2

I have some rules in my routing tables that the kernel automatically adds when I configure an interface on my host.

$ ip route show table local
broadcast 10.0.0.0 dev eth1 proto kernel scope link src 10.0.0.3
local 10.0.0.3 dev eth1 proto kernel scope host src 10.0.0.3
broadcast 10.0.0.255 dev eth1 proto kernel scope link src 10.0.0.3


$ ip route show table main
default via 10.0.0.3 dev eth1
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.3

I'm trying to understand how Linux routing works, and I cannot figure out the purpose of the two broadcast entries in the local routing table. For instance, in my understanding, a packet directed to 10.0.0.5 is routed according to the second rule in the main routing table, and not according to rules in the local table.

Then, what packets are actually routed according to those broadcast rules? When these two rules are used?

Moreover, are the two "broadcast rules" in the local table /32?

Improve this question

1 Answer 1

Reset to default
2

Your understanding that a packet directed to 10.0.0.5 is routed by the second rule in the main routing table is correct.

In addition to sending a packet to a single destination (unicast), the Internet Protocol (IP) also allows to send a packet to all receivers on a particular part (segment) of a physical network (broadcast). This is used for example by DHCP clients: They basically broadcast a message "hello, I'm here, I need an IP address" to all locally connected computers behind a network interface, and the computer with the DHCP server will respond. For e.g. Ethernet, there are broadcasts on layer 2 (i.e., just the Ethernet frame).

The highest address in a subnet is reserved as broadcast address. So in the subnet 10.0.0.0/24, this address will be 10.0.0.255. It can be thought of as a /32 address, but I prefer to think of it as a special address in a subnet.

The local table contains these broadcast addresses, one for each network interface (note the scope link, i.e. it reaches only receivers on the segment behind this link).

They also contain the network address (the lowest address in a subnet) as a broadcast address. I'm not sure exactly why, and other documentation also doesn't seem to be sure:

The network address and broadcast address are both entered as broadcast type addresses on the interface to which they have been bound. Conceptually, there is significance to the distinction between a network and broadcast address, but practically, they are treated analogously, by other networking gear as well as the linux kernel.

I read this as "some programs will attempt to use the network address instead of the proper broadcast address, and we are lenient and allow them to do this". But this is my personal interpretation.

Improve this answer
2
  • Thanks for your answer!! Do you know if there's a way to find out how many times a route has been used?
    – ica
    Commented May 19, 2017 at 10:26
  • There are packet counters in iptables, but you'll probably have to duplicate the routing table entries there. Though I guess one could to that with a script.
    – dirkt
    Commented May 19, 2017 at 13:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .