For one machine to be able to find another over a network, there must be a mechanism in place to describe how to get from one to the other. This is called routing. A “route” is a defined pair of addresses: a “destination” and a “gateway”. The pair indicates that when trying to get to this destination, communicate through this gateway. There are three types of destinations: individual hosts, subnets, and “default”. The “default route” is used if none of the other routes apply. There are also three types of gateways: individual hosts, interfaces (also called “links”), and Ethernet hardware (MAC) addresses.
This example netstat(1) output illustrates several aspects of routing:
% netstat -r
Routing tables
Destination Gateway Flags Refs Use Netif Expire
default outside-gw UGSc 37 418 ppp0
localhost localhost UH 0 181 lo0
test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
10.20.30.255 link#1 UHLW 1 2421
example.com link#1 UC 0 0
host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.example.com link#1 UC 0 0
224 link#1 UC 0 0The first two lines specify the default route, described
in more detail in Section 31.2.2, “Default Routes”,
and the localhost route.
The interface (Netif column) that this
routing table specifies to use for
localhost is lo0,
also known as the loopback device. This says to keep all
traffic for this destination internal, rather than sending it
out over the network.
The addresses beginning with 0:e0: are Ethernet hardware addresses,
also known as MAC addresses. FreeBSD will
automatically identify any hosts, test0 in
the example, on the local Ethernet and add a route for that
host over the Ethernet interface,
ed0. This type of route has a
timeout, seen in the Expire column, which
is used if the host does not respond in a specific amount of
time. When this happens, the route to this host will be
automatically deleted. These hosts are identified using the
Routing Information Protocol (RIP), which
calculates routes to local hosts based upon a shortest path
determination.
FreeBSD will add subnet routes for the local subnet.
10.20.30.255 is the broadcast
address for the subnet 10.20.30
and example.com is the
domain name associated with that subnet. The designation
link#1 refers to the first Ethernet card in
the machine.
Local network hosts and local subnets have their routes automatically configured by a daemon called routed(8). If it is not running, only routes which are statically defined by the administrator will exist.
The host1 line refers to the host
by its Ethernet address. Since it is the sending host, FreeBSD
knows to use the loopback interface
(lo0) rather than the Ethernet
interface.
The two host2 lines represent aliases
which were created using ifconfig(8). The
=> symbol after the
lo0 interface says that an alias
has been set in addition to the loopback address. Such routes
only show up on the host that supports the alias; all other
hosts on the local network will have a
link#1 line for such routes.
The final line (destination subnet 224) deals with
multicasting.
Finally, various attributes of each route can be seen in
the Flags column. Below is a short table
of some of these flags and their meanings:
| U | Up: The route is active. |
| H | Host: The route destination is a single host. |
| G | Gateway: Send anything for this destination on to this remote system, which will figure out from there where to send it. |
| S | Static: This route was configured manually, not automatically generated by the system. |
| C | Clone: Generates a new route based upon this route for machines to connect to. This type of route is normally used for local networks. |
| W | WasCloned: Indicated a route that was auto-configured based upon a local area network (Clone) route. |
| L | Link: Route involves references to Ethernet hardware. |
When the local system needs to make a connection to a remote host, it checks the routing table to determine if a known path exists. If the remote host falls into a subnet that it knows how to reach, the system checks to see if it can connect using that interface.
If all known paths fail, the system has one last option:
the “default” route. This route is a special
type of gateway route (usually the only one present in the
system), and is always marked with a c in
the flags field. For hosts on a local area network, this
gateway is set to the system which has a direct connection to
the Internet.
The default route for a machine which itself is functioning as the gateway to the outside world, will be the gateway machine at the Internet Service Provider (ISP).
This example is a common configuration for a default route:
The hosts Local1 and
Local2 are on the local network.
Local1 is connected to an
ISP using a
PPP connection. This
PPP server is connected through a local
area network to another gateway computer through an external
interface to the ISP.
The default routes for each machine will be:
| Host | Default Gateway | Interface |
|---|---|---|
| Local2 | Local1 | Ethernet |
| Local1 | T1-GW | PPP |
A common question is “Why is
T1-GW configured as the default gateway for
Local1, rather than the
ISP server it is connected
to?”.
Since the PPP interface is using an
address on the ISP's local network for
the local side of the connection, routes for any other
machines on the ISP's local network will
be automatically generated. The system already knows how
to reach the T1-GW machine, so there is no
need for the intermediate step of sending traffic to the
ISP's server.
It is common to use the address X.X.X.1 as the gateway address for
the local network. So, if the local class C address space is
10.20.30 and the
ISP is using 10.9.9, the default routes would
be:
| Host | Default Route |
|---|---|
| Local2 (10.20.30.2) | Local1 (10.20.30.1) |
| Local1 (10.20.30.1, 10.9.9.30) | T1-GW (10.9.9.1) |
The default route can be easily defined in
/etc/rc.conf. In this example, on
Local2, add the following line to
/etc/rc.conf:
It is also possible to add the route directly using route(8):
# route add default 10.20.30.1For more information on manual manipulation of network routing tables, refer to route(8).
A a dual-homed system is a host which resides on two different networks.
The dual-homed machine might have two Ethernet cards, each having an address on a separate subnet. Alternately, the machine can have one Ethernet card and uses ifconfig(8) aliasing. The former is used if two physically separate Ethernet networks are in use and the latter if there is one physical network segment, but two logically separate subnets.
Either way, routing tables are set up so that each subnet knows that this machine is the defined gateway (inbound route) to the other subnet. This configuration, with the machine acting as a router between the two subnets, is often used to implement packet filtering or firewall security in either or both directions.
For this machine to forward packets between the two interfaces, FreeBSD must be configured as a router, as demonstrated in the next section.
A network router is a system that forwards packets from
one interface to another. Internet standards and good
engineering practice prevent the FreeBSD Project from enabling
this by default in FreeBSD. This feature can be enabled by
changing the following variable to YES in
rc.conf(5):
This option will set the sysctl(8) variable
net.inet.ip.forwarding to
1. To stop routing, reset this to
0.
The new router will need routes to know where to send the
traffic. If the network is simple enough, static routes can
be used. FreeBSD comes with the standard BSD routing daemon
routed(8), which speaks RIP versions
1 and 2, and IRDP. Support for
BGPv4, OSPFv2, and other
sophisticated routing protocols is available with the
net/zebra package or
port.
Consider the following network:
In this scenario, RouterA is a FreeBSD
machine that is acting as a router to the rest of the
Internet. It has a default route set to 10.0.0.1 which allows it to
connect with the outside world. RouterB is
already configured properly as it uses 192.168.1.1 as the gateway.
The routing table on RouterA looks
something like this:
% netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGS 0 49378 xl0
127.0.0.1 127.0.0.1 UH 0 6 lo0
10.0.0.0/24 link#1 UC 0 0 xl0
192.168.1.0/24 link#2 UC 0 0 xl1With the current routing table, RouterA
cannot reach Internal Net 2 as it does not have a route for
192.168.2.0/24. The
following command adds the Internal Net 2 network to
RouterA's routing table using 192.168.1.2 as the next
hop:
# route add -net 192.168.2.0/24 192.168.1.2Now RouterA can reach any hosts on the
192.168.2.0/24
network.
The above example configures a static route on a
running system. However, the routing information will not
persist if the FreeBSD system reboots. Persistent static
routes can be entered in
/etc/rc.conf:
The static_routes configuration
variable is a list of strings separated by a space, where
each string references a route name. This example only
has one string in static_routes,
internalnet2. The variable
route_
contains all of the configuration parameters to
route(8). This example is equivalent to the
command:internalnet2
# route add -net 192.168.2.0/24 192.168.1.2Using more than one string in
static_routes creates multiple static
routes. The following shows an example of adding static
routes for the 192.168.0.0/24
and 192.168.1.0/24
networks:
When an address space is assigned to a network, the service provider configures their routing tables so that all traffic for the network will be sent to the link for the site. But how do external sites know to send their packets to the network's ISP?
There is a system that keeps track of all assigned address spaces and defines their point of connection to the Internet backbone, or the main trunk lines that carry Internet traffic across the country and around the world. Each backbone machine has a copy of a master set of tables, which direct traffic for a particular network to a specific backbone carrier, and from there down the chain of service providers until it reaches your network.
It is the task of the service provider to advertise to the backbone sites that they are the point of connection, and thus the path inward, for a site. This is known as route propagation.
Sometimes, there is a problem with routing propagation and some sites are unable to connect. Perhaps the most useful command for trying to figure out where routing is breaking down is traceroute(8). It is useful when ping(8) fails.
When using traceroute(8), include the name of the remote host to connect to. The output will show the gateway hosts along the path of the attempt, eventually either reaching the target host, or terminating because of a lack of connection.
For more information, refer to traceroute(8).
FreeBSD natively supports both multicast applications and multicast routing. Multicast applications do not require any special configuration of FreeBSD; as applications will generally run out of the box. Multicast routing requires that support be compiled into a custom kernel:
The multicast routing daemon, mrouted(8), must be
configured to set up tunnels and DVMRP via
/etc/mrouted.conf. More details on
multicast configuration may be found in
mrouted(8).
Note:
The mrouted(8) multicast routing daemon implements
the DVMRP multicast routing protocol,
which has largely been replaced by pim(4) in many
multicast installations. mrouted(8) and the related
map-mbone(8) and mrinfo(8) utilities are available
in the FreeBSD Ports Collection as net/mrouted.