Re: Basic Routing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Note: Because of the length of my reply I'm going to split this reply in to two parts. The first (this) part will be on routing in general and the second (next) part will be on NATing.

On 11/2/2008 12:43 PM, Daniel L. Miller wrote:
Thanx. I'm still not sure of the vocabulary with which to phrase my "true" question - so I'll try it with more words (although I think you've already answered me - I'm just looking for confirmation).

Eh... What Daniel said is true, but your (mis)understandings are not quite right. You are actually trying to understand some lower level functionality by observing some higher level functionality that causes you to misconstrue the underlying functionality. It's sort of like trying to grab something under water while looking at it from out of the water if you don't know that water changes the angle you need to look at.

Given:
1. A linux box "router" that has ip-fowarding enabled, and no restrictions via iptables.
2.  This box has a routing table that lists two or more networks

If another host on network 'A', lists the box "router" as its default gateway, and tries to contact network 'B' through the router - will the router automagically pass along the packets? Or this simply doesn't work, because of a basic networking concept I haven't grasped - and NAT is the technique to accomplish this?

Yes and no.

NATing, or Network Address Translation, is a special technique to alter (possibly hide) either the source and / or destination address the traffic is coming from and / or going to. (I say "and / or" because it is possible to NAT both the source and destination if need be, which is called double NATing and even more complex.)

First let's say that a /Default Gateway/ is nothing more than a catch all route to be used when there are no other better routes to use. In essence, use the /Default Gateway/ as the last resort to fall back on if nothing else works.

Now, routes in general are just a way of saying that if you want to go to this particular destination, you need to go by way of here to get to your ultimate destination.

Now, let's consider your scenario above:

+---+         +--------+         +---+
| 1 +---(A)---+ Router +---(B)---+ 2 |
+---+         +--------+         +---+

We configure host 1 on network A to use the Router as its default gateway and similarly we configure host 2 to use the Router as its default gateway.

Now, host 1 can ping any thing on network A directly because it is local and with in it's (sub)net(work). However if host 1 wants to ping any thing out side of network A it will have to find a route to get to the destination. Knowing that host 1 only has one route, the /Default Gateway/ all traffic not going to the local (sub)net(work) will go to the /Default Gateway/. So, host 1 sends its traffic to the /Default Gateway/ of Router. Now it is up to Router to handle the traffic.

Router now has traffic from host 1 that it needs to deliver to host 2. So Router looks in its routing tables and finds that host 2 is in network B and that it is directly attached to network B and as such is able to send the traffic directly to host 2 in network B.

When host 2 receives the traffic and is ready to reply to host 1 it goes through a similar process as host 1 to send the reply traffic. Likewise Router handles the traffic in reverse.

Thus hosts 1 and 2 are able to talk to each other by way of Router.

When hosts 1 and 2 are talking to each other, they both know that that traffic originated from the other because of the source IP address in the packets they received.

Now, let's elaborate the network connection a bit more to further explain routing.

                 :                 :
                 |                 |
+---+         +--+--+           +--+--+         +---+
| 1 +---(A)---+ Bob +===(XXX)===+ Tom +---(B)---+ 2 |
+---+         +-----+           +-----+         +---+

Here we have two friends that have their home network, each with their own internet connection. However, considering that they are friends, they have some sort of connection between their homes to allow them to use each others network resources. This connection could be a VPN across the internet, or it could be a wireless network connection, or if they are close enough to each other, it could be an ethernet connection between their routers.

In this scenario, both hosts 1 and 2 use their local routers (Bob and Tom respectively) as their /Default Gateway/.

Now let's re-consider host 1 pinging host 2 in this new network. Like before, when host 1 wants to pint host 2 it finds that host 2 is not with in its network and thus must have a route to get there. Like before host 1 will send the traffic to its /Default Gateway/ (in this case) "Bob". Bob will then have to find a route to get to host 2. This time Bob has a default gateway of the internet connection (going out the top) -AND- Bob has a route to network B by way of "Tom". So Bob will send the packet on to Tom. Tom will then as you would expect see that host 2 is directly connected to network B and send the packet on to host 2.

Similarly when host 2 replies, it's traffic will go to it's /Default Gateway/ (in this case) "Tom". Tom will then find that it has a route to network A by way of "Bob" and as such will send traffic to network A to Bob. Bob will then see that the traffic is to a system on network A and send the traffic accordingly.

In both of the above scenarios hosts 1 and 2 used the /Default Gateway/ to send their traffic and did not need a routing table with any thing more than their /Default Gateway/. The following scenario is a bit different.

   :                                             :
   |                                             |
+--+--+         +---+           +---+         +--+--+
| Bob +---(A)---+ 1 |           | 2 +---(B)---+ Tom |
+-----+    |    +---+           +---+    |    +-----+
           |                             |
           |    +---+           +---+    |
           +----+ 7 +===(XXX)===+ 8 +----+
                +---+           +---+

Here things are more than a bit different. In this configuration, we still have Bob's and Tom's houses, except this time the connection between the two networks is not through their /Default Gateway/ but rather the respective systems 7 and 8.

In this scenario, when host 1 wants to ping host 2, host 1 will again consult its routing table. However this time there will have to be an entry that says that network B is accessible by host 7 in addition to the /Default Gateway/ entry. Thus when host 1 sends its packet it will find that it needs to send the packet to host 7 rather than the /Default Gateway/ of "Bob". Host 7 will then receive the packet and find that it needs to send the packet on to host 8. Host 8 will then find that it can send the packet directly to host 2 on the local network B.

Similarly host 2 will have to have a route in its routing table so that it knows that it reaches network A by way of host 8. Thus host 2 sends its reply packet to host 8 which sends the packet on to host 7 which then sends the packet directly to host 1.

I guess part of my difficulty lies in a lack of experience configuring non-linux routers. Behind-the-scenes, as it were, do all/most routers use NAT to accomplish the goal of linking networks? It always seemed to me NAT was a 'kludge' that was somehow unnecessary when "more expensive?" equipment was involved.

Quickly, *NO*, routers in general do *NOT* use NAT. Look at my next email for an explanation as to what NAT is for.



Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux