Here are some brief concepts to keep in mind when adding new routes and routing tables.
Master Routing Table Best Practices
High level concepts to keep in mind when adding new routing tables to a master routing table file.
- Ensure table name and number are both unique!
- Do not modify default values in the file
- New table references should be numbered between 100 and 200
- Remember the "default" table is actually named main
- Do not number route tables sequentially unless you must; leave space for future additions
Route Order
The order of the routes in routing tables is not important. The kernel will choose the longest matching route for a packet. This is typically also the most specific route. However, it is best to organize routes in a routing table from least to most specific filtering, as it makes it easier for human readability and troubleshooting.
Adding New Routes to an Existing Routing Table
Adding a new route to an existing table other than the main table is a simple process. Routing tables have a very basic command structure. The possible routing types are described above in the routing type chart under IP Route Syntax.
The most common scenarios when the server is not a router is a unicast route type. The command format to add a new unicast route is:
ip route add {[destination ip/mask] [default]} {via [ip/mask]} {dev} [device] {table} [table ID] src [source ip]
Adding New Routes to the Default (main) Routing Table
To simply create a new route in the default routing table, just insert a new route in the table called main. This may be accomplished via the ip route command.
First, take a look at the current state of your main routing table.
ip route showor
ip route show table mainor
route -nIf you ever see a route with a non-zero metric value, it is a priority value. Metric is an arbitrary 32-bit number that delineates route preferences. Smaller values denote higher priority. Zero is the highest priority metric. 65535 is the lowest.
Follow the instructions below to create new routes in the main table. To add a new route to the default main table, simply omit the table <table ID> portion of each command line.
Gateways
The default gateway is special. If an outbound packet fails to match any route in the current routing table, and there is a default gateway present, that is where the packet will be sent. It is a catch-all for network traffic.
By design there may be only one (1) default gateway. What happens if you use more than one? Any after the first will be ignored. Only one is permitted per routing table, per network interface. This makes sense if you think about it. The default route defines the "default" or automatic selection of a route if no matching route is found for a packet. When you define a default route, you are establishing the floor. If no better match is found for a packet, it is sent there.
So, what if there is more than one network interface, you have an equal number of default routes in the same routing table, and you want those routes to be chosen under particular circumstances? In order to function properly, you must define rules that instruct iproute2 how you want it to funnel the packets.
If you need multiple default routes, use custom tables with rules.
Split Gateways
It's possible to trick the routing software and kernel into allowing more than one entry in the routing table that points to a default gateway, using the same interface. This is called a split gateway or default gateway split, and the key to the technique involves ensuring no IP address is duplicated in the default routes. Sometimes when people mention a split gateway, this is what they are referring to.
Split routes should always be thoroughly vetted on a test or non-production system prior to implementation.