1 .TH IP\-ROUTE 8 "13 Dec 2012" "iproute2" "Linux"
3 ip-route \- routing table management
10 .RI "[ " ip-OPTIONS " ]"
12 .RI " { " COMMAND " | "
19 .BR show " | " flush " } "
27 .BR "ip route restore"
33 .BI from " ADDRESS " iif " STRING"
50 .BR "ip route" " { " add " | " del " | " change " | " append " | "\
74 .IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]"
77 .IR NODE_SPEC " := [ " TYPE " ] " PREFIX " ["
89 .RB "{ " enabled " | " disabled " } ]"
92 .IR INFO_SPEC " := " "NH OPTIONS FLAGS" " ["
102 .IR FAMILY " ] " ADDRESS " ] [ "
106 .IR NUMBER " ] " NHFLAGS
110 .BR inet " | " inet6 " | " ipx " | " dnet " | " mpls " | " bridge " | " link " ]"
113 .IR OPTIONS " := " FLAGS " [ "
153 .B fastopen_no_cookie
158 .BR unicast " | " local " | " broadcast " | " multicast " | "\
159 throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
162 .IR TABLE_ID " := [ "
163 .BR local "| " main " | " default " | " all " |"
168 .BR host " | " link " | " global " |"
173 .BR onlink " | " pervasive " ]"
177 .BR kernel " | " boot " | " static " |"
181 .IR FEATURES " := [ "
186 .BR low " | " medium " | " high " ]"
190 .IR MPLS " | " IP " | " BPF " | " SEG6 " | " SEG6LOCAL " ] "
193 .IR ENCAP_MPLS " := "
224 .IR ENCAP_SEG6 " := "
227 .BR encap " | " inline " | " l2encap " ] "
234 .IR ENCAP_SEG6LOCAL " := "
237 .IR SEG6_ACTION " [ "
238 .IR SEG6_ACTION_PARAM " ] "
241 .IR ROUTE_GET_FLAGS " := "
248 is used to manipulate entries in the kernel routing tables.
254 - the route entry describes real paths to the destinations covered
259 - these destinations are unreachable. Packets are discarded and the
263 The local senders get an
269 - these destinations are unreachable. Packets are discarded silently.
270 The local senders get an
276 - these destinations are unreachable. Packets are discarded and the
278 .I communication administratively prohibited
279 is generated. The local senders get an
285 - the destinations are assigned to this host. The packets are looped
286 back and delivered locally.
290 - the destinations are broadcast addresses. The packets are sent as
295 - a special control route used together with policy rules. If such a
296 route is selected, lookup in this table is terminated pretending that
297 no route was found. Without policy routing it is equivalent to the
298 absence of the route in the routing table. The packets are dropped
301 is generated. The local senders get an
307 - a special NAT route. Destinations covered by the prefix
308 are considered to be dummy (or external) addresses which require translation
309 to real (or internal) ones before forwarding. The addresses to translate to
310 are selected with the attribute
313 Route NAT is no longer supported in Linux 2.6.
317 .RI "- " "not implemented"
320 addresses assigned to this host. They are mainly equivalent
323 with one difference: such addresses are invalid when used
324 as the source address of any packet.
328 - a special type used for multicast routing. It is not present in
329 normal routing tables.
334 Linux-2.x can pack routes into several routing tables identified
335 by a number in the range from 1 to 2^32-1 or by name from the file
336 .B @SYSCONFDIR@/rt_tables
337 By default all normal routes are inserted into the
339 table (ID 254) and the kernel only uses this table when calculating routes.
340 Values (0, 253, 254, and 255) are reserved for built-in use.
343 Actually, one other table always exists, which is invisible but
344 even more important. It is the
346 table (ID 255). This table
347 consists of routes for local and broadcast addresses. The kernel maintains
348 this table automatically and the administrator usually need not modify it
351 The multiple routing tables enter the game when
363 change or add new one
366 .BI to " TYPE PREFIX " (default)
367 the destination prefix of the route. If
377 is an IP or IPv6 address optionally followed by a slash and the
378 prefix length. If the length of the prefix is missing,
380 assumes a full-length host route. There is also a special
383 - which is equivalent to IP
392 the Type Of Service (TOS) key. This key has no associated mask and
393 the longest match is understood as: First, compare the TOS
394 of the route and of the packet. If they are not equal, then the packet
395 may still match a route with a zero TOS.
397 is either an 8 bit hexadecimal number or an identifier
399 .BR "@SYSCONFDIR@/rt_dsfield" .
404 .BI preference " NUMBER"
405 the preference value of the route.
407 is an arbitrary 32bit number, where routes with lower values are preferred.
411 the table to add this route to.
413 may be a number or a string from the file
414 .BR "@SYSCONFDIR@/rt_tables" .
415 If this parameter is omitted,
419 table, with the exception of
420 .BR local ", " broadcast " and " nat
421 routes, which are put into the
427 the vrf name to add this route to. Implicitly means the table
428 associated with the VRF.
432 the output device name.
435 .BI via " [ FAMILY ] ADDRESS"
436 the address of the nexthop router, in the address family FAMILY.
437 Actually, the sense of this field depends on the route type. For
440 routes it is either the true next hop router or, if it is a direct
441 route installed in BSD compatibility mode, it can be a local address
442 of the interface. For NAT routes it is the first address of the block
443 of translated IP destinations.
447 the source address to prefer when sending to the destinations
448 covered by the route prefix.
452 the realm to which this route is assigned.
454 may be a number or a string from the file
455 .BR "@SYSCONFDIR@/rt_realms" .
460 .BI "mtu lock" " MTU"
461 the MTU along the path to the destination. If the modifier
463 is not used, the MTU may be updated by the kernel due to
464 Path MTU Discovery. If the modifier
466 is used, no path MTU discovery will be tried, all packets
467 will be sent without the DF bit in IPv4 case or fragmented
472 the maximal window for TCP to advertise to these destinations,
473 measured in bytes. It limits maximal data bursts that our TCP
474 peers are allowed to send to us.
478 the initial RTT ('Round Trip Time') estimate. If no suffix is
479 specified the units are raw values passed directly to the
480 routing code to maintain compatibility with previous releases.
481 Otherwise if a suffix of s, sec or secs is used to specify
482 seconds and ms, msec or msecs to specify milliseconds.
486 .BI rttvar " TIME " "(2.3.15+ only)"
487 the initial RTT variance estimate. Values are specified as with
492 .BI rto_min " TIME " "(2.6.23+ only)"
493 the minimum TCP Retransmission TimeOut to use when communicating with this
494 destination. Values are specified as with
499 .BI ssthresh " NUMBER " "(2.3.15+ only)"
500 an estimate for the initial slow start threshold.
503 .BI cwnd " NUMBER " "(2.3.15+ only)"
504 the clamp for congestion window. It is ignored if the
509 .BI initcwnd " NUMBER " "(2.5.70+ only)"
510 the initial congestion window size for connections to this destination.
511 Actual window size is this value multiplied by the MSS
512 (``Maximal Segment Size'') for same connection. The default is
513 zero, meaning to use the values specified in RFC2414.
516 .BI initrwnd " NUMBER " "(2.6.33+ only)"
517 the initial receive window size for connections to this destination.
518 Actual window size is this value multiplied by the MSS of the connection.
519 The default value is zero, meaning to use Slow Start value.
522 .BI features " FEATURES " (3.18+ only)
523 Enable or disable per-route features. Only available feature at this
526 to enable explicit congestion notification when initiating connections to the
527 given destination network.
528 When responding to a connection request from the given network, ecn will
529 also be used even if the
534 .BI quickack " BOOL " "(3.11+ only)"
535 Enable or disable quick ack for connections to this destination.
538 .BI fastopen_no_cookie " BOOL " "(4.15+ only)"
539 Enable TCP Fastopen without a cookie for connections to this destination.
542 .BI congctl " NAME " "(3.20+ only)"
544 .BI "congctl lock" " NAME " "(3.20+ only)"
545 Sets a specific TCP congestion control algorithm only for a given destination.
546 If not specified, Linux keeps the current global default TCP congestion control
547 algorithm, or the one set from the application. If the modifier
549 is not used, an application may nevertheless overwrite the suggested congestion
550 control algorithm for that destination. If the modifier
552 is used, then an application is not allowed to overwrite the specified congestion
553 control algorithm for that destination, thus it will be enforced/guaranteed to
554 use the proposed algorithm.
557 .BI advmss " NUMBER " "(2.3.15+ only)"
558 the MSS ('Maximal Segment Size') to advertise to these
559 destinations when establishing TCP connections. If it is not given,
560 Linux uses a default value calculated from the first hop device MTU.
561 (If the path to these destination is asymmetric, this guess may be wrong.)
564 .BI reordering " NUMBER " "(2.3.15+ only)"
565 Maximal reordering on the path to this destination.
566 If it is not given, Linux uses the value selected with
569 .BR "net/ipv4/tcp_reordering" .
572 .BI nexthop " NEXTHOP"
573 the nexthop of a multipath route.
575 is a complex value with its own syntax similar to the top level
579 .BI via " [ FAMILY ] ADDRESS"
580 - is the nexthop router.
584 - is the output device.
588 - is a weight for this element of a multipath
589 route reflecting its relative bandwidth or quality.
593 .BI scope " SCOPE_VAL"
594 the scope of the destinations covered by the route prefix.
596 may be a number or a string from the file
597 .BR "@SYSCONFDIR@/rt_scopes" .
598 If this parameter is omitted,
607 .BR unicast " and " broadcast
609 .BR host " for " local
613 .BI protocol " RTPROTO"
614 the routing protocol identifier of this route.
616 may be a number or a string from the file
617 .BR "@SYSCONFDIR@/rt_protos" .
618 If the routing protocol ID is not given,
619 .B ip assumes protocol
621 (i.e. it assumes the route was added by someone who doesn't
622 understand what they are doing). Several protocol values have
623 a fixed interpretation.
628 - the route was installed due to an ICMP redirect.
632 - the route was installed by the kernel during autoconfiguration.
636 - the route was installed during the bootup sequence.
637 If a routing daemon starts, it will purge all of them.
641 - the route was installed by the administrator
642 to override dynamic routing. Routing daemon will respect them
643 and, probably, even advertise them to its peers.
647 - the route was installed by Router Discovery protocol.
651 The rest of the values are not reserved and the administrator is free
652 to assign (or not to assign) protocol tags.
656 pretend that the nexthop is directly attached to this link,
657 even if it does not match any interface prefix.
661 the IPv6 route preference.
663 is a string specifying the route preference as defined in RFC4191 for Router
664 Discovery messages. Namely:
668 - the route has a lowest priority
672 - the route has a default priority
676 - the route has a highest priority
680 .BI encap " ENCAPTYPE ENCAPHDR"
681 attach tunnel encapsulation attributes to this route.
684 is a string specifying the supported encapsulation type. Namely:
688 - encapsulation type MPLS
691 - IP encapsulation (Geneve, GRE, VXLAN, ...)
694 - Execution of BPF program
697 - encapsulation type IPv6 Segment Routing
700 - local SRv6 segment processing
704 is a set of encapsulation attributes specific to the
711 - mpls label stack with labels separated by
717 - TTL to use for MPLS header or 0 to inherit from IP header
738 - BPF program to execute for incoming packets
743 - BPF program to execute for outgoing packets
748 - BPF program to execute for transmitted packets
753 - Size of header BPF program will attach (xmit)
760 - Directly insert Segment Routing Header after IPv6 header
764 - Encapsulate packet in an outer IPv6 header with SRH
768 - Encapsulate ingress L2 frame within an outer IPv6 header and SRH
772 - List of comma-separated IPv6 addresses
776 - Numerical value in decimal representation. See \fBip-sr\fR(8).
782 .IR SEG6_ACTION " [ "
783 .IR SEG6_ACTION_PARAM " ] "
784 - Operation to perform on matching packets.
785 The following actions are currently supported (\fB4.14+ only\fR).
789 - Regular SRv6 processing as intermediate segment endpoint.
790 This action only accepts packets with a non-zero Segments Left
791 value. Other matching packets are dropped.
795 - Regular SRv6 processing as intermediate segment endpoint.
796 Additionally, forward processed packets to given next-hop.
797 This action only accepts packets with a non-zero Segments Left
798 value. Other matching packets are dropped.
802 - Decapsulate inner IPv6 packet and forward it to the
803 specified next-hop. If the argument is set to ::, then
804 the next-hop is selected according to the local selection
805 rules. This action only accepts packets with either a zero Segments
806 Left value or no SRH at all, and an inner IPv6 packet. Other
807 matching packets are dropped.
813 - Insert the specified SRH immediately after the IPv6 header,
814 update the DA with the first segment of the newly inserted SRH,
815 then forward the resulting packet. The original SRH is not
816 modified. This action only accepts packets with a non-zero
817 Segments Left value. Other matching packets are dropped.
819 .B End.B6.Encaps srh segs
823 - Regular SRv6 processing as intermediate segment endpoint.
824 Additionally, encapsulate the matching packet within an outer IPv6 header
825 followed by the specified SRH. The destination address of the outer IPv6
826 header is set to the first segment of the new SRH. The source
827 address is set as described in \fBip-sr\fR(8).
833 .BI expires " TIME " "(4.4+ only)"
834 the route will be deleted after the expires time.
836 support IPv6 at present.
839 .BR ttl-propagate " { " enabled " | " disabled " } "
840 Control whether TTL should be propagated from any encap into the
841 un-encapsulated packet, overriding any global configuration. Only
842 supported for MPLS at present.
850 has the same arguments as
852 but their semantics are a bit different.
855 .RB "(" to ", " tos ", " preference " and " table ")"
856 select the route to delete. If optional attributes are present,
858 verifies that they coincide with the attributes of the route to delete.
859 If no route with the given key and attributes was found,
868 the command displays the contents of the routing tables or the route(s)
869 selected by some criteria.
872 .BI to " SELECTOR " (default)
873 only select routes from the given range of destinations.
875 consists of an optional modifier
876 .RB "(" root ", " match " or " exact ")"
879 selects routes with prefixes not shorter than
883 selects the entire routing table.
885 selects routes with prefixes not longer than
891 .IR 10/8 " and " 0/0 ,
892 but it does not select
893 .IR 10.1/16 " and " 10.0.0/24 .
898 selects routes with this exact prefix. If neither of these options
903 i.e. it lists the entire table.
909 only select routes with the given TOS.
913 show the routes from this table(s). The default setting is to show table
916 may either be the ID of a real table or one of the special values:
920 - list all of the tables.
923 - dump the routing cache.
928 show the routes for the table associated with the vrf name
934 list cloned routes i.e. routes which were dynamically forked from
935 other routes because some route attribute (f.e. MTU) was updated.
936 Actually, it is equivalent to
937 .BR "table cache" "."
941 the same syntax as for
943 but it binds the source address range rather than destinations.
946 option only works with cloned routes.
949 .BI protocol " RTPROTO"
950 only list routes of this protocol.
953 .BI scope " SCOPE_VAL"
954 only list routes with this scope.
958 only list routes of this type.
962 only list routes going via this device.
965 .BI via " [ FAMILY ] PREFIX"
966 only list routes going via the nexthop routers selected by
971 only list routes with preferred source addresses selected
978 .BI realms " FROMREALM/TOREALM"
979 only list routes with these realms.
986 this command flushes routes selected by some criteria.
989 The arguments have the same syntax and semantics as the arguments of
990 .BR "ip route show" ,
991 but routing tables are not listed but purged. The only difference is
994 dumps all the IP main routing table but
996 prints the helper page.
1001 option, the command becomes verbose. It prints out the number of
1002 deleted routes and the number of rounds made to flush the routing
1003 table. If the option is given
1006 also dumps all the deleted routes in the format described in the
1007 previous subsection.
1014 this command gets a single route to a destination and prints its
1015 contents exactly as the kernel sees it.
1019 Return full fib lookup matched route. Default is to return the resolved
1023 .BI to " ADDRESS " (default)
1024 the destination address.
1034 the Type Of Service.
1038 the device from which this packet is expected to arrive.
1042 force the output device on which this packet will be routed.
1051 force the vrf device on which this packet will be routed.
1054 .BI ipproto " PROTOCOL"
1055 ip protocol as seen by the route lookup
1059 source port as seen by the route lookup
1063 destination port as seen by the route lookup
1067 if no source address
1068 .RB "(option " from ")"
1069 was given, relookup the route with the source set to the preferred
1070 address received from the first lookup.
1071 If policy routing is used, it may be a different route.
1074 Note that this operation is not equivalent to
1075 .BR "ip route show" .
1077 shows existing routes.
1079 resolves them and creates new clones if necessary. Essentially,
1081 is equivalent to sending a packet along this path.
1084 argument is not given, the kernel creates a route
1085 to output packets towards the requested destination.
1086 This is equivalent to pinging the destination
1088 .BR "ip route ls cache" ,
1089 however, no packets are actually sent. With the
1091 argument, the kernel pretends that a packet arrived from this interface
1092 and searches for a path to forward the packet.
1097 save routing table information to stdout
1099 This command behaves like
1101 except that the output is raw data suitable for passing to
1102 .BR "ip route restore" .
1107 restore routing table information from stdin
1109 This command expects to read a data stream as returned from
1110 .BR "ip route save" .
1111 It will attempt to restore the routing table information exactly as
1112 it was at the time of the save, so any translation of information
1113 in the stream (such as device indexes) must be done first. Any existing
1114 routes are left unchanged. Any routes specified in the data stream that
1115 already exist in the table will be ignored.
1119 Starting with Linux kernel version 3.6, there is no routing cache for IPv4
1121 .B "ip route show cached"
1122 will never print any entries on systems with this or newer kernel versions.
1128 Show all route entries in the kernel.
1131 ip route add default via 192.168.1.1 dev eth0
1133 Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can
1134 be reached on device eth0.
1137 ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
1139 Adds an ipv4 route with mpls encapsulation attributes attached to it.
1142 ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
1144 Adds an IPv6 route with SRv6 encapsulation and two segments attached.
1151 Original Manpage by Michail Litvak <mci@owl.openwall.com>