]>
Commit | Line | Data |
---|---|---|
e509fb1b | 1 | .TH IP\-ROUTE 8 "13 Dec 2012" "iproute2" "Linux" |
761a1e60 CT |
2 | .SH "NAME" |
3 | ip-route \- routing table management | |
4 | .SH "SYNOPSIS" | |
5 | .sp | |
6 | .ad l | |
7 | .in +8 | |
8 | .ti -8 | |
9 | .B ip | |
e509fb1b | 10 | .RI "[ " ip-OPTIONS " ]" |
761a1e60 CT |
11 | .B route |
12 | .RI " { " COMMAND " | " | |
13 | .BR help " }" | |
14 | .sp | |
15 | .ti -8 | |
16 | ||
17 | .ti -8 | |
18 | .BR "ip route" " { " | |
2452c57a | 19 | .BR show " | " flush " } " |
761a1e60 CT |
20 | .I SELECTOR |
21 | ||
22 | .ti -8 | |
23 | .BR "ip route save" | |
24 | .I SELECTOR | |
25 | ||
26 | .ti -8 | |
27 | .BR "ip route restore" | |
28 | ||
29 | .ti -8 | |
30 | .B ip route get | |
aa883d86 | 31 | .I ROUTE_GET_FLAGS |
761a1e60 CT |
32 | .IR ADDRESS " [ " |
33 | .BI from " ADDRESS " iif " STRING" | |
34 | .RB " ] [ " oif | |
35 | .IR STRING " ] [ " | |
2fc8883b SR |
36 | .B mark |
37 | .IR MARK " ] [ " | |
761a1e60 | 38 | .B tos |
0130f012 DA |
39 | .IR TOS " ] [ " |
40 | .B vrf | |
804c7fff RP |
41 | .IR NAME " ] [ " |
42 | .B ipproto | |
43 | .IR PROTOCOL " ] [ " | |
44 | .B sport | |
45 | .IR NUMBER " ] [ " | |
46 | .B dport | |
47 | .IR NUMBER " ] " | |
761a1e60 CT |
48 | |
49 | .ti -8 | |
50 | .BR "ip route" " { " add " | " del " | " change " | " append " | "\ | |
51 | replace " } " | |
52 | .I ROUTE | |
53 | ||
54 | .ti -8 | |
55 | .IR SELECTOR " := " | |
56 | .RB "[ " root | |
57 | .IR PREFIX " ] [ " | |
58 | .B match | |
59 | .IR PREFIX " ] [ " | |
60 | .B exact | |
61 | .IR PREFIX " ] [ " | |
62 | .B table | |
63 | .IR TABLE_ID " ] [ " | |
0130f012 DA |
64 | .B vrf |
65 | .IR NAME " ] [ " | |
761a1e60 CT |
66 | .B proto |
67 | .IR RTPROTO " ] [ " | |
68 | .B type | |
69 | .IR TYPE " ] [ " | |
70 | .B scope | |
71 | .IR SCOPE " ]" | |
72 | ||
73 | .ti -8 | |
74 | .IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]" | |
75 | ||
76 | .ti -8 | |
77 | .IR NODE_SPEC " := [ " TYPE " ] " PREFIX " [" | |
78 | .B tos | |
79 | .IR TOS " ] [ " | |
80 | .B table | |
81 | .IR TABLE_ID " ] [ " | |
82 | .B proto | |
83 | .IR RTPROTO " ] [ " | |
84 | .B scope | |
85 | .IR SCOPE " ] [ " | |
86 | .B metric | |
c44d18ea RS |
87 | .IR METRIC " ] [ " |
88 | .B ttl-propagate | |
89 | .RB "{ " enabled " | " disabled " } ]" | |
761a1e60 CT |
90 | |
91 | .ti -8 | |
12387e2c DA |
92 | .IR INFO_SPEC " := { " NH " | " |
93 | .B nhid | |
94 | .IR ID " } " "OPTIONS FLAGS" " [" | |
761a1e60 CT |
95 | .B nexthop |
96 | .IR NH " ] ..." | |
97 | ||
98 | .ti -8 | |
99 | .IR NH " := [ " | |
70e46634 RP |
100 | .B encap |
101 | .IR ENCAP " ] [ " | |
761a1e60 | 102 | .B via |
93ae2835 EB |
103 | [ |
104 | .IR FAMILY " ] " ADDRESS " ] [ " | |
761a1e60 CT |
105 | .B dev |
106 | .IR STRING " ] [ " | |
107 | .B weight | |
108 | .IR NUMBER " ] " NHFLAGS | |
109 | ||
93ae2835 EB |
110 | .ti -8 |
111 | .IR FAMILY " := [ " | |
738aebe5 | 112 | .BR inet " | " inet6 " | " mpls " | " bridge " | " link " ]" |
93ae2835 | 113 | |
761a1e60 CT |
114 | .ti -8 |
115 | .IR OPTIONS " := " FLAGS " [ " | |
116 | .B mtu | |
117 | .IR NUMBER " ] [ " | |
118 | .B advmss | |
119 | .IR NUMBER " ] [ " | |
6f7a9f4d EB |
120 | .B as |
121 | [ | |
122 | .B to | |
123 | ] | |
124 | .IR ADDRESS " ]" | |
761a1e60 CT |
125 | .B rtt |
126 | .IR TIME " ] [ " | |
127 | .B rttvar | |
128 | .IR TIME " ] [ " | |
4b8000f3 RG |
129 | .B reordering |
130 | .IR NUMBER " ] [ " | |
761a1e60 CT |
131 | .B window |
132 | .IR NUMBER " ] [ " | |
133 | .B cwnd | |
134 | .IR NUMBER " ] [ " | |
135 | .B ssthresh | |
79f49f58 | 136 | .IR NUMBER " ] [ " |
761a1e60 CT |
137 | .B realms |
138 | .IR REALM " ] [ " | |
139 | .B rto_min | |
140 | .IR TIME " ] [ " | |
141 | .B initcwnd | |
142 | .IR NUMBER " ] [ " | |
143 | .B initrwnd | |
4b8000f3 | 144 | .IR NUMBER " ] [ " |
29d1f730 FW |
145 | .B features |
146 | .IR FEATURES " ] [ " | |
b37f2c89 | 147 | .B quickack |
6ef87f9c DB |
148 | .IR BOOL " ] [ " |
149 | .B congctl | |
966fe23a | 150 | .IR NAME " ] [ " |
194e9b85 | 151 | .B pref |
3fbe7ca8 HL |
152 | .IR PREF " ] [ " |
153 | .B expires | |
e54ed380 CP |
154 | .IR TIME " ] [" |
155 | .B fastopen_no_cookie | |
156 | .IR BOOL " ]" | |
761a1e60 CT |
157 | |
158 | .ti -8 | |
159 | .IR TYPE " := [ " | |
160 | .BR unicast " | " local " | " broadcast " | " multicast " | "\ | |
161 | throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" | |
162 | ||
163 | .ti -8 | |
164 | .IR TABLE_ID " := [ " | |
165 | .BR local "| " main " | " default " | " all " |" | |
166 | .IR NUMBER " ]" | |
167 | ||
168 | .ti -8 | |
169 | .IR SCOPE " := [ " | |
170 | .BR host " | " link " | " global " |" | |
171 | .IR NUMBER " ]" | |
172 | ||
173 | .ti -8 | |
174 | .IR NHFLAGS " := [ " | |
175 | .BR onlink " | " pervasive " ]" | |
176 | ||
177 | .ti -8 | |
178 | .IR RTPROTO " := [ " | |
179 | .BR kernel " | " boot " | " static " |" | |
180 | .IR NUMBER " ]" | |
181 | ||
29d1f730 FW |
182 | .ti -8 |
183 | .IR FEATURES " := [ " | |
184 | .BR ecn " | ]" | |
185 | ||
194e9b85 LR |
186 | .ti -8 |
187 | .IR PREF " := [ " | |
188 | .BR low " | " medium " | " high " ]" | |
189 | ||
70e46634 RP |
190 | .ti -8 |
191 | .IR ENCAP " := [ " | |
7ab8f249 PS |
192 | .IR ENCAP_MPLS " | " ENCAP_IP " | " ENCAP_BPF " | " |
193 | .IR ENCAP_SEG6 " | " ENCAP_SEG6LOCAL " ] " | |
70e46634 RP |
194 | |
195 | .ti -8 | |
196 | .IR ENCAP_MPLS " := " | |
197 | .BR mpls " [ " | |
9688cf3b RS |
198 | .IR LABEL " ] [" |
199 | .B ttl | |
200 | .IR TTL " ]" | |
70e46634 RP |
201 | |
202 | .ti -8 | |
203 | .IR ENCAP_IP " := " | |
204 | .B ip | |
205 | .B id | |
206 | .IR TUNNEL_ID | |
207 | .B dst | |
208 | .IR REMOTE_IP " [ " | |
7c503d88 DR |
209 | .B src |
210 | .IR SRC " ] [" | |
70e46634 RP |
211 | .B tos |
212 | .IR TOS " ] [" | |
213 | .B ttl | |
214 | .IR TTL " ]" | |
761a1e60 | 215 | |
b15f440e TG |
216 | .ti -8 |
217 | .IR ENCAP_BPF " := " | |
218 | .BR bpf " [ " | |
219 | .B in | |
220 | .IR PROG " ] [" | |
221 | .B out | |
222 | .IR PROG " ] [" | |
223 | .B xmit | |
224 | .IR PROG " ] [" | |
225 | .B headroom | |
226 | .IR SIZE " ]" | |
227 | ||
e1b7f883 DL |
228 | .ti -8 |
229 | .IR ENCAP_SEG6 " := " | |
230 | .B seg6 | |
231 | .BR mode " [ " | |
9d563d52 | 232 | .BR encap " | " inline " | " l2encap " ] " |
e1b7f883 DL |
233 | .B segs |
234 | .IR SEGMENTS " [ " | |
235 | .B hmac | |
236 | .IR KEYID " ]" | |
237 | ||
04399902 DL |
238 | .ti -8 |
239 | .IR ENCAP_SEG6LOCAL " := " | |
240 | .B seg6local | |
241 | .BR action | |
242 | .IR SEG6_ACTION " [ " | |
243 | .IR SEG6_ACTION_PARAM " ] " | |
244 | ||
aa883d86 RP |
245 | .ti -8 |
246 | .IR ROUTE_GET_FLAGS " := " | |
247 | .BR " [ " | |
248 | .BR fibmatch | |
249 | .BR " ] " | |
250 | ||
761a1e60 CT |
251 | .SH DESCRIPTION |
252 | .B ip route | |
253 | is used to manipulate entries in the kernel routing tables. | |
254 | .sp | |
255 | .B Route types: | |
256 | ||
257 | .in +8 | |
258 | .B unicast | |
259 | - the route entry describes real paths to the destinations covered | |
260 | by the route prefix. | |
261 | ||
262 | .sp | |
263 | .B unreachable | |
a89d5329 | 264 | - these destinations are unreachable. Packets are discarded and the |
761a1e60 CT |
265 | ICMP message |
266 | .I host unreachable | |
267 | is generated. | |
268 | The local senders get an | |
269 | .I EHOSTUNREACH | |
270 | error. | |
271 | ||
272 | .sp | |
273 | .B blackhole | |
a89d5329 | 274 | - these destinations are unreachable. Packets are discarded silently. |
761a1e60 CT |
275 | The local senders get an |
276 | .I EINVAL | |
277 | error. | |
278 | ||
279 | .sp | |
280 | .B prohibit | |
a89d5329 | 281 | - these destinations are unreachable. Packets are discarded and the |
761a1e60 CT |
282 | ICMP message |
283 | .I communication administratively prohibited | |
a89d5329 | 284 | is generated. The local senders get an |
761a1e60 CT |
285 | .I EACCES |
286 | error. | |
287 | ||
288 | .sp | |
289 | .B local | |
a89d5329 | 290 | - the destinations are assigned to this host. The packets are looped |
761a1e60 CT |
291 | back and delivered locally. |
292 | ||
293 | .sp | |
294 | .B broadcast | |
a89d5329 | 295 | - the destinations are broadcast addresses. The packets are sent as |
761a1e60 CT |
296 | link broadcasts. |
297 | ||
298 | .sp | |
299 | .B throw | |
300 | - a special control route used together with policy rules. If such a | |
301 | route is selected, lookup in this table is terminated pretending that | |
a89d5329 PŠ |
302 | no route was found. Without policy routing it is equivalent to the |
303 | absence of the route in the routing table. The packets are dropped | |
761a1e60 CT |
304 | and the ICMP message |
305 | .I net unreachable | |
a89d5329 | 306 | is generated. The local senders get an |
761a1e60 CT |
307 | .I ENETUNREACH |
308 | error. | |
309 | ||
310 | .sp | |
311 | .B nat | |
a89d5329 | 312 | - a special NAT route. Destinations covered by the prefix |
761a1e60 | 313 | are considered to be dummy (or external) addresses which require translation |
a89d5329 | 314 | to real (or internal) ones before forwarding. The addresses to translate to |
761a1e60 | 315 | are selected with the attribute |
1b3c149b | 316 | .BR "via" . |
761a1e60 CT |
317 | .B Warning: |
318 | Route NAT is no longer supported in Linux 2.6. | |
319 | ||
761a1e60 CT |
320 | .sp |
321 | .B anycast | |
322 | .RI "- " "not implemented" | |
323 | the destinations are | |
324 | .I anycast | |
a89d5329 | 325 | addresses assigned to this host. They are mainly equivalent |
761a1e60 CT |
326 | to |
327 | .B local | |
328 | with one difference: such addresses are invalid when used | |
329 | as the source address of any packet. | |
330 | ||
331 | .sp | |
332 | .B multicast | |
a89d5329 | 333 | - a special type used for multicast routing. It is not present in |
761a1e60 CT |
334 | normal routing tables. |
335 | .in -8 | |
336 | ||
337 | .P | |
338 | .B Route tables: | |
339 | Linux-2.x can pack routes into several routing tables identified | |
01777e05 | 340 | by a number in the range from 1 to 2^32-1 or by name from the file |
761a1e60 CT |
341 | .B @SYSCONFDIR@/rt_tables |
342 | By default all normal routes are inserted into the | |
343 | .B main | |
344 | table (ID 254) and the kernel only uses this table when calculating routes. | |
345 | Values (0, 253, 254, and 255) are reserved for built-in use. | |
346 | ||
347 | .sp | |
348 | Actually, one other table always exists, which is invisible but | |
a89d5329 | 349 | even more important. It is the |
761a1e60 | 350 | .B local |
a89d5329 PŠ |
351 | table (ID 255). This table |
352 | consists of routes for local and broadcast addresses. The kernel maintains | |
761a1e60 CT |
353 | this table automatically and the administrator usually need not modify it |
354 | or even look at it. | |
355 | ||
356 | The multiple routing tables enter the game when | |
357 | .I policy routing | |
358 | is used. | |
359 | ||
61f541fe | 360 | .TP |
361 | ip route add | |
362 | add new route | |
363 | .TP | |
364 | ip route change | |
365 | change route | |
366 | .TP | |
367 | ip route replace | |
368 | change or add new one | |
369 | .RS | |
761a1e60 CT |
370 | .TP |
371 | .BI to " TYPE PREFIX " (default) | |
a89d5329 | 372 | the destination prefix of the route. If |
761a1e60 CT |
373 | .I TYPE |
374 | is omitted, | |
375 | .B ip | |
376 | assumes type | |
377 | .BR "unicast" . | |
378 | Other values of | |
379 | .I TYPE | |
380 | are listed above. | |
381 | .I PREFIX | |
382 | is an IP or IPv6 address optionally followed by a slash and the | |
a89d5329 | 383 | prefix length. If the length of the prefix is missing, |
761a1e60 | 384 | .B ip |
a89d5329 | 385 | assumes a full-length host route. There is also a special |
761a1e60 CT |
386 | .I PREFIX |
387 | .B default | |
388 | - which is equivalent to IP | |
389 | .B 0/0 | |
390 | or to IPv6 | |
391 | .BR "::/0" . | |
392 | ||
393 | .TP | |
394 | .BI tos " TOS" | |
395 | .TP | |
396 | .BI dsfield " TOS" | |
a89d5329 | 397 | the Type Of Service (TOS) key. This key has no associated mask and |
761a1e60 | 398 | the longest match is understood as: First, compare the TOS |
a89d5329 | 399 | of the route and of the packet. If they are not equal, then the packet |
761a1e60 CT |
400 | may still match a route with a zero TOS. |
401 | .I TOS | |
402 | is either an 8 bit hexadecimal number or an identifier | |
403 | from | |
404 | .BR "@SYSCONFDIR@/rt_dsfield" . | |
405 | ||
406 | .TP | |
407 | .BI metric " NUMBER" | |
408 | .TP | |
409 | .BI preference " NUMBER" | |
410 | the preference value of the route. | |
411 | .I NUMBER | |
3288e9b4 | 412 | is an arbitrary 32bit number, where routes with lower values are preferred. |
761a1e60 CT |
413 | |
414 | .TP | |
415 | .BI table " TABLEID" | |
416 | the table to add this route to. | |
417 | .I TABLEID | |
418 | may be a number or a string from the file | |
419 | .BR "@SYSCONFDIR@/rt_tables" . | |
420 | If this parameter is omitted, | |
421 | .B ip | |
422 | assumes the | |
423 | .B main | |
424 | table, with the exception of | |
1b3c149b | 425 | .BR local ", " broadcast " and " nat |
761a1e60 CT |
426 | routes, which are put into the |
427 | .B local | |
428 | table by default. | |
429 | ||
0130f012 DA |
430 | .TP |
431 | .BI vrf " NAME" | |
432 | the vrf name to add this route to. Implicitly means the table | |
433 | associated with the VRF. | |
434 | ||
761a1e60 CT |
435 | .TP |
436 | .BI dev " NAME" | |
437 | the output device name. | |
438 | ||
439 | .TP | |
93ae2835 EB |
440 | .BI via " [ FAMILY ] ADDRESS" |
441 | the address of the nexthop router, in the address family FAMILY. | |
442 | Actually, the sense of this field depends on the route type. For | |
443 | normal | |
761a1e60 CT |
444 | .B unicast |
445 | routes it is either the true next hop router or, if it is a direct | |
446 | route installed in BSD compatibility mode, it can be a local address | |
a89d5329 | 447 | of the interface. For NAT routes it is the first address of the block |
761a1e60 CT |
448 | of translated IP destinations. |
449 | ||
450 | .TP | |
451 | .BI src " ADDRESS" | |
452 | the source address to prefer when sending to the destinations | |
453 | covered by the route prefix. | |
454 | ||
455 | .TP | |
456 | .BI realm " REALMID" | |
457 | the realm to which this route is assigned. | |
458 | .I REALMID | |
459 | may be a number or a string from the file | |
460 | .BR "@SYSCONFDIR@/rt_realms" . | |
461 | ||
462 | .TP | |
463 | .BI mtu " MTU" | |
464 | .TP | |
465 | .BI "mtu lock" " MTU" | |
a89d5329 | 466 | the MTU along the path to the destination. If the modifier |
761a1e60 CT |
467 | .B lock |
468 | is not used, the MTU may be updated by the kernel due to | |
a89d5329 | 469 | Path MTU Discovery. If the modifier |
761a1e60 CT |
470 | .B lock |
471 | is used, no path MTU discovery will be tried, all packets | |
472 | will be sent without the DF bit in IPv4 case or fragmented | |
473 | to MTU for IPv6. | |
474 | ||
475 | .TP | |
476 | .BI window " NUMBER" | |
477 | the maximal window for TCP to advertise to these destinations, | |
a89d5329 | 478 | measured in bytes. It limits maximal data bursts that our TCP |
761a1e60 CT |
479 | peers are allowed to send to us. |
480 | ||
481 | .TP | |
482 | .BI rtt " TIME" | |
483 | the initial RTT ('Round Trip Time') estimate. If no suffix is | |
484 | specified the units are raw values passed directly to the | |
485 | routing code to maintain compatibility with previous releases. | |
486 | Otherwise if a suffix of s, sec or secs is used to specify | |
487 | seconds and ms, msec or msecs to specify milliseconds. | |
488 | ||
489 | ||
490 | .TP | |
8a03a2f3 | 491 | .BI rttvar " TIME " "(Linux 2.3.15+ only)" |
761a1e60 CT |
492 | the initial RTT variance estimate. Values are specified as with |
493 | .BI rtt | |
494 | above. | |
495 | ||
496 | .TP | |
8a03a2f3 | 497 | .BI rto_min " TIME " "(Linux 2.6.23+ only)" |
761a1e60 | 498 | the minimum TCP Retransmission TimeOut to use when communicating with this |
a89d5329 | 499 | destination. Values are specified as with |
761a1e60 CT |
500 | .BI rtt |
501 | above. | |
502 | ||
503 | .TP | |
8a03a2f3 | 504 | .BI ssthresh " NUMBER " "(Linux 2.3.15+ only)" |
761a1e60 CT |
505 | an estimate for the initial slow start threshold. |
506 | ||
507 | .TP | |
8a03a2f3 | 508 | .BI cwnd " NUMBER " "(Linux 2.3.15+ only)" |
a89d5329 | 509 | the clamp for congestion window. It is ignored if the |
761a1e60 CT |
510 | .B lock |
511 | flag is not used. | |
512 | ||
513 | .TP | |
8a03a2f3 | 514 | .BI initcwnd " NUMBER " "(Linux 2.5.70+ only)" |
761a1e60 CT |
515 | the initial congestion window size for connections to this destination. |
516 | Actual window size is this value multiplied by the MSS | |
517 | (``Maximal Segment Size'') for same connection. The default is | |
518 | zero, meaning to use the values specified in RFC2414. | |
519 | ||
520 | .TP | |
8a03a2f3 | 521 | .BI initrwnd " NUMBER " "(Linux 2.6.33+ only)" |
761a1e60 CT |
522 | the initial receive window size for connections to this destination. |
523 | Actual window size is this value multiplied by the MSS of the connection. | |
524 | The default value is zero, meaning to use Slow Start value. | |
525 | ||
29d1f730 | 526 | .TP |
8a03a2f3 | 527 | .BI features " FEATURES " (Linux 3.18+ only) |
a89d5329 | 528 | Enable or disable per-route features. Only available feature at this |
29d1f730 FW |
529 | time is |
530 | .B ecn | |
531 | to enable explicit congestion notification when initiating connections to the | |
532 | given destination network. | |
533 | When responding to a connection request from the given network, ecn will | |
534 | also be used even if the | |
535 | .B net.ipv4.tcp_ecn | |
536 | sysctl is set to 0. | |
537 | ||
b37f2c89 | 538 | .TP |
8a03a2f3 | 539 | .BI quickack " BOOL " "(Linux 3.11+ only)" |
b37f2c89 CW |
540 | Enable or disable quick ack for connections to this destination. |
541 | ||
e54ed380 | 542 | .TP |
8a03a2f3 | 543 | .BI fastopen_no_cookie " BOOL " "(Linux 4.15+ only)" |
e54ed380 CP |
544 | Enable TCP Fastopen without a cookie for connections to this destination. |
545 | ||
6ef87f9c | 546 | .TP |
8a03a2f3 | 547 | .BI congctl " NAME " "(Linux 3.20+ only)" |
6ef87f9c | 548 | .TP |
8a03a2f3 | 549 | .BI "congctl lock" " NAME " "(Linux 3.20+ only)" |
6ef87f9c DB |
550 | Sets a specific TCP congestion control algorithm only for a given destination. |
551 | If not specified, Linux keeps the current global default TCP congestion control | |
552 | algorithm, or the one set from the application. If the modifier | |
553 | .B lock | |
554 | is not used, an application may nevertheless overwrite the suggested congestion | |
555 | control algorithm for that destination. If the modifier | |
556 | .B lock | |
557 | is used, then an application is not allowed to overwrite the specified congestion | |
558 | control algorithm for that destination, thus it will be enforced/guaranteed to | |
559 | use the proposed algorithm. | |
560 | ||
761a1e60 | 561 | .TP |
8a03a2f3 | 562 | .BI advmss " NUMBER " "(Linux 2.3.15+ only)" |
761a1e60 | 563 | the MSS ('Maximal Segment Size') to advertise to these |
a89d5329 | 564 | destinations when establishing TCP connections. If it is not given, |
761a1e60 CT |
565 | Linux uses a default value calculated from the first hop device MTU. |
566 | (If the path to these destination is asymmetric, this guess may be wrong.) | |
567 | ||
568 | .TP | |
8a03a2f3 | 569 | .BI reordering " NUMBER " "(Linux 2.3.15+ only)" |
761a1e60 CT |
570 | Maximal reordering on the path to this destination. |
571 | If it is not given, Linux uses the value selected with | |
572 | .B sysctl | |
573 | variable | |
574 | .BR "net/ipv4/tcp_reordering" . | |
575 | ||
576 | .TP | |
577 | .BI nexthop " NEXTHOP" | |
578 | the nexthop of a multipath route. | |
579 | .I NEXTHOP | |
580 | is a complex value with its own syntax similar to the top level | |
581 | argument lists: | |
582 | ||
583 | .in +8 | |
93ae2835 | 584 | .BI via " [ FAMILY ] ADDRESS" |
761a1e60 CT |
585 | - is the nexthop router. |
586 | .sp | |
587 | ||
588 | .BI dev " NAME" | |
589 | - is the output device. | |
590 | .sp | |
591 | ||
592 | .BI weight " NUMBER" | |
593 | - is a weight for this element of a multipath | |
594 | route reflecting its relative bandwidth or quality. | |
595 | .in -8 | |
596 | ||
6cd959bb PS |
597 | The internal buffer used in iproute2 limits the maximum number of nexthops that |
598 | may be specified in one go. If only | |
599 | .I ADDRESS | |
600 | is given, the current buffer size allows for 144 IPv6 nexthops and 253 IPv4 | |
601 | ones. For IPv4, this effectively limits the number of nexthops possible per | |
602 | route. With IPv6, further nexthops may be appended to the same route via | |
603 | .B "ip route append" | |
604 | command. | |
605 | ||
761a1e60 CT |
606 | .TP |
607 | .BI scope " SCOPE_VAL" | |
608 | the scope of the destinations covered by the route prefix. | |
609 | .I SCOPE_VAL | |
610 | may be a number or a string from the file | |
611 | .BR "@SYSCONFDIR@/rt_scopes" . | |
612 | If this parameter is omitted, | |
613 | .B ip | |
614 | assumes scope | |
615 | .B global | |
616 | for all gatewayed | |
617 | .B unicast | |
618 | routes, scope | |
619 | .B link | |
620 | for direct | |
621 | .BR unicast " and " broadcast | |
622 | routes and scope | |
623 | .BR host " for " local | |
624 | routes. | |
625 | ||
626 | .TP | |
627 | .BI protocol " RTPROTO" | |
628 | the routing protocol identifier of this route. | |
629 | .I RTPROTO | |
630 | may be a number or a string from the file | |
631 | .BR "@SYSCONFDIR@/rt_protos" . | |
632 | If the routing protocol ID is not given, | |
633 | .B ip assumes protocol | |
634 | .B boot | |
635 | (i.e. it assumes the route was added by someone who doesn't | |
a89d5329 | 636 | understand what they are doing). Several protocol values have |
761a1e60 CT |
637 | a fixed interpretation. |
638 | Namely: | |
639 | ||
640 | .in +8 | |
641 | .B redirect | |
642 | - the route was installed due to an ICMP redirect. | |
643 | .sp | |
644 | ||
645 | .B kernel | |
646 | - the route was installed by the kernel during autoconfiguration. | |
647 | .sp | |
648 | ||
649 | .B boot | |
650 | - the route was installed during the bootup sequence. | |
651 | If a routing daemon starts, it will purge all of them. | |
652 | .sp | |
653 | ||
654 | .B static | |
655 | - the route was installed by the administrator | |
656 | to override dynamic routing. Routing daemon will respect them | |
657 | and, probably, even advertise them to its peers. | |
658 | .sp | |
659 | ||
660 | .B ra | |
661 | - the route was installed by Router Discovery protocol. | |
662 | .in -8 | |
663 | ||
664 | .sp | |
665 | The rest of the values are not reserved and the administrator is free | |
666 | to assign (or not to assign) protocol tags. | |
667 | ||
668 | .TP | |
669 | .B onlink | |
670 | pretend that the nexthop is directly attached to this link, | |
671 | even if it does not match any interface prefix. | |
194e9b85 LR |
672 | |
673 | .TP | |
674 | .BI pref " PREF" | |
675 | the IPv6 route preference. | |
676 | .I PREF | |
677 | is a string specifying the route preference as defined in RFC4191 for Router | |
678 | Discovery messages. Namely: | |
679 | ||
680 | .in +8 | |
681 | .B low | |
682 | - the route has a lowest priority | |
683 | .sp | |
684 | ||
685 | .B medium | |
686 | - the route has a default priority | |
687 | .sp | |
688 | ||
689 | .B high | |
690 | - the route has a highest priority | |
691 | .sp | |
692 | ||
12387e2c DA |
693 | .TP |
694 | .BI nhid " ID" | |
695 | use nexthop object with given id as nexthop specification. | |
696 | .sp | |
70e46634 RP |
697 | .TP |
698 | .BI encap " ENCAPTYPE ENCAPHDR" | |
699 | attach tunnel encapsulation attributes to this route. | |
700 | .sp | |
701 | .I ENCAPTYPE | |
702 | is a string specifying the supported encapsulation type. Namely: | |
703 | ||
704 | .in +8 | |
705 | .BI mpls | |
706 | - encapsulation type MPLS | |
707 | .sp | |
708 | .BI ip | |
709 | - IP encapsulation (Geneve, GRE, VXLAN, ...) | |
710 | .sp | |
b15f440e TG |
711 | .BI bpf |
712 | - Execution of BPF program | |
713 | .sp | |
e1b7f883 DL |
714 | .BI seg6 |
715 | - encapsulation type IPv6 Segment Routing | |
04399902 DL |
716 | .sp |
717 | .BI seg6local | |
718 | - local SRv6 segment processing | |
70e46634 RP |
719 | |
720 | .in -8 | |
721 | .I ENCAPHDR | |
722 | is a set of encapsulation attributes specific to the | |
723 | .I ENCAPTYPE. | |
724 | ||
725 | .in +8 | |
726 | .B mpls | |
727 | .in +2 | |
728 | .I MPLSLABEL | |
729 | - mpls label stack with labels separated by | |
730 | .I "/" | |
9688cf3b RS |
731 | .sp |
732 | ||
733 | .B ttl | |
734 | .I TTL | |
735 | - TTL to use for MPLS header or 0 to inherit from IP header | |
70e46634 RP |
736 | .in -2 |
737 | .sp | |
738 | ||
739 | .B ip | |
