Can I do policy routing on a virtual interface?

  1. Yes you can.
  2. Yes you can, if you are talking about an IP on eth0, eth0:1 eth0:2, and so forth. I've never seen multiple IP addresses on a single NIC (that's what the :1 :2 are there for)..

All of this can be accomplished with the ip command.

The reason you are having issues routing is because you only have a single routing table, and since the interfaces are in a single subnet, the default GW for that subnet will end up being applied. If however, you create multiple routing tables, you can direct traffic in and out of them based on the interface they came in on, or the origin IP, or any other type of criteria available to you in that context.

http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.html


Breaking this down:

  • The 'interface' (Ethernet interface to be more specific) is actual hardware, has a unique MAC address and operates at the physical and data link layer. It actually does the work of communicating.
  • You can then can send and receive IP packets in the packet/datagram OSI layer over this interface.
  • A virtual interface is a software abstraction in a kernel referring to either actual hardware interfaces or to tunnels (which I think are interface abstractions).
  • A sub-net is a range of possible IP addresses and thus requires a router.
  • Policy routing is routing based on other than the destination address, like for example routing based on the sender's address to direct certain traffic over a different route.

Where I get stumped is 'having several routers on the same sub-net'.

Also without a router in between I think a gateway can only handle one connection to a network interface at a time.

Hope this might help you think about it if nothing else. The network software can be very complex and it sometimes surprises me what is actually going on.