Template:Networking rutos manual routing: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Template:Networking_rutos_manual_fw_disclosure | |||
| fw_version = {{{series}}}_R_00.02.03 | |||
| series = {{{series}}} | |||
}} | |||
==Summary== | ==Summary== | ||
The <b>Routing</b> page is used to set up static {{#ifeq:{{{series}}}|RUTX|and dynamic|}} routes, routing tables and rules. | |||
This manual page provides an overview of the Routing windows in {{{name}}} devices. | |||
{{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer | |||
| series = {{{series}}} | |||
}} | |||
==Static Routes== | ==Static Routes== | ||
<b>Routes</b> ensure that network traffic finds its path to a specified host or network, both in local and remote network scenarios. Static routes are simply fixed routing entries in the routing table(s). | |||
This section provides the possibility to configure custom static routes. | |||
===Static IPv4 Routes=== | ===Static IPv4 Routes=== | ||
---- | ---- | ||
The <b>Static IPv4 Routes</b> section displays a list of user defined static IPv4 routes and provides the possibility to add and configure new ones. The list is empty by default. | |||
[[File: | |||
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_v1.png|border|class=tlt-border]] | |||
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields. | |||
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]] | |||
<table class="nd-mantable"><tr><th>Field</th><th>Value</th><th>Description</th></tr><tr><td>Interface</td><td> | <table class="nd-mantable"> | ||
<tr> | |||
<th>Field</th> | |||
<th>Value</th> | |||
<th>Description</th> | |||
</tr> | |||
<tr> | |||
<td>Interface</td> | |||
<td>network interface; default: <b>lan</b></td> | |||
<td>The zone where the target network resides</td> | |||
</tr> | |||
<tr> | |||
<td>Target<span class="asterisk">*</span></td> | |||
<td>ip4; default: <b>none</b></td> | |||
<td>The address of a destination network.</td> | |||
</tr> | |||
<tr> | |||
<td>IPv4-Netmask<span class="asterisk">*</span></td> | |||
<td>netmask; default: <b>none</b></td> | |||
<td>A netmask is used to divide an IP address into sub-networks (subnets). Combined together, the 'Netmask' and 'Target' values define the exact destination network or IP address to which this route applies.</td> | |||
</tr> | |||
<tr> | |||
<td>IPv4-Gateway</td> | |||
<td>ip4; default: <b>none</b></td> | |||
<td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td> | |||
</tr> | |||
<tr> | |||
<td>Metric</td> | |||
<td>integer [0..255]; default: <b>none</b></td> | |||
<td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td> | |||
</tr> | |||
<tr> | |||
<td>MTU</td> | |||
<td>integer [64..9000]; default: <b>1500</b></td> | |||
<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td> | |||
</tr> | |||
<tr> | |||
<td>Route Type</td> | |||
<td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td> | |||
<td>Selects route type. Each type specifies a different behavior for the route: | |||
<ul> | |||
<li><b>unicast</b> - </li> | |||
<li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li> | |||
<li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li> | |||
<li><b>multicast</b> - </li> | |||
<li><b>unreachable</b> - </li> | |||
<li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li> | |||
<li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li> | |||
<li><b>anycast</b> - </li> | |||
<li><b>-- custom --</b> - </li> | |||
</ul> | |||
</td> | |||
</tr> | |||
</table> | |||
<span class="asterisk">*</span><b>Additional notes on Target & Netmask:</b> | <span class="asterisk">*</span><b>Additional notes on 'Target' & 'Netmask' fields:</b> | ||
---- | |||
You can define a rule that applies to a single IP like this: | |||
<ul> | |||
<li><b>Target</b>: some IP</li> | |||
<li><b>Netmask</b>: 255.255.255.255</li> | |||
</ul> | |||
Furthermore, you can create target/netmask combinations that apply to a range of IPs. Refer to the table below for examples. | |||
<table class="nd-mantable"> | |||
<tr> | |||
<th>Target</th> | |||
<th>Netmask</th> | |||
<th>Network range</th> | |||
</tr> | |||
<tr> | |||
<td>192.168.2.0</td> | |||
<td>255.255.255.240</td> | |||
<td>192.168.2.0 - 192.168.2.15</td> | |||
</tr> | |||
<tr> | |||
<td>192.168.2.240</td> | |||
<td>255.255.255.240</td> | |||
<td>192.168.2.240 - 192.168.2.255</td> | |||
</tr> | |||
<tr> | |||
<td>192.168.2.161</td> | |||
<td>255.255.255.0</td> | |||
<td>192.168.2.0 - 192.168.55.255</td> | |||
</tr> | |||
<tr> | |||
<td>192.168.0.0</td> | |||
<td>255.255.0.0</td> | |||
<td>192.168.0.0 - 192.168.255.255</td> | |||
</tr> | |||
<tr> | |||
<td>192.168.2.161</td> | |||
<td>255.255.255.255</td> | |||
<td>192.168.2.161</td> | |||
</tr> | |||
</table> | |||
===Static IPv6 Routes=== | ===Static IPv6 Routes=== | ||
---- | ---- | ||
The <b>Static IPv6 Routes</b> section displays a list of user defined static IPv6 routes and provides the possibility to add and configure new ones. The list is empty by default. | |||
[[File: | |||
< | [[File:Networking_rutos_manual_routing_static_routes_static_ipv6_routes_v1.png|border|class=tlt-border]] | ||
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields. | |||
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]] | |||
<table class="nd-mantable"> | |||
<tr> | |||
<th>Field</th> | |||
<th>Value</th> | |||
<th>Description</th> | |||
</tr> | |||
<tr> | |||
<td>Interface</td> | |||
<td>network interface; default: <b>lan</b></td> | |||
<td>The zone where the target network resides</td> | |||
</tr> | |||
<tr> | |||
<td>Target</td> | |||
<td>ip6; default: <b>none</b></td> | |||
<td>The address of a destination network.</td> | |||
</tr> | |||
<tr> | |||
<td>IPv6-Gateway</td> | |||
<td>ip6; default: <b>none</b></td> | |||
<td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td> | |||
</tr> | |||
<tr> | |||
<td>Metric</td> | |||
<td>integer [0..255]; default: <b>none</b></td> | |||
<td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td> | |||
</tr> | |||
<tr> | |||
<td>MTU</td> | |||
<td>integer [64..9000]; default: <b>1500</b></td> | |||
<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td> | |||
</tr> | |||
<tr> | |||
<td>Route Type</td> | |||
<td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td> | |||
<td>Selects route type. Each type specifies a different behavior for the route: | |||
<ul> | |||
<li><b>unicast</b> - most common type of route, simply describes a path to a destination.</li> | |||
<li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li> | |||
<li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li> | |||
<li><b>multicast</b> - used for distribution of multicast traffic.</li> | |||
<li><b>unreachable</b> - sends an ICMP "unreachable" response to the source address when a request for a routing decision returns a "destination with an unreachable route type" message.</li> | |||
<li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li> | |||
<li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li> | |||
<li><b>anycast</b> - provides a possibility to route incoming requests to a multiple different network locations.</li> | |||
<li><b>-- custom --</b> - does not use any of the predefined route types.</li> | |||
</ul> | |||
</td> | |||
</tr> | |||
</table> | |||
==Advanced Static Routes== | ==Advanced Static Routes== | ||
Advanced | The <b>Advanced Static Routes</b> section is used to configure policy-based routing infrastructures, which are usually used in more complex or specific networking scenarios. | ||
===Routing Tables=== | ===Routing Tables=== | ||
---- | ---- | ||
<b>Routing Tables</b> store network routes. Tables are checked before every routing decision until a matching route is found. Having multiple tables allows the user to set up a policy routing infrastructure. Policy-based routing is a technique where routing decisions are based on policies (rule) set by the user. | |||
[[File: | |||
The 'Routing Tables' section displays user created routing tables. By default, the list is empty. | |||
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_v1.png|border|class=tlt-border]] | |||
To create a new table, look to the 'Add New Routing Table' section below. Enter an ID for the new table in the range of [1..252], enter a custom name and click the 'Add' button. The new table should appear in the 'Routing Tables' list. Click the 'Edit' button next to it to begin editing. | |||
[[File:Networking_rutos_manual_routing_advanced_static_routes_add_new_routing_table_v1.gif]] | |||
Refer to the table below for information on configuration fields for routing tables. | |||
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_routing_table_settings_v1.png|border|class=tlt-border]] | |||
<table class="nd-mantable"> | |||
<tr> | |||
<th>Field</th> | |||
<th>Value</th> | |||
<th>Description</th> | |||
</tr> | |||
<tr> | |||
<td>ID of Table</td> | |||
<td>integer [1..252]; default: <b>none</b></td> | |||
<td>Unique numerical identifier for the table. The table can be invoked by the both its ID or name.</td> | |||
</tr> | |||
<tr> | |||
<td>Name of Table</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>A custom name for the table. The table can be invoked by the both its ID or name.</td> | |||
</tr> | |||
===Routing Rules For IPv4=== | ===Routing Rules For IPv4=== | ||
---- | ---- | ||
<b>Routing Rules</b> provide a way to route certain packets with exceptions, i.e., in accordance to a rule. 'Routing Rules For IPv4' displays user defined routing rules. It is empty by default. To create a new rule, click the 'Add' button and begin editing by clicking the 'Edit' button located to the right of the newly created rule. | |||
[[File: | |||
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_v1_begin_to_edit_v1.gif]] | |||
[[File: | ---- | ||
Refer to table below for information on each configuration field. | |||
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_settings_v1.png|border|class=tlt-border]] | |||
<table class="nd-mantable"> | |||
<tr> | <tr> | ||
<th> | <th>Field</th> | ||
<th> | <th>Value</th> | ||
<th> | <th>Description</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Priority</td> | <td>Priority</td> | ||
<td> | <td>integer [0..65535]; default: <b>none</b></td> | ||
<td>Controls the order of | <td>Controls the order of IP rules. Rules with a lower priority value will be checked first.</td> | ||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Incoming interface</td> | <td>Incoming interface</td> | ||
<td> | <td>network interface | Any; default: <b>Any</b></td> | ||
<td> | <td>Logical interface name for incoming traffic. Select 'Any' to make the rule apply to all network interfaces.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Outgoing interface</td> | <td>Outgoing interface</td> | ||
<td> | <td>network interface | None; default: <b>None</b></td> | ||
<td> | <td>Logical interface name for incoming traffic. Select 'None' to ignore outgoing interface.</td> | ||
</td> | </tr> | ||
</tr><tr><td>Source subnet</td><td> | <tr> | ||
</td></tr><tr><td>Destination subnet</td><td> | <td>Source subnet</td> | ||
</td></tr><tr><td>TOS Value to Match</td><td> | <td>netmask; default: <b>none</b></td> | ||
</td><td> | <td>Source subnet to match the rule.</td> | ||
</td></tr><tr><td>Firewall Mark</td><td> | </tr> | ||
</td><td>Specifies the fwmark and optionally its mask to match, | <tr> | ||
</td></tr><tr><td>Invert matches</td><td>off | on; | <td>Destination subnet</td> | ||
</td><td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted | <td>netmask; default: <b>none</b></td> | ||
</td></tr><tr><td>Matched Traffic Action</td><td> | <td>Destination subnet to match the rule.</td> | ||
</td><td> | </tr> | ||
<tr> | |||
<td>TOS Value to Match</td> | |||
<td>integer [0..255]; default: <b>none</b></td> | |||
<td>The type of service (ToS) value to match in IP headers.</td> | |||
</td></tr><tr><td>Lookup Table</td><td> | </tr> | ||
</td><td> | <tr> | ||
</td></tr></table> | <td>Firewall Mark</td> | ||
<td>integer [0..255] | hex [0x00..0xFF]; default: <b>none</b></td> | |||
<td>Specifies the fwmark and optionally its mask to match. For example, 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td> | |||
</tr> | |||
<tr> | |||
<td>Invert matches</td> | |||
<td>off | on; default: <b>off</b></td> | |||
<td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted.</td> | |||
</tr> | |||
<tr> | |||
<td>Matched Traffic Action</td> | |||
<td><span style="color: red;">Lookup Table</span> | <span style="color: green;">Jump to rule</span> | <span style="color: #0054A6;">Routing Action</span>; default: <b>Lookup Table</b></td> | |||
<td>When network traffic matches this rule, the device will take an action specified in this field: | |||
<ul> | |||
<li><b><span style="color: red;">Lookup Table</span></b> - routes traffic in accordance with the specified routing table.</li> | |||
<li><b><span style="color: green;">Jump to rule</span></b> - specifies another routing rule to follow.</li> | |||
<li><b><span style="color: #0054A6;">Routing Action</span></b> - executes one of four predefined routing actions.</li> | |||
</ul> | |||
</td> | |||
</tr> | |||
<tr> | |||
<td><span style="color: red;">Lookup Table</span></td> | |||
<td>routing table; default: <b>none</b></td> | |||
<td>Specifies a table for routing traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Lookup Table</i>.</td> | |||
</tr> | |||
<tr> | |||
<td><span style="color: green;">Jump to rule</span></td> | |||
<td>rule priority number; default: <b>none</b></td> | |||
<td>Specifies a another rule to follow for traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Jump to rule</i>.</td> | |||
</tr> | |||
<tr> | |||
<td>><span style="color: #0054A6;">Routing Action</span></td> | |||
<td>Prohibit | Unreachable | Blackhole | Throw; default: <b>Prohibit</b></td> | |||
<td>When traffic matches this rule, the action specified in this field will be executed. This field is visible only when 'Matched Traffic Action' is set to <i>Routing Action</i>.</td> | |||
</tr> | |||
</table> | |||
[[Category:{{{name}}} Network section]] | [[Category:{{{name}}} Network section]] | ||
Revision as of 13:23, 14 May 2020
Template:Networking rutos manual fw disclosure
Summary
The Routing page is used to set up static routes, routing tables and rules.
This manual page provides an overview of the Routing windows in {{{name}}} devices.
If you're having trouble finding this page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, located at the top of the WebUI.
Static Routes
Routes ensure that network traffic finds its path to a specified host or network, both in local and remote network scenarios. Static routes are simply fixed routing entries in the routing table(s).
This section provides the possibility to configure custom static routes.
Static IPv4 Routes
The Static IPv4 Routes section displays a list of user defined static IPv4 routes and provides the possibility to add and configure new ones. The list is empty by default.
File:Networking rutos manual routing static routes static ipv4 routes v1.png
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields.
File:Networking rutos manual routing static routes static ipv4 routes new route v1.png
| Field | Value | Description |
|---|---|---|
| Interface | network interface; default: lan | The zone where the target network resides |
| Target* | ip4; default: none | The address of a destination network. |
| IPv4-Netmask* | netmask; default: none | A netmask is used to divide an IP address into sub-networks (subnets). Combined together, the 'Netmask' and 'Target' values define the exact destination network or IP address to which this route applies. |
| IPv4-Gateway | ip4; default: none | A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field. |
| Metric | integer [0..255]; default: none | The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied. |
| MTU | integer [64..9000]; default: 1500 | Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction. |
| Route Type | unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: unicast | Selects route type. Each type specifies a different behavior for the route:
|
*Additional notes on 'Target' & 'Netmask' fields:
You can define a rule that applies to a single IP like this:
- Target: some IP
- Netmask: 255.255.255.255
Furthermore, you can create target/netmask combinations that apply to a range of IPs. Refer to the table below for examples.
| Target | Netmask | Network range |
|---|---|---|
| 192.168.2.0 | 255.255.255.240 | 192.168.2.0 - 192.168.2.15 |
| 192.168.2.240 | 255.255.255.240 | 192.168.2.240 - 192.168.2.255 |
| 192.168.2.161 | 255.255.255.0 | 192.168.2.0 - 192.168.55.255 |
| 192.168.0.0 | 255.255.0.0 | 192.168.0.0 - 192.168.255.255 |
| 192.168.2.161 | 255.255.255.255 | 192.168.2.161 |
Static IPv6 Routes
The Static IPv6 Routes section displays a list of user defined static IPv6 routes and provides the possibility to add and configure new ones. The list is empty by default.
File:Networking rutos manual routing static routes static ipv6 routes v1.png
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields.
File:Networking rutos manual routing static routes static ipv4 routes new route v1.png
| Field | Value | Description |
|---|---|---|
| Interface | network interface; default: lan | The zone where the target network resides |
| Target | ip6; default: none | The address of a destination network. |
| IPv6-Gateway | ip6; default: none | A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field. |
| Metric | integer [0..255]; default: none | The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied. |
| MTU | integer [64..9000]; default: 1500 | Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction. |
| Route Type | unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: unicast | Selects route type. Each type specifies a different behavior for the route:
|
Advanced Static Routes
The Advanced Static Routes section is used to configure policy-based routing infrastructures, which are usually used in more complex or specific networking scenarios.
Routing Tables
Routing Tables store network routes. Tables are checked before every routing decision until a matching route is found. Having multiple tables allows the user to set up a policy routing infrastructure. Policy-based routing is a technique where routing decisions are based on policies (rule) set by the user.
The 'Routing Tables' section displays user created routing tables. By default, the list is empty.
File:Networking rutos manual routing advanced static routes routing tables v1.png
To create a new table, look to the 'Add New Routing Table' section below. Enter an ID for the new table in the range of [1..252], enter a custom name and click the 'Add' button. The new table should appear in the 'Routing Tables' list. Click the 'Edit' button next to it to begin editing.
File:Networking rutos manual routing advanced static routes add new routing table v1.gif
Refer to the table below for information on configuration fields for routing tables.
Routing Rules For IPv4
Routing Rules provide a way to route certain packets with exceptions, i.e., in accordance to a rule. 'Routing Rules For IPv4' displays user defined routing rules. It is empty by default. To create a new rule, click the 'Add' button and begin editing by clicking the 'Edit' button located to the right of the newly created rule.
Refer to table below for information on each configuration field.
File:Networking rutos manual routing advanced static routes routing rules for ipv4 settings v1.png
| Field | Value | Description |
|---|---|---|
| ID of Table | integer [1..252]; default: none | Unique numerical identifier for the table. The table can be invoked by the both its ID or name. |
| Name of Table | string; default: none | A custom name for the table. The table can be invoked by the both its ID or name. |
| Field | Value | Description |
|---|---|---|
| Priority | integer [0..65535]; default: none | Controls the order of IP rules. Rules with a lower priority value will be checked first. |
| Incoming interface | network interface | Any; default: Any | Logical interface name for incoming traffic. Select 'Any' to make the rule apply to all network interfaces. |
| Outgoing interface | network interface | None; default: None | Logical interface name for incoming traffic. Select 'None' to ignore outgoing interface. |
| Source subnet | netmask; default: none | Source subnet to match the rule. |
| Destination subnet | netmask; default: none | Destination subnet to match the rule. |
| TOS Value to Match | integer [0..255]; default: none | The type of service (ToS) value to match in IP headers. |
| Firewall Mark | integer [0..255] | hex [0x00..0xFF]; default: none | Specifies the fwmark and optionally its mask to match. For example, 0xFF to match mark 255 or 0x0/0x1 to match any even mark value. |
| Invert matches | off | on; default: off | If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted. |
| Matched Traffic Action | Lookup Table | Jump to rule | Routing Action; default: Lookup Table | When network traffic matches this rule, the device will take an action specified in this field:
|
| Lookup Table | routing table; default: none | Specifies a table for routing traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to Lookup Table. |
| Jump to rule | rule priority number; default: none | Specifies a another rule to follow for traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to Jump to rule. |
| >Routing Action | Prohibit | Unreachable | Blackhole | Throw; default: Prohibit | When traffic matches this rule, the action specified in this field will be executed. This field is visible only when 'Matched Traffic Action' is set to Routing Action. |
[[Category:{{{name}}} Network section]]