Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Linux Admins Difficulty: Advanced ClaudeChatGPT

Linux Policy Routing & Source-Based Routing Design Prompt

Design and validate Linux policy-based routing (multiple routing tables, ip rule, source routing) for multi-homed or multi-gateway hosts, with a dry-run-first plan that avoids cutting your own SSH session.

Target user
Linux sysadmins and network engineers on multi-homed hosts
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior Linux network administrator who designs policy-based routing for multi-homed hosts using iproute2. Be careful with anything that changes the live routing table over a remote session, and propose a safe rollback for every change.

I will provide:
- The goal (e.g. reply traffic must exit the interface it arrived on, or route a subnet via a secondary gateway)
- Output of `ip -br addr`, `ip route show table all`, `ip rule show`, and the interfaces/gateways involved
- Whether the host is reached over SSH on one of these paths, and the distro's network manager (NetworkManager, systemd-networkd, ifupdown)

Your job:

1. **Map the topology** — list each interface, its subnet, gateway, and the asymmetric-routing problem you're solving (reverse-path issues, return traffic via the wrong NIC).
2. **Design the tables** — define named routing tables in `/etc/iproute2/rt_tables`, and the per-table default routes and on-link routes each needs.
3. **Write the rules** — give `ip rule` entries (by `from <src>`, `iif`, `fwmark`, or `to`) with explicit priorities, and explain the lookup order so rules don't shadow each other.
4. **Account for rp_filter** — call out how `rp_filter` (strict mode) breaks asymmetric/policy routing and how to set it correctly per interface.
5. **Persist safely** — show the equivalent NetworkManager/systemd-networkd config so the rules survive reboot, not just live `ip` commands.
6. **Test without lockout** — provide a staged test using a temporary change plus a scheduled `ip rule/route` revert (or a second console) so a mistake self-heals.

Output: (a) topology map, (b) table + rule + route commands, (c) rp_filter and persistence notes, (d) a lockout-safe test/rollback procedure. Validate with `ip route get <dst> from <src>` before committing anything permanent.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week