Community discussions

 
User avatar
lapsio
Member
Member
Topic Author
Posts: 472
Joined: Wed Feb 24, 2016 5:19 pm

Source based routing

Fri Feb 17, 2017 12:38 am

Hello
lapsio@nuc ~> ip route show
10.0.0.0/24 dev brguestservice proto kernel scope link src 10.0.0.1 
10.0.1.0/24 dev brguestlapsio proto kernel scope link src 10.0.1.1 
10.0.2.0/24 dev brguestmilosz proto kernel scope link src 10.0.2.1 
192.168.1.0/24 dev brhost proto kernel scope link src 192.168.1.9 
192.168.2.0/24 dev brguest proto kernel scope link src 192.168.2.4 

lapsio@nuc ~> ip route show table guest
default via 192.168.2.1 dev brguest proto static 
10.0.0.0/24 dev brguestservice proto static 
10.0.1.0/24 dev brguestlapsio proto static 
10.0.2.0/24 dev brguestmilosz proto static 
192.168.2.0/24 dev brguest proto static 

lapsio@nuc ~> ip route show table host
default via 192.168.1.1 dev brhost proto static 
192.168.1.0/24 dev brhost proto static 

lapsio@nuc ~> ip rule list
0:      from all lookup local 
32763:  from 10.0.0.0/16 lookup guest 
32764:  from 192.168.2.0/24 lookup guest 
32765:  from all iif lo lookup host              <- lo is loopback device, iif stands for input interface
32766:  from all lookup main 
32767:  from all lookup default
I'm using source based routing on my VM host machine in order to heavily separate host from guests traffic. How can I do similar thing in ROS? I mean I'd like router itself to use one subnet and one gateway for "own" traffic like ntp, router DNS requests etc., basically all traffic created by router itself and another subnet/gw to use for packet forwarding. For now I have this:
[lapsio@CCR1009SWAG] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 

 0   S  dst-address=0.0.0.0/0 pref-src=192.168.0.5 gateway=192.168.0.6%vlan0-rb gateway-status=192.168.0.6 unreachable distance=2 scope=30 target-scope=10 routing-mark=standard 

 1   S  dst-address=0.0.0.0/0 pref-src=192.168.10.2 gateway=192.168.10.1%vlan10-rb gateway-status=192.168.10.1 unreachable distance=2 scope=30 target-scope=10 routing-mark=service 

 2 ADC  dst-address=192.168.0.4/30 pref-src=192.168.0.5 gateway=br-gw gateway-status=br-gw reachable distance=0 scope=10 

 3 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=br-isolated gateway-status=br-isolated reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.1 gateway=br-dmz gateway-status=br-dmz reachable distance=0 scope=10 

 5 ADC  dst-address=192.168.10.0/24 pref-src=192.168.10.2 gateway=br-service gateway-status=br-service reachable distance=0 scope=10
Quite obvious idea is to mark packets from router in mangle as well as all other packets with routing-mark. But maybe there's different, "better" way?
MTCNA, MTCRE, MTCINE

Who is online

Users browsing this forum: No registered users and 28 guests