An aide-memoir from practicing iproute2, the utilities used to control TCP\/IP networking and Linux Traffic Control<\/p>\n
“ip link list” – shows us our links<\/strong><\/p>\n [Daren@home Daren]$ ip link list [Daren@home Daren]$ ip address show [Daren@home Daren]$ ip route show (For comparison and reference, this is what the old route utility displayed):<\/em><\/p>\n [Daren@home Daren]$ route -n ARP<\/strong> [root@shimla \/home\/src\/iputils]# ip neigh show As you can see my machine nagios1 (10.5.50.41) knows where to find filer1 (10.5.50.42) and filergateway (10.5.50.1). Now let’s add another machine to the arp cache.<\/p>\n [root@shimla \/home\/daren\/.gnome-desktop]# ping -c 1 Linux-DOM0 — Linux-DOM0.darenmatthews.com ping statistics — [root@shimla \/home\/src\/iputils]# ip neigh show As a result of nagios1 trying to contact Linux-DOM0, Linux-DOM0’s hardware address\/location has now been added to the arp\/neighbor cache. So until the entry for Linux-DOM0 times out (as a result of no communication between the two) nagios1 knows where to find Linux-DOM0 and has no need to send an ARP request.<\/p>\n Now let’s delete Linux-DOM0 from our arp cache:<\/p>\n [root@shimla \/home\/src\/iputils]# ip neigh delete 10.5.50.43 dev eth0 Now nagios1 has again forgotten where to find Linux-DOM0 and will need to send another ARP request the next time he needs to communicate with Linux-DOM0<\/p>\n Rules – The routing policy database<\/strong><\/p>\n If you have a large router, you may well cater for the needs of different people, who should be served differently. The routing policy database allows you to do this by having multiple sets of routing tables. (note: If you want to use this feature, make sure that your kernel is compiled with the “IP: advanced router” and “IP: policy routing” features).<\/p>\n When the kernel needs to make a routing decision, it finds out which table needs to be consulted. By default, there are three tables. The old ‘route’ tool modifies the main and local tables, as does the ip tool (by default).<\/p>\n The default rules:<\/p>\n [Daren@home Daren]$ ip rule list This lists the priority of all rules. We see that all rules apply to all packets (‘from all’). We’ve seen the ‘main’ table before, it is output by ip route ls, but the ‘local’ and ‘default’ table are new.<\/p>\n If we want to do fancy things, we generate rules which point to different tables which allow us to override system wide routing rules.<\/p>\n For the exact semantics on what the kernel does when there are more matching rules, see Alexey’s ip-cref documentation. Let’s take a real example once again, I have 2 (actually 3, about time I returned them) cable modems, connected to a Linux NAT (‘masquerading’) router. People living here pay me to use the Internet. Suppose one of my house mates only visits hotmail and wants to pay less. This is fine with me, but they’ll end up using the low-end cable modem.<\/p>\n The ‘fast’ cable modem is known as 10.10.0.251 and is a PPP link to 10.10.0.1. The ‘slow’ cable modem is known by various ip addresses, 212.13.50.120 in this example and is a link to 192.168.99.253.<\/p>\n The local table:<\/p>\n [Daren@home Daren]$ ip route list table local Lots of obvious things, but things that need to be specified somewhere. Well, here they are. The default table is empty.<\/p>\n Let’s view the ‘main’ table:<\/p>\n [Daren@home Daren]$ ip route list table main We now generate a new rule which we call ‘TestUser’, for our hypothetical visitor. Although we can work with pure numbers, it’s far easier if we add our tables to \/etc\/iproute2\/rt_tables.<\/p>\n # echo 200 TestUser >> \/etc\/iproute2\/rt_tables Now all that is left is to generate TestUser’s table, and flush the route cache:<\/p>\n # ip route add default via 192.168.99.253 dev ppp2 table TestUser An aide-memoir from practicing iproute2, the utilities used to control TCP\/IP networking and Linux Traffic Control “ip link list” – shows us our links [Daren@home Daren]$ ip link list 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy: <BROADCAST,NOARP> mtu 1500 qdisc noop link\/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[84],"tags":[],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1747"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1747"}],"version-history":[{"count":1,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1747\/revisions"}],"predecessor-version":[{"id":1748,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1747\/revisions\/1748"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1747"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
\nlink\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
\n2: dummy: <BROADCAST,NOARP> mtu 1500 qdisc noop
\nlink\/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
\n3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1400 qdisc pfifo_fast qlen 100
\nlink\/ether 48:54:e8:2a:47:16 brd ff:ff:ff:ff:ff:ff
\n4: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
\nlink\/ether 00:e0:4c:39:24:78 brd ff:ff:ff:ff:ff:ff
\n3764: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 10
\nlink\/ppp
\n
\n“ip address” – shows us our IP addresses<\/strong><\/p>\n
\n1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
\nlink\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
\ninet 127.0.0.1\/8 brd 127.255.255.255 scope host lo
\n2: dummy: <BROADCAST,NOARP> mtu 1500 qdisc noop
\nlink\/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
\n3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1400 qdisc pfifo_fast qlen 100
\nlink\/ether 48:54:e8:2a:47:16 brd ff:ff:ff:ff:ff:ff
\ninet 10.0.0.1\/8 brd 10.255.255.255 scope global eth0
\n4: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
\nlink\/ether 00:e0:4c:39:24:78 brd ff:ff:ff:ff:ff:ff
\n3764: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 10
\nlink\/ppp
\ninet 10.10.0.251 peer 10.10.0.1\/32 scope global ppp0<\/p>\n
\n10.10.0.1 dev ppp0 proto kernel scope link src 10.10.0.251
\n10.0.0.0\/8 dev eth0 proto kernel scope link src 10.0.0.1
\n127.0.0.0\/8 dev lo scope link
\ndefault via 10.10.0.1 dev ppp0<\/p>\n
\nKernel IP routing table
\nDestination Gateway Genmask Flags Metric Ref Use
\nIface
\n10.10.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
\n10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
\n127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
\n0.0.0.0 10.10.0.1 0.0.0.0 UG 0 0 0 ppp0<\/p>\n
\nYou can view your machines current arp\/neighbor cache\/table like so:<\/p>\n
\n10.5.50.42 dev eth0 lladdr 00:60:08:3f:e9:f9 nud reachable
\n10.5.50.1 dev eth0 lladdr 00:06:29:21:73:c8 nud reachable<\/p>\n
\nPING Linux-DOM0.darenmatthews.com (10.5.50.43) from 10.5.50.41 : 56(84) bytes of data.
\n64 bytes from 10.5.50.43: icmp_seq=0 ttl=255 time=0.9 ms<\/p>\n
\n1 packets transmitted, 1 packets received, 0% packet loss
\nround-trip min\/avg\/max = 0.9\/0.9\/0.9 ms<\/p>\n
\n10.5.50.43 dev eth0 lladdr 00:06:29:21:80:20 nud reachable
\n10.5.50.42 dev eth0 lladdr 00:60:08:3f:e9:f9 nud reachable
\n10.5.50.1 dev eth0 lladdr 00:06:29:21:73:c8 nud reachable<\/p>\n
\n[root@shimla \/home\/src\/iputils]# ip neigh show
\n10.5.50.43 dev eth0 nud failed
\n10.5.50.42 dev eth0 lladdr 00:60:08:3f:e9:f9 nud reachable
\n10.5.50.1 dev eth0 lladdr 00:06:29:21:73:c8 nud stale<\/p>\n
\n0: from all lookup local
\n32766: from all lookup main
\n32767: from all lookup default<\/p>\n
\n4.1. Simple source policy routing<\/p>\n
\nbroadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
\nlocal 10.0.0.1 dev eth0 proto kernel scope host src 10.0.0.1
\nbroadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.1
\nlocal 10.10.0.251 dev ppp0 proto kernel scope host src 10.10.0.251
\nbroadcast 10.255.255.255 dev eth0 proto kernel scope link src 10.0.0.1
\nbroadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
\nlocal 212.13.50.120 dev ppp2 proto kernel scope host src 212.13.50.120
\nlocal 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
\nlocal 127.0.0.0\/8 dev lo proto kernel scope host src 127.0.0.1<\/p>\n
\n192.168.99.253 dev ppp2 proto kernel scope link src 212.13.50.120
\n10.10.0.1 dev ppp0 proto kernel scope link src 10.10.0.251
\n10.0.0.0\/8 dev eth0 proto kernel scope link src 10.0.0.1
\n127.0.0.0\/8 dev lo scope link
\ndefault via 10.10.0.1 dev ppp0<\/p>\n
\n# ip rule add from 10.0.0.10 table TestUser
\n# ip rule ls
\n0: from all lookup local
\n32765: from 10.0.0.10 lookup TestUser
\n32766: from all lookup main
\n32767: from all lookup default<\/p>\n
\n# ip route flush cache<\/p>\n","protected":false},"excerpt":{"rendered":"