Date created: Monday, July 1, 2013 4:57:54 PM. Last modified: Wednesday, November 15, 2023 3:03:03 PM

IP routing, routing tables, and namespaces

Showing Routes

$ ip route
$ ip -6 route
$ ip route get 8.8.8.8

 

Monitor

# man ip-monitor
# -t      - show timestamps
# -ts     - show short timestamps
# monitor - monitor netlink messages
# monitor [ optional object type ] - link, address, route, mroute, prefix, neigh, netconf, rule, nsid and nexthop

$ ip -ts monitor
[2023-11-15T14:57:42.616056] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router PROBE
[2023-11-15T14:57:42.617337] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router REACHABLE
[2023-11-15T14:57:47.735765] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router PROBE
[2023-11-15T14:57:47.736710] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router REACHABLE
[2023-11-15T14:58:08.215771] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router STALE
[2023-11-15T14:58:12.311945] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router STALE
[2023-11-15T14:58:16.169458] 4: enx00e04c36114d    inet 192.168.58.8/26 brd 192.168.58.63 scope global dynamic noprefixroute enx00e04c36114d
       valid_lft 65757sec preferred_lft 65757sec
[2023-11-15T14:58:16.169532] 4: enx00e04c36114d    inet6 fe80::e972:def3:6ea9:dbe8/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

 

Route Types

$ ip route add help 2>&1 | grep -A 1 unicast
TYPE := { unicast | local | broadcast | multicast | throw |
          unreachable | prohibit | blackhole | nat }

Blackhole routes silently drop packets:

$ sudo ip -6 route add blackhole 2001:41c0::/32
$ sudo ip -6 route add blackhole 2001:41c1::/32

$ ip -6 r | grep black
blackhole 2001:41c0::/32 dev lo metric 1024 pref medium
blackhole 2001:41c1::/32 dev lo metric 1024 pref medium

Unreachable routes drop traffic and generate an ICMP unreachable message.

Prohibit routes drop traffic but send an ICMP communication administratively prohibited message.

 

Network Name Spaces

Two sub-interfaces in different Network Namespaces (on Linux each NetNS is a full IP stack so these are implicitly separate routing tables):

sudo ip netns list
sudo ip link add link ens2f0 name ens2f0.10 type vlan id 10
sudo ip link set up dev ens2f0.10
sudo ip a a 10.0.1.2/30 dev ens2f0.10
sudo ip r a 10.0.2.0/30 via 10.0.1.1
ip r

sudo ip netns add qos
sudo ip link add link ens2f0 name ens2f0.20 type vlan id 20
sudo ip link set ens2f0.20 netns qos
sudo ip netns exec qos ip link set up dev ens2f0.20
sudo ip netns exec qos ip link show
sudo ip netns exec qos ip a a 10.0.2.2/30 dev ens2f0.20
sudo ip netns exec qos ip r a 10.0.1.0/30 via 10.0.2.1
sudo ip netns exec qos ip r

 

Adding  a custom routing table which also has a default route, to be used for example with an OOB connection;

Show currenet routing tables;

cat /etc/iproute2/rt_tables

Add new routing table, ID 20 called "OOB";

echo "20 OOB" >> /etc/iproute2/rt_tables

Add the rest to /etc/rc.local or similar start up script:

# Bring up our secondary interface which is connected to the OOB network
/sbin/ip link set dev eth1 up

# Add the IP address to this interface
/sbin/ip addr add 192.0.2.10/24 dev eth1

# Add a default route on this interface in this custom IP routing table
/sbin/ip route add 0/0 via 192.0.2.254 table OOB
ip route show table OOB

# Add a rule to route any traffic that comes from our OOB IP to be routed according
# to the routes in the OOB routing table (which simply contains a default route, out via
# the same OOB network)
/sbin/ip rule add from 192.0.2.10 table OOB

^ Top

Previous page: 'iptables' - Notes
Next page: IPv6 Addressing on Linux