http://www.itworld.com/networking/367760/unix-getting-here-there-routing-basics
You need to understanding routing tables if you're going to do any kind of network troubleshooting. Let's take a look at what Linux commands can tell you about how your system is making connections.
What is routing? It's the set of rules that govern how you make
connections to other systems. Any time you make a connection from one
system to another system -- whether you're sending email, transferring a
set of files or logging in with ssh -- you're routing. And, since most
connections aren't direct (in other words, they're travelling through
one or more system en route to the target), most of the time you're
going to be crossing a router -- or maybe a long series of routers -- to
get there.
To view the routing table on a Linux system, use the netstat -rn
command. The output of this command will tell you how connections you
initiate are going to be handled. The routing table on most Linux
systems will look something like this:
Destination -- where the
connections are headed. This can be a specific network, one particular
system or everything not covered by some other routing entry (i.e., the
default).
Gateway -- where those connections first have to go before being sent to the ultimate destination. This can be a local router or a "0.0.0.0" (no router involved) kind of entry.
Genmask -- the network mask that determines what systems are covered by your destination.
Flags -- indicators that tell you more about each routing table entry (e.g., whether it's a gateway).
MSS -- maximum segment size
Window -- size of packet that can be transmitted
irtt -- initial round trip time
Iface -- the network interface that is involved
For several of these settings, a size of 0 means that the default value is being used.
Now, let's examine this output line by line.
0.0.0.0 in this position in the routing table means your system will send packets directly to the target system (i.e., not through a router).
You can confirm that your system is, indeed, on the 192.168.0.0/24 network by running ifconfig.
The network mask or "Genmask" of
255.255.255.0 tells us that our address space for this route is
192.168.0.0/24. The use of 192.168.0.0 is not surprising for a small
LAN. It's one of the three internal IP ranges that anyone can use and
the one that is the one most commonly used on small routers. The
destination address of 192.168.0.0 with the 255.255.255.0 mask means any
address between 192.168.0.1 and 192.168.0.254 (i.e., the local network)
would be on the same LAN.
Flags can have various values, although the most commonly seen are U and G. Here they are with some of the other flags you might see.
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0The fields in this output are:
Gateway -- where those connections first have to go before being sent to the ultimate destination. This can be a local router or a "0.0.0.0" (no router involved) kind of entry.
Genmask -- the network mask that determines what systems are covered by your destination.
Flags -- indicators that tell you more about each routing table entry (e.g., whether it's a gateway).
MSS -- maximum segment size
Window -- size of packet that can be transmitted
irtt -- initial round trip time
Iface -- the network interface that is involved
For several of these settings, a size of 0 means that the default value is being used.
Now, let's examine this output line by line.
Line 1
First, 192.168.0.0 is the local network. How do you know this? Well, with a gateway of 0.0.0.0, connections clearly aren't going through another system.0.0.0.0 in this position in the routing table means your system will send packets directly to the target system (i.e., not through a router).
You can confirm that your system is, indeed, on the 192.168.0.0/24 network by running ifconfig.
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:35:69:BD:79
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe88::211:35aa:fe66:bd79/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64419467 errors:0 dropped:0 overruns:0 frame:1
TX packets:62220642 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4012707801 (3.7 GiB) TX bytes:382601808 (364.8 MiB)
Interrupt:217 Memory:fdef0000-fdf00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:433441 errors:0 dropped:0 overruns:0 frame:0
TX packets:433441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36036194 (34.3 MiB) TX bytes:36036194 (34.3 MiB)
The lo entry represents the loopback interface. If you have
additional network interfaces, you will need to add the -a option to
have them reported as well.Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ...Notice the netmask is 255.255.255.0. So, this is the route you will use for any connections to other systems on the same LAN. The interface, which is likely the only one of this system, is eth0. And the flag set to U tells you this route is up.
Flags can have various values, although the most commonly seen are U and G. Here they are with some of the other flags you might see.
- U - route is up
- H - target is a host (i.e., only that host can be reached through that route)
- G - route is to a gateway
- R - reinstate route for dynamic routing
- D - dynamically installed by daemon or redirect
- M - modified from routing daemon or redirect
- A - installed by addrconf
- C - cache entry
- !
- reject route
The 169.254.0.0 entry requires some explanation. This is a link-local address -- a special address defined in RFC 5735 for link-local addressing. Its appearance in your netstat output doesn't mean it's being used. It just shows up unless you take steps to remove it. A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses.
You can add NOZEROCONF=yes at the end of your /etc/sysconfig/network file to remove this additional route, though it does no harm being there.
0.0.0.0 is your default route. This is where connections are
routed whenever those connections aren't headed for the local network
segment or other specific routes. If you use the command netstat -r (without the -n option) , the word "default" will appear in place of 0.0.0.0. The -n option suppresses translation of addresses to symbolic names.
Think of the default route as "everywhere else". In this case, we can see that to connect to systems anywhere other than the local network, we have to go through 192.168.0.1. Most network admins will use the .1 address of each LAN for its router -- a very is a sensible convention.
So, if your connection is headed anywhere else, you need to go through the gateway listed in the second column -- generally your default router.
The flags for the default route line clearly include G, confirming that this is a router or "gateway".
The traceroute command does this by sending a number of echo request packets (like ping does) but with varying time-to-live (TTL) settings so that it can calculate the time that each hop requires. For example, for the first hop, the TTL is set to 1. For the second hop, it's set to 2, etc.
You can also specifically reject specific network connections using route commands.
