advanced ip routing - seneca college · 2007. 4. 10. · policy routing using linux – matthew g....
TRANSCRIPT
Advanced IP Routing
Policy RoutingQoS
RVSP
Traditional Routing● What is traditional routing?● Besteffort.● All routing is a destinationdriven process.● Router cares only about the destination address
when making a decision on where to forward the packet.
Policy Routing● What is Policy Routing?● If routing decision is based on:
– TOS field– Source address– Incoming interface– Fwmark values for matching IP protocols and
transport ports– Packet payload, etc.
Why Policy Routing?● Traditional IPv4 Routing Problems
– Quality of Service– Different treatment for different packets– Control the usage of network resource– Setting of packet delivery priorities– Services availability and data security
Policy Routing StructuresThe three Policy Routing Elements:● Address● Route● Rule
Address● For traditional Ipv4 routing, only the destination
address matters.● For Policy routing, both the source and
destination address (and other fields in the IP header) may affect the routing decision and routing path
Route● Still destinationbased, plus alternate criteria● Method of actually selecting a route is changed,
but the method of using the route once obtained is the same
● More versatility and flexibility in specification and destination options
● e.g. See targets for the route object in Liunx
Rule● Allows you to specify the filters that match packets● Which route structure to select for a match● Multiple independent routing tables● RPDB – Routing Policy DataBase in Linux – primary
provides the internal structure and mechanism for implementing the rule element of Policy Routing and the multiple routing tables (supports 255 routing tables and 2^32 rules)
Linux Implementation● Policy routing with iproute2● At startup, the Linux kernel configures a default
RPDB consisting of three rules:– 0: from all lookup local– 32766: from all lookup main– 32767: from all lookup default
The above rules point to the local, main and default routing tables
iproute2● What is iproute2?● Tool used in Linux for implementing Policy
Routing– The ip utility– Written by Alexey N. Kuznetsov
ip utility objects● link – network device● addr – IP Address● route – routes● rule – rules● neigh – ARP neighbors table● tunnel – IP tunnels● multicast – IP multicast● monitor – Debug and tracking
ip linkUsed to modify NIC parameters and/or get
information about a NIC except for the IP address1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:11:09:85:d2:fb brd ff:ff:ff:ff:ff:ff
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ieee1394 00:00:01:00:00:0e:16:96 brd ff:ff:ff:ff:ff:ff:ff:ff
ip addrProvide the similar function as the ifconfig command. Use to modify, delete, or add IP
addresses to a NIC. Supports multiple addresses assignment to a single NIC and Ipv6.
$ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:11:09:85:d2:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.0.105/24 brd 192.168.0.255 scope global eth0
inet6 fe80::211:9ff:fe85:d2fb/64 scope link
valid_lft forever preferred_lft forever
ip neighProvide similar function as the “arp” command.
linuxmind:~ # ip neigh192.168.0.1 dev eth0 lladdr 00:11:95:0c:b3:94 REACHABLE192.168.0.106 dev eth0 lladdr 00:09:6b:d8:da:a3 REACHABLE192.168.0.111 dev eth0 lladdr 00:08:74:e6:84:ff REACHABLE
ip routeProvides similar function as the “route” command
but more capable and flexible. Used to list, modify, delete, or add entries to any of the
routing tables on the system.linuxmind:~ # ip route
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.105
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev eth0
ip ruleNew. Used to show and maintain the routing policy
database.linuxmind:~ # ip rule show0: from all lookup local32766: from all lookup main32767: from all lookup default
Add ip ruleslinuxmind:~ # ip ru add from 172.16.10/24 table 101 priority 250
linuxmind:~ # ip ru add from 172.16.10/24 table 102 priority 300
linuxmind:~ # ip ru show
0: from all lookup local
250: from 172.16.10.0/24 lookup 101
300: from 172.16.10.0/24 lookup 102
32766: from all lookup main
32767: from all lookup default
Add ip route tableslinuxmind:~ # ip route add default via 172.16.1.1 dev eth1 table Englinuxmind:~ # ip route add default via 192.168.0.105 dev eth0 table Saleslinuxmind:~ # ip route list172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.1192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.105169.254.0.0/16 dev eth0 scope link127.0.0.0/8 dev lo scope linkdefault via 192.168.0.1 dev eth0linuxmind:~ # ip route list table Salesdefault via 192.168.0.105 dev eth0linuxmind:~ # ip route list table Engdefault via 172.16.1.1 dev eth1
Quality of Service● Quality of Service (IPv4)
– routing and queueing of data packets based on● TOS (type of service) tag on IP header and● The service provided
– Assign a defined percentage of the available bandwidth
– Congestion avoidance and preferential packet paths
RSVP● One of the two protocols developed by IETF to
provide QoS. RSVP is a signaling protocol:An endpoint uses RSVP to request a simplx flow through an IP internet to a destination endpoint with specified QoS bounds. If all the routers along the path agree to honor the request, the sender get a positive reply. If an application needs QoS in both directions, each endpoint must use RSVP to request a separate flow.
COPS● Another protocol developed by IETF to provide
Qos. IntServ Enforcement – Common Open Policy Services Protocol (COPS):The COPS protocol defines the clientserver interaction between a QoS enabled router and a PDP (Policy Decision Point) Server. For approved QoS requests, the router must operate as a Policy Enforcement Point (PEP) to ensure traffic does not exceed the policy.
IntServ●The implementation of RVSP (IntServ Resource Reservation Protocol) requires changes to the basic network infrastructure:– All routers must be able to response to requests for
reserving resources (bandwidth) for each flow between a pair of endpoints.
– As datagrams traverse the flow, the routes must be able to monitor and control traffic forwarding.
QoS Traffic Monitoring ● Also called traffic policing● To ensure that the traffic sent on a flow does not
exceed the specified QoS bounds● Monitoring/Policing mechanism:
– Leaky bucket: uses a counter to control the packet rate. The counter is incremented periodically according to the approved QoS data rate, and decremented by the size of the traffic
QoS Traffic forwarding● The QoS enabled router must be able to control
the queueing and forwarding of data packets:– Queueing policy that meets the QoS bounds on delay– The router must smooth packet bursts (traffic
shaping). For example, reshapes a 3 Mbps of traffic for a millisecond followed by no traffic for two milliseconds to a steady rate of 1 Mbps for three milliseconds on a guarantee average throughput of 1 Mbps QoS.
Reference● Policy Routing Using Linux – Matthew G. Marsh
ISBN 0672320525 Sams Publishing● Internetworking with TCP/IP, Principles,
Protocols, and Architecture – Douglas E. Comer ISBN 0131876716 Prentice Hall
● Linux TCP/IP Network Administration – Scott Mann ISBN 0130322202 Prentice Hall