1 .TH IP\-ROUTE 8 "20 Dec 2011" "iproute2" "Linux"
3 ip-route \- routing table management
12 .RI " { " COMMAND " | "
19 .BR list " | " flush " } "
27 .BR "ip route restore"
32 .BI from " ADDRESS " iif " STRING"
39 .BR "ip route" " { " add " | " del " | " change " | " append " | "\
61 .IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]"
64 .IR NODE_SPEC " := [ " TYPE " ] " PREFIX " ["
77 .IR INFO_SPEC " := " "NH OPTIONS FLAGS" " ["
88 .IR NUMBER " ] " NHFLAGS
91 .IR OPTIONS " := " FLAGS " [ "
117 .BR unicast " | " local " | " broadcast " | " multicast " | "\
118 throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
121 .IR TABLE_ID " := [ "
122 .BR local "| " main " | " default " | " all " |"
127 .BR host " | " link " | " global " |"
132 .BR onlink " | " pervasive " ]"
136 .BR kernel " | " boot " | " static " |"
142 is used to manipulate entries in the kernel routing tables.
148 - the route entry describes real paths to the destinations covered
153 - these destinations are unreachable. Packets are discarded and the
157 The local senders get an
163 - these destinations are unreachable. Packets are discarded silently.
164 The local senders get an
170 - these destinations are unreachable. Packets are discarded and the
172 .I communication administratively prohibited
173 is generated. The local senders get an
179 - the destinations are assigned to this host. The packets are looped
180 back and delivered locally.
184 - the destinations are broadcast addresses. The packets are sent as
189 - a special control route used together with policy rules. If such a
190 route is selected, lookup in this table is terminated pretending that
191 no route was found. Without policy routing it is equivalent to the
192 absence of the route in the routing table. The packets are dropped
195 is generated. The local senders get an
201 - a special NAT route. Destinations covered by the prefix
202 are considered to be dummy (or external) addresses which require translation
203 to real (or internal) ones before forwarding. The addresses to translate to
204 are selected with the attribute
206 Route NAT is no longer supported in Linux 2.6.
212 .RI "- " "not implemented"
215 addresses assigned to this host. They are mainly equivalent
218 with one difference: such addresses are invalid when used
219 as the source address of any packet.
223 - a special type used for multicast routing. It is not present in
224 normal routing tables.
229 Linux-2.x can pack routes into several routing tables identified
230 by a number in the range from 1 to 2^31 or by name from the file
231 .B @SYSCONFDIR@/rt_tables
232 By default all normal routes are inserted into the
234 table (ID 254) and the kernel only uses this table when calculating routes.
235 Values (0, 253, 254, and 255) are reserved for built-in use.
238 Actually, one other table always exists, which is invisible but
239 even more important. It is the
241 table (ID 255). This table
242 consists of routes for local and broadcast addresses. The kernel maintains
243 this table automatically and the administrator usually need not modify it
246 The multiple routing tables enter the game when
250 .SS ip route add - add new route
251 .SS ip route change - change route
252 .SS ip route replace - change or add new one
255 .BI to " TYPE PREFIX " (default)
256 the destination prefix of the route. If
266 is an IP or IPv6 address optionally followed by a slash and the
267 prefix length. If the length of the prefix is missing,
269 assumes a full-length host route. There is also a special
272 - which is equivalent to IP
281 the Type Of Service (TOS) key. This key has no associated mask and
282 the longest match is understood as: First, compare the TOS
283 of the route and of the packet. If they are not equal, then the packet
284 may still match a route with a zero TOS.
286 is either an 8 bit hexadecimal number or an identifier
288 .BR "@SYSCONFDIR@/rt_dsfield" .
293 .BI preference " NUMBER"
294 the preference value of the route.
296 is an arbitrary 32bit number.
300 the table to add this route to.
302 may be a number or a string from the file
303 .BR "@SYSCONFDIR@/rt_tables" .
304 If this parameter is omitted,
308 table, with the exception of
309 .BR local " , " broadcast " and " nat
310 routes, which are put into the
316 the output device name.
320 the address of the nexthop router. Actually, the sense of this field
321 depends on the route type. For normal
323 routes it is either the true next hop router or, if it is a direct
324 route installed in BSD compatibility mode, it can be a local address
325 of the interface. For NAT routes it is the first address of the block
326 of translated IP destinations.
330 the source address to prefer when sending to the destinations
331 covered by the route prefix.
335 the realm to which this route is assigned.
337 may be a number or a string from the file
338 .BR "@SYSCONFDIR@/rt_realms" .
343 .BI "mtu lock" " MTU"
344 the MTU along the path to the destination. If the modifier
346 is not used, the MTU may be updated by the kernel due to
347 Path MTU Discovery. If the modifier
349 is used, no path MTU discovery will be tried, all packets
350 will be sent without the DF bit in IPv4 case or fragmented
355 the maximal window for TCP to advertise to these destinations,
356 measured in bytes. It limits maximal data bursts that our TCP
357 peers are allowed to send to us.
361 the initial RTT ('Round Trip Time') estimate. If no suffix is
362 specified the units are raw values passed directly to the
363 routing code to maintain compatibility with previous releases.
364 Otherwise if a suffix of s, sec or secs is used to specify
365 seconds and ms, msec or msecs to specify milliseconds.
369 .BI rttvar " TIME " "(2.3.15+ only)"
370 the initial RTT variance estimate. Values are specified as with
375 .BI rto_min " TIME " "(2.6.23+ only)"
376 the minimum TCP Retransmission TimeOut to use when communicating with this
377 destination. Values are specified as with
382 .BI ssthresh " NUMBER " "(2.3.15+ only)"
383 an estimate for the initial slow start threshold.
386 .BI cwnd " NUMBER " "(2.3.15+ only)"
387 the clamp for congestion window. It is ignored if the
392 .BI initcwnd " NUMBER " "(2.5.70+ only)"
393 the initial congestion window size for connections to this destination.
394 Actual window size is this value multiplied by the MSS
395 (``Maximal Segment Size'') for same connection. The default is
396 zero, meaning to use the values specified in RFC2414.
399 .BI initrwnd " NUMBER " "(2.6.33+ only)"
400 the initial receive window size for connections to this destination.
401 Actual window size is this value multiplied by the MSS of the connection.
402 The default value is zero, meaning to use Slow Start value.
405 .BI advmss " NUMBER " "(2.3.15+ only)"
406 the MSS ('Maximal Segment Size') to advertise to these
407 destinations when establishing TCP connections. If it is not given,
408 Linux uses a default value calculated from the first hop device MTU.
409 (If the path to these destination is asymmetric, this guess may be wrong.)
412 .BI reordering " NUMBER " "(2.3.15+ only)"
413 Maximal reordering on the path to this destination.
414 If it is not given, Linux uses the value selected with
417 .BR "net/ipv4/tcp_reordering" .
420 .BI nexthop " NEXTHOP"
421 the nexthop of a multipath route.
423 is a complex value with its own syntax similar to the top level
428 - is the nexthop router.
432 - is the output device.
436 - is a weight for this element of a multipath
437 route reflecting its relative bandwidth or quality.
441 .BI scope " SCOPE_VAL"
442 the scope of the destinations covered by the route prefix.
444 may be a number or a string from the file
445 .BR "@SYSCONFDIR@/rt_scopes" .
446 If this parameter is omitted,
455 .BR unicast " and " broadcast
457 .BR host " for " local
461 .BI protocol " RTPROTO"
462 the routing protocol identifier of this route.
464 may be a number or a string from the file
465 .BR "@SYSCONFDIR@/rt_protos" .
466 If the routing protocol ID is not given,
467 .B ip assumes protocol
469 (i.e. it assumes the route was added by someone who doesn't
470 understand what they are doing). Several protocol values have
471 a fixed interpretation.
476 - the route was installed due to an ICMP redirect.
480 - the route was installed by the kernel during autoconfiguration.
484 - the route was installed during the bootup sequence.
485 If a routing daemon starts, it will purge all of them.
489 - the route was installed by the administrator
490 to override dynamic routing. Routing daemon will respect them
491 and, probably, even advertise them to its peers.
495 - the route was installed by Router Discovery protocol.
