Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RDOMAIN(4)	       FreeBSD Kernel Interfaces Manual		    RDOMAIN(4)

     rtable, rdomain --	routing	tables and routing domains

     The traditional kernel routing system had a single	table for routes and
     allowed only non-conflicting IP address assignments.  The rtable feature
     allows multiple lookup tables for routes.	The rdomain feature provides a
     way to logically segment a	router between network paths.

   Routing tables
     Each rtable contains routes for outbound network packets.	A routing do-
     main can contain more than	one rtable.  Multiple routing tables are com-
     monly used	for Policy Based Routing.

     The highest ID that can be	used for an rtable is 255.

   Routing domains
     Each rdomain is a completely separate address space in the	kernel.	 An IP
     address (e.g.	can be assigned	in more	than one rdomain, but
     cannot be assigned	more than once per rdomain.  An	interface belongs to
     one and only one rdomain.	The interface's	rdomain	determines which rdo-
     main an incoming packet will be in.  Virtual interfaces do	not need to
     belong to the same	rdomain	as the parent.	Each rdomain contains at least
     one routing table.

     Network traffic within an rdomain stays within the	current	routing	do-
     main.  pf(4) is used to move traffic from one rdomain to a	different

     When an interface is assigned to a	non-existent rdomain it	gets created
     automatically.  At	the same time an rtable	with the same ID and a lo(4)
     interface with a unit number matching the ID get created and assigned to
     the new domain.

     An	rdomain	can be deleted by removing all interfaces from it and then de-
     stroying the lo(4)	interface with the unit	number matching	the ID.

     The highest ID that can be	used for an rdomain is 255.

     Put em0 and lo4 in	rdomain	4:

	   # ifconfig em0 rdomain 4
	   # ifconfig lo4 inet
	   # ifconfig em0

     List all rdomains with associated interfaces and routing tables:

	   $ netstat -R

     Set a default route and localhost reject route within rtable 4:

	   # route -T4 -qn add -net 127 -reject
	   # route -T4 -n add default

     Start sshd(8) in rtable 4:

	   # route -T4 exec /usr/sbin/sshd

     Display to	which rdomain processes	are assigned:

	   $ ps	aux -o rtable

     A pf.conf(5) snippet to block incoming port 80, and nat-to	and move to
     rtable 0 on interface em1:

	   block in on rdomain 4 proto tcp to any port 80
	   match out on	rdomain	4 to !$internal_net nat-to (em1) rtable	0

     Delete rdomain 4 again:

	   # ifconfig em0 -rdomain
	   # ifconfig lo4 destroy

     netstat(1), ps(1),	lo(4), route(4), pf.conf(5), ifconfig(8), route(8)

     OpenBSD support for rdomain first appeared	in OpenBSD 4.9 and IPv6	sup-
     port first	appeared in OpenBSD 5.5.

     No	tool is	available to assign more than one rtable to an rdomain other
     than to the default one (0).

     An	rtable cannot be deleted.  Deleting an rdomain will move its rtable
     into the default rdomain.

FreeBSD	13.0		      September	24, 2020		  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help