The secret of tracking network routing, Linux routing detection skills revealed!

As a Linux administrator, have you ever encountered problems such as poor network connection and high latency? Have you ever wanted to learn more about network route tracing and detection techniques to better troubleshoot problems? If so, then you must learn routing detection skills under Linux! In this article, we will introduce in detail how to use Linux command line tools to quickly and easily perform route tracing and detection.

linux view network routing

Every computer connected to a network requires some kind of routing instructions for network TCP/IP packets as they leave localhost. This is usually very simple since most network environments are very simple and there are only two options for leaving packets. All packets are sent to devices on the local network or to other remote networks.

Make sure to define the "local" network as the logical network where the local host is located, and usually also as the physical network. Logically, this refers to the local subnet in which the host is assigned one of the local subnet IP address ranges. Physically, this means that the host is connected to one or more switches, which are also connected to the rest of the local network.

TCP/IP Network Model

Before you get into routing, let's get some help on how packets find their way to the correct host on the network. The TCP/IP network model defines a five-layer stack that describes the mechanisms necessary to move packets from one host to another, whether that host is on a local network or around the world. In the following description of this model, each layer is numbered and also contains the name of the data unit processed by that layer.

5. Application layer: Message This layer includes the connection protocols required for communication by various network applications, such as HTTP, DHCP, SSH, FTP, SMTP, IMAP, etc. When you request a web page from a remote website, a connection request is sent to the web server, a response is sent back to that layer's host, and the browser displays the web page in its window.

4. Transport layer: TCP segment. The transport layer provides end-to-end data transfer and stream management services that are independent of the type of data and protocol being transported. It uses ports 80 (e.g. HTTP) and 25 (SMTP) to establish a connection between the sending host and the remote host.

\3. Internet layer: data packet. Packet routing is performed at the Internet layer. This layer is responsible for routing packets across two or more different networks to reach their final destination. This layer uses IP addresses and routing tables to determine the next device to send the packet to. If sent to a router, each router is only responsible for sending the packet to the next router in the series, not for mapping the entire route from the local host to the destination host. The Internet layer is mainly about routers talking to routers to determine the next router in the link.

2. Data link layer: framework. The link layer manages direct connections between hardware hosts on a single local logical network. This layer uses media access control (MAC) addresses embedded in network interface cards (NICs) to identify physical devices connected to the local network. This layer cannot access hosts that are not on the local network.

1. Physical layer: bit. This is the hardware layer, consisting of the NIC and physical Ethernet cables, as well as the hardware-level protocols used to transmit the individual bits that make up the data frame between any two hosts or other network nodes that make up the local connection.

A simple example

So, what does it look like when a host actually sends data over the network using the TCP/IP network model? This is my complete description of how data moves from one network to another. In this example, my computer is sending a web page request to a remote server.

On the application layer, the browser initiates an HTTP connection request message to the remote host www.example.com to send back data containing the web page content. Here is the message, it only contains the IP address of the remote web server.

The transport layer encapsulates the message containing the web page request in a TCP datagram targeted at the IP address of the remote web server. This packet now, along with the original request packet, includes the source port from which the request was made, usually a very large random port so that the returned data knows which port the browser is listening on. and the destination port on the remote host (port 80 in this case).

The Internet layer encapsulates the TCP datagram in a packet, which also contains the source IP address and the destination IP address.

The data link layer uses the Address Resolution Protocol (ARP) to identify the physical MAC address of the default router and to encapsulate Internet packets in frames that contain the source MAC address and the destination MAC address.

Frames are sent over a wire (usually CAT5 or CAT6) from the NIC on the local host to the NIC on the default router.

The default router opens the datagram and determines the destination IP address. The router uses its own routing table to identify the IP address of the next router that will take the frame to the next step. The router then re-encapsulates the frame into a new datagram that contains its own MAC as the source and the MAC address of the next router, which is then sent over the appropriate interface. Routers perform their routing tasks at Layer 3 (Internet layer).

Please note that switches are invisible to all protocols at Layer 2 and above, so they do not affect the transmission of data in any logical way. The function of a switch is simply to provide a simple way to connect multiple hosts into a single physical network via a length of Ethernet cable.

You can use the arp [-n] command to view all MAC addresses that a host has stored in its arp table. These are always hosts on the local network.

Routing table

All network devices, whether they are hosts, routers, or other types of network nodes such as network-attached printers, need to decide where to route TCP/IP packets. Routing tables provide the configuration information needed to make these decisions. Similar to the very simple routing table in Figure 1, this routing table is used to define a single route available to a typical local host and determine whether to send packets to the default gateway router. . The route -n command lists the routing table; the -n option only displays the results as IP addresses and does not attempt to perform a DNS lookup, which replaces the IP address with the hostname if available. Using the netstat –RN command produces very similar results.

[root@host1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.254   0.0.0.0         UG    100    0        0 eno1
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eno1

Figure 1: A simple routing table.

When using the -n option, the default gateway is always shown with the target 0.0.0.0. If -n is not used, the word "Default" appears in the Destination column of the output. The IP address in the Gateway column is the IP address of the outbound gateway router. A netmask of 0.0.0.0 for the default gateway means that, regardless of network class, any packet in the routing table that is not addressed to the local network or another outbound router via an additional entry will be sent to the default gateway.

The Iface column in Figure 1 is the name of the outbound NIC, in this case eno1. For a host acting as a router, at least two and sometimes more NICs are likely to be used. Each NIC used as a router will be connected to different physical and logical networks. The flag in the Flags column indicates that the route is Up (U), which is the default gateway (G). Other signs may also appear.

For most hosts, the routing decision is very simple:

If the target host is on the local network, send the data directly to the target host.
If the target host is on a remote network reachable through a local gateway listed in the routing table, send it to the explicitly defined gateway.
If the destination host is on a remote network and no other entries define a route to that host, the data is sent to the default gateway.
These rules simply mean that if all other operations fail due to a mismatch, the packet is sent to the default gateway.

The routing table in Figure 2 below is a little more complicated because it belongs to a Linux host that acts as a router to three networks, one of which leads to the Internet. There are entries in the table for the local Class C networks (192.168.0.0/24 on interface eth1, 192.168.25.0/24 on eth2), as well as the default route on eth0 to the rest of the world.

[root@host2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.24    0.0.0.0         255.255.255.252 U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.25.0    0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         192.168.1.25    0.0.0.0         UG    0      0        0 eth0

Figure 2: A more complex routing table with multiple networks.

Please note that there is still only one default gateway, which is on interface eth0. However, in addition to the default route entry that points directly to the router's LAN-side IP address, there is also an entry for the entire 192.168.1.24/30 network. The network only contains two available IP addresses, one for the LAN side of the router, 192.168.1.25/30, and one for the host itself, 192.168.1.26/30.

Routing configuration

So how to configure the routing table? For hosts connected to the network using DHCP, the DHCP server provides the configuration information for this default route as well as DNS, the host IP address, and possibly other information (such as the IP address of the NTP server). For static configuration, it's usually simple, but sometimes it can be a little complex.

In most cases, adding a default route to the /etc/sysconfig/network file will cause the network to configure the default route in the routing table. This entry is similar to the example in Figure 3.

GATEWAY=192.168.0.1

Figure 3: Gateway entry in the network file.

Only the default gateway can be configured using network files.

Another way to configure the default gateway in a statically configured environment is to add it to the corresponding interface configuration file in the /etc/sysconfig/network-scripts directory. To add the gateway to the interface configuration file for interface eth0, add the same lines as in Figure 3 above to the ifcfg-eth0 file. If you do this, the entry should be removed from the network file.

在更复杂的环境中，例如当主机使用多个NIC连接到多个网络时，以及至少需要在路由表中输入两条或更多条路由时，您应该考虑在其中使用路由文件。 / etc / sysconfig / network-scripts。 对于NIC enp7s1，该文件将是route-enp7s1，它将包含图4所示的条目。

default via 192.168.0.1 dev enp7s1

图4：enp7s1的默认路由条目。

路由接口文件中的默认网关设置将覆盖网络文件中可能列出的所有网关。

当然，您始终可以使用route命令从命令行添加路由。 如果您需要在每次系统引导时都执行此操作，则可能会花费一些时间，因此您可能要考虑使用上述方法，或创建在启动时运行的脚本。 我为我的系统之一编写了一个脚本，其中包含以下两行，如图5所示。

route del default
route add default gw 192.168.0.1

图5：从命令行设置默认路由的命令。

请注意，设备名称在所有这些命令中都是可选的，在图5中未使用。

通过阅读本文，我们已经了解了如何使用常见的Linux路由检测命令，例如traceroute和mtr，以及如何利用tcpdump和wireshark来分析网络数据包。通过这些技巧，我们能够有效定位网络连接问题，并快速排除故障。相信这些知识对于广大Linux管理员和网络工程师都将有所帮助，让你们能够更加从容应对复杂的网络环境，提升自己的技术水平。

The above is the detailed content of The secret of tracking network routing, Linux routing detection skills revealed!. For more information, please follow other related articles on the PHP Chinese website!