Line 1: |
Line 1: |
| + | {{Template:Networking_rutos_manual_fw_disclosure |
| + | | fw_version = {{{series}}}_R_00.02.03 |
| + | | series = {{{series}}} |
| + | }} |
| + | |
| ==Summary== | | ==Summary== |
| | | |
− | This chapter is an overview of the <b>Routing</b> section in {{{name}}} devices.
| + | The <b>Routing</b> page is used to set up static {{#ifeq:{{{series}}}|RUTX|and dynamic|}} routes, routing tables and rules. |
| + | |
| + | This manual page provides an overview of the Routing windows in {{{name}}} devices. |
| + | |
| + | {{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer |
| + | | series = {{{series}}} |
| + | }} |
| | | |
| ==Static Routes== | | ==Static Routes== |
| | | |
− | Static routes specify over which interface and gateway a certain host or network can be reached. In this page you can configure your own custom routes.
| + | <b>Routes</b> ensure that network traffic finds its path to a specified host or network, both in local and remote network scenarios. Static routes are simply fixed routing entries in the routing table(s). |
| + | |
| + | This section provides the possibility to configure custom static routes. |
| | | |
| ===Static IPv4 Routes=== | | ===Static IPv4 Routes=== |
| ---- | | ---- |
− | Below is an example and information about Static IPv4 Routes.
| + | The <b>Static IPv4 Routes</b> section displays a list of user defined static IPv4 routes and provides the possibility to add and configure new ones. The list is empty by default. |
− | [[File:Networking_RUTX_manual_static_routes_ipv4_v1.png|alt=|border|center|1150x1150px]] | + | |
| + | [[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_v1.png|border|class=tlt-border]] |
| + | |
| + | To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields. |
| + | |
| + | [[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]] |
| | | |
− | <table class="nd-mantable"><tr><th>Field</th><th>Value</th><th>Description</th></tr><tr><td>Interface</td><td>Default: '''lan'''</td><td>The zone where the target network resides</td></tr><tr><td>Target<span class="asterisk">*</span></td><td>IPv4; Default: <b>0.0.0.0</b></td><td>The address of the destination network</td></tr><tr><td>Netmask<span class="asterisk">*</span></td><td>Default: <b>255.255.255.255</b></td><td>A Mask that is applied to the Target to determine to what actual IP addresses the routing rule applies</td></tr><tr><td>Gateway</td><td>IP; Default: '''0.0.0.0'''</td><td>Defines where the router should send all the traffic that applies to the rule</td></tr><tr><td>Metric</td><td>Default: <b>0</b></td><td>The <b>metric</b> value is used as a sorting measure. If a packet about to be routed fits two rules, the one with the lower metric is applied.</td></tr><tr><td>MTU</td><td>[64..9000]; Default: <b>1500</b></td><td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td></tr><tr><td>Route Type</td><td>Default: <b>unicast</b></td><td>Selects route type. Each type specifies a different behavior for the route, available options:<ul><li><b>unicast</b> </li><li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li><li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li><li><b>multicast</b> </li><li><b>unreachable</b> </li><li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li><li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li><li><b>anycast</b> -</li><li><b>-- custom --</b> -</li></ul></td></tr></table> | + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Interface</td> |
| + | <td>network interface; default: <b>lan</b></td> |
| + | <td>The zone where the target network resides</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Target<span class="asterisk">*</span></td> |
| + | <td>ip4; default: <b>none</b></td> |
| + | <td>The address of a destination network.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>IPv4-Netmask<span class="asterisk">*</span></td> |
| + | <td>netmask; default: <b>none</b></td> |
| + | <td>A netmask is used to divide an IP address into sub-networks (subnets). Combined together, the 'Netmask' and 'Target' values define the exact destination network or IP address to which this route applies.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>IPv4-Gateway</td> |
| + | <td>ip4; default: <b>none</b></td> |
| + | <td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Metric</td> |
| + | <td>integer [0..255]; default: <b>none</b></td> |
| + | <td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>MTU</td> |
| + | <td>integer [64..9000]; default: <b>1500</b></td> |
| + | <td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Route Type</td> |
| + | <td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td> |
| + | <td>Selects route type. Each type specifies a different behavior for the route: |
| + | <ul> |
| + | <li><b>unicast</b> - </li> |
| + | <li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li> |
| + | <li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li> |
| + | <li><b>multicast</b> - </li> |
| + | <li><b>unreachable</b> - </li> |
| + | <li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li> |
| + | <li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li> |
| + | <li><b>anycast</b> - </li> |
| + | <li><b>-- custom --</b> - </li> |
| + | </ul> |
| + | </td> |
| + | </tr> |
| + | </table> |
| | | |
− | <span class="asterisk">*</span><b>Additional notes on Target & Netmask:</b> | + | <span class="asterisk">*</span><b>Additional notes on 'Target' & 'Netmask' fields:</b> |
| + | ---- |
| + | You can define a rule that applies to a single IP like this: |
| + | |
| + | <ul> |
| + | <li><b>Target</b>: some IP</li> |
| + | <li><b>Netmask</b>: 255.255.255.255</li> |
| + | </ul> |
| + | |
| + | Furthermore, you can create target/netmask combinations that apply to a range of IPs. Refer to the table below for examples. |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Target</th> |
| + | <th>Netmask</th> |
| + | <th>Network range</th> |
| + | </tr> |
| + | <tr> |
| + | <td>192.168.2.0</td> |
| + | <td>255.255.255.240</td> |
| + | <td>192.168.2.0 - 192.168.2.15</td> |
| + | </tr> |
| + | <tr> |
| + | <td>192.168.2.240</td> |
| + | <td>255.255.255.240</td> |
| + | <td>192.168.2.240 - 192.168.2.255</td> |
| + | </tr> |
| + | <tr> |
| + | <td>192.168.2.161</td> |
| + | <td>255.255.255.0</td> |
| + | <td>192.168.2.0 - 192.168.55.255</td> |
| + | </tr> |
| + | <tr> |
| + | <td>192.168.0.0</td> |
| + | <td>255.255.0.0</td> |
| + | <td>192.168.0.0 - 192.168.255.255</td> |
| + | </tr> |
| + | <tr> |
| + | <td>192.168.2.161</td> |
| + | <td>255.255.255.255</td> |
| + | <td>192.168.2.161</td> |
| + | </tr> |
| + | </table> |
| | | |
− | You can define a rule that applies to a single IP like this:<ul><li><b>Target</b>: some IP</li><li><b>Netmask</b>: 255.255.255.255</li></ul>Furthermore, you can define a rules that apply to a range of IPs. Refer to the table below for examples.<table class="nd-mantable"><tr><th>Target</th><th>Netmask</th><th>Description</th></tr><tr><td>192.168.2.0</td><td>255.255.255.240</td><td>Applies to IPs in the 192.168.2.0 - 192.168.2.15 range.</td></tr><tr><td>192.168.2.240</td><td>255.255.255.240</td><td>Applies to IPs in the 192.168.2.240 - 192.168.2.255 range.</td></tr><tr><td>192.168.2.161</td><td>255.255.255.0</td><td>Applies to IPs in the 192.168.2.0 - 192.168.55.255 range.</td></tr><tr><td>192.168.0.0</td><td>255.255.0.0</td><td>Applies to IPs in the 192.168.0.0 - 192.168.255.255 range.</td></tr><tr><td>192.168.2.161</td><td>255.255.255.255</td><td>Only applies to 192.168.2.161.</td></tr></table><br />
| |
| ===Static IPv6 Routes=== | | ===Static IPv6 Routes=== |
| ---- | | ---- |
− | Settings for Static IPv6 routes are the same as for IPv4 only that the target IP and and gateway are different.
