Context Navigation

← Previous Change
Wiki History
Next Change →

iproute

Timestamp:: Jun 26, 2009 11:30:37 PM (15 years ago)
Author:: mitty
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

TipAndDoc/VM/network/iproute

                       v1
+[[PageOutline]]
+ = iproute2 =
+ * see wiki:TipAndDoc/network/iproute
+ * [../#networkmap] のネットワークを使用
+ = centos-inner =
+ * パケットの往路と復路が異なってしまう問題への対応
+   * see [../route#imperfect]
+ == 設定前 ==
+ * centos-inner ~]$ route
+{{{
+Kernel IP routing table
+Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
+.168.50.0    *               255.255.255.0   U     0      0        0 eth0
+.2.0.0        *               255.255.0.0     U     0      0        0 eth2
+.0.0.0        10.1.0.254      255.255.0.0     UG    0      0        0 eth1
+.1.0.0        *               255.255.0.0     U     0      0        0 eth1
+.254.0.0     *               255.255.0.0     U     0      0        0 eth2
+default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
+}}}
+   * 10.0.0.0/16のルートについては設定済み
+ * centos-inner ~]$ ip route
+{{{
+.168.50.0/24 dev eth0  proto kernel  scope link  src 192.168.50.110
+.2.0.0/16 dev eth2  proto kernel  scope link  src 10.2.0.110
+.0.0.0/16 via 10.1.0.254 dev eth1
+.1.0.0/16 dev eth1  proto kernel  scope link  src 10.1.0.110
+.254.0.0/16 dev eth2  scope link
+default via 192.168.50.1 dev eth0
+}}}
+   * centos-inner ~]$ ip route show dev eth0
+{{{
+.168.50.0/24  proto kernel  scope link  src 192.168.50.110
+default via 192.168.50.1
+}}}
+   * centos-inner ~]$ ip route show dev eth1
+{{{
+.0.0.0/16 via 10.1.0.254
+.1.0.0/16  proto kernel  scope link  src 10.1.0.110
+}}}
+   * centos-inner ~]$ ip route show dev eth2
+{{{
+.2.0.0/16  proto kernel  scope link  src 10.2.0.110
+.254.0.0/16  scope link
+}}}
+ * centos-inner ~]$ ip rule
+{{{
+:      from all lookup 255
+:  from all lookup main
+:  from all lookup default
+}}}
+ * centos-outer <=(router)=> centos-inner
+ * centos-outer ~]$ ping 10.2.0.110 -c 1
+. centos-outer:eth1
+. ubuntu-router:eth0
+. ubuntu-router:eth2
+{{{
+:18:03.739868 IP 10.0.0.20 > 10.2.0.110: ICMP echo request, id 31500, seq 1, length 64
+}}}
+. centos-inner:eth2
+{{{
+:18:03.794897 IP 10.0.0.20 > 10.2.0.110: ICMP echo request, id 31500, seq 1, length 64
+}}}
+. centos-inner:eth1
+{{{
+:18:03.795150 IP 10.2.0.110 > 10.0.0.20: ICMP echo reply, id 31500, seq 1, length 64
+}}}
+. ubuntu-router:eth1
+{{{
+:18:03.741063 IP 10.2.0.110 > 10.0.0.20: ICMP echo reply, id 31500, seq 1, length 64
+}}}
+. ubuntu-router:eth0
+. centos-outer:eth1
+ == 設定 ==
+ * routing table 設定
+. centos-inner ~]$ sudo ip route add default via 10.1.0.254 table 1
+. centos-inner ~]$ sudo ip route add default via 10.2.0.254 table 2
+ * routing policy 設定
+. centos-inner ~]$ sudo ip rule add from 10.1.0.110 table 1 prio 1
+. centos-inner ~]$ sudo ip rule add from 10.2.0.110 table 2 prio 2
+ * routing policy に関しては、centos-innerはeth1とeth2でネットワークが分かれているので以下のような設定でも良い
+. centos-inner ~]$ sudo ip rule add from 10.1.0.0/16 table 1 prio 1
+. centos-inner ~]$ sudo ip rule add from 10.2.0.0/16 table 2 prio 2
+   * centos-inner ~]$ ip rule
+{{{
+:      from all lookup 255
+:      from 10.1.0.0/16 lookup 1
+:      from 10.2.0.0/16 lookup 2
+:  from all lookup main
+:  from all lookup default
+}}}
+ === 反映 ===
+ * ip route list table main
+{{{
+.168.50.0/24 dev eth0  proto kernel  scope link  src 192.168.50.110
+.2.0.0/16 dev eth2  proto kernel  scope link  src 10.2.0.110
