4

I need to do policy routing on my CoreOS instances which use systemd. But I haven't found any documentation or examples on how to do it with systemd-network.

How do I do that?

So far I have only managed to create another routing table by adding an entry to a new file /etc/iproute2/rt_tables and it is being recognised by the command line tools.

Ultimately, the I have two separate routers on the same subnet. I want to ensure that traffic coming from one router destined for my host, is returned by the same router.

hookenz
  • 14,472
  • 23
  • 88
  • 143

2 Answers2

2

systemd adds policy routing support in version 235. You can use [RoutingPolicyRule] sections to set policy routing if your systemd version is 235 or higher.

Supported options are:

  • TypeOfService= Specifies the type of service to match a number between 0 to 255.
  • From= Specifies the source address prefix to match. Possibly followed by a slash and the prefix length.
  • To= Specifies the destination address prefix to match. Possibly followed by a slash and the prefix length.
  • FirewallMark= Specifies the iptables firewall mark value to match (a number between 1 and 4294967295).
  • Table= Specifies the routing table identifier to lookup if the rule selector matches. The table identifier for a route (a number between 1 and 4294967295).
  • Priority= Specifies the priority of this rule. Priority= is an unsigned integer. Higher number means lower priority, and rules get processed in order of increasing number.
Blaok
  • 116
  • 1
  • 2
  • 4
1

Support for multiple route tables isn't available in networkd today. It is something that could certainly be added though; perhaps you could share your rt_tables setup and explain your use case on systemd-devel?

Brandon Philips
  • 244
  • 1
  • 2
  • I went crazy with CoreOS and was using it in an HA router config. Firewall rules applied by running firewall script in a docker image. – hookenz Feb 09 '16 at 20:45