31,703
edits
Changes
Template:Networking rutos manual routing (view source)
Revision as of 14:23, 14 May 2020
, 14:23, 14 May 2020no edit summary
{{Template:Networking_rutos_manual_fw_disclosure
| fw_version = {{{series}}}_R_00.02.03
| series = {{{series}}}
}}
==Summary==
==Summary==
The <b>Routing</b> page is used to set up static {{#ifeq:{{{series}}}|RUTX|and dynamic|}} routes, routing tables and rules.
This manual page provides an overview of the Routing windows in {{{name}}} devices.
{{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer
| series = {{{series}}}
}}
==Static Routes==
==Static Routes==
<b>Routes</b> ensure that network traffic finds its path to a specified host or network, both in local and remote network scenarios. Static routes are simply fixed routing entries in the routing table(s).
This section provides the possibility to configure custom static routes.
===Static IPv4 Routes===
===Static IPv4 Routes===
----
----
The <b>Static IPv4 Routes</b> section displays a list of user defined static IPv4 routes and provides the possibility to add and configure new ones. The list is empty by default.
[[File:Networking_RUTX_manual_static_routes_ipv4_v1.png|alt=|border|center|1150x1150px]]
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_v1.png|border|class=tlt-border]]
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields.
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]]
<table class="nd-mantable"><tr><th>Field</th><th>Value</th><th>Description</th></tr><tr><td>Interface</td><td>Default: '''lan'''</td><td>The zone where the target network resides</td></tr><tr><td>Target<span class="asterisk">*</span></td><td>IPv4; Default: <b>0.0.0.0</b></td><td>The address of the destination network</td></tr><tr><td>Netmask<span class="asterisk">*</span></td><td>Default: <b>255.255.255.255</b></td><td>A Mask that is applied to the Target to determine to what actual IP addresses the routing rule applies</td></tr><tr><td>Gateway</td><td>IP; Default: '''0.0.0.0'''</td><td>Defines where the router should send all the traffic that applies to the rule</td></tr><tr><td>Metric</td><td>Default: <b>0</b></td><td>The <b>metric</b> value is used as a sorting measure. If a packet about to be routed fits two rules, the one with the lower metric is applied.</td></tr><tr><td>MTU</td><td>[64..9000]; Default: <b>1500</b></td><td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td></tr><tr><td>Route Type</td><td>Default: <b>unicast</b></td><td>Selects route type. Each type specifies a different behavior for the route, available options:<ul><li><b>unicast</b> </li><li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li><li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li><li><b>multicast</b> </li><li><b>unreachable</b> </li><li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li><li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li><li><b>anycast</b> -</li><li><b>-- custom --</b> -</li></ul></td></tr></table>
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Interface</td>
<td>network interface; default: <b>lan</b></td>
<td>The zone where the target network resides</td>
</tr>
<tr>
<td>Target<span class="asterisk">*</span></td>
<td>ip4; default: <b>none</b></td>
<td>The address of a destination network.</td>
</tr>
<tr>
<td>IPv4-Netmask<span class="asterisk">*</span></td>
<td>netmask; default: <b>none</b></td>
<td>A netmask is used to divide an IP address into sub-networks (subnets). Combined together, the 'Netmask' and 'Target' values define the exact destination network or IP address to which this route applies.</td>
</tr>
<tr>
<td>IPv4-Gateway</td>
<td>ip4; default: <b>none</b></td>
<td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td>
</tr>
<tr>
<td>Metric</td>
<td>integer [0..255]; default: <b>none</b></td>
<td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td>
</tr>
<tr>
<td>MTU</td>
<td>integer [64..9000]; default: <b>1500</b></td>
<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>
</tr>
<tr>
<td>Route Type</td>
<td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td>
<td>Selects route type. Each type specifies a different behavior for the route:
<ul>
<li><b>unicast</b> - </li>
<li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li>
<li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li>
<li><b>multicast</b> - </li>
<li><b>unreachable</b> - </li>
<li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li>
<li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li>
<li><b>anycast</b> - </li>
<li><b>-- custom --</b> - </li>
</ul>
</td>
</tr>
</table>
<span class="asterisk">*</span><b>Additional notes on Target & Netmask:</b>
<span class="asterisk">*</span><b>Additional notes on 'Target' & 'Netmask' fields:</b>
----
You can define a rule that applies to a single IP like this:
<ul>
<li><b>Target</b>: some IP</li>
<li><b>Netmask</b>: 255.255.255.255</li>
</ul>
Furthermore, you can create target/netmask combinations that apply to a range of IPs. Refer to the table below for examples.
<table class="nd-mantable">
<tr>
<th>Target</th>
<th>Netmask</th>
<th>Network range</th>
</tr>
<tr>
<td>192.168.2.0</td>
<td>255.255.255.240</td>
<td>192.168.2.0 - 192.168.2.15</td>
</tr>
<tr>
<td>192.168.2.240</td>
<td>255.255.255.240</td>
<td>192.168.2.240 - 192.168.2.255</td>
</tr>
<tr>
<td>192.168.2.161</td>
<td>255.255.255.0</td>
<td>192.168.2.0 - 192.168.55.255</td>
</tr>
<tr>
<td>192.168.0.0</td>
<td>255.255.0.0</td>
<td>192.168.0.0 - 192.168.255.255</td>
</tr>
<tr>
<td>192.168.2.161</td>
<td>255.255.255.255</td>
<td>192.168.2.161</td>
</tr>
</table>
===Static IPv6 Routes===
===Static IPv6 Routes===
----
----
The <b>Static IPv6 Routes</b> section displays a list of user defined static IPv6 routes and provides the possibility to add and configure new ones. The list is empty by default.
[[File:Networking_RUTX_manual_static_routes_ipv6_v1.png|alt=|border|center]]
<br />
[[File:Networking_rutos_manual_routing_static_routes_static_ipv6_routes_v1.png|border|class=tlt-border]]
To add a new route and begin editing, simply click the 'Add' button. Refer to the table below for information on static route configuration fields.
[[File:Networking_rutos_manual_routing_static_routes_static_ipv4_routes_new_route_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Interface</td>
<td>network interface; default: <b>lan</b></td>
<td>The zone where the target network resides</td>
</tr>
<tr>
<td>Target</td>
<td>ip6; default: <b>none</b></td>
<td>The address of a destination network.</td>
</tr>
<tr>
<td>IPv6-Gateway</td>
<td>ip6; default: <b>none</b></td>
<td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td>
</tr>
<tr>
<td>Metric</td>
<td>integer [0..255]; default: <b>none</b></td>
<td>The metric value acts as a measurement of priority. If a packet about to be routed matches two or more rules, the one with the lower metric is applied.</td>
</tr>
<tr>
<td>MTU</td>
<td>integer [64..9000]; default: <b>1500</b></td>
<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>
</tr>
<tr>
<td>Route Type</td>
<td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td>
<td>Selects route type. Each type specifies a different behavior for the route:
<ul>
<li><b>unicast</b> - most common type of route, simply describes a path to a destination.</li>
<li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li>
<li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li>
<li><b>multicast</b> - used for distribution of multicast traffic.</li>
<li><b>unreachable</b> - sends an ICMP "unreachable" response to the source address when a request for a routing decision returns a "destination with an unreachable route type" message.</li>
<li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li>
<li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li>
<li><b>anycast</b> - provides a possibility to route incoming requests to a multiple different network locations.</li>
<li><b>-- custom --</b> - does not use any of the predefined route types.</li>
</ul>
</td>
</tr>
</table>
==Advanced Static Routes==
==Advanced Static Routes==
Advanced static routing includes features and concepts that are used in more complex networks.
The <b>Advanced Static Routes</b> section is used to configure policy-based routing infrastructures, which are usually used in more complex or specific networking scenarios.
===Routing Tables===
===Routing Tables===
----
----
<b>Routing Tables</b> store network routes. Tables are checked before every routing decision until a matching route is found. Having multiple tables allows the user to set up a policy routing infrastructure. Policy-based routing is a technique where routing decisions are based on policies (rule) set by the user.
[[File:Networking RUTX manual advaced static routes tables v1.png|alt=|border|center|1128x1128px]]
The 'Routing Tables' section displays user created routing tables. By default, the list is empty.
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_v1.png|border|class=tlt-border]]
To create a new table, look to the 'Add New Routing Table' section below. Enter an ID for the new table in the range of [1..252], enter a custom name and click the 'Add' button. The new table should appear in the 'Routing Tables' list. Click the 'Edit' button next to it to begin editing.
[[File:Networking_rutos_manual_routing_advanced_static_routes_add_new_routing_table_v1.gif]]
Refer to the table below for information on configuration fields for routing tables.
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_tables_routing_table_settings_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>ID of Table</td>
<td>integer [1..252]; default: <b>none</b></td>
<td>Unique numerical identifier for the table. The table can be invoked by the both its ID or name.</td>
</tr>
<tr>
<td>Name of Table</td>
<td>string; default: <b>none</b></td>
<td>A custom name for the table. The table can be invoked by the both its ID or name.</td>
</tr>
===Routing Rules For IPv4===
===Routing Rules For IPv4===
----
----
<b>Routing Rules</b> provide a way to route certain packets with exceptions, i.e., in accordance to a rule. 'Routing Rules For IPv4' displays user defined routing rules. It is empty by default. To create a new rule, click the 'Add' button and begin editing by clicking the 'Edit' button located to the right of the newly created rule.
[[File:Networking RUTX manual advaced static routes rules v1.png|alt=|border|center|1127x1127px]]
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_v1_begin_to_edit_v1.gif]]
[[File:Networking RUTX manual advaced static routes rules settings v1.png|alt=|border|center|1145x1145px]]<table class="nd-mantable">
----
Refer to table below for information on each configuration field.
[[File:Networking_rutos_manual_routing_advanced_static_routes_routing_rules_for_ipv4_settings_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<tr>
<th>field name</th>
<th>Field</th>
<th>value</th>
<th>Value</th>
<th>description</th>
<th>Description</th>
</tr>
</tr>
<tr>
<tr>
<td>Priority</td>
<td>Priority</td>
<td>Default: '''auto-assigned'''</td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order.
<td>Controls the order of IP rules. Rules with a lower priority value will be checked first.</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td>Incoming interface</td>
<td>Incoming interface</td>
<td>Default: '''Any'''</td>
<td>network interface | Any; default: <b>Any</b></td>
<td>Specifies the incoming logical interface name</td>
<td>Logical interface name for incoming traffic. Select 'Any' to make the rule apply to all network interfaces.</td>
</tr>
</tr>
<tr>
<tr>
<td>Outgoing interface</td>
<td>Outgoing interface</td>
<td>Default: '''None'''</td>
<td>network interface | None; default: <b>None</b></td>
<td>Specifies the outgoing logical interface name
<td>Logical interface name for incoming traffic. Select 'None' to ignore outgoing interface.</td>
</td>
</tr>
</tr><tr><td>Source subnet</td><td>IPv4; Default: <b>0.0.0.0</b></td><td>Specifies the source subnet to match (CIDR notation)
<tr>
</td></tr><tr><td>Destination subnet</td><td>IPv4; Default: '''0.0.0.0'''</td><td>Specifies the destination subnet to match (CIDR notation)
<td>Source subnet</td>
</td></tr><tr><td>TOS Value to Match</td><td>Default: <b>0</b>
<td>netmask; default: <b>none</b></td>
</td><td>Specifies the TOS value to match in IP headers
<td>Source subnet to match the rule.</td>
</td></tr><tr><td>Firewall Mark</td><td>Default: '''0xFF'''
</tr>
</td><td>Specifies the fwmark and optionally its mask to match, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value
<tr>
</td></tr><tr><td>Invert matches</td><td>off | on; Default: '''off'''
<td>Destination subnet</td>
</td><td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted
<td>netmask; default: <b>none</b></td>
</td></tr><tr><td>Matched Traffic Action</td><td>Default: '''Lookup Table'''
<td>Destination subnet to match the rule.</td>
</td><td>Available options:
</tr>
<tr>
<td>TOS Value to Match</td>
<td>integer [0..255]; default: <b>none</b></td>
<td>The type of service (ToS) value to match in IP headers.</td>
</td></tr><tr><td>Lookup Table</td><td>Default: " "
</tr>
</td><td>The rule target is a table lookup
<tr>
</td></tr></table>
<td>Firewall Mark</td>
<td>integer [0..255] | hex [0x00..0xFF]; default: <b>none</b></td>
<td>Specifies the fwmark and optionally its mask to match. For example, 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td>
</tr>
<tr>
<td>Invert matches</td>
<td>off | on; default: <b>off</b></td>
<td>If enabled, the meaning of the match options (Firewall Mark, TOS Value, Source and Destination subnets) is inverted.</td>
</tr>
<tr>
<td>Matched Traffic Action</td>
<td><span style="color: red;">Lookup Table</span> | <span style="color: green;">Jump to rule</span> | <span style="color: #0054A6;">Routing Action</span>; default: <b>Lookup Table</b></td>
<td>When network traffic matches this rule, the device will take an action specified in this field:
<ul>
<li><b><span style="color: red;">Lookup Table</span></b> - routes traffic in accordance with the specified routing table.</li>
<li><b><span style="color: green;">Jump to rule</span></b> - specifies another routing rule to follow.</li>
<li><b><span style="color: #0054A6;">Routing Action</span></b> - executes one of four predefined routing actions.</li>
</ul>
</td>
</tr>
<tr>
<td><span style="color: red;">Lookup Table</span></td>
<td>routing table; default: <b>none</b></td>
<td>Specifies a table for routing traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Lookup Table</i>.</td>
</tr>
<tr>
<td><span style="color: green;">Jump to rule</span></td>
<td>rule priority number; default: <b>none</b></td>
<td>Specifies a another rule to follow for traffic that matches this rule. This field is visible only when 'Matched Traffic Action' is set to <i>Jump to rule</i>.</td>
</tr>
<tr>
<td>><span style="color: #0054A6;">Routing Action</span></td>
<td>Prohibit | Unreachable | Blackhole | Throw; default: <b>Prohibit</b></td>
<td>When traffic matches this rule, the action specified in this field will be executed. This field is visible only when 'Matched Traffic Action' is set to <i>Routing Action</i>.</td>
</tr>
</table>
[[Category:{{{name}}} Network section]]
[[Category:{{{name}}} Network section]]