+.0.0.0/16 via 10.1.0.254 dev eth1
+.1.0.0/16 dev eth1  proto kernel  scope link  src 10.1.0.110
+.254.0.0/16 dev eth2  scope link
+default via 192.168.50.1 dev eth0
+}}}
+   * main(default)のtableには変化無し
+ * ip route list table 1
+{{{
+default via 10.1.0.254 dev eth1
+}}}
+ * ip route list table 2
+{{{
+default via 10.2.0.254 dev eth2
+}}}
+ * ip rule
+{{{
+:      from all lookup 255
+:      from 10.1.0.110 lookup 1
+:      from 10.2.0.110 lookup 2
+:  from all lookup main
+:  from all lookup default
+}}}
+ == 結果 ==
+ * eth1(10.1.0.110)に入ってきたパケットはeth1から、eth2(10.2.0.110)に入ってきたパケットはeth2から送出されるようになる。
+ * centos-outer ~]$ ping 10.2.0.110 -c 1
+. centos-outer:eth1
+. ubuntu-router:eth0
+. ubuntu-router:eth2
+{{{
+:09:25.667375 IP 10.0.0.20 > 10.2.0.110: ICMP echo request, id 22028, seq 1, length 64
+:09:25.668310 IP 10.2.0.110 > 10.0.0.20: ICMP echo reply, id 22028, seq 1, length 64
+}}}
+. centos-inner:eth2
+{{{
+:09:25.682422 IP 10.0.0.20 > 10.2.0.110: ICMP echo request, id 22028, seq 1, length 64
+:09:25.682547 IP 10.2.0.110 > 10.0.0.20: ICMP echo reply, id 22028, seq 1, length 64
+}}}
+ * centos-outer ~]$ ping 10.1.0.110 -c 1
+. centos-outer:eth1
+. ubuntu-router:eth0
+. ubuntu-router:eth1
+{{{
+:12:29.065247 IP 10.0.0.20 > 10.1.0.110: ICMP echo request, id 25356, seq 1, length 64
+:12:29.075733 IP 10.1.0.110 > 10.0.0.20: ICMP echo reply, id 25356, seq 1, length 64
+}}}
+. centos-inner:eth1
+{{{
+:12:29.111101 IP 10.0.0.20 > 10.1.0.110: ICMP echo request, id 25356, seq 1, length 64
+:12:29.116137 IP 10.1.0.110 > 10.0.0.20: ICMP echo reply, id 25356, seq 1, length 64
+}}}
+ = 補足 =
+ * ルールを削除する場合は、table あるいは priority を指定して削除する
+{{{
+:      from all lookup 255
+:      from 10.1.0.110 lookup 1
+:      from 10.2.0.110 lookup 2
+:  from all lookup main
+:  from all lookup default
+}}}
+   * sudo ip rule del table 1
+   * sudo ip rule del prio 1
+ * priority は現在のところ省略可能
+   * sudo ip rule add from 10.1.0.110 table 1
+   * ip rule
+{{{
+:      from all lookup 255
+:  from 10.1.0.110 lookup 1
+:  from all lookup main
+:  from all lookup default
+}}}
+ * attachment:ip-cref.pdf:wiki:TipAndDoc/network/iproute p.38
+  Really, for historical reasons '''ip rule add''' does not require a priority value and
+  allows them to be non-unique. If the user does not supplied a priority, it is selected
+  by the kernel. If the user creates a rule with a priority value that already exists, the
+  kernel does not reject the request. It adds the new rule before all old rules of the same
+  priority.
+  It is mistake in design, no more. And it will be fixed one day, so do not rely on this
+  feature. Use explicit priorities.
+ * prio(priorityの省略形)の代わりに、preferも使える模様
+   * sudo ip rule add from 10.1.0.110 table 1 prefer 1
+   * ip rule
+{{{
+:      from all lookup 255
+:      from 10.1.0.110 lookup 1
+:  from all lookup main
+:  from all lookup default
+}}}
+[mitty@centos-inner ~]$
+[mitty@centos-inner ~]$ ip rule
+:      from all lookup 255
+:  from all lookup main
+:  from all lookup default
+ * routing table はキャッシュされるので、すぐに反映されない場合がある
+   * cacheの確認 => ip route show cache
+   * cacheの破棄 => sudo ip route flush cache
+ * attachment:ip-cref.pdf:wiki:TipAndDoc/network/iproute p.38
+  Warning: Changes to the RPDB made with these commands do not become active
+  immediately. It is assumed that after a script finishes a batch of updates, it flushes
+  the routing cache with '''ip route flush cache'''.