Rules in the routing policy database that control the route selection algorithm. Classic routing algorithms used in the Internet make routing decisions based only on the destination address of packets and in theory, but not in practice, on the Type of Service (TOS) field. In some circumstances we want to route packets differently depending not only on the destination addresses, but also on other packet fields such as source address, IP protocol, transport protocol ports or even packet payload. This task is called 'policy routing'. policy routing != routing policy policy routing = cunning routing routing policy = routing tactics or routing plan To solve this task the conventional destination based routing table, ordered according to the longest match rule, is replaced with the routing policy database or RPDB, which selects the appropriate route through execution of some set of rules. These rules may have many keys of different natures and therefore they have no natural ordering excepting that which is imposed by the network administrator. In Linux the RPDB is a linear list of rules ordered by a numeric priority value. The RPDB explicitly allows matching packet source address, packet destination address, TOS, incoming interface (which is packet meta-data, rather than a packet field), and using fwmark values for matching IP protocols and transport ports. Each routing policy rule consists of a selector and an action predicate. The RPDB is scanned in the order of increasing priority with the selector of each rule applied to the source address, destination address, incoming interface, TOS, and fwmark. If the selector matches the packet the action is performed. The action predicate may return success in which case the rule output provides either a route or a failure indication and RPDB lookup is then terminated. Otherwise, the RPDB program continues on to the next rule. What is the action semantically? The natural action is to select the nexthop and output device. This is the way a packet path route is selected by Cisco IOS, let us call it 'match & set'. In Linux the approach is more flexible as the action includes lookups in destination-based routing tables and selecting a route from these tables according to classic longest match algorithm. The 'match & set' approach then becomes the simplest case of Linux route selection realized when the second level routing table contains a single default route. Remember that Linux supports multiple routing tables managed with 'ip route' command. At startup the kernel configures a default RPDB consisting of three rules: Priority 0: Selector = match anything Action = lookup routing table local (ID 255). The table local is the special routing table containing high priority control routes for local and broadcast addresses. Rule 0 is special, it cannot be deleted or overridden. Priority 32766: Selector = match anything Action = lookup routing table main (ID 254) The table main is the normal routing table containing all non-policy routes. This rule may be deleted or overridden with other rules. Priority 32767: Selector = match anything Action = lookup routing table default (ID 253). The table default is empty and reserved for post-processing if previous default rules did not select the packet. This rule also may be deleted. Do not mix routing tables and rules. Rules point to routing tables, several rules may refer to one routing table and some routing tables may have no rules pointing to them. If you delete all the rules referring to a table then the table is not used but still exists. A routing table will disappear only after all the routes contained within it are deleted. Rule attributes: Each RPDB entry has additional attributes attached. Each rule has a pointer to some routing table. NAT and masquerading rules have the attribute to select a new IP address to translate/masquerade. Additionally rules have some of the optional attributes which routes have such as realms. These values do not override those contained in routing tables, they are used only if the route did not select any of those attributes.
Represents a list of plcm-network-routing-rule elements.
Name | Type | Description | Attributes |
---|---|---|---|
plcmNetworkRoutingRuleList | List of plcm-network-routing-rule | See Definition of plcm-network-routing-rule |
Name | Type | Description | Attributes |
---|---|---|---|
preference | xs:int | Preference (priority) of the rule | Mandatory |
rule-type | PlcmNetworkRouteType | The rule type which is used in the rule SELECTOR | |
device-name | DeviceName | The inbound interface name (iif) which is used in the rule SELECTOR | |
from-address | PlcmInetAddressPrefix | The FROM address prefix which is used in the rule SELECTOR | |
to-address | PlcmInetAddressPrefix | The TO address which is used in the rule SELECTOR | |
fwmark | xs:int | The Firewall Mark which is used in the rule SELECTOR | |
table-id | xs:int | The table in which to look up the route(s). | Mandatory |
type-of-service | PlcmNetworkTypeOfService | The Type of Service (TOS) which is used in the rule SELECTOR |
Name | Type | Restrictions |
---|---|---|
DeviceName | xs:string | Length of value must be >=0 Length of value must be <=32 |