Policy Routing With Linux
by Matthew G. Marsh
Table Of Contents
Section I - Theory, Usage, and Utilities
Chapter 1. Basic IPv4 Routing
This initial chapter provides brief coverage of standard TCP/IP routing as
practiced under IPv4. The uses of the traditional Unix and Cisco IOS
commands and syntax for simple setups will be mentioned. We will also
touch upon the methodologies behind route costing such as Hop count
and Link State. Finally we will illustrate a simple Internet
connected network along with the needed routing commands to connect
using Linux.
Traditional IPv4 routing Theory
Unix
Configuration Commands
Cisco IOS Configuration Commands
IPv4 Dynamic Routing Protocols
Unix Routing Daemons & Cisco IOS Configurations
Chapter 2. Policy Routing Theory
Here we will discuss the types of environments that led to the development of the
concept of policy routing and the theory behind why you would want to
use policy routing structures. We will only consider the policy
structures themselves and how they solve these problems.
What do you mean by "Policy"
Common IPv4Routing Problems
PolicyRouting Structure
Chapter 3. Linux Policy Routing Structure
In this chapter we will now address how the Linux Policy Routing structure is
implemented. We will cover how this structure interacts with the
Packet Paths both native within the kernel and in conjunction with
the packet filtering and network extensions.
Packet Paths through the Kernel
IPFWADM/IPChains Packet Pathing
NetFilter Packet Pathing
Routing Policy DataBase (RPDB)
Chapter 4. IP Utility for Linux
In this chapter we will cover the tool used in Linux for implementing policy
routing. As there are few other sources of information this will be
more of a reference on the command syntax and usages. We will also
include several examples of usage and notations about interactions
with other utilities within Linux.
Obtaining & Compiling IPROUTE2
General command structure
Section II - Real World Use
This entire section is mostly comprised of real world scenarios with detailed
worked out solutions. In many cases there are multiple solutions to
the same problem and we will attempt to cover all possibilities. This
is drawn from our experience in implementing these systems and from
the myriad questions we receive on this subject. In some cases we
will show how the equivalent Cisco solution would work and where the
interactions exist between various equipment.
Chapter 5. Simple Network Examples
In this chapter we will cover how to implement standard networks, much as we
had seen in Chapter 1, using the policy routing tools. We will
introduce the extensions for use with the policy routing structures
and how even relatively simple network configurations can benefit
from implementation using policy routing structures.
Chapter 1
Example Revisited
Multiple IP Addressing
Multiple Default Routes
Loop Routing
Multiple Routing Tables
Rule and Table Interactions
Chapter 6. Complex Networks Examples
In this chapter we will cover network configurations where the only complete
solutions demand policy routing structures. We will cover multiple
networks with disparate gateways, bandwidth and link state load
balancing, and transparent routing structures. We will also mention
several firewall type functions and interactions between the
functions. In most cases we will illustrate several different
solutions to solving the problems. This will show the flexibility and
scope of the solution space for these functions.
Local Interfaces
MultiHomed, MultiAddressed
Transparent Routing
Policy Firewalling
Routing Load Balancing
Phantom Forwarders
Chapter 7. Dynamic Routing Interactions
Here we will take up the interactions between policy routing structures and
dynamic routing protocols. This is an especially sticky subject as
most dynamic routing protocols only understand traditional routing.
There are many different points of potential conflict as we had
discussed in Chapters 1,2, and 4, between a traditional routing
structure and a policy routing structure. Here we will bridge the gap
and show you how to use both methods. We will also note where to
obtain various policy routing aware routing daemons and what you will
have to consider to implement them within the Linux environment.
Dynamic Routing
Multiple Routing Tables & Daemons
Gated Patches
Zebra
Multiple Daemons, Multiple Tables
Chapter 8. NAT Functions
The origination of NAT is related to the origination of policy routing.
And in Linux the first implementation of true one-to-one NAT was done
as a policy routing structure. Here we take up this method and also
discuss the various other ways that these functions may also be
implemented within a Linux system. Some of the discusison within this
chapter will touch upon utilities and methods we will not be covering
in this book (REF: PakSecured Policy Routing Firewall) but are noted
here for reference.
Basic NAT
FastNAT
Pseudo NAT
Chapter 9. IPv6
In this chapter we touch upon the role of the policy routing structures and
implementations within the Linux IPv6 network stack. We will assume
some knowledge of IPv6 and will mainly be discussing the IPv6 usages
of Policy Routing structures.
Chapter 10. Future Musings
Here we tie up the theory, reality, and coverage of policy routing and consider
possible future directions for the policy routing structures. We
especially note the changes that will come from the widespread
adoption of the IPv6 routing structures and how that may change the
landscape for all forms of routing.
Internet Needs
IPv6 Implications
Appendix
Covers the various locations on where to obtain the utilities and pointers to
additional information on this and related subjects.
Back to Book Page