Contact Us:
07002007332
CheapDeveloper
CheapDeveloper » Webmaster » Articles » Configuring Multiple Routing Tables on One Server

Configuring Multiple Routing Tables on One Server

01 December 2021, Wednesday By Priyanka Boruah
99
0

By default, if there are several addresses on one or several interfaces on the server, it responds through that interface and from the address through which the default route is registered. If you want the server to respond from the address to which the data packet arrived, you can configure several routing tables. Why you might need it: if the server has a primary and backup address, then by setting up different tables for them, you can connect to each of them. 

Configuring Multiple Routing

The general principle of configuration for all systems is the same, we consider the configuration using the example of Ubuntu.

Let's say we have a server with two physical interfaces, eth0 and eth1. Each of them has an ip- address added. These can be addresses from one broadcast domain (for example, 10.10.10.2/30 and 10.10.10.3/30), or from different ones. In this example, the second case is considered, but there is no fundamental difference:

Multiple Routing

Output of the ip address command (viewing the network parameters configured on the server interfaces) for each of the interfaces:

# ip address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:48:f9:c8:02 brd ff:ff:ff:ff:ff:ff
inet 10.10.1.2/24 brd 10.10.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::230:48ff:fef9:c802/64 scope link
valid_lft forever preferred_lft forever
# ip address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:48:f9:c8:03 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.2/24 brd 172.16.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::230:48ff:fef9:c803/64 scope link
valid_lft forever preferred_lft forever

Server routes:

# ip route ls
default via 10.10.1.1 dev eth0
10.10.1.0/24 dev eth0 proto kernel scope link src 10.10.1.2
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.2

Default route configured via eth0 interface gateway 10.10.1.1: 

default via 10.10.1.1 dev eth0

This means that all response packets with data will be sent through this eth0 interface and with the source address 10.10.1.2. For example, if with this configuration you try to connect via ssh to the server at 172.16.1.2 assigned to eth1, the server will try to respond via eth0, and the connection will not be established. even if forwarding of packets between interfaces is allowed, the response will be sent with the wrong source address:

routing

In order to force the server to respond from the same interface where the packet arrived, despite the default route, you can configure multiple routing tables. We are considering an example with setting up two additional tables, but there may be more of them.

By default, the server always has three standard tables:

# ip rule ls
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

These are the local, main and default tables. Tables are created in /etc/iproute2/rt_tables. You can view the contents of the configuration file with the command:

# cat /etc/iproute2/rt_tables

The result of executing the command:

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep

That is, to create new tables (let's call them table1 and table2), “linked” to eth0 and eth1, respectively, add the following to this file:

# echo 100  table1 >> /etc/iproute2/rt_tables
# echo 101 table2 >> /etc/iproute2/rt_tables

The table number (100 and 101) should be taken in the range [2; 252]. In this case, the priority of the tables will be less than that of the main and default tables, and the search for routes will be performed first in the tables table1 and table2. So, let's check that the tables are created:

# cat /etc/iproute2/rt_tables

The result of executing the command:

#
# reserved values
#
255    local
254    main
253    default
0    unspec
#
# local
#
#1    inr.ruhep
100 table1
101 table2

But they are not displayed in the rules yet:

# ip rule ls
0:    from all lookup local
32766:    from all lookup main
32767:    from all lookup default

Add rules and default routes for each of the tables:

# ip rule add from 10.10.1.2 table table1
# ip route add default via 10.10.1.1 dev eth0 table table1
# ip rule add from 172.16.1.2 table table2
# ip route add default via 172.16.1.1 dev eth1 table table2

We check:

# ip rule ls
0:    from all lookup local
32764:    from 10.10.1.2 lookup table1
32765:    from 172.16.1.2 lookup table2
32766:    from all lookup main
32767:    from all lookup default

When creating a rule, we use the address we are interested in added to the server interface, for example, for the eth0 interface, the address 10.10.1.2 is used, when adding the default route, we write the network gateway address (in the example above for 10.10.1.2/24 this is 10.10.1.1) and the interface, through which to send the package.

Now, when accessing the address 10.10.1.2, the server will respond through the eth0 interface with the source address 10.10.1.2, and when accessing 172.16.1.2, respectively, through the eth1 interface with the source address 172.16.1.2:

At the same time, nothing will change for outgoing connections from the server, they will follow the general default route taken from the main table main.

To view the routes contained in a specific table, table table_name is appended to the ip route show command:

# ip route show table table1
default via 10.10.1.1 dev eth0
# ip route show table table2
default via 172.16.1.1 dev eth1

Similar settings for the two tables can be performed if the addresses are assigned on the same interface. For example, if there is only one eth0 interface on the server:

# ip address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:48:f9:c8:02 brd ff:ff:ff:ff:ff:ff
inet 10.10.1.2/24 brd 10.10.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.1.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::230:48ff:fef9:c802/64 scope link
valid_lft forever preferred_lft forever

It will look like this:

# ip rule add from 10.10.1.2 table table1
# ip route add default via 10.10.1.1 dev eth0 table table1

# ip rule add from 172.16.1.2 table table2
# ip route add default via 172.16.1.1 dev eth0 table table2

Finally, you need to edit the /etc/network/interfaces file so that the new configuration is available in case the server reboots or the network configuration is re-read. Below is an example of the contents of this configuration file with adding rules and default routes to the created tables, in the example the general default route is registered via the eth0 interface  with the gateway 10.10.1.1 specified:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

address 10.10.1.2
netmask 255.255.255.0
gateway 10.10.1.1
post-up ip rule add from 10.10.1.2 table table1
post-up ip route add default via 10.10.1.1 dev eth0 table table1
post-up ip route add default via 10.10.1.1 dev eth1

auto eth1
iface eth1 inet static
address 172.16.1.2
netmask 255.255.255.0
gateway 172.16.1.1
post-up ip rule add from 172.16.1.2 table table2
post-up ip route add default via 172.16.1.1 dev eth1 table table2

If the server has one interface, then the rules for the tables will be written in the eth0 configuration section.

For any Debian-like systems, the configuration will be done in the same way, the configuration files will differ. It is important not to forget to save all the changes made in them. 

The number of tables is not limited to two. In addition to backup access to the server, several tables may be needed if monitoring is enabled on the server, and it is necessary that the server responds to calls to the monitoring system from its address, and all other packets go through another. 

Discuss

Read also:

AWS re:Invent 2021: Keynotes
02 December 2021, Thursday
AWS re:Invent 2021: Keynotes
What is a dashboard
25 November 2021, Thursday
What is a dashboard
What is DHCP protocol
07 December 2021, Tuesday
What is DHCP protocol
Add a comment
Comments (0)
Comment
Partners