Does anyone have any experience using realms with iproute2? I found the following tweet from @majek04 quite interesting. https://twitter.com/majek04/status/961508042142633984
Linux routing - there is an old concept named "realm". "Realm" seem to be a group of routes. Docs are poor. "tc route ..." can select based on realm - so in/out realm must be preserved for each routed packet.http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH07.web.html https://www.systutorials.com/docs/linux/man/8-tc-route/ https://www.systutorials.com/docs/linux/man/8-ip-route/
Based on that tweet I've done a little bit of playing and now have realms on my router.
root@router# ip rule show 10: from all lookup local local 20: from all lookup main main 30: from all lookup reject reject 40: from all lookup bogons bogons 50: from all lookup spamhaus-drop spamhaus-drop 60: from all lookup spamhaus-edrop spamhaus-edrop 70: from all lookup dshield dshield 80: from all lookup default defaultI can also see some information from rtacct about what realms have been used.
root@router# rtacct # white space adjusted
#kernel
Realm BytesTo PktsTo BytesFrom PktsFrom
BPSTo PPSTo BPSFrom PPSFrom
unknown 120550K 330614 76 1
0 0 0 0
local 76 1 0 0
0 0 0 0
main 3012M 741344 100756K 1094K
0 0 0 0
default 99530K 1085K 3128M 1037K
0 0 0 0
I'd love to know if anyone has any first hand experience with iproute2
realms and what that experience is.
Notes: I defined the realm names in /etc/iproute2/rt_realms. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
