Policy Routing

From ImageStream Router Documentation

Revision as of 22:00, 14 December 2011 by Josh (Talk | contribs)
Jump to: navigation, search

Contents

Overview

Policy Routing is used for advanced control over network traffic.
No additional packages are required for use of Policy Routing

Configuration

Source IP Configuration

To configure Policy Routing, we will use the sample configuration below. In this example, we will have two ISPs called A and B. Each ISP is routing us a block of IP addresses, and these IP addresses need to leave out their respective ISPs:

!
interface Ethernet0
description ISP-A
ip address 192.168.5.2 255.255.255.252
!
interface Ethernet1
description ISP-B
ip address 172.16.6.2 255.255.255.252
!
interface Ethernet2
description Internal Network
#ISP-A Netblock
ip address 1.2.3.1 255.255.255.0
#ISP-B Netblock
ip address 10.20.30.1 255.255.255.0
!

We will route the 1.2.3.0/24 network through ISP-A and the 10.20.30.0/24 network through ISP-B.

!
#Rules for ISP-A
ip rule add from 192.168.5.0/30 table 100
ip rule add from 1.2.3.0/24 table 100
ip route add 192.168.5.0/30 dev eth0 table 100
ip route add 1.2.3.0/24 dev eth2 table 100
ip route add default via 192.168.5.1 table 100
#Rules for ISP-B
ip rule add from 172.16.6.0/30 table 200
ip rule add from 10.20.30.0/24 table 200
ip route add 172.16.6.0/30 dev eth1 table 200
ip route add 10.20.30.0/24 dev eth2 table 200
ip route add default via 172.16.6.1 table 200
#Router's default route for primary routing table
ip route add default via 192.168.5.1
!

In the above configuration, it would not be possible for the two internal networks to communicate. If you want them to be able to route between each other, you'll need to add an interface route to each of the tables. Those rules would look like this:

ip route add 10.20.30.0/24 dev eth2 table 100
ip route add 1.2.3.0/24 dev eth2 table 200

Interface Based Configuration

With the above example, can can specify policy routing based on interface as well.

!
ip rule add iif eth0 table 100
ip rule add iif eth1 table 200
!

With the above examples, all the traffic coming in the specified interfaces will use the tables listed. We can write rules in these tables to choose where the traffic will be routed to.

Documentation and futher reading

Personal tools
Router software releases