Sys Admin: Policy Routing in Linux Mar 18, 2000, 08 :49 UTC (3 Talkback[s]) (5629 reads) (Other stories by Matthew G. Marsh)
"The classic TCP/IP routing algorithms used today make their routing decisions based only on the
destination address of IP packets. However, we often find ourselves wanting to route IP packets
depending not only on the destination addresses, but also on other packet fields such as the source
address, the IP protocol, the transport protocol ports, or even data within the packet payload. This
type of IP routing is referred to as "policy routing."
"Within Linux, as of the Kernel 2.1 series and above, this problem of providing policy routing is solved
by replacing the conventional destination-based routing table with the "routing policy database", or
RPDB, which selects the appropriate IP route by executing a set of rules. These rules may contain
many keys of various types and therefore, they can have no "natural" ordering. Any ordering or
precedence must be imposed by the network or systems administrator."
"The RPDB within Linux is currently implemented as a linear list of rules ordered by a numeric priority
value. The RPDB itself can explicitly match packet source address, packet destination address, TOS,
incoming interface (which is packet metadata, rather than a packet field), and fwmark values. Each
routing policy rule consists of a selector and an action. The RPDB is scanned in order of increasing
priority with the selector of each rule applied to the source address, destination address, incoming
interface, TOS, and fwmark. If the packet matches, then the action is performed. If the action
returns success, then the rule output will provide either a valid route or a route lookup failure
indication, and RPDB lookup is then terminated. Otherwise, the RPDB lookup continues on to the next
rule."