Using a command such as this one, you would redirect connections to a system you don't want to permit to your loopback interface.
Managing routing configuration on Linux systems is relatively easy, but a good handle on what the basic commands can tell you and do for you is essential.
Line 2
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface ... 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 ...
The 169.254.0.0 entry requires some explanation. This is a link-local address -- a special address defined in RFC 5735 for link-local addressing. Its appearance in your netstat output doesn't mean it's being used. It just shows up unless you take steps to remove it. A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses.
You can add NOZEROCONF=yes at the end of your /etc/sysconfig/network file to remove this additional route, though it does no harm being there.
$ cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=vader.aacc.edu
Line 3
Destination Gateway Genmask Flags MSS Window irtt Iface ... 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default pix 0.0.0.0 UG 0 0 0 eth0This also shows the name of the gateway -- appearently a Cisco PIX router.
Think of the default route as "everywhere else". In this case, we can see that to connect to systems anywhere other than the local network, we have to go through 192.168.0.1. Most network admins will use the .1 address of each LAN for its router -- a very is a sensible convention.
So, if your connection is headed anywhere else, you need to go through the gateway listed in the second column -- generally your default router.
The flags for the default route line clearly include G, confirming that this is a router or "gateway".
Using traceroute
If you want to see the specific route that a connection might take and get an idea how well that route performs, then traceroute is the command to use. This command will display each hop that a connection might take and will show you how long each hop takes.The traceroute command does this by sending a number of echo request packets (like ping does) but with varying time-to-live (TTL) settings so that it can calculate the time that each hop requires. For example, for the first hop, the TTL is set to 1. For the second hop, it's set to 2, etc.
$ traceroute world.std.com
traceroute to world.std.com (192.74.137.5), 30 hops max, 40 byte packets
1 * * *
2 gig0-8.umcp-core.net.ums.edu (136.160.255.33) 2.634 ms 2.632 ms 2.610 ms
3 ten2-0.stpaul-core.net.ums.edu (136.160.255.198) 3.515 ms 3.508 ms 3.486 ms
4 te4-3.ccr01.bwi01.atlas.cogentco.com (38.104.12.17) 4.169 ms 4.163 ms 4.143
ms
5 te4-2.ccr01.phl01.atlas.cogentco.com (154.54.2.174) 6.268 ms 6.262 ms
te3-3.ccr01.phl01.atlas.cogentco.com (154.54.83.221) 6.950 ms
6 te0-0-0-19.mpd21.jfk02.atlas.cogentco.com (154.54.2.110) 9.835 ms
te0-0-0-7.ccr22.jfk02.atlas.cogentco.com (154.54.31.53) 8.937 ms 8.925 ms
7 te0-1-0-4.ccr22.bos01.atlas.cogentco.com (154.54.6.9) 14.768 ms
te0-2-0-6.ccr22.bos01.atlas.cogentco.com (154.54.44.58) 14.129 ms te0-1-0-
2.ccr21.bos01.atlas.cogentco.com (154.54.44.6) 14.740 ms
8 te4-1.mag01.bos01.atlas.cogentco.com (154.54.43.50) 14.450 ms
te7-1.mag02.bos01.atlas.cogentco.com (154.54.7.42) 13.859 ms
te4-1.mag01.bos01.atlas.cogentco.com
(154.54.43.50) 14.816 ms
9 vl3884.na31.b000502-0.bos01.atlas.cogentco.com (38.20.55.82) 18.336 ms 16.398
ms 16.699 ms
10 cogent.bos.ma.towerstream.com (38.104.186.82) 13.925 ms 13.840 ms 13.720 ms
11 g6-2.cr.bos1.ma.towerstream.com (64.119.143.81) 21.495 ms 15.647 ms 15.458 ms
12 69.38.149.18 (69.38.149.18) 33.680 ms 33.602 ms 33.419 ms
13 64.119.137.154 (64.119.137.154) 31.961 ms 30.079 ms *
14 world.std.com (192.74.137.5) 34.695 ms 34.698 ms 34.159 ms
The ping command is popularly used to test connectivity with a
remote system and verifies that you can (or can't) reach the remote
system.Route Caching
The route -Cn command displays routing cache information. This shows routes associated with active connections. Linux caches this information so that it can route packets faster.route -Cn Kernel IP routing cache Source Destination Gateway Flags Metric Ref Use Iface 192.168.0.3 192.168.0.6 192.168.0.6 il 0 0 13 lo 192.168.0.6 204.111.97.254 192.168.0.1 0 0 0 eth0 192.168.0.6 204.111.97.254 192.168.0.1 0 2 0 eth0 192.168.0.6 204.111.97.254 192.168.0.1 0 0 4 eth0 192.168.0.6 192.168.0.3 192.168.0.3 0 1 0 eth0 204.111.97.254 192.168.0.6 192.168.0.6 l 0 0 79 lo
Rejecting connections
You can also specifically reject specific network connections using route commands.
Using a command such as this one, you would redirect connections to a system you don't want to permit to your loopback interface.
# route add 66.55.44.33 gw 127.0.0.1 loTo reverse this, you would do this:
# route delete 66.55.44.33You could also do block connections to a particular system or subnet using a command such as these:
# route add -host 66.55.44.33 reject # route add -net 66.55.44.0/24 reject
Wrap Up
Managing routing configuration on Linux systems is relatively easy, but a good handle on what the basic commands can tell you and do for you is essential.
No comments:
Post a Comment