 --jump MARK --set-mark 1

The router r1 should not have a default route to

To test your configuration, start xterms on each of h1, h2 and h3. On h2 run netcat -l -p 80; on h3 run netcat -l -p 81. Then, from h1, run netcat port; with port=80 you should reach h2 and with port=81 you should reach h3.

Without your added rules, netcat port should just return without doing anything (there is no error message, unfortunately).