Understanding Linux Routing for Container and Cloud‑Native Networking

Containers provide isolated network environments, but a simple Linux bridge cannot connect containers to external networks; an overlay network is needed to achieve full inter‑pod communication in Kubernetes.

Linux acts as a router, using its built‑in routing capabilities to forward packets between containers and external networks. Routing is required both when sending data (selecting the appropriate NIC) and when receiving data (determining whether to deliver locally or forward).

When sending, the kernel invokes ip_queue_xmit which calls ip_route_output_ports to look up the routing table and select the correct interface. Example source code:

//file: net/ipv4/ip_output.c
int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl) {
    // routing selection
    // after selection, record route info on skb
    rt = (struct rtable *)__sk_dst_check(sk, 0);
    if (rt == NULL) {
        // no cache, look up route entry
        rt = ip_route_output_ports(...);
        sk_setup_caps(sk, &rt->dst);
    }
    skb_dst_set_noref(skb, &rt->dst);
    ...
    // send
    ip_local_out(skb);
}

Linux can have up to 255 routing tables; by default it provides local and main . Each network namespace has its own independent tables, managed via a hash table ( fib_table_hash ).

Routing lookup for both sending and receiving ultimately calls the core function fib_lookup , which checks the local table first, then the main table, returning the first match.

//file: net/ipv4/route.c
static int fib_lookup(struct net *net, const struct flowi4 *flp, struct fib_result *res) {
    struct fib_table *table;
    table = fib_get_table(net, RT_TABLE_LOCAL);
    if (!fib_table_lookup(table, flp, res, FIB_LOOKUP_NOREF))
        return 0;
    table = fib_get_table(net, RT_TABLE_MAIN);
    if (!fib_table_lookup(table, flp, res, FIB_LOOKUP_NOREF))
        return 0;
    return -ENETUNREACH;
}

Enabling IP forwarding ( sysctl -w net.ipv4.ip_forward=1 ) allows Linux to act as a router for packets from other network namespaces, which is essential for container networking.

Typical commands to view and manipulate routing tables include ip route list table local , route -n , and ip route add for adding host or network routes, as well as setting a default gateway.

Testing routes can be done with ip route get <destination> to verify the selected path.

In summary, Linux routing underpins container networking: packets are routed based on configured tables, selecting the appropriate NIC and next‑hop address, and proper routing configuration enables seamless communication between containerized workloads and external networks.