Sunday, December 13, 2015

Routing Table: All Things Considered

Routing is the decision over which interface a packet is to be sent. This decision has to be made for locally created packets, too. Routing tables contain network addresses and the associated interface or next hop.

In this article, we will review all aspects of routing table (i.e.,  ip route and ip rule) on a Linux server.

Routing Table


A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables.

Routing tables can be maintained in two ways:[1,11]
  • Manually 
    • Tables for static network devices do not change unless a network administrator manually changes them
      • Useful when few or just one route exist
      • Can be administrative burden
      • Frequently used for default route[12]
    • Static routes can be added via
      • "route add" command. 
        • To persist it, you can also add the route command to rc.local
  • Dynamically
    • Devices build and maintain their routing tables automatically by using routing protocols[8] to exchange information about the surrounding network topology. 
    • Dynamic routing tables allow devices to "listen" to the network and respond to occurrences like:
      • Device failures 
      • Network congestion.

Kernel IP Routing Table


Beyond the two commonly used routing tables (the local and main routing tables), the Linux kernel supports up to 252 additional routing tables.

The ip route and ip rule commands have built in support for the special tables main and local. Any other routing tables can be referred to by number or an administratively maintained mapping file, /etc/iproute2/rt_tables.

Typical content of /etc/iproute2/rt_tables[13,14]

#
# reserved values
#
255     local      1
254     main       2
253     default    3
0       unspec     4
#
# local
#
1      inr.ruhep   5
      
1The local table is a special routing table maintained by the kernel. Users can remove entries from the local routing table at their own risk. Users cannot add entries to the local routing table. The file /etc/iproute2/rt_tables need not exist, as the iproute2 tools have a hard-coded entry for the local table.
2The main routing table is the table operated upon by route and, when not otherwise specified, by ip route. The file /etc/iproute2/rt_tables need not exist, as the iproute2 tools have a hard-coded entry for the main table.
3The default routing table is another special routing table
4Operating on the unspec routing table appears to operate on all routing tables simultaneously. 
5This is an example indicating that table 1 is known by the name inr.ruhep. Any references to table inr.ruhep in an ip rule or ip route will substitute the value 1 for the word inr.ruhep.

Format of Routing Table


Rules in the routing table usually consists of the following entities:
  • Network Destination 
    • The one which is outside your subnet
      • Basically it has different subnet mask compared to the local's
  • NetMask[9]
    • Makes it easier for the Router (i.e., layer 3 device, which isolates 2 subnets). 
      • This is used to identify which subnet the packet must go to
    • aka GenMask
      •  shows the “generality” of the route, i.e., the network mask for this route
  • Gateway
    • There could be more than one gateway within a network, so to reach the destination we configure which could be the best possible gateway
    • A gateway is an essential feature of most routers, although other devices (such as any PC or server) can function as a gateway.
  • Interface
    • You could have multiple interfaces (ethernet interfaces, eth0, eth1, eth2...) on your device, which each interface would be assigned an IPAddress
    • This provides instruction on how to reach the gateway and through which interface it needs to push the packet.
  • Metrics (Cost)[10]
    • Provides the path cost, basically for static routing the value would be 1 (default, but we can change it) and for dynamic routing (RIP, IGRP, OSPF) it varies.
  • MSS
    • Maximum Segment Size for TCP connections over this route
      • Usually has the value of 0, meaning “no changes”
    • MTU vs MSS
      • MTU = MSS + Header (40 bytes or more)
      • For example,
        • MTU = 576 -> MSS = 536
        • MTU = 1500 -> MSS = 1460 
    • Fragmentation of data segment 
      • If the data segment size is too large for any of the routers through which the data passes, the oversize segment(s) are fragmented. 
      • This slows down the connection speed as seen by the computer user. In some cases the slowdown is dramatic.
      • The likelihood of such fragmentation can be minimized by keeping the MSS as small as reasonably possible. 
  • Window
    • Default window size, which indicates how many TCP packets can be sent before at least one of them has to be ACKnowledged. 
    • Like the MSS, this field is usually 0, meaning “no changes”
  • irtt (Initial Round Trip Time)
    • May be used by the kernel to guess about the best TCP parameters without waiting for slow replies. 
    • In practice, it’s not used much, so you’ll probably never see anything else than 0 here.

How do I get there from here?


Device uses routing table to decide either a packet to stay in the current sub-net or be pushed to outside the sub-net.  Here are the rules to be used given a destination address in the packet:[2]
  • Position of route in the table has no significance. 
  • When more than one route matches a destination address
    • The route with the longest subnet mask (most consecutive 1-bits) is used
  • When multiple routes match the destination and have subnet masks of the same length
    • The route with the lowest metric is used

Scenario 1

Assume that we have a packet with destination IP address as w.x.y.z arrives to a router which checks its routing table.  If the router identifies that w.x.y.0/24 is present in the table, it will try to reach the concerned gateway by pushing through the respective interface.

Assuming that there are two entries of the same with metrics different, it will choose the one which has a lower value. Assuming the router does not find any entries in the routing table, it will go to default gateway. 

Scenario 2

Now assume another scenario: a packet with the destination IP address k.l.m.n arrives to the router, and k.l.m.0/24 is default mask of the router, then it implies that the packet is destined to same network and it will not push packet to the peer sub-net.

Linux Commands


The following Linux commands can be used to print the routing table on the server:
In below discussions, we will use a server which has the following entry in its /etc/sysconfig/network configuration file:
  • Default Gateway: 10.244.0.1

and the interface entry in the /sbin/ifconfig configuration file has:

eth0      Link encap:Ethernet  HWaddr 00:ll:mm:nn:aa:bb
          inet addr:10.244.3.87  Bcast:10.244.7.255  Mask:255.255.248.0


route Command


Output

  • Ref
    • Number of references to this route (not used in the Linux kernel)
  • Use
    • Count of lookups for the route. Depending on the use of -F and -C this will be either route cache misses (-F) or hits (-C).
  • Flags
    • U (route is up)
    • H (target is a host)
    • G (use gateway)
    • R (reinstate route for dynamic routing)
    • D (dynamically installed by daemon or redirect)
    • M (modified from routing daemon or redirect)
    • A (installed by addrconf)
    • C (cache entry)
    • ! (reject route)

Option

  • -F
    • Operate on the kernel's FIB (Forwarding Information Base) routing table. This is the default.
  • -C
    • Operate on the kernel's routing cache.
  • -n
    • Show numerical addresses instead of trying to determine symbolic host names. This is useful if you are trying to determine why the route to your name server has vanished.


$ /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.244.0.1      0.0.0.0         UG    0      0        0 eth0
10.244.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1010   0        0 usb0
169.254.182.0   0.0.0.0         255.255.255.0   U     0      0        0 usb0


netstat Command


netstat options:
  • -r 
    • Display the kernel routing tables
    • -n 
      • Show numerical addresses instead of trying to determine symbolic host, port or user names

    $ netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    0.0.0.0         10.244.0.1      0.0.0.0         UG        0 0          0 eth0
    10.244.0.0      0.0.0.0         255.255.248.0   U         0 0          0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 usb0
    169.254.182.0   0.0.0.0         255.255.255.0   U         0 0          0 usb0


    In the context of servers, 0.0.0.0 means "all IPv4 addresses on the local machine". If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both  IPs.

    ip route Command


    Output

    • protocol
      • redirect - the route was installed due to an ICMP  redirect
      • kernel  -  the  route was installed by the kernel during autoconfiguration
      • boot  -  the  route  was  installed  during  the  bootup sequence.  If a routing daemon starts, it will purge all of them.
      • static - the route was installed by the administrator to override  dynamic  routing.  Routing daemon will respect them and, probably, even advertise them to its peers.
      • ra - the route was installed by Router Discovery  protocol
    • scope
      • global - the address is globally valid
      • site - (IPv6 only) the address is site local, i.e. it is valid inside this site
      • link - the address is link local, i.e. it is valid  only on this device
      • host - the address is valid only inside this host
    • src
      • The  source  address  to prefer when sending to the destinations  covered by the route prefix
      • Most commonly used  on multi-homed hosts, although almost every machine out there uses this hint for connections to localhost

    Option
    • ip route show - list routes
      • the command displays the contents of the routing tables or the route(s) selected by some criteria
      • table (sub command)
        • show  the  routes from provided table(s).  The default setting is to show table main.  TABLEID may either be the ID of a real table or one of the special values:
          • all - list all of the tables.
          • cache - dump the routing cache.


    $ /sbin/ip route
    default via 10.244.0.1 dev eth0
    10.244.0.0/21    dev eth0  proto kernel  scope link  src 10.244.3.87
    169.254.0.0/16   dev eth0  scope link  metric 1002
    169.254.0.0/16   dev usb0  scope link  metric 1010
    169.254.182.0/24 dev usb0  proto kernel  scope link  src 169.254.182.77


    # Viewing the local routing table with ip route show table local

    $ /sbin/ip route show table local
    broadcast 10.244.0.0 dev eth0  proto kernel  scope link  src 10.244.3.87
    local     10.244.3.87 dev eth0  proto kernel  scope host  src 10.244.3.87
    broadcast 10.244.7.255 dev eth0  proto kernel  scope link  src 10.244.3.87
    broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
    local     127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1
    local     127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
    broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
    broadcast 169.254.182.0 dev usb0  proto kernel  scope link  src 169.254.182.77
    local     169.254.182.77 dev usb0  proto kernel  scope host  src 169.254.182.77

    broadcast 169.254.182.255 dev usb0  proto kernel  scope link  src 169.254.182.7

    References

    1. Routing Table Definition
    2. How do I read/interpret a (netstat) routing table ?
    3. Static Routes and the Default Gateway (Redhat)
    4. How Routing Algorithms Work
      • Hierarchical routing -- When the network size grows, the number of routers in the network increases. Consequently, the size of routing tables increases, as well, and routers can't handle network traffic as efficiently. We use hierarchical routing to overcome this problem.
      • Internet -> Clusters -> Regions -> Nodes
    5. Routing Table
    6. route
    7. ip route
    8. Introduction to routing protocols (good)
    9. IP Address Mask Formats—the Router will display different Mask formats at different times:
      • bitcount —172.16.31.6/24
      • hexadecimal —172.16.31.6 0xFFFFFF00
      • decimal — 172.16.31.6 255.255.255.0 
    10. Metrics (Cost).  Different protocols use different metrics:
      • RIP/RIPv2 is hop count and ticks (IPX)
        • Ticks are used to determine server timeout
      • OSPF/ISIS is interface cost (bandwidth) 
      • (E)IGRP is compound 
      • BGP can be complicated
    11. 3 ways of building forwarding table in router:
      • Directly connected 
        • Routes that the router is attached to
      • Static 
        • Routes are manually defined 
      • Dynamic 
        • Routes protocol are learned from a Protocol
    12. Default route
      • Route used if no match is found in routing table
      • Special network number: 0.0.0.0 (IP) 
    13. Multiple Routing Table
    14. IPROUTE2 Utility Suite Howto
    15. Difference between routing and forwarding table
    16. Loopback address
      •  A special IP number (127.0.0.1) that is designated for the software loopback interface of a machine. 
        • The loopback interface has no hardware associated with it, and it is not physically connected to a network.
    17. Netstat: network analysis and troubleshooting, explained

    No comments: