Routing in Linux

In Internet, the Internet Protocol (IP) is at the Network Layer, which is the third layer of the ISO reference model of network architecture. IP deals with IP packets or datagrams, which are the basic transfer units in the Internet and the higher level protocols like UDP and TCP are built on top of IP datagrams. An IP datagram contains the source and destination IP addresses along with the data and other fields. Internet is a packet switching data network and a key issue, in the IP, is the routing of datagrams. An IP datagram travels from the source to the destination IP address. Since the source and destination IP addresses might well be on different networks which could be geographically distant, a datagram travels between many routers, bridges, firewalls, switches and other hosts before it reaches its destination. Given its destination IP address, a decision needs to be taken at the source and also at various routers in between, where to send it next so that given IP datagram progresses towards its destination. This is indeed the problem of routing which is faced by the hosts.

The kernel keeps a table called the Kernel IP Routing Table which contains a list of routes for forwarding the IP packets on each network interface. There are commands to view and modify the Routing Table entries. In this post, we will look at these commands for Linux systems.

Printing the Routing Table

The route command prints the Routing Table.

$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 100 0 0 wlan0 link-local * 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0

In the above output, there are four routes. The Destination column gives the destination network or host. The next column, Gateway, is for the gateway IP address. If no IP address for a gateway is set, * is displayed and there is direct connectivity with the host(s) and the MAC address for sending an IP packet has to be found using the Address Resolution Protocol, ARP. The Genmask column gives the netmask for the destination. The next column gives the flags. Some of the flags are, U for the route being up, G for using gateway, H for target being a host, C for cache entry and ! for rejecting the route. The Metric column gives the distance to the target, counted in hops. Ref is the number of references to this route. Both Metric and Ref are not used by the Linux kernel. Use is number of lookups for this route. Iface is the network interface to which datagrams on this route would be sent.

The packets are sent as per the most specific relevant route in the Routing Table for the destination IP address in the datagram. If the specific routes are do not match the destination IP address in the datagram, like, for example in the above table, a datagram destined for an external host on Internet, the packet is sent as per the default route.

-n

The -n option prints the numerical addresses instead of the symbolic host names. For example, the above mentioned Routing Table with the -n option prints like this.

$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

In the first row, the destination and genmask 0.0.0.0 indicate the default route. A 0.0.0.0 for gateway in the last three rows indicates that the gateway has not been set and the MAC address for sending an IP packet has to be found using the Address Resolution Protocol, ARP.

EXAMPLES

route del

Suppose we wish to delete the route to the network 192.168.2.0 and also the default route.

$ sudo route del -net 192.168.2.0 netmask 255.255.255.0 eth0 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 $ sudo route del default $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0

route add

Adding the default route,,

$ sudo route add default gw 192.168.1.1 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0

Since our network 192.168.1.0 is accessed via the interface wlan0, route infers that the gateway 192.168.1.1 must also be accessed using the interface wlan0. Adding the route to network 192.168.2.0,

$ sudo route add -net 192.168.2.0 netmask 255.255.255.0 eth0 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Suppose we wish to change the interface for network 169.254.0.0 from eth0 to wlan0.

$ sudo route del -net 169.254.0.0 netmask 255.255.0.0 eth0 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 $ sudo route add -net 169.254.0.0 netmask 255.255.0.0 wlan0 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

And, if we wish to block a particular host, say 192.168.2.179, the command is,

$ sudo route add -host 192.168.2.179 reject $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.179 - 255.255.255.255 !H 0 - 0 -

In the route for destination 192.168.2.179, the flags H and ! indicate that the destination is a host and that the route is a reject route. Moving from specific to general, let's look at the command to block the entire 192.168.2.0 network. First we delete the reject route for 192.168.2.179.

$ sudo route del -host 192.168.2.179 reject $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 $ sudo route add -net 192.168.2.0 netmask 255.255.255.0 reject $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 - 255.255.255.0 ! 0 - 0 - 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

The Routing Table, described above, is actually based on the kernels's data structure, Forwarding Information Base, or, FIB. The kernel keeps another routing data structure, the Routing Cache.

Routing Cache

Linux keeps the routes of established connections in the Routing Cache. This way, it does not have to work out routes for each and every datagram. It first uses the Routing Cache, and if there is a miss in the cache, it goes for a look up in the Routing Table. The command for printing the Routing Cache is,

$ route -C -n Kernel IP routing cache Source Destination Gateway Flags Metric Ref Use Iface 192.168.1.103 74.125.128.102 192.168.1.1 0 0 0 wlan0 192.168.2.179 173.222.18.110 192.168.1.1 i 0 0 20 wlan0 192.168.1.103 199.59.148.87 192.168.1.1 0 0 12 wlan0 192.168.2.179 173.222.31.144 192.168.1.1 i 0 0 62 wlan0 192.168.2.179 122.169.123.97 192.168.1.1 i 0 0 68 wlan0 184.25.160.74 192.168.2.179 192.168.2.179 0 0 11 eth0 74.125.128.138 192.168.1.103 192.168.1.103 l 0 0 17 lo 122.160.120.57 192.168.1.103 192.168.1.103 l 0 0 23 lo 216.178.47.37 192.168.2.179 192.168.2.179 0 0 13 eth0 192.168.2.179 173.194.36.6 192.168.1.1 i 0 0 16 wlan0 184.73.187.64 192.168.2.179 192.168.2.179 0 0 19 eth0 ....

The Use column gives the count for number of look ups for a route. In this case, it is the number of cache hits. Similarly, since the Routing Table is looked up in case of a cache miss, the Use column of the command route -n output gives the number of cache misses for a route. In the Flags column, l (ell) indicates a local route where the destination interface is on this computer. Also, the flag i (eye) indicates a case where the loopback interface has been used for some purpose other than interfacing with the loopback network. In this case, this computer is working as a router, forwarding packets from the host 192.168.2.179 to the destination addresses.

Software: