Routing: Policy Based Routing

From OnnoWiki
Jump to navigation Jump to search

Sumber: http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html


Policy Routing With Linux - Online Edition by Matthew G. Marsh

Table Of Contents

Section I - Theory, Usage, and Utilities Chapter 1. Basic IPv4 Routing

This initial chapter provides brief coverage of standard TCP/IP routing as practiced under IPv4. The uses of the traditional Unix and Cisco IOS commands and syntax for simple setups will be mentioned. We will also touch upon the methodologies behind route costing such as Hop count and Link State. Finally we will illustrate a simple Internet connected network along with the needed routing commands to connect using Linux.

   Traditional IPv4 routing Theory
   Unix Configuration Commands
   Cisco IOS Configuration Commands
   IPv4 Dynamic Routing Protocols
   Unix Routing Daemons & Cisco IOS Configurations

Chapter 2. Policy Routing Theory

Here we will discuss the types of environments that led to the development of the concept of policy routing and the theory behind why you would want to use policy routing structures. We will only consider the policy structures themselves and how they solve these problems.

   What do you mean by "Policy"
   Common IPv4Routing Problems
   PolicyRouting Structure

Chapter 3. Linux Policy Routing Structure

In this chapter we will now address how the Linux Policy Routing structure is implemented. We will cover how this structure interacts with the Packet Paths both native within the kernel and in conjunction with the packet filtering and network extensions.

   Packet Paths through the Kernel
   IPFWADM/IPChains Packet Pathing
   NetFilter Packet Pathing
   Routing Policy DataBase (RPDB)

Chapter 4. IP Utility for Linux In this chapter we will cover the tool used in Linux for implementing policy routing. As there are few other sources of information this will be more of a reference on the command syntax and usages. We will also include several examples of usage and notations about interactions with other utilities within Linux.

   Obtaining & Compiling IPROUTE2
   General command structure


Section II - Real World Use

This entire section is mostly comprised of real world scenarios with detailed worked out solutions. In many cases there are multiple solutions to the same problem and we will attempt to cover all possibilities. This is drawn from our experience in implementing these systems and from the myriad questions we receive on this subject. In some cases we will show how the equivalent Cisco solution would work and where the interactions exist between various equipment.

Chapter 5. Simple Network Examples

In this chapter we will cover how to implement standard networks, much as we had seen in Chapter 1, using the policy routing tools. We will introduce the extensions for use with the policy routing structures and how even relatively simple network configurations can benefit from implementation using policy routing structures.

   Chapter 1 Example Revisited
   Multiple IP Addressing
   Multiple Default Routes
   Loop Routing
   Multiple Routing Tables
   Rule and Table Interactions

Chapter 6. Complex Network Examples

In this chapter we will cover network configurations where the only complete solutions demand policy routing structures. We will cover multiple networks with disparate gateways, bandwidth and link state load balancing, and transparent routing structures. We will also mention several firewall type functions and interactions between the functions. In most cases we will illustrate several different solutions to solving the problems. This will show the flexibility and scope of the solution space for these functions.

   Local Interfaces
   MultiHomed, MultiAddressed
   Transparent Routing
   Policy Firewalling
   Routing Load Balancing
   Phantom Forwarders

Chapter 7. Dynamic Routing Interactions

Here we will take up the interactions between policy routing structures and dynamic routing protocols. This is an especially sticky subject as most dynamic routing protocols only understand traditional routing. There are many different points of potential conflict as we had discussed in Chapters 1,2, and 4, between a traditional routing structure and a policy routing structure. Here we will bridge the gap and show you how to use both methods. We will also note where to obtain various policy routing aware routing daemons and what you will have to consider to implement them within the Linux environment.

   Realms and Information Bases
   Gated and Zebra
   Rules and Dynamic Structure


Chapter 8. NAT Functions

The origination of NAT is related to the origination of policy routing. And in Linux the first implementation of true one-to-one NAT was done as a policy routing structure. Here we take up this method and also discuss the various other ways that these functions may also be implemented within a Linux system. Some of the discusison within this chapter will touch upon utilities and methods we will not be covering in this book (REF: PakSecured Policy Routing Firewall) but are noted here for reference.

   Basic NAT
   FastNAT
   Pseudo NAT


Chapter 9. IPv6 In this chapter we touch upon the role of the policy routing structures and implementations within the Linux IPv6 network stack. We will assume some knowledge of IPv6 and will mainly be discussing the IPv6 usages of Policy Routing structures.

   IPv6 Theory & History
   Policy Routing Usage


Chapter 10. Future Musings Here we tie up the theory, reality, and coverage of policy routing and consider possible future directions for the policy routing structures. We especially note the changes that will come from the widespread adoption of the IPv6 routing structures and how that may change the landscape for all forms of routing.

   Policy Routing Triad
   The Protocols: IPv{4,6} & IPSec
   Security & Commerce


Appendix Covers the various locations on where to obtain the utilities and pointers to additional information on this and related subjects.



Referensi