740 | .in +2 | |
741 | .B id | |
742 | .I TUNNEL_ID | |
743 | .B dst | |
744 | .IR REMOTE_IP " [ " | |
7c503d88 DR |
745 | .B src |
746 | .IR SRC " ] [" | |
70e46634 RP |
747 | .B tos |
748 | .IR TOS " ] [" | |
749 | .B ttl | |
3d65cefb | 750 | .IR TTL " ] [ " |
7c503d88 | 751 | .BR key " ] [ " csum " ] [ " seq " ] " |
70e46634 RP |
752 | .in -2 |
753 | .sp | |
754 | ||
b15f440e TG |
755 | .B bpf |
756 | .in +2 | |
757 | .B in | |
758 | .I PROG | |
759 | - BPF program to execute for incoming packets | |
760 | .sp | |
761 | ||
762 | .B out | |
763 | .I PROG | |
764 | - BPF program to execute for outgoing packets | |
765 | .sp | |
766 | ||
767 | .B xmit | |
768 | .I PROG | |
769 | - BPF program to execute for transmitted packets | |
770 | .sp | |
771 | ||
772 | .B headroom | |
773 | .I SIZE | |
774 | - Size of header BPF program will attach (xmit) | |
775 | .in -2 | |
776 | .sp | |
777 | ||
e1b7f883 DL |
778 | .B seg6 |
779 | .in +2 | |
780 | .B mode inline | |
781 | - Directly insert Segment Routing Header after IPv6 header | |
782 | .sp | |
783 | ||
784 | .B mode encap | |
785 | - Encapsulate packet in an outer IPv6 header with SRH | |
786 | .sp | |
787 | ||
9d563d52 DL |
788 | .B mode l2encap |
789 | - Encapsulate ingress L2 frame within an outer IPv6 header and SRH | |
790 | .sp | |
791 | ||
e1b7f883 DL |
792 | .I SEGMENTS |
793 | - List of comma-separated IPv6 addresses | |
794 | .sp | |
795 | ||
796 | .I KEYID | |
797 | - Numerical value in decimal representation. See \fBip-sr\fR(8). | |
798 | .in -2 | |
799 | .sp | |
800 | ||
04399902 DL |
801 | .B seg6local |
802 | .in +2 | |
803 | .IR SEG6_ACTION " [ " | |
804 | .IR SEG6_ACTION_PARAM " ] " | |
805 | - Operation to perform on matching packets. | |
8a03a2f3 | 806 | The following actions are currently supported (\fBLinux 4.14+ only\fR). |
04399902 DL |
807 | .in +2 |
808 | ||
809 | .B End | |
810 | - Regular SRv6 processing as intermediate segment endpoint. | |
811 | This action only accepts packets with a non-zero Segments Left | |
812 | value. Other matching packets are dropped. | |
813 | ||
814 | .B End.X nh6 | |
815 | .I NEXTHOP | |
816 | - Regular SRv6 processing as intermediate segment endpoint. | |
817 | Additionally, forward processed packets to given next-hop. | |
818 | This action only accepts packets with a non-zero Segments Left | |
819 | value. Other matching packets are dropped. | |
820 | ||
821 | .B End.DX6 nh6 | |
822 | .I NEXTHOP | |
823 | - Decapsulate inner IPv6 packet and forward it to the | |
824 | specified next-hop. If the argument is set to ::, then | |
825 | the next-hop is selected according to the local selection | |
826 | rules. This action only accepts packets with either a zero Segments | |
827 | Left value or no SRH at all, and an inner IPv6 packet. Other | |
828 | matching packets are dropped. | |
829 | ||
830 | .B End.B6 srh segs | |
831 | .IR SEGMENTS " [ " | |
832 | .B hmac | |
833 | .IR KEYID " ] " | |
834 | - Insert the specified SRH immediately after the IPv6 header, | |
835 | update the DA with the first segment of the newly inserted SRH, | |
836 | then forward the resulting packet. The original SRH is not | |
837 | modified. This action only accepts packets with a non-zero | |
838 | Segments Left value. Other matching packets are dropped. | |
839 | ||
840 | .B End.B6.Encaps srh segs | |
841 | .IR SEGMENTS " [ " | |
842 | .B hmac | |
843 | .IR KEYID " ] " | |
844 | - Regular SRv6 processing as intermediate segment endpoint. | |
845 | Additionally, encapsulate the matching packet within an outer IPv6 header | |
846 | followed by the specified SRH. The destination address of the outer IPv6 | |
847 | header is set to the first segment of the new SRH. The source | |
848 | address is set as described in \fBip-sr\fR(8). | |
849 | .in -4 | |
850 | ||
194e9b85 | 851 | .in -8 |
761a1e60 | 852 | |
3fbe7ca8 | 853 | .TP |
8a03a2f3 | 854 | .BI expires " TIME " "(Linux 4.4+ only)" |
3fbe7ca8 HL |
855 | the route will be deleted after the expires time. |
856 | .B Only | |
857 | support IPv6 at present. | |
c44d18ea RS |
858 | |
859 | .TP | |
860 | .BR ttl-propagate " { " enabled " | " disabled " } " | |
861 | Control whether TTL should be propagated from any encap into the | |
862 | un-encapsulated packet, overriding any global configuration. Only | |
863 | supported for MPLS at present. | |
72dfff6e | 864 | .RE |
3fbe7ca8 | 865 | |
61f541fe | 866 | .TP |
867 | ip route delete | |
868 | delete route | |
869 | .RS | |
761a1e60 CT |
870 | .B ip route del |
871 | has the same arguments as | |
872 | .BR "ip route add" , | |
873 | but their semantics are a bit different. | |
874 | ||
875 | Key values | |
876 | .RB "(" to ", " tos ", " preference " and " table ")" | |
a89d5329 | 877 | select the route to delete. If optional attributes are present, |
761a1e60 CT |
878 | .B ip |
879 | verifies that they coincide with the attributes of the route to delete. | |
880 | If no route with the given key and attributes was found, | |
881 | .B ip route del | |
882 | fails. | |
61f541fe | 883 | .RE |
761a1e60 | 884 | |
61f541fe | 885 | .TP |
886 | ip route show | |
887 | list routes | |
888 | .RS | |
761a1e60 CT |
889 | the command displays the contents of the routing tables or the route(s) |
890 | selected by some criteria. | |
891 | ||
892 | .TP | |
893 | .BI to " SELECTOR " (default) | |
894 | only select routes from the given range of destinations. | |
895 | .I SELECTOR | |
896 | consists of an optional modifier | |
897 | .RB "(" root ", " match " or " exact ")" | |
898 | and a prefix. | |
899 | .BI root " PREFIX" | |
900 | selects routes with prefixes not shorter than | |
901 | .IR PREFIX "." | |
902 | F.e. | |
903 | .BI root " 0/0" | |
904 | selects the entire routing table. | |
905 | .BI match " PREFIX" | |
906 | selects routes with prefixes not longer than | |
907 | .IR PREFIX "." | |
908 | F.e. | |
909 | .BI match " 10.0/16" | |
910 | selects | |
911 | .IR 10.0/16 "," | |
912 | .IR 10/8 " and " 0/0 , | |
913 | but it does not select | |
914 | .IR 10.1/16 " and " 10.0.0/24 . | |
915 | And | |
916 | .BI exact " PREFIX" | |
917 | (or just | |
918 | .IR PREFIX ")" | |
919 | selects routes with this exact prefix. If neither of these options | |
920 | are present, | |
921 | .B ip | |
922 | assumes | |
923 | .BI root " 0/0" | |
924 | i.e. it lists the entire table. | |
925 | ||
926 | .TP | |
927 | .BI tos " TOS" | |
1b3c149b | 928 | .TP |
761a1e60 CT |
929 | .BI dsfield " TOS" |
930 | only select routes with the given TOS. | |
931 | ||
932 | .TP | |
933 | .BI table " TABLEID" | |
a89d5329 | 934 | show the routes from this table(s). The default setting is to show table |
1b3c149b | 935 | .BR main "." |
761a1e60 CT |
936 | .I TABLEID |
937 | may either be the ID of a real table or one of the special values: | |
938 | .sp | |
939 | .in +8 | |
940 | .B all | |
941 | - list all of the tables. | |
942 | .sp | |
943 | .B cache | |
944 | - dump the routing cache. | |
945 | .in -8 | |
946 | ||
0130f012 DA |
947 | .TP |
948 | .BI vrf " NAME" | |
949 | show the routes for the table associated with the vrf name | |
950 | ||
761a1e60 CT |
951 | .TP |
952 | .B cloned | |
953 | .TP | |
954 | .B cached | |
955 | list cloned routes i.e. routes which were dynamically forked from | |
956 | other routes because some route attribute (f.e. MTU) was updated. | |
957 | Actually, it is equivalent to | |
958 | .BR "table cache" "." | |
959 | ||
960 | .TP | |
961 | .BI from " SELECTOR" | |
962 | the same syntax as for | |
963 | .BR to "," | |
964 | but it binds the source address range rather than destinations. | |
965 | Note that the | |
966 | .B from | |
967 | option only works with cloned routes. | |
968 | ||
969 | .TP | |
970 | .BI protocol " RTPROTO" | |
971 | only list routes of this protocol. | |
972 | ||
973 | .TP | |
974 | .BI scope " SCOPE_VAL" | |
975 | only list routes with this scope. | |
976 | ||
977 | .TP | |
978 | .BI type " TYPE" | |
979 | only list routes of this type. | |
980 | ||
981 | .TP | |
982 | .BI dev " NAME" | |
983 | only list routes going via this device. | |
984 | ||
985 | .TP | |
93ae2835 | 986 | .BI via " [ FAMILY ] PREFIX" |
761a1e60 CT |
987 | only list routes going via the nexthop routers selected by |
988 | .IR PREFIX "." | |
989 | ||
990 | .TP | |
991 | .BI src " PREFIX" | |
992 | only list routes with preferred source addresses selected | |
993 | by | |
994 | .IR PREFIX "." | |
995 | ||
996 | .TP | |
997 | .BI realm " REALMID" | |
998 | .TP | |
999 | .BI realms " FROMREALM/TOREALM" | |
1000 | only list routes with these realms. | |
61f541fe | 1001 | .RE |
761a1e60 | 1002 | |
61f541fe | 1003 | .TP |
1004 | ip route flush | |
1005 | flush routing tables | |
1006 | .RS | |
761a1e60 CT |
1007 | this command flushes routes selected by some criteria. |
1008 | ||
1009 | .sp | |
1010 | The arguments have the same syntax and semantics as the arguments of | |
1011 | .BR "ip route show" , | |
a89d5329 | 1012 | but routing tables are not listed but purged. The only difference is |
761a1e60 CT |
1013 | the default action: |
1014 | .B show | |
1015 | dumps all the IP main routing table but | |
1016 | .B flush | |
1017 | prints the helper page. | |
1018 | ||
1019 | .sp | |
1020 | With the | |
1021 | .B -statistics | |
1022 | option, the command becomes verbose. It prints out the number of | |
1023 | deleted routes and the number of rounds made to flush the routing | |
1024 | table. If the option is given | |
1025 | twice, | |
1026 | .B ip route flush | |
1027 | also dumps all the deleted routes in the format described in the | |
1028 | previous subsection. | |
61f541fe | 1029 | .RE |
761a1e60 | 1030 | |
61f541fe | 1031 | .TP |
1032 | ip route get | |
1033 | get a single route | |
1034 | .RS | |
761a1e60 CT |
1035 | this command gets a single route to a destination and prints its |
1036 | contents exactly as the kernel sees it. | |
1037 | ||
aa883d86 RP |
1038 | .TP |
1039 | .BI fibmatch | |
1040 | Return full fib lookup matched route. Default is to return the resolved | |
1041 | dst entry | |
1042 | ||
761a1e60 CT |
1043 | .TP |
1044 | .BI to " ADDRESS " (default) | |
1045 | the destination address. | |
1046 | ||
1047 | .TP | |
1048 | .BI from " ADDRESS" | |
1049 | the source address. | |
1050 | ||
1051 | .TP | |
1052 | .BI tos " TOS" | |
1053 | .TP | |
1054 | .BI dsfield " TOS" | |
1055 | the Type Of Service. | |
1056 | ||
1057 | .TP | |
1058 | .BI iif " NAME" | |
1059 | the device from which this packet is expected to arrive. | |
1060 | ||
1061 | .TP | |
1062 | .BI oif " NAME" | |
1063 | force the output device on which this packet will be routed. | |
0130f012 | 1064 | |
2fc8883b SR |
1065 | .TP |
1066 | .BI mark " MARK" | |
1067 | the firewall mark | |
1068 | .RB ( "fwmark" ) | |
1069 | ||
0130f012 DA |
1070 | .TP |
1071 | .BI vrf " NAME" | |
1072 | force the vrf device on which this packet will be routed. | |
761a1e60 | 1073 | |
804c7fff RP |
1074 | .TP |
1075 | .BI ipproto " PROTOCOL" | |
1076 | ip protocol as seen by the route lookup | |
1077 | ||
1078 | .TP | |
1079 | .BI sport " NUMBER" | |
1080 | source port as seen by the route lookup | |
1081 | ||
1082 | .TP | |
1083 | .BI dport " NUMBER" | |
1084 | destination port as seen by the route lookup | |
1085 | ||
761a1e60 CT |
1086 | .TP |
1087 | .B connected | |
1088 | if no source address | |
1089 | .RB "(option " from ")" | |
1090 | was given, relookup the route with the source set to the preferred | |
1091 | address received from the first lookup. | |
1092 | If policy routing is used, it may be a different route. | |
1093 | ||
1094 | .P | |
1095 | Note that this operation is not equivalent to | |
1096 | .BR "ip route show" . | |
1097 | .B show | |
1098 | shows existing routes. | |
1099 | .B get | |
a89d5329 | 1100 | resolves them and creates new clones if necessary. Essentially, |
761a1e60 CT |
1101 | .B get |
1102 | is equivalent to sending a packet along this path. | |
1103 | If the | |
1104 | .B iif | |
1105 | argument is not given, the kernel creates a route | |
1106 | to output packets towards the requested destination. | |
1107 | This is equivalent to pinging the destination | |
1108 | with a subsequent | |
1109 | .BR "ip route ls cache" , | |
a89d5329 | 1110 | however, no packets are actually sent. With the |
761a1e60 CT |
1111 | .B iif |
1112 | argument, the kernel pretends that a packet arrived from this interface | |
1113 | and searches for a path to forward the packet. | |
61f541fe | 1114 | .RE |
761a1e60 | 1115 | |
61f541fe | 1116 | .TP |
1117 | ip route save | |
1118 | save routing table information to stdout | |
1119 | .RS | |
1120 | This command behaves like | |
761a1e60 CT |
1121 | .BR "ip route show" |
1122 | except that the output is raw data suitable for passing to | |
1123 | .BR "ip route restore" . | |
61f541fe | 1124 | .RE |
761a1e60 | 1125 | |
61f541fe | 1126 | .TP |
1127 | ip route restore | |
1128 | restore routing table information from stdin | |
1129 | .RS | |
1130 | This command expects to read a data stream as returned from | |
761a1e60 CT |
1131 | .BR "ip route save" . |
1132 | It will attempt to restore the routing table information exactly as | |
1133 | it was at the time of the save, so any translation of information | |
a89d5329 PŠ |
1134 | in the stream (such as device indexes) must be done first. Any existing |
1135 | routes are left unchanged. Any routes specified in the data stream that | |
761a1e60 | 1136 | already exist in the table will be ignored. |
61f541fe | 1137 | .RE |
761a1e60 | 1138 | |
f5f760b8 PS |
1139 | .SH NOTES |
1140 | Starting with Linux kernel version 3.6, there is no routing cache for IPv4 | |
1141 | anymore. Hence | |
1142 | .B "ip route show cached" | |
1143 | will never print any entries on systems with this or newer kernel versions. | |
1144 | ||
761a1e60 CT |
1145 | .SH EXAMPLES |
1146 | .PP | |
1147 | ip ro | |
1148 | .RS 4 | |
1149 | Show all route entries in the kernel. | |
1150 | .RE | |
1151 | .PP | |
1152 | ip route add default via 192.168.1.1 dev eth0 | |
1153 | .RS 4 | |
1154 | Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can | |
1155 | be reached on device eth0. | |
1156 | .RE | |
70e46634 RP |
1157 | .PP |
1158 | ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0 | |
1159 | .RS 4 | |
1160 | Adds an ipv4 route with mpls encapsulation attributes attached to it. | |
1161 | .RE | |
e1b7f883 DL |
1162 | .PP |
1163 | ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0 | |
1164 | .RS 4 | |
1165 | Adds an IPv6 route with SRv6 encapsulation and two segments attached. | |
1166 | .RE | |
12387e2c DA |
1167 | .PP |
1168 | ip route add 10.1.1.0/30 nhid 10 | |
1169 | .RS 4 | |
1170 | Adds an ipv4 route using nexthop object with id 10. | |
1171 | .RE | |
761a1e60 CT |
1172 | .SH SEE ALSO |
1173 | .br | |
1174 | .BR ip (8) | |
1175 | ||
1176 | .SH AUTHOR | |
1177 | Original Manpage by Michail Litvak <mci@owl.openwall.com> |