Policy Routing Using Linux

Matthew Marsh (Autor)

Media-Kombination

224 Seiten

2001
Sams Publishing
978-0-672-32052-1 (ISBN)

Titel ist leider vergriffen;
keine Neuauflage

Artikel merken

This title seeks to show how to design and install a policy-routed network under lpv4 on a Linux based network using the IP utility for Linux. It explains how to analyze and tune complex policy routed networks on Linux and possibly Cisco networks.

Traditional IPv4 routing is summarized as "All routing is a destination driven process". When a router looks at an IPv4 packet it cares only about the destination address in the header of the packet. It uses this destination address to make a decision on where to forward the packet. But what if you want to route packets differently depending not only on the destination addresses but also on other packet fields such as source address, IP protocol, transport protocol ports or even packet payload? This is Policy Routing and this book tells you how to do it.

Matthew G. Marsh, founder and president of Paktronix LLC. has been working in network architecture for the last 18 years, and working with Linux networking specifically since 1993. He is the Chief Scientist of the Nebraska CERT working with IBM, US Strategic Command, the FBI and other groups on IPv4 security structures and routing. He developed the only policy routing firewall system for Linux available under the GPL, and an IPSec VPN solution using policy routing structures under Linux. Currently he is actively researching Linux security on the IBM OS/390 as well as the implementation of IPv6 on Linux and the OS/390.

Introduction.

Conventions Used in This Book.

I. THEORY, USAGE, AND UTILITIES.

1. Basic IPv4 Routing.

Traditional IPv4 Routing. UNIX Configuration Commands.

ifconfig Utility. route Utility.

Cisco IOS Configuration Commands.

ip address. ip route.

IPv4 Dynamic Routing.

RIP/Distance Vector. OSPF/Link State. Dynamic Routing Tradition.

UNIX routed and Cisco RIP Configurations.

routed. Cisco IOS RIP Configuration.

Sample Linux Router Setup.

2. Policy Routing Theory.

Defining “Policy” in Policy Routing Common IPv4 Routing Problems and Solutions.

The Quality of Service Explosion.

Policy Routing Structure.

Implementation Considerations for Policy Routing.

Summary.

3. Linux Policy Routing Structures.

The Triad Elements-Address, Route, Rule.

Address. Route. Rule.

RPDB-The Linux Policy Routing Implementation. System Packet Paths-IPChains/NetFilter.

IPChains-Kernel 2.1/2.2. NetFilter-Kernel 2.3/2.4.

Summary.

4. IPROUTE2 Utility for Linux.

Obtaining and Compiling IPROUTE2. General Command Structure.

IP Global Command Syntax. Error Conditions

ip link-Network Device Configuration.

ip link set-Change Device Attributes. ip link show-Look at Device Attributes.

ip address-Protocol Address Management.

Arguments. Primary/Secondary Addressing Versus Multiple Addresses Explained.

ip neighbour-neighbour/ARP Table Management.

Arguments.

ip route-Routing Table Management.

ip route {add/change/replace}.

ip rule-Routing Policy Database Management. ip tunnel-IP Tunnelling Configuration. ip monitor and rtmon-Route State Monitoring. Summary.

II. POLICY ROUTING IMPLEMENTATIONS.

5. Simple Network Examples.

IP Addressing.

Fundamental IP Address Concept. Example 5.1: Multiple IP Addressing. IP Address Scoping. Example 5.2: Primary/Secondary IP Addressing.

IP Routes.

Example 5.3: Host Routing. Example 5.4: Basic Router Filters. Example 5.5: Multiple Routes to Same Destination. Example 5.6: Troubleshooting Unbalanced Multiple Loop Routes.

IP Rules.

Example 5.7: Basic Router Filters v2.0.

Multiple Route Tables.

Example 5.8: Basic Router Filters v3.0.

All Together Now. Summary.

6. Complex Network Examples.

Local Service Segregation.

Example 6.1-The Art of Ping. Example 6.2-Loopback Dummy. Example 6.3-Reality Is Loopy.

Bounce Table Walking.

Example 6.4-Throw Routes.

Tag Routing with TOS and fwmark.

Example 6.5-Mark My Route. Linux DiffServ Architecture. Example 6.6-Class Wars.

Interactions with Packet Filters.

Example 6.7-Double Play Packet.

Summary.

7. Dynamic Routing Interactions.

Realms and Information Bases.

rtacct-Route Realms and Policy Propagation.

gated and Zebra.

The gated Utility. The Zebra Routing Suite.

Rules and Dynamic Structure.

gated and Multiple Routing Tables. Zebra and Multiple Routing Tables. gated & zebra & rules = FUN.

Summary.

8. NAT Functions.

Standard NAT Defined. Policy Routing NAT. NetFilter NAT. Interactions Between FastNAT and NetFilter. Summary.

9. IPv6.

Theory and History.

IPv6 Addresses. IPv6 Routing and Neighbors. RADVD-Router Advertisement Daemon.

Policy Routing Usage. Summary.

10. Future Musings.

Policy Routing Triad. The Protocols: IPv4, IPv6, and IPSec. Security and Commerce. Summary.

III. APPENDIXES.

Appendix A. Glossary of Terms.
Appendix B. Source Code Listings and Locations.

Kernel Configuration and Patches.

Kernel 2.2.12. Kernel 2.4. IPROUTE2.

NetFilter Patches. Software Versions. PakSecured Installation and Configuration.

Minimum System Requirements. Phase I-Initial Files Install. Phase II-Kernel Configuration. Final Phase-PakSecured Configuration.

Index.

Erscheint lt. Verlag	14.3.2001
Verlagsort	Indianapolis
Sprache	englisch
Maße	154 x 228 mm
Gewicht	327 g
Themenwelt	Informatik ► Betriebssysteme / Server ► Unix / Linux
Themenwelt	Mathematik / Informatik ► Informatik ► Netzwerke
ISBN-10	0-672-32052-5 / 0672320525
ISBN-13	978-0-672-32052-1 / 9780672320521
Zustand	Neuware

Haben Sie eine Frage zum Produkt?

Sie befinden sich hier:

auf Facebook teilen

bei Twitter

Link zu dieser Seite kopieren