An introduction to Linux network routing
Image by: Opensource.com
Every computer attached to a network requires some type of routing instructions for network TCP/IP packets when they leave the local host. This is usually very straightforward because most network environments are very simple and there are only two options for departing packets. All packets are sent either to a device on the local network or to some other, remote network.
This article provides a very brief introduction to routing for Linux computers in simple environments.
Let’s be sure to define the “local” network as the logical and usually also the physical network in which the local host resides. Logically that means the local subnet in which the host is assigned one of the range of the local subnet’s IP addresses. Physically that means the host is connected to one or more switches that are also connected to the rest of the local network.
TCP/IP network model
Before we get into routing, it helps to understand a little bit about how packets find their way to the correct host on a network. The TCP/IP network model defines a five layer stack that describes the mechanisms necessary to move data packets from one host to another, whether that host is on the local network or halfway around the world. Each of the layers in the following description of this model is numbered and also contain the names of the data units that are handled by that layer.
Protocols Host 1 Host 2 Layer
===================================================================================
HTTP, SSH, +-------------+ +-------------+
SMTP, POP, | Application | | Application | Layer 5
IMAP, Telnet +-------------+ +-------------+
etc. | ∧
| |
∨ |
+-------------+ +-------------+
TCP and UDP | Transport | | Transport | Layer 4
+-------------+ +-------------+
| ∧
∨ |
+-------------+ +-------------+ +-------------+
IP | internet | | internet | | internet | Layer 3
+-------------+ +-------------+ +-------------+
| ∧ | ∧
∨ | ∨ |
+-------------+ +-------------+ +-------------+
Ethernet | Datalink | | Datalink | | Datalink | Layer 2
+-------------+ +-------------+ +-------------+
| ∧ | ∧
∨ | ∨ |
+-------------+ +-------------+ +-------------+
Fiber, copper | Host 1 |------>| Router |----->| Host 2 | Layer 1
NIC, etc. | Physical | | Physical | | Physical |
+-------------+ +-------------+ +-------------+
Figure 1: The TCP/IP network model
5. Application layer: Message This layer consists of the connection protocols required for various network applications to communicate, such as HTTP, DHCP, SSH, FTP, SMTP, IMAP, and others. When you request a web page from a remote web site, a connection request is sent to the web server and the response is sent back to your host at this layer and then your browser displays the web page in its window.
4. Transport layer: TCP segment. The transport layer provides end-to-end data transport and flow management services that are independent of the data and types of protocols being transported. It uses ports such as 80 for HTTP and 25 for SMTP to make connections between the local host and the remote host.
3. Internet layer: Packet. Packet routing is performed on the Internet layer. This layer is responsible for routing packets across two or more different networks in order to reach their final destination. This layer uses IP Addresses and the routing table to determine which device to send the packets to next. If sent to a router, each router is responsible for sending the data packets only to the next router in the series and not for mapping out the entire route from the local host to the target host. The Internet layer is mostly about routers talking to routers in order to determine the next router in the chain.
2. Data Link layer: Frame. The Link layer manages the direct connections between hardware hosts on a single, local, logical, physical network. This layer uses the Media Access Control (MAC) addresses embedded in the Network Interface Cards (NICs) to identify the physical devices attached to the local network. This layer cannot access hosts that are not on the local network.
1. Physical layer: Bits. This is the hardware layer and consists of the NICs and the physical Ethernet cable as well as the hardware level protocols used to transmit individual bits that make up the data frames between any two hosts or other network nodes that are locally connected.
A simple example
So what does that look like when a host is actually sending data on the network using the TCP/IP network model? Here is my own made-up description of how data are moved from one network to another. In this example, my computer is sending a request to a remote server for a web page.
- On the application layer, the browser initiates an HTTP connection request message to the remote host, www.example.com, to send back the data comprising the contents of a web page. This is the message, and it includes only the IP Address of the remote web server.
- The transport layer encapsulates the message containing the web page request in a TCP datagram with the IP address of the remote web server as the destination. Along with the original request packet, this packet now includes the source port from which the request will originate, usually a very high number random port, so that the return data knows which port the browser is listening on; and the destination port on the remote host, port 80 in this case.
- The Internet layer encapsulates the TCP datagram in a packet that also contains both the source and destination IP addresses.
- The data Link layer uses the Address Resolution Protocol (ARP) to identify the physical MAC address of the default router and encapsulates the Internet packet in a frame that includes both the source and destination MAC addresses.
- The frame is sent over the wire, usually CAT5 or CAT6, from the NIC on the local host to the NIC on the default router.
- The default router examines the datagram and determines the destination IP address. The router uses its own routing table to identify the IP address of the next router that will take the frame onto the next step of its journey. The router then re-encapsulates the frame in a new datagram that contains its own MAC as the source and the MAC address of the next router and then sends it on through the appropriate interface. The router performs its routing task at layer 3, the Internet layer.
Note that switches are invisible to all protocols at layers two and above, so they do not affect the transmission of data in any logical manner. The function of switches is merely to provide a simple means to connect multiple hosts into a single physical network via lengths of Ethernet cable.
You can use the arp [-n] command to view all of the MAC addresses that your host has stored in its arp table. These are always hosts on the local network.
The routing table
All network devices, whether they are hosts, routers, or other types of network nodes such as network attached printers, need to make decisions about where to route TCP/IP data packets. The routing table provides the configuration information required to make those decisions.A routing table similar to the very simple one in Figure 1 is used to define the single route available to a typical local host and to determine whether to send packets to the default gateway router. The route -n command lists the routing table; the -n option displays the results as IP addresses only and does not attempt to perform a DNS lookup which would replace the IP address with hostnames if they are available. The netstat -rn command produces very similar results.
root@host1:/etc# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 100 0 0 enp0s3
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3Figure 2: A simple routing table.
The default gateway is always shown with the destination 0.0.0.0 when the -n option is used. If -n is not used, the word “Default” appears in the Destination column of the output. The IP address in the Gateway column is that of the outbound gateway router. The netmask of 0.0.0.0 for the default gateway means that any packet not addressed to the local network or another outbound router by additional entries in the routing table are to be sent to the default gateway regardless of the network class.
The Iface (Interface) column in Figure 1 is the name of the outbound NIC, in this case, eno1. For hosts that are acting as routers, there will likely be at least two and sometimes more NICs used. Each NIC used as a route will be connected to a different physical and logical network. The flags in the Flag column indicate that the route is Up (U) and which is the default Gateway (G). Other flags may also be present.
Routing decisions are fairly simple for most hosts:
- If the destination host is on the local network, send the data directly to the destination host.
- If the destination host is on a remote network that is reachable via a local gateway listed in the routing table, send it to the explicitly defined gateway.
- If the destination host is on a remote network, and there is no other entry that defines a route to that host, send the data to the default gateway.
These rules simply mean that if all else fails because there is no match, send the packet to the default gateway.
The routing table in Figure 3 is a bit more complex because it belongs to a Linux host acting as a router that connects to three networks, one of which leads to the Internet. The local class C networks, 192.168.0.0/24 on interface eth1, 192.168.25.0/24 on eth2, each have entries in the table, as well as the default route that leads to the rest of the world on eth0.
[root@host2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 45.20.209.46 0.0.0.0 UG 101 0 0 enp4s0
45.20.209.40 0.0.0.0 255.255.255.248 U 101 0 0 enp4s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp2s0
192.168.10.0 0.0.0.0 255.255.255.0 U 102 0 0 enp1s0Figure 3: A more complex routing table with multiple networks.
Note that there is still only one default gateway, on interface enp4s0. However, in addition to the default route entry that points directly to the LAN side IP address of the router, there is also an entry for the 45.20.209.40/29 network as a whole. That network contains six usable IP addresses, with one for the network Address, one for the host acting as the router, and one for the broadcast address. You can see this in Figure 4 using the sipcalc command.
