What is routing? It's the set of rules that govern how you make connections to other systems. Any time you make a connection from one system to another system -- whether you're sending email, transferring a set of files or logging in with ssh -- you're routing. And, since most connections aren't direct (in other words, they're travelling through one or more system en route to the target), most of the time you're going to be crossing a router -- or maybe a long series of routers -- to get there. To view the routing table on a Linux system, use the netstat -rn command. The output of this command will tell you how connections you initiate are going to be handled. The routing table on most Linux systems will look something like this:
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
The fields in this output are: Destination -- where the connections are headed. This can be a specific network, one particular system or everything not covered by some other routing entry (i.e., the default). Gateway -- where those connections first have to go before being sent to the ultimate destination. This can be a local router or a "0.0.0.0" (no router involved) kind of entry. Genmask -- the network mask that determines what systems are covered by your destination. Flags -- indicators that tell you more about each routing table entry (e.g., whether it's a gateway). MSS -- maximum segment size Window -- size of packet that can be transmitted irtt -- initial round trip time Iface -- the network interface that is involved For several of these settings, a size of 0 means that the default value is being used. Now, let's examine this output line by line.
First, 192.168.0.0 is the local network. How do you know this? Well, with a gateway of 0.0.0.0, connections clearly aren't going through another system. 0.0.0.0 in this position in the routing table means your system will send packets directly to the target system (i.e., not through a router). You can confirm that your system is, indeed, on the 192.168.0.0/24 network by running ifconfig.
$ ifconfig eth0 Link encap:Ethernet HWaddr 00:16:35:69:BD:79 inet addr:<b>192.168.0.11</b> Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe88::211:35aa:fe66:bd79/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64419467 errors:0 dropped:0 overruns:0 frame:1 TX packets:62220642 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4012707801 (3.7 GiB) TX bytes:382601808 (364.8 MiB) Interrupt:217 Memory:fdef0000-fdf00000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:433441 errors:0 dropped:0 overruns:0 frame:0 TX packets:433441 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:36036194 (34.3 MiB) TX bytes:36036194 (34.3 MiB)
The lo entry represents the loopback interface. If you have additional network interfaces, you will need to add the -a option to have them reported as well. The network mask or "Genmask" of 255.255.255.0 tells us that our address space for this route is 192.168.0.0/24. The use of 192.168.0.0 is not surprising for a small LAN. It's one of the three internal IP ranges that anyone can use and the one that is the one most commonly used on small routers. The destination address of 192.168.0.0 with the 255.255.255.0 mask means any address between 192.168.0.1 and 192.168.0.254 (i.e., the local network) would be on the same LAN.
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ...
Notice the netmask is 255.255.255.0. So, this is the route you will use for any connections to other systems on the same LAN. The interface, which is likely the only one of this system, is eth0. And the flag set to U tells you this route is up. Flags can have various values, although the most commonly seen are U and G. Here they are with some of the other flags you might see.
- U - route is up
- H - target is a host (i.e., only that host can be reached through that route)
- G - route is to a gateway
- R - reinstate route for dynamic routing
- D - dynamically installed by daemon or redirect
- M - modified from routing daemon or redirect
- A - installed by addrconf
- C - cache entry
- ! - reject route
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface ... 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 ...
The 169.254.0.0 entry requires some explanation. This is a link-local address -- a special address defined in RFC 5735 for link-local addressing. Its appearance in your netstat output doesn't mean it's being used. It just shows up unless you take steps to remove it. A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses. You can add NOZEROCONF=yes at the end of your /etc/sysconfig/network file to remove this additional route, though it does no harm being there.
$ cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=vader.aacc.edu
Destination Gateway Genmask Flags MSS Window irtt Iface ... 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 is your default route. This is where connections are routed whenever those connections aren't headed for the local network segment or other specific routes. If you use the command netstat -r (without the -n option) , the word "default" will appear in place of 0.0.0.0. The -n option suppresses translation of addresses to symbolic names.
$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 <b>default</b> pix 0.0.0.0 UG 0 0 0 eth0
This also shows the name of the gateway -- appearently a Cisco PIX router. Think of the default route as "everywhere else". In this case, we can see that to connect to systems anywhere other than the local network, we have to go through 192.168.0.1. Most network admins will use the .1 address of each LAN for its router -- a very is a sensible convention. So, if your connection is headed anywhere else, you need to go through the gateway listed in the second column -- generally your default router. The flags for the default route line clearly include G, confirming that this is a router or "gateway".
If you want to see the specific route that a connection might take and get an idea how well that route performs, then traceroute is the command to use. This command will display each hop that a connection might take and will show you how long each hop takes. The traceroute command does this by sending a number of echo request packets (like ping does) but with varying time-to-live (TTL) settings so that it can calculate the time that each hop requires. For example, for the first hop, the TTL is set to 1. For the second hop, it's set to 2, etc.
$ traceroute world.std.com traceroute to world.std.com (22.214.171.124), 30 hops max, 40 byte packets 1 * * * 2 gig0-8.umcp-core.net.ums.edu (126.96.36.199) 2.634 ms 2.632 ms 2.610 ms 3 ten2-0.stpaul-core.net.ums.edu (188.8.131.52) 3.515 ms 3.508 ms 3.486 ms 4 te4-3.ccr01.bwi01.atlas.cogentco.com (184.108.40.206) 4.169 ms 4.163 ms 4.143 ms 5 te4-2.ccr01.phl01.atlas.cogentco.com (220.127.116.11) 6.268 ms 6.262 ms te3-3.ccr01.phl01.atlas.cogentco.com (18.104.22.168) 6.950 ms 6 te0-0-0-19.mpd21.jfk02.atlas.cogentco.com (22.214.171.124) 9.835 ms te0-0-0-7.ccr22.jfk02.atlas.cogentco.com (126.96.36.199) 8.937 ms 8.925 ms 7 te0-1-0-4.ccr22.bos01.atlas.cogentco.com (188.8.131.52) 14.768 ms te0-2-0-6.ccr22.bos01.atlas.cogentco.com (184.108.40.206) 14.129 ms te0-1-0- 2.ccr21.bos01.atlas.cogentco.com (220.127.116.11) 14.740 ms 8 te4-1.mag01.bos01.atlas.cogentco.com (18.104.22.168) 14.450 ms te7-1.mag02.bos01.atlas.cogentco.com (22.214.171.124) 13.859 ms te4-1.mag01.bos01.atlas.cogentco.com (126.96.36.199) 14.816 ms 9 vl3884.na31.b000502-0.bos01.atlas.cogentco.com (188.8.131.52) 18.336 ms 16.398 ms 16.699 ms 10 cogent.bos.ma.towerstream.com (184.108.40.206) 13.925 ms 13.840 ms 13.720 ms 11 g6-2.cr.bos1.ma.towerstream.com (220.127.116.11) 21.495 ms 15.647 ms 15.458 ms 12 18.104.22.168 (22.214.171.124) 33.680 ms 33.602 ms 33.419 ms 13 126.96.36.199 (188.8.131.52) 31.961 ms 30.079 ms * 14 world.std.com (184.108.40.206) 34.695 ms 34.698 ms 34.159 ms
The ping command is popularly used to test connectivity with a remote system and verifies that you can (or can't) reach the remote system.
The route -Cn command displays routing cache information. This shows routes associated with active connections. Linux caches this information so that it can route packets faster.
route -Cn Kernel IP routing cache Source Destination Gateway Flags Metric Ref Use Iface 192.168.0.3 192.168.0.6 192.168.0.6 il 0 0 13 lo 192.168.0.6 220.127.116.11 192.168.0.1 0 0 0 eth0 192.168.0.6 18.104.22.168 192.168.0.1 0 2 0 eth0 192.168.0.6 22.214.171.124 192.168.0.1 0 0 4 eth0 192.168.0.6 192.168.0.3 192.168.0.3 0 1 0 eth0 126.96.36.199 192.168.0.6 192.168.0.6 l 0 0 79 lo
You can also specifically reject specific network connections using route commands. Using a command such as this one, you would redirect connections to a system you don't want to permit to your loopback interface.
# route add 188.8.131.52 gw 127.0.0.1 lo
To reverse this, you would do this:
# route delete 184.108.40.206
You could also do block connections to a particular system or subnet using a command such as these:
# route add -host 220.127.116.11 reject # route add -net 18.104.22.168/24 reject
Managing routing configuration on Linux systems is relatively easy, but a good handle on what the basic commands can tell you and do for you is essential.
Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.