Policy Routing With Linux
by Matthew G. Marsh

Table Of Contents

Section I - Theory, Usage, and Utilities

Chapter 1. Basic IPv4 Routing

This initial chapter provides brief coverage of standard TCP/IP routing as practiced under IPv4. The uses of the traditional Unix and Cisco IOS commands and syntax for simple setups will be mentioned. We will also touch upon the methodologies behind route costing such as Hop count and Link State. Finally we will illustrate a simple Internet connected network along with the needed routing commands to connect using Linux.

Chapter 2. Policy Routing Theory

Here we will discuss the types of environments that led to the development of the concept of policy routing and the theory behind why you would want to use policy routing structures. We will only consider the policy structures themselves and how they solve these problems.

Chapter 3. Linux Policy Routing Structure
In this chapter we will now address how the Linux Policy Routing structure is implemented. We will cover how this structure interacts with the Packet Paths both native within the kernel and in conjunction with the packet filtering and network extensions.

Chapter 4. IP Utility for Linux
In this chapter we will cover the tool used in Linux for implementing policy routing. As there are few other sources of information this will be more of a reference on the command syntax and usages. We will also include several examples of usage and notations about interactions with other utilities within Linux.

Section II - Real World Use

This entire section is mostly comprised of real world scenarios with detailed worked out solutions. In many cases there are multiple solutions to the same problem and we will attempt to cover all possibilities. This is drawn from our experience in implementing these systems and from the myriad questions we receive on this subject. In some cases we will show how the equivalent Cisco solution would work and where the interactions exist between various equipment.

Chapter 5. Simple Network Examples
In this chapter we will cover how to implement standard networks, much as we had seen in Chapter 1, using the policy routing tools. We will introduce the extensions for use with the policy routing structures and how even relatively simple network configurations can benefit from implementation using policy routing structures.

Chapter 6. Complex Networks Examples
In this chapter we will cover network configurations where the only complete solutions demand policy routing structures. We will cover multiple networks with disparate gateways, bandwidth and link state load balancing, and transparent routing structures. We will also mention several firewall type functions and interactions between the functions. In most cases we will illustrate several different solutions to solving the problems. This will show the flexibility and scope of the solution space for these functions.
Chapter 7. Dynamic Routing Interactions
Here we will take up the interactions between policy routing structures and dynamic routing protocols. This is an especially sticky subject as most dynamic routing protocols only understand traditional routing. There are many different points of potential conflict as we had discussed in Chapters 1,2, and 4, between a traditional routing structure and a policy routing structure. Here we will bridge the gap and show you how to use both methods. We will also note where to obtain various policy routing aware routing daemons and what you will have to consider to implement them within the Linux environment.

Chapter 8. NAT Functions
The origination of NAT is related to the origination of policy routing. And in Linux the first implementation of true one-to-one NAT was done as a policy routing structure. Here we take up this method and also discuss the various other ways that these functions may also be implemented within a Linux system. Some of the discusison within this chapter will touch upon utilities and methods we will not be covering in this book (REF: PakSecured Policy Routing Firewall) but are noted here for reference.

Chapter 9. IPv6
In this chapter we touch upon the role of the policy routing structures and implementations within the Linux IPv6 network stack. We will assume some knowledge of IPv6 and will mainly be discussing the IPv6 usages of Policy Routing structures.

Chapter 10. Future Musings
Here we tie up the theory, reality, and coverage of policy routing and consider possible future directions for the policy routing structures. We especially note the changes that will come from the widespread adoption of the IPv6 routing structures and how that may change the landscape for all forms of routing.

Covers the various locations on where to obtain the utilities and pointers to additional information on this and related subjects.

Back to Book Page