# sipcalc 45.20.209.41/29
-[ipv4 : 45.20.209.41/29] - 0
[CIDR]
Host address - 45.20.209.41
Host address (decimal) - 756338985
Host address (hex) - 2D14D129
Network address - 45.20.209.40
Network mask - 255.255.255.248
Network mask (bits) - 29
Network mask (hex) - FFFFFFF8
Broadcast address - 45.20.209.47
Cisco wildcard - 0.0.0.7
Addresses in network - 8
Network range - 45.20.209.40 - 45.20.209.47
Usable range - 45.20.209.41 - 45.20.209.46
-Figure 4: The sipcalc command displays a complete description of the specified network.
Routing configuration
So how does the routing table get configured? For hosts connected to the network using DHCP, the DHCP server provides that configuration information for the default route along with DNS, the hosts IP address, and possibly other information such as the IP address for an NTP server. For static configurations, it is usually simple, but it can be a bit more complicated sometimes.
In most cases, adding the default route to the Network Manager Connection file causes the network to configure the default route in the routing table. That entry looks like the sample in Figure 5. The NetworkManager Connection file “address1” line contains the local host IP address and the address for the default gateway.
# cat enp4s0.nmconnection
[connection]
id=enp4s0
uuid=fa2117dd-6c7a-44e0-9c9d-9c662716a352
type=ethernet
[ethernet]
mac-address=84:16:F9:04:44:03
[ipv4]
address1=45.20.209.41/29,45.20.209.46
dns=192.168.0.52;8.8.8.8;8.8.4.4;
ignore-auto-dns=true
method=manual
[ipv6]
addr-gen-mode=eui64
method=ignore
[proxy]Figure 5: The NetworkManager Connection file “address1” line contains the local host IP address and the address for the default gateway.
In the historical past, the default gateway could be configured in one of two ways. It could be configured using the network file or to add it to the appropriate interface configuration file in /etc/sysconfig/network-scripts directory. These methods are now obsolete.
The route configured in the address1 line of the NetworkManager Connection file in Figure 5 defines the default route for a multi-homed1 host. NM Connection files for Network Interface Cards (NICs) that are not the default gateway do not include the gateway IP address in the address1 line. Those other networks will have lines in the routing table as seen in Figure 3.
Final Thoughts
There can be a lot more to routing than shown in these fairly simple examples which are quite common. The information here should get you started. For more complex environments, you can refer to TCP/IP Network Administration Third Edition,by Craig Hunt. You should also refer to your distribution’s documentation for more information. For rpm-based distributions like RHEL, Fedora, and CentOS, the Red Hat Enterprise Linux 7 deployment guide is a good reference.
- The term Multi-Homed means a host that is connected to multiple networks and thus requires multiple network interface cards (NICs). ↩︎
More Stories
How to upgrade your Fedora Linux system to the latest release with DNF system-upgrade
Upgrading any operating system to a new release version can be time-consuming and fraught with problems. Fedora 40 was released very recently and I used these easy steps to upgrade all twelve of my home systems. It was easy and all went well.
Ansible #2 How to create an Ansible Playbook
In this introduction to Playbook creation, we examine a play that manages updates for a local Ansible controller machine.
Open Source and Music Playback
For me at least, music is an indispensable part of my day; much more so than streaming video or television....
3 things that matter most for a project management tool
Our daily professional lives involve recognizing, prioritizing, and completing tasks. These tasks comprise the larger projects and initiatives that drive company and business success. When you think about it this way, the project management tool and system you choose at work, for yourself or your team, is critical.
Seven Linux commands just for fun
Linux was developed by fun-loving people who created an array of fun and even comical commands. Try playing around with these yourself when you want a smile.
Extend the life of your Linux SSD drive with fstrim
SSDs have benefits like silent and cooler operation and a faster interface spec, compared to their elder spinning ancestors. Of course, new technology brings with it new methods of maintenance and management. SSDs have a feature to reclaim unused blocks on the device.
