Routing table entries have an attribute scope. I would like to know how the change from global to link (or the other way round) affects the network system.
Add a comment |
3 Answers
suppose we have NIC settings with 3 ip's with different scopes
14: ens160: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 36:ee:4c:d0:90:3a brd ff:ff:ff:ff:ff:ff inet 172.22.0.1/24 scope host ens160 inet 172.21.0.1/24 scope link ens160 inet 172.20.0.1/24 scope global ens160 suppose we have some route for ens160 in the route table
172.20.0.0/24 dev ens160 proto kernel scope link src 172.20.0.1 as we see we have scope setting in NIC and in the route.
If a route has src specified in this case linux completely ignores scope settings in the route and in the NIC settings. it ignores it completely. And linux just uses in packets flowing out of NIC src ip = 172.20.0.1
suppose we have another route
4.4.4.4 scope link if src ip is not specified in the route then linux look what scope the route has. in our case scope = link. Then linux goes to NIC settings and searches IP with the same scope. in our case IP with scope=link = 172.21.0.1/24.
so for dst ip = 4.4.4.4 linux will use src ip = 172.21.0.1
if scope is not specified in a route then it means scope = global
example
35.35.35.35 dev ens160 next. lets look at default route
default via 172.16.102.1 dev ens160 onlink it does not have scope specified , it means scope = global
as default route does not have src specified it means linux will search on ens160 IP with scope=global and use it as src ip.
next. suppose a route has one scope and NIC IP has another scope. example
NIC
14: vasya2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 36:ee:4c:d0:90:3a brd ff:ff:ff:ff:ff:ff inet 172.22.0.1/24 scope host vasya2 a route
14.14.14.14 scope link what happens when we ping 14.14.14.14
the route has scope=link but NIC only has IP with scope=host. the point is that ip with scope=host can be as backend only for a route with scope=host. in other cases linux can not use such ip. so linux will use src ip = 0.0.0.0 for dst ip 14.14.14.14
(actually it also depends if nic is real physical or for instance dummy, if nic is dummy in this case linux will use some other ip from another nic that
has scope=global )
general rule: if a route does not have src specified then
- ip with scope=host can be as backend only for a route with scope=host
- ip with scope=link can be as backend only for a route with scope=host or scope=link
- ip with scope=global can be as backend only for a route with any scope
im quite surprised about such uncomfortable architecture
if you want to forget about all this "scope stuff" - just use src field in a route in route table.
- Thank Alex, where I can find documentation explaining these terms in details?torez233– torez2332023-12-19 06:13:22 +00:00Commented Dec 19, 2023 at 6:13
- You are welcome! Good question. Honestly i dont know any good documentation about that. My answer is based on practical tests and lots of googling. Official iproute2 link is wiki.linuxfoundation.org/networking/iproute2 . However i dont know if it helps.Alex– Alex2023-12-20 07:03:25 +00:00Commented Dec 20, 2023 at 7:03
Let look at route scope definition in Linux:
The scope of a route in Linux is an indicator of the distance to the destination network. Host A route has host scope when it leads to a destination address on the local host. Link A route has link scope when it leads to a destination address on the local network. Universe A route has universe scope when it leads to addresses more than one hop away. So if you change the scope of a route, your computer probably can not connect to network in that route anymore. The router simply doesn't forward the packet which is send to destination belongs local network.
Note that the scope does not reflect the distinction between nonroutable (private) and routable (public) addresses.
Both 10.0.0.1 (private - non routeable) and 8.8.8.8 (public - routable) can be given either link or universe (global) scope. It is configured by system administrator.
- So ... nothing to do with the BGP scope, aka route scoping for high-level routing protocols (sigh)Ouki– Ouki2014-04-04 12:09:39 +00:00Commented Apr 4, 2014 at 12:09
- 10Small nitpicking here: in IPv4, all addresses are routable, including 10.0.0.0/8 and 192.168.0.0/16 -- but 10.0.0.0/8 isn't routed in public networks. But you can still route them, for instance, inside your subnetted 10.0.0.0/8. Only with IPv6 there are unroutable addresses, namely ::1 and LLAs.TheDiveO– TheDiveO2018-04-26 10:56:54 +00:00Commented Apr 26, 2018 at 10:56
The scope influences source address selection.
For connections/associations where the source address is not yet fixed (e.g. initiating a TCP connection, but not when reacting to an incoming packet), the source address will be selected depending on the scope of the route the packet is about to hit.
This is why addresses also have a scope attribute.
Example where no source address selection occurs: an incoming TCP connection initiation or ping packet will be answered with the IP addresses reversed (source → destination, destination → source), otherwise the other host would not recognize the packet as answer.
Example where source address selection occurs: ping xyz or telnet xyz. Common programs do not tell the operating system which source address to use (and that is a good habit). The OS needs to pick one and is prepared to do so: it tests the potential outgoing packet for the route it would hit (normal routing uses the destination address only, if you use advanced routing, the packet will not have a source address yet!). The resulting scope reduces the selection to addresses from the corresponding scope on the outgoing interface if any are available.
- 1Do you have a literature reference for your statement "scope influences address selection" that explicitly links this to routes? My understanding of RFC 6724 is that only addresses have scope, but the RFC is silent on any scope property of routes. If there is in fact a scope defined for routes, it would be great if you could reference it in your answer. Thanks!TheDiveO– TheDiveO2018-04-26 10:53:53 +00:00Commented Apr 26, 2018 at 10:53
- @TheDiveO That fact is already part of the question I'm answering here.Robert Siemer– Robert Siemer2018-04-26 22:26:00 +00:00Commented Apr 26, 2018 at 22:26
- 1If scope is only used for restricting the range of IPs selected as source IP, then why people don't simply name the scope as "A", "B", "C" etc. instead they name the scope as "link", "site" and "global" (man7.org/linux/man-pages/man8/ip-address.8.html, "scope SCOPE_VALUE") I think there are some implicit meaning behind these terms but I could not find them out by myselftorez233– torez2332023-12-19 06:17:13 +00:00Commented Dec 19, 2023 at 6:17
- @torez233 Yes, they have a meaning. And the link you provide explains them.Robert Siemer– Robert Siemer2023-12-19 13:57:08 +00:00Commented Dec 19, 2023 at 13:57