| + | The <b>Static IPv6 Routes</b> section displays a list of user defined static IPv6 routes and provides the possibility to add and configure new ones. The list is empty by default. |
− | [[File:Networking_RUTX_manual_static_routes_ipv6_v1.png|alt=|border|center]] | + | |
− | <br /> | + | [[File:Networking_rutos_manual_routing_static_routes_static_ipv6_routes_v1.png|border|class=tlt-border]] |
| + | |
| + | To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields. |
| + | |
| + | [[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Interface</td> |
| + | <td>network interface; default: <b>lan</b></td> |
| + | <td>The zone where the target network resides</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Target</td> |
| + | <td>ip6; default: <b>none</b></td> |
| + | <td>The address of a destination network.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>IPv6-Gateway</td> |
| + | <td>ip6; default: <b>none</b></td> |
| + | <td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Metric</td> |
| + | <td>integer [0..255]; default: <b>none</b></td> |
| + | <td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>MTU</td> |
| + | <td>integer [64..9000]; default: <b>1500</b></td> |
| + | <td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Route Type</td> |
| + | <td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td> |
| + | <td>Selects route type. Each type specifies a different behavior for the route: |
| + | <ul> |
| + | <li><b>unicast</b> - most common type of route, simply describes a path to a destination.</li> |
| + | <li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li> |
| + | <li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li> |
| + | <li><b>multicast</b> - used for distribution of multicast traffic.</li> |
| + | <li><b>unreachable</b> - sends an ICMP "unreachable" response to the source address when a request for a routing decision returns a "destination with an unreachable route type" message.</li> |
| + | <li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li> |
| + | <li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li> |
| + | <li><b>anycast</b> - provides a possibility to route incoming requests to a multiple different network locations.</li> |
| + | <li><b>-- custom --</b> - does not use any of the predefined route types.</li> |
| + | </ul> |
| + | </td> |
| + | </tr> |
| + | </table> |
| | | |
| ==Advanced Static Routes== | | ==Advanced Static Routes== |
| | | |
− | Advanced static routing includes features and concepts that are used in more complex networks. | + | The <b>Advanced Static Routes</b> section is used to configure policy-based routing infrastructures, which are usually used in more complex or specific networking scenarios. |
| | | |
| ===Routing Tables=== | | ===Routing Tables=== |
| ---- | | ---- |
− | Below is an example of routing tables. You can create a new one by writing '''ID''' (anything you want, but only numbers are allowed), '''Name''' and pressing '''Add''' button. You can edit them by pressing '''Edit''' button
| + | <b>Routing Tables</b> store network routes. Tables are checked before every routing decision until a matching route is found. Having multiple tables allows the user to set up a policy routing infrastructure. Policy-based routing is a technique where routing decisions are based on policies (rule) set by the user. |
− | [[File:Networking RUTX manual advaced static routes tables v1.png|alt=|border|center|1128x1128px]] | + | |
| + | The 'Routing Tables' section displays user created routing tables. By default, the list is empty. |
| + | |
| + | [[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_v1.png|border|class=tlt-border]] |
| + | |
| + | To create a new table, look to the 'Add New Routing Table' section below. Enter an ID for the new table in the range of [1..252], enter a custom name and click the 'Add' button. The new table should appear in the 'Routing Tables' list. Click the 'Edit' button next to it to begin editing. |
| + | |
| + | [[File:Networking_rutos_manual_routing_advanced_static_routes_add_new_routing_table_v1.gif]] |
| + | |
| + | Refer to the table below for information on configuration fields for routing tables. |
| + | |
| + | [[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_routing_table_settings_v1.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>ID of Table</td> |
| + | <td>integer [1..252]; default: <b>none</b></td> |
| + | <td>Unique numerical identifier for the table. The table can be invoked by the both its ID or name.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Name of Table</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>A custom name for the table. The table can be invoked by the both its ID or name.</td> |
| + | </tr> |
| | | |
| ===Routing Rules For IPv4=== | | ===Routing Rules For IPv4=== |
| ---- | | ---- |
− | Below is an example of routing rules for IPv4. You can create a new rule by pressing '''Add''' button, also you can edit them by pressing '''Edit''' button.
| + | <b>Routing Rules</b> provide a way to route certain packets with exceptions, i.e., in accordance to a rule. 'Routing Rules For IPv4' displays user defined routing rules. It is empty by default. To create a new rule, click the 'Add' button and begin editing by clicking the 'Edit' button located to the right of the newly created rule. |
− | [[File:Networking RUTX manual advaced static routes rules v1.png|alt=|border|center|1127x1127px]] | + | |
− | An example of rule editing window and meanings of all the configurations are presented below.
| + | [[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_v1_begin_to_edit_v1.gif]] |
− | [[File:Networking RUTX manual advaced static routes rules settings v1.png|alt=|border|center|1145x1145px]]<table class="nd-mantable"> | + | ---- |
| + | Refer to table below for information on each configuration field. |
| + | |
| + | [[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_settings_v1.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| <tr> | | <tr> |
− | <th>field name</th> | + | <th>Field</th> |
− | <th>value</th> | + | <th>Value</th> |
− | <th>description</th> | + | <th>Description</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Priority</td> | | <td>Priority</td> |
− | <td>Default: '''auto-assigned'''</td> | + | <td>integer [0..65535]; default: <b>none</b></td> |
− | <td>Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order. | + | <td>Controls the order of IP rules. Rules with a lower priority value will be checked first.</td> |
− | </td> | |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Incoming interface</td> | | <td>Incoming interface</td> |
− | <td>Default: '''Any'''</td> | + | <td>network interface | Any; default: <b>Any</b></td> |
− | <td>Specifies the incoming logical interface name</td> | + | <td>Logical interface name for incoming traffic. Select 'Any' to make the rule apply to all network interfaces.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Outgoing interface</td> | | <td>Outgoing interface</td> |
− | <td>Default: '''None'''</td> | + | <td>network interface | None; default: <b>None</b></td> |
− | <td>Specifies the outgoing logical interface name | + | <td>Logical interface name for incoming traffic. Select 'None' to ignore outgoing interface.</td> |
− | </td> | + | </tr> |
− | </tr><tr><td>Source subnet</td><td>IPv4; Default: <b>0.0.0.0</b></td><td>Specifies the source subnet to match (CIDR notation) | + | <tr> |
− | </td></tr><tr><td>Destination subnet</td><td>IPv4; Default: '''0.0.0.0'''</td><td>Specifies the destination subnet to match (CIDR notation) | + | <td>Source subnet</td> |
− | </td></tr><tr><td>TOS Value to Match</td><td>Default: <b>0</b> | + | <td>netmask; default: <b>none</b></td> |
− | </td><td>Specifies the TOS value to match in IP headers | + | <td>Source subnet to match the rule.</td> |
− | </td></tr><tr><td>Firewall Mark</td><td>Default: '''0xFF''' | + | </tr> |
− | </td><td>Specifies the fwmark and optionally its mask to match, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value | + | <tr> |
− | </td></tr><tr><td>Invert matches</td><td>off | on; Default: '''off''' | + | <td>Destination subnet</td> |
− | </td><td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted | + | <td>netmask; default: <b>none</b></td> |
− | </td></tr><tr><td>Matched Traffic Action</td><td>Default: '''Lookup Table''' | + | <td>Destination subnet to match the rule.</td> |
− | </td><td>Available options: | + | </tr> |
− | | + | <tr> |
− | *'''Lookup table'''
| + | <td>TOS Value to Match</td> |
− | *'''Jump to rule'''
| + | <td>integer [0..255]; default: <b>none</b></td> |
− | *'''Routing action'''
| + | <td>The type of service (ToS) value to match in IP headers.</td> |
− | </td></tr><tr><td>Lookup Table</td><td>Default: " " | + | </tr> |
− | </td><td>The rule target is a table lookup | + | <tr> |
− | </td></tr></table> | + | <td>Firewall Mark</td> |
| + | <td>integer [0..255] | hex [0x00..0xFF]; default: <b>none</b></td> |
| + | <td>Specifies the fwmark and optionally its mask to match. For example, 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Invert matches</td> |
| + | <td>off | on; default: <b>off</b></td> |
| + | <td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Matched Traffic Action</td> |
| + | <td><span style="color: red;">Lookup Table</span> | <span style="color: green;">Jump to rule</span> | <span style="color: #0054A6;">Routing Action</span>; default: <b>Lookup Table</b></td> |
| + | <td>When network traffic matches this rule, the device will take an action specified in this field: |
| + | <ul> |
| + | <li><b><span style="color: red;">Lookup Table</span></b> - routes traffic in accordance with the specified routing table.</li> |
| + | <li><b><span style="color: green;">Jump to rule</span></b> - specifies another routing rule to follow.</li> |
| + | <li><b><span style="color: #0054A6;">Routing Action</span></b> - executes one of four predefined routing actions.</li> |
| + | </ul> |
| + | </td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: red;">Lookup Table</span></td> |
| + | <td>routing table; default: <b>none</b></td> |
| + | <td>Specifies a table for routing traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Lookup Table</i>.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: green;">Jump to rule</span></td> |
| + | <td>rule priority number; default: <b>none</b></td> |
| + | <td>Specifies a another rule to follow for traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Jump to rule</i>.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>><span style="color: #0054A6;">Routing Action</span></td> |
| + | <td>Prohibit | Unreachable | Blackhole | Throw; default: <b>Prohibit</b></td> |
| + | <td>When traffic matches this rule, the action specified in this field will be executed. This field is visible only when 'Matched Traffic Action' is set to <i>Routing Action</i>.</td> |
| + | </tr> |
| + | </table> |
| | | |
| [[Category:{{{name}}} Network section]] | | [[Category:{{{name}}} Network section]] |