Unix: Getting from here to there (routing basics)

You need to understanding routing tables if you're going to do any kind of network troubleshooting. Let's take a look at what Linux commands can tell you about how your system is making connections.

What is routing? It's the set of rules that govern how you make connections to other systems. Any time you make a connection from one system to another system -- whether you're sending email, transferring a set of files or logging in with ssh -- you're routing. And, since most connections aren't direct (in other words, they're travelling through one or more system en route to the target), most of the time you're going to be crossing a router -- or maybe a long series of routers -- to get there. To view the routing table on a Linux system, use the netstat -rn command. The output of this command will tell you how connections you initiate are going to be handled. The routing table on most Linux systems will look something like this:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

The fields in this output are: Destination -- where the connections are headed. This can be a specific network, one particular system or everything not covered by some other routing entry (i.e., the default). Gateway -- where those connections first have to go before being sent to the ultimate destination. This can be a local router or a "0.0.0.0" (no router involved) kind of entry. Genmask -- the network mask that determines what systems are covered by your destination. Flags -- indicators that tell you more about each routing table entry (e.g., whether it's a gateway). MSS -- maximum segment size Window -- size of packet that can be transmitted irtt -- initial round trip time Iface -- the network interface that is involved For several of these settings, a size of 0 means that the default value is being used. Now, let's examine this output line by line.

Line 1

First, 192.168.0.0 is the local network. How do you know this? Well, with a gateway of 0.0.0.0, connections clearly aren't going through another system. 0.0.0.0 in this position in the routing table means your system will send packets directly to the target system (i.e., not through a router). You can confirm that your system is, indeed, on the 192.168.0.0/24 network by running ifconfig.

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:35:69:BD:79
          inet addr:<b>192.168.0.11</b>  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe88::211:35aa:fe66:bd79/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64419467 errors:0 dropped:0 overruns:0 frame:1
          TX packets:62220642 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4012707801 (3.7 GiB)  TX bytes:382601808 (364.8 MiB)
          Interrupt:217 Memory:fdef0000-fdf00000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:433441 errors:0 dropped:0 overruns:0 frame:0
          TX packets:433441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36036194 (34.3 MiB)  TX bytes:36036194 (34.3 MiB)

The lo entry represents the loopback interface. If you have additional network interfaces, you will need to add the -a option to have them reported as well. The network mask or "Genmask" of 255.255.255.0 tells us that our address space for this route is 192.168.0.0/24. The use of 192.168.0.0 is not surprising for a small LAN. It's one of the three internal IP ranges that anyone can use and the one that is the one most commonly used on small routers. The destination address of 192.168.0.0 with the 255.255.255.0 mask means any address between 192.168.0.1 and 192.168.0.254 (i.e., the local network) would be on the same LAN.

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
...

Notice the netmask is 255.255.255.0. So, this is the route you will use for any connections to other systems on the same LAN. The interface, which is likely the only one of this system, is eth0. And the flag set to U tells you this route is up. Flags can have various values, although the most commonly seen are U and G. Here they are with some of the other flags you might see.

  • U - route is up
  • H - target is a host (i.e., only that host can be reached through that route)
  • G - route is to a gateway
  • R - reinstate route for dynamic routing
  • D - dynamically installed by daemon or redirect
  • M - modified from routing daemon or redirect
  • A - installed by addrconf
  • C - cache entry
  • ! - reject route

Line 2

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
...
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
...

The 169.254.0.0 entry requires some explanation. This is a link-local address -- a special address defined in RFC 5735 for link-local addressing. Its appearance in your netstat output doesn't mean it's being used. It just shows up unless you take steps to remove it. A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses. You can add NOZEROCONF=yes at the end of your /etc/sysconfig/network file to remove this additional route, though it does no harm being there.

$ cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=vader.aacc.edu

Line 3

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
...
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

0.0.0.0 is your default route. This is where connections are routed whenever those connections aren't headed for the local network segment or other specific routes. If you use the command netstat -r (without the -n option) , the word "default" will appear in place of 0.0.0.0. The -n option suppresses translation of addresses to symbolic names.

$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
169.254.0.0     *               255.255.0.0     U         0 0          0 eth0
<b>default</b>         pix             0.0.0.0         UG        0 0          0 eth0

This also shows the name of the gateway -- appearently a Cisco PIX router. Think of the default route as "everywhere else". In this case, we can see that to connect to systems anywhere other than the local network, we have to go through 192.168.0.1. Most network admins will use the .1 address of each LAN for its router -- a very is a sensible convention. So, if your connection is headed anywhere else, you need to go through the gateway listed in the second column -- generally your default router. The flags for the default route line clearly include G, confirming that this is a router or "gateway".

Using traceroute

If you want to see the specific route that a connection might take and get an idea how well that route performs, then traceroute is the command to use. This command will display each hop that a connection might take and will show you how long each hop takes. The traceroute command does this by sending a number of echo request packets (like ping does) but with varying time-to-live (TTL) settings so that it can calculate the time that each hop requires. For example, for the first hop, the TTL is set to 1. For the second hop, it's set to 2, etc.

$ traceroute world.std.com
traceroute to world.std.com (192.74.137.5), 30 hops max, 40 byte packets
 1  * * *
 2  gig0-8.umcp-core.net.ums.edu (136.160.255.33)  2.634 ms  2.632 ms  2.610 ms
 3  ten2-0.stpaul-core.net.ums.edu (136.160.255.198)  3.515 ms  3.508 ms  3.486 ms
 4  te4-3.ccr01.bwi01.atlas.cogentco.com (38.104.12.17)  4.169 ms  4.163 ms  4.143
     ms
 5  te4-2.ccr01.phl01.atlas.cogentco.com (154.54.2.174)  6.268 ms  6.262 ms 
     te3-3.ccr01.phl01.atlas.cogentco.com (154.54.83.221)  6.950 ms
 6  te0-0-0-19.mpd21.jfk02.atlas.cogentco.com (154.54.2.110)  9.835 ms 
     te0-0-0-7.ccr22.jfk02.atlas.cogentco.com (154.54.31.53)  8.937 ms  8.925 ms
 7  te0-1-0-4.ccr22.bos01.atlas.cogentco.com (154.54.6.9)  14.768 ms 
     te0-2-0-6.ccr22.bos01.atlas.cogentco.com (154.54.44.58)  14.129 ms te0-1-0-    
     2.ccr21.bos01.atlas.cogentco.com (154.54.44.6)  14.740 ms
 8  te4-1.mag01.bos01.atlas.cogentco.com (154.54.43.50)  14.450 ms 
     te7-1.mag02.bos01.atlas.cogentco.com (154.54.7.42)  13.859 ms  
     te4-1.mag01.bos01.atlas.cogentco.com     
     (154.54.43.50)  14.816 ms
 9  vl3884.na31.b000502-0.bos01.atlas.cogentco.com (38.20.55.82)  18.336 ms  16.398
     ms  16.699 ms
10  cogent.bos.ma.towerstream.com (38.104.186.82)  13.925 ms  13.840 ms  13.720 ms
11  g6-2.cr.bos1.ma.towerstream.com (64.119.143.81)  21.495 ms  15.647 ms  15.458 ms
12  69.38.149.18 (69.38.149.18)  33.680 ms  33.602 ms  33.419 ms
13  64.119.137.154 (64.119.137.154)  31.961 ms  30.079 ms *
14  world.std.com (192.74.137.5)  34.695 ms  34.698 ms  34.159 ms

The ping command is popularly used to test connectivity with a remote system and verifies that you can (or can't) reach the remote system.

Route Caching

The route -Cn command displays routing cache information. This shows routes associated with active connections. Linux caches this information so that it can route packets faster.

route -Cn
Kernel IP routing cache
Source          Destination     Gateway         Flags Metric Ref    Use Iface
192.168.0.3     192.168.0.6     192.168.0.6     il    0      0       13 lo
192.168.0.6     204.111.97.254  192.168.0.1           0      0        0 eth0
192.168.0.6     204.111.97.254  192.168.0.1           0      2        0 eth0
192.168.0.6     204.111.97.254  192.168.0.1           0      0        4 eth0
192.168.0.6     192.168.0.3     192.168.0.3           0      1        0 eth0
204.111.97.254  192.168.0.6     192.168.0.6     l     0      0       79 lo

Rejecting connections

You can also specifically reject specific network connections using route commands. Using a command such as this one, you would redirect connections to a system you don't want to permit to your loopback interface.

# route add 66.55.44.33 gw 127.0.0.1 lo

To reverse this, you would do this:

# route delete 66.55.44.33

You could also do block connections to a particular system or subnet using a command such as these:

# route add -host 66.55.44.33 reject
# route add -net 66.55.44.0/24 reject

Wrap Up

Managing routing configuration on Linux systems is relatively easy, but a good handle on what the basic commands can tell you and do for you is essential.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies