My Wiki!

Table of Contents

Network routing scenarios

1. Source routing

Scenario: hosts have multiple iterfaces. One has pub IP and links to default gw with higher prio. One has private IP and communicates in pirvate subnet. But all traffics go through the public interface.

1.1 Solution Source routing?

Delete old route if exists 

ip route del default via 192.168.179.224 dev eth1

Add new rules

Create new routing table: 

echo 102 cvlan >> /etc/iproute2/rt_tables


ip rule add from <interface_IP> table cvlan priority 900
ip rule add from <interface_prefix/subnet> table cvlan priority 900

Add route to the gw

ip route add 192.168.179.224 dev eth1

Add default gw 

ip route add default via gateway_ip dev eth1 table cvlan

Add routing to attached subnet 

  
  ip route add <interface_prefix> dev <interface> proto static scope link src <interface_IP> table cvlan

Checking current setting 

ip route show dev eth1
ip route show dev eth1 tabile cvlan
ip a show dev eth1
ip route add default via gw_ip dev eth1 table cvlan

Not working 

  ip rule add from dev <interface> table isp2 priority 1000

1.2 Config with netplan

admin@c1-node-01:~$ cat /etc/netplan/51-eth1.yaml
network:
   version: 2
   renderer: networkd
   ethernets:
     ens3:
       dhcp4: no
       dhcp6: no
       accept-ra: no
       addresses: [81.94.xx.xx/28, "2a01:xxx:xxxx:xx::xx/64"]
       gateway4: 81.94.xx.xx
       gateway6: 2a01:xxx:xxxx:xx::x
       nameservers:
         addresses: [1.0.0.1]
     ens6:
       dhcp4: no
       dhcp6: no
       accept-ra: no
       addresses: [195.16.xxx.111/25]
       routes:
         - to: 195.16.xxx.x/25
           via: 195.16.xxx.gw
           table: 102
         - to: 0.0.0.0/0
           via: 195.16.xxx.gw
           table: 102
       routing-policy:
         - from: 195.16.xxx.111
           table: 102
         - to: 195.16.xxx.111
           table: 102

Example 

network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
     dhcp4: no
     dhcp6: no
     accept-ra: no
     addresses: [192.168.179.2/24]
     routes:
       - to: 192.168.179.0/24
         via: 192.168.179.224
         table: 102
       - to: default
         via: 192.168.179.224
         metric: 100
         table: 102
     routing-policy:
       - from: 192.168.179.2
         table: 102
       - to: 192.168.179.2
         table: 102
     nameservers:
       addresses: [8.8.8.8]

1.3 Useful tools

 ncat -e /bin/cat -k -u -l 1235

- e means it executes /bin/cat (to echo back what you type)

-k means keep-alive, that it keeps listening after each connection

-u means udp

-l 1235 means that it listens on port 1235


Trace: 0_tools_gap_analysis source_routing

Navigation