499 The rest of the values are not reserved and the administrator is free
500 to assign (or not to assign) protocol tags.
504 pretend that the nexthop is directly attached to this link,
505 even if it does not match any interface prefix.
507 .SS ip route delete - delete route
510 has the same arguments as
512 but their semantics are a bit different.
515 .RB "(" to ", " tos ", " preference " and " table ")"
516 select the route to delete. If optional attributes are present,
518 verifies that they coincide with the attributes of the route to delete.
519 If no route with the given key and attributes was found,
523 .SS ip route show - list routes
524 the command displays the contents of the routing tables or the route(s)
525 selected by some criteria.
528 .BI to " SELECTOR " (default)
529 only select routes from the given range of destinations.
531 consists of an optional modifier
532 .RB "(" root ", " match " or " exact ")"
535 selects routes with prefixes not shorter than
539 selects the entire routing table.
541 selects routes with prefixes not longer than
547 .IR 10/8 " and " 0/0 ,
548 but it does not select
549 .IR 10.1/16 " and " 10.0.0/24 .
554 selects routes with this exact prefix. If neither of these options
559 i.e. it lists the entire table.
564 only select routes with the given TOS.
568 show the routes from this table(s). The default setting is to show
571 may either be the ID of a real table or one of the special values:
575 - list all of the tables.
578 - dump the routing cache.
585 list cloned routes i.e. routes which were dynamically forked from
586 other routes because some route attribute (f.e. MTU) was updated.
587 Actually, it is equivalent to
588 .BR "table cache" "."
592 the same syntax as for
594 but it binds the source address range rather than destinations.
597 option only works with cloned routes.
600 .BI protocol " RTPROTO"
601 only list routes of this protocol.
604 .BI scope " SCOPE_VAL"
605 only list routes with this scope.
609 only list routes of this type.
613 only list routes going via this device.
617 only list routes going via the nexthop routers selected by
622 only list routes with preferred source addresses selected
629 .BI realms " FROMREALM/TOREALM"
630 only list routes with these realms.
632 .SS ip route flush - flush routing tables
633 this command flushes routes selected by some criteria.
636 The arguments have the same syntax and semantics as the arguments of
637 .BR "ip route show" ,
638 but routing tables are not listed but purged. The only difference is
641 dumps all the IP main routing table but
643 prints the helper page.
648 option, the command becomes verbose. It prints out the number of
649 deleted routes and the number of rounds made to flush the routing
650 table. If the option is given
653 also dumps all the deleted routes in the format described in the
656 .SS ip route get - get a single route
657 this command gets a single route to a destination and prints its
658 contents exactly as the kernel sees it.
661 .BI to " ADDRESS " (default)
662 the destination address.
676 the device from which this packet is expected to arrive.
680 force the output device on which this packet will be routed.
685 .RB "(option " from ")"
686 was given, relookup the route with the source set to the preferred
687 address received from the first lookup.
688 If policy routing is used, it may be a different route.
691 Note that this operation is not equivalent to
692 .BR "ip route show" .
694 shows existing routes.
696 resolves them and creates new clones if necessary. Essentially,
698 is equivalent to sending a packet along this path.
701 argument is not given, the kernel creates a route
702 to output packets towards the requested destination.
703 This is equivalent to pinging the destination
705 .BR "ip route ls cache" ,
706 however, no packets are actually sent. With the
708 argument, the kernel pretends that a packet arrived from this interface
709 and searches for a path to forward the packet.
711 .SS ip route save - save routing table information to stdout
712 this command behaves like
714 except that the output is raw data suitable for passing to
715 .BR "ip route restore" .
717 .SS ip route restore - restore routing table information from stdin
718 this command expects to read a data stream as returned from
719 .BR "ip route save" .
720 It will attempt to restore the routing table information exactly as
721 it was at the time of the save, so any translation of information
722 in the stream (such as device indexes) must be done first. Any existing
723 routes are left unchanged. Any routes specified in the data stream that
724 already exist in the table will be ignored.
730 Show all route entries in the kernel.
733 ip route add default via 192.168.1.1 dev eth0
735 Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can
736 be reached on device eth0.
744 Original Manpage by Michail Litvak <mci@owl.openwall.com>