Россия, Санкт-Петербург |
Configuring the local network
Routing
Looking back at our example network on page 294, we'll reconsider a problem we met there: when a system receives normal data packet, what does it do with it? There are four possibilities:
- If the packet is a broadcast packet, or if it’s addressed to one of its interface addresses, it delivers it locally.
- If it’s addressed to a system to which it has a direct connection, it sends it to that system.
- If it’s not addressed to a system to which it is directly connected, but it knows a system that knows what to do with the packet, it sends the packet to that system.
- If none of the above apply, it discards the packet.
These decisions are the basis of routing. The implementation performs them with the aid of a routing table, which tells the system which addresses are available where. We've already seen the net mask in Chapter 16, on page 290. We’ll see that it also plays a significant role in the routing decision. Table 17-1 shows a symbolic view of the routing table for gv.example.org. It looks very similar to the ifconfig output in the previous section:
- The first entry is the loopback entry: it shows that the local host can be reached by the interface lo0, which is the name for the loopback interface on all UNIX systems. Although this entry specifies a single host, the net mask allows for 16,276,778 hosts. The other addresses aren’t used.
- The second entry is for the local Ethernet. In this case, we have a direct connection, so we don't need to specify a gateway address. Due to the net mask 255.255.255.0, this entry accounts for all addresses from 223.147.37.0 to 223.147.37.255.
- This entry also emphasizes the difference between the output of ifconfig and the routing table. ifconfig shows the address of the interface, the address needed to reach our system. For the Ethernet interface, it's 223.147.37.5. The routing table shows the addresses that can be reached from this system, so it shows the base address of the Ethernet, 223.147.37.0.
The third entry represents the PPP interface. It is a host entry, like the loopback entry. This entry allows access to the other end of the PPP link only, so the net mask is set to 255.255.255.255 (only one system).
- Finally, the fourth entry is the big difference. It doesn’t have a counterpart in the ifconfig listing. It specifies how to reach any address not already accounted for—just about the whole Internet. In this case, it refers to the other end address of the PPP link.
And that's all there is to it! Well, sort of. In our example configuration, we're hidden in one corner of the Internet, and there's only one way out to the rest of the network. Things look different when you are connected to more than one network. On page 310 we'll look at the differences we need for the ISP example.net. In the middle of the Internet, things are even more extreme. There may be dozens of interfaces, and the choice of a route for a particular address may be much more complicated. In such an environment, two problems occur:
- The concept of a default route no longer has much significance. If each interface carries roughly equal traffic, you really need to specify the interface for each network or group of networks. As a result, the routing tables can become enormous.
- There are probably multiple ways to route packets destined for a specific system. Obviously, you should choose the best route. But what happens if it fails or becomes congested? Then it’s not the best route anymore. This kind of change happens frequently enough that humans can’t keep up with it—you need to run routing software to manage the routing table.
Adding routes automatically
FreeBSD comes with all the currently available routing software, primarily the daemon routed. The newer gated used to be included as well, but it is no longer available for free. It is available from http://www.nexthop.com/products/howto_order.shtml. An alternative in the Ports Collection is zebra.
All these daemons have one thing in common: you don't need them. At any rate, you don’t need them until you have at least two different connections to the Internet, and even then it’s not sure. As a result, we won’t discuss them here. If you do need to run routing daemons, read all about them in TCP/IP Network Administration, by Craig Hunt.
From our point of view, however, the routing protocols have one particular significance: the system expects the routing table to be updated automatically. As a result, it is designed to use the information supplied by the routing protocols to perform the update. This information consists of two parts:
- The address and net mask of the network (in other words, the address range).
- The address of the gateway that forwards data for this address range. The gateway is a directly connected system, so it also figures in the routing table.
Adding routes manually
As we saw in the previous section, the routing software uses only addresses, and not the interface name. To add routes manually, we have to give the same information.
The program that adds routes manually is called route. We need it to add routes to systems other than those to which we are directly connected.
To set up the routing tables for the systems connected only to our reference network (freebie, presto, bumble and wait), we could write:
# route add default gw
During system startup, the script /etc/rc.network performs this operation automatically if you set the following variable in /etc/rc.conf:
default router="223.147.37.5" # Set to default gateway (or NO).
Note that we enter the address of the default router as an IP address, not a name. This command is executed before the name server is running. We can’t change the sequence in which we start the processes: depending on where our name server is, we may need to have the route in place to access the name server.
On system gw, the default route goes via the tunO interface:
#default router="139.130.136.129" # Set to default gateway (or NO). gateway enable="YES " # Set to YES if this host will be a gateway.
This is a PPP interface, so you don't need a default router entry; if you did, it would look like the commented-out entry above. Later we'll see how PPP sets the default route.
We need to enable gateway functionality on this system, since it receives data packets on behalf of other systems. We’ll look at this issue in more depth on page 313.
ISP's route setup
At the ISP site, things are slightly more complicated than at example.org. Let’s look at the gateway machine free-gw.example.net. It has three connections, to the global Internet, to example.org and to another network, biguser.com (the network serviced by interface pppO). To add the routes requires something like the following commands:
# route add default 139.130.237.65 igw.example.net # route add -net 223.147.37.0 139.130.136.133 gw.example.org # route add -net 223.147.38.0 -iface ppp0 local ppp0 interface
The first line tells the system that the default route is via gw.example.org. The second shows that the network with the base IP address 223.147.37.0 (example.org) can be reached via the gateway address 139.130.136.133, which is the remote end of the PPP link connected via ppp3. In the case of biguser.com, we don’t know the address of the remote end; possibly it changes every time it’s connected. As a result, we specify the name of the interface instead: we know it's always connected via pppO.
The procedure to add this information to /etc/rc.conf is similar to what we did for the interface addresses:
The variable static_routes contains a list of the static routes that are to be configured.
For each route, a variable corresponding to the route name specified in static_routes, with the text route_ prepended. Unlike the interfaces, you can assign any name you want to them, as long as it starts with route. It makes sense for them to be related to the domain name, but they don't have to. For example, we would have liked to have called our network freebie.org, but there's a good chance that this name has been taken, so we called it example.org instead. The old name live in the name of the route, route_freebie. In the case of biguser.com, we have called the route variable route_biguser.
We put the following entries into free-gw's /etc/rc.conf:
default router="139.130.237.65" # Set to default gateway (or NO). static_routes="freebie biguser" # list of static routes route_freebie="-net 223.147.37.0 139.130.237.129" route_biguser="-net 223.147.38.0 139.130.237.9"