IP route rule

最长匹配原则：

http://blog.sina.com.cn/s/blog_99509264010160k9.html

路由掩码最长匹配原则是指IP网络中当路由表中有多条条目可以匹配目的ip时，一般就采用掩码最长（最精确）的一条作为匹配项并确定下一跳。（也叫最长前缀匹配，是路由器在查找路由表进行选路的算法）

例如，考虑下面这个IPV4的路由表：

192.168.20.16/28 e0

192.168.0.0/16 s0

在要查找地址192.168.20.19时，不难发现上述两条都“匹配”，即这两条都包含要查找的目的地址。此时就应该根据最长掩码匹配原则，选择第一条进行匹配（更明确），所以数据包将通过e0发送出去。

配置脚本：

vconfig add mt 40

ip link set mt.40 up

ip addr add 192.168.129.73/24 brd + dev bp.dct_00

ip addr add 192.168.129.16/32 dev mt.40

ip route add 192.168.129.190/32 dev mt.40

toor4nsn@lrc-lsp-axm-7:~# arp -a

 (192.168.253.10) at b4:99:4c:b7:8a:cc [ether] on k2s

 (192.168.129.190) at <incomplete> on mt.40

 (192.168.253.11) at b4:99:4c:b8:6f:69 [ether] on k2s

 (192.168.129.191) at <incomplete> on bp.dct_00

 (192.168.255.211) at 00:0c:29:95:6b:c3 [ether] on mt

 (192.168.253.12) at b4:99:4c:b6:65:f4 [ether] on k2s

toor4nsn@lrc-lsp-axm-7:~# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.255.1   0.0.0.0         UG    0      0        0 mt (网关)

192.168.129.0   0.0.0.0         255.255.255.0（24）   U     0      0        0 bp.dct_00     

# 其他的路由，如本条，还有k2s，bp.bp_01都不是通过ip route add加进来的，而是在从这些配置相应接口的信息中得到的，如 ip addr add 192.168.253.159/24 brd + dev bp.bp_01

192.168.129.190 0.0.0.0       255.255.255.255（32） UH    0      0        0 mt.40       

# 这条路由就是上述脚本中特意通过ip route add加进来的，第一列是网段主机号，如k2s的主机号是192.168.253.8,  这条路由是单个主机的路由，只针对从AXM发出的目的IP是192.168.129.190的包才会从这个路由转发出去，其他的目的IP是192.168.129.x, x不等于190的包才会从bp.dct_00发出去

192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 sfpx

192.168.253.0   0.0.0.0         255.255.255.0   U     0      0        0 bp.bp_01

192.168.253.8   0.0.0.0         255.255.255.248 U     0      0       0 k2s

192.168.255.0   0.0.0.0         255.255.255.0   U     0      0        0 mt（ interface：输出接口，说明IP包将从该路由器哪个接口转发）

toor@lrc:~# jobs

[1]+  Running                 ping 192.168.129.191 &

toor@lrc:~# tcpdump -i bp.dct_00 -ne arp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on bp.dct_00, link-type EN10MB (Ethernet), capture size 65535 bytes

00:48:08.571862 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.191tell 192.168.129.73（bp.dct_00）, length 28（可见ARP包是通过mt.40口发出去的，因为129.191与ff.ff.ff.ff相与的结果跟192.190与ff.ff.ff.ff相与的结果不相同，所以129.191跟129.190不在同一网段，所以将选择路由表的另一项进行路由，即通过bp.dtc_00）

00:48:09.571854 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.191 tell 192.168.129.73, length 28

^C

2 packets captured

2 packets received by filter

0 packets dropped by kernel

toor@lrc:~# tcpdump -i mt.40 -ne arp         

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mt.40, link-type EN10MB (Ethernet), capture size 65535 bytes

00:48:20.882811 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

00:4

toor@lrc:~# ping 192.168.129.190 &

[1] 23261

PING 192.168.129.190 (192.168.129.190): 56 data bytes

toor4nsn@lrc-lsp-axm-7:~# tcpdump -i bp.dct_00 -ne arp   

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on bp.dct_00, link-type EN10MB (Ethernet), capture size 65535 bytes

00:49:46.141899 60:a8:ff:3c:cb:9f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell192.168.129.16（mt.40）, length 46（可见ARP包是通过mt.40口发出去的）

00:49:46.141916 60:a8:ff:3c:cb:9f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.16, length 46

00:49:46.141930 60:a8:ff:3c:cb:9f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.16, length 46

^C

3 packets captured

6 packets received by filter

0 packets dropped by kernel

toor@lrc:~# tcpdump -i mt.40 -ne arp   

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mt.40, link-type EN10MB (Ethernet), capture size 65535 bytes

00:49:58.742950 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

00:49:59.145858 60:a8:ff:3c:cb:9f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.190 tell192.168.129.16, length 28

00:49:59.889053 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

^C

3 packets captured

4 packets received by filter

0 packets dropped by kernel

toor@lrc:~# tcpdump -i mt -ne arp       

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mt, link-type EN10MB (Ethernet), capture size 65535 bytes

00:50:07.095315 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 40, p 0, ethertype ARP, Request who-has 192.168.129.190 tell 192.168.129.48, length 46

00:50:08.092810 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 40, p 0, ethertype ARP, Request who-has 192.168.129.190 tell 192.168.129.48, length 46

toor@lrc:~# ping 192.168.253.13 &

toor@lrc:~# tcpdump -i k2s -ne arp   

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on k2s, link-type EN10MB (Ethernet), capture size 65535 bytes

01:14:57.735804 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell192.168.253.9(k2s), length 28

01:14:58.731857 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell 192.168.253.9, length 28

01:14:59.731857 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell 192.168.253.9, length 28

01:15:00.735960 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell 192.168.253.9, length 28

01:15:01.731856 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell 192.168.253.9, length 28

01:15:02.731858 02:40:43:77:07:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.253.13 tell 192.168.253.9, length 28

01:15:03.7

toor@lrc:~# ip route del 192.168.129.190/32 dev mt.40 （删除129.190的路由）

toor@lrc:~# route -n （路由表中已没有190的路由信息）

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.255.1   0.0.0.0         UG    0      0        0 mt

192.168.129.0   0.0.0.0         255.255.255.0   U     0      0        0 bp.dct_00

192.168.131.0   0.0.0.0         255.255.255.0   U     0      0        0 sfpx

192.168.253.0   0.0.0.0         255.255.255.0   U     0      0        0 bp.bp_01

192.168.253.8   0.0.0.0         255.255.255.248 U     0      0        0 k2s

192.168.255.0   0.0.0.0         255.255.255.0   U     0      0        0 mt

toor@lrc:~# ping 192.168.129.190 &

[1] 23473

PING 192.168.129.190 (192.168.129.190): 56 data bytes

toor@lrc:~# tcpdump -i mt.40 -ne arp 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on mt.40, link-type EN10MB (Ethernet), capture size 65535 bytes

01:26:26.207819 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

01:26:27.202810 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

01:26:28.202809 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

01:26:30.903272 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

01:26:31.902806 60:a8:fe:7f:57:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.129.190 tell 192.168.129.48, length 46

^C

5 packets captured

6 packets received by filter

0 packets dropped by kernel

toor@lrc:~# tcpdump -i mt.40 -ne arp^C

toor@lrc:~# tcpdump -i bp.dct_00 -ne arp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on bp.dct_00, link-type EN10MB (Ethernet), capture size 65535 bytes

01:27:09.537258 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.190 tell 192.168.129.73（我们发现删除190的路由信息后，190的ping包是通过bp.dct_00接口发出去的，不再是mt.40接口）, length 28

01:27:10.531858 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.190 tell 192.168.129.73, length 28

01:27:11.531854 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.190 tell 192.168.129.73, length 28

01:27:12.537398 60:a8:ff:3c:cb:9e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.190 tell 192.168.129.73, length 28

linux 路由表详解：

http://www.360doc.com/content/14/0819/15/7821691_403084031.shtml

对每组网络接口(interface)，路由表至少会存有下面的资讯：

网络ID（Network ID, Network number）：就是目标地址的网络ID。 
子网掩码 (用来判断 IP 所属网络) 
下一跳地址/接口（Next hop / interface）：就是数据在发送到目标地址的旅途中下一站的地址。 
       其中 interface 指向 next hop(即为下一个 route)。一个自治系统(Autonomous System)中的 route 应该包含区域内所有的子网络，而默认网关 (Network id: 0.0.0.0, Netmask: 0.0.0.0) 指向自治系统的出口。

根据应用和执行的不同，路由表可能含有如下附加信息：

花费（Cost）：就是数据发送过程中通过路径所需要的花费。 
路由的服务质量 
路由中需要过滤的出/入连接列表 

        路由表也是一个网络安全的关键，像单播可逆路径传输(uRPF) [3]就是一个安全路由表的例子。在这种具有多种变体的技术中，路由器也在路由表中查找数据包的源地址，如果源地址不正确，数据包就会显示出错或受到攻击。