1IP-ROUTE(8) Linux IP-ROUTE(8)
2
6 ip-route - routing table management
7
9 ip [ ip-OPTIONS ] route { COMMAND | help }
10 ip route { show | flush } SELECTOR
13 ip route save SELECTOR
15 ip route restore
17 ip route get ROUTE_GET_FLAGS ADDRESS [ from ADDRESS iif STRING ] [ oif
19 STRING ] [ mark MARK ] [ tos TOS ] [ vrf NAME ] [ ipproto PRO‐
20 TOCOL ] [ sport NUMBER ] [ dport NUMBER ]
21 ip route { add | del | change | append | replace } ROUTE
23 SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table
25 TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type TYPE ] [ scope
26 SCOPE ]
27 ROUTE := NODE_SPEC [ INFO_SPEC ]
29 NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RT‐
31 PROTO ] [ scope SCOPE ] [ metric METRIC ] [ ttl-propagate { en‐
32 abled | disabled } ]
33 INFO_SPEC := { NH | nhid ID } OPTIONS FLAGS [ nexthop NH ] ...
35 NH := [ encap ENCAP ] [ via [ FAMILY ] ADDRESS ] [ dev STRING ] [
37 weight NUMBER ] NHFLAGS
38 FAMILY := [ inet | inet6 | mpls | bridge | link ]
40 OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
42 rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ] [ window NUM‐
43 BER ] [ cwnd NUMBER ] [ ssthresh NUMBER ] [ realms REALM ] [
44 rto_min TIME ] [ initcwnd NUMBER ] [ initrwnd NUMBER ] [ fea‐
45 tures FEATURES ] [ quickack BOOL ] [ congctl NAME ] [ pref PREF
46 ] [ expires TIME ] [ fastopen_no_cookie BOOL ]
47 TYPE := [ unicast | local | broadcast | multicast | throw | unreachable
49 | prohibit | blackhole | nat ]
50 TABLE_ID := [ local| main | default | all | NUMBER ]
52 SCOPE := [ host | link | global | NUMBER ]
54 NHFLAGS := [ onlink | pervasive ]
56 RTPROTO := [ kernel | boot | static | NUMBER ]
58 FEATURES := [ ecn | ]
60 PREF := [ low | medium | high ]
62 ENCAP := [ ENCAP_MPLS | ENCAP_IP | ENCAP_BPF | ENCAP_SEG6 | EN‐
64 CAP_SEG6LOCAL | ENCAP_IOAM6 ]
65 ENCAP_MPLS := mpls [ LABEL ] [ ttl TTL ]
67 ENCAP_IP := ip id TUNNEL_ID dst REMOTE_IP [ src SRC ] [ tos TOS ] [ ttl
69 TTL ]
70 ENCAP_BPF := bpf [ in PROG ] [ out PROG ] [ xmit PROG ] [ headroom SIZE
72 ]
73 ENCAP_SEG6 := seg6 mode [ encap | encap.red | inline | l2encap | l2en‐
75 cap.red ] segs SEGMENTS [ hmac KEYID ]
76 ENCAP_SEG6LOCAL := seg6local action SEG6_ACTION [ SEG6_ACTION_PARAM ] [
78 count ]
79 ENCAP_IOAM6 := ioam6 [ freq K/N ] mode [ inline | encap | auto ] [
81 tundst ADDRESS ] trace prealloc type IOAM6_TRACE_TYPE ns
82 IOAM6_NAMESPACE size IOAM6_TRACE_SIZE
83 ROUTE_GET_FLAGS := [ fibmatch ]
85
88 ip route is used to manipulate entries in the kernel routing tables.
89 Route types:
91 unicast - the route entry describes real paths to the destina‐
93 tions covered by the route prefix.
94 unreachable - these destinations are unreachable. Packets are
97 discarded and the ICMP message host unreachable is generated.
98 The local senders get an EHOSTUNREACH error.
99 blackhole - these destinations are unreachable. Packets are
102 discarded silently. The local senders get an EINVAL error.
103 prohibit - these destinations are unreachable. Packets are dis‐
106 carded and the ICMP message communication administratively pro‐
107 hibited is generated. The local senders get an EACCES error.
108 local - the destinations are assigned to this host. The packets
111 are looped back and delivered locally.
112 broadcast - the destinations are broadcast addresses. The pack‐
115 ets are sent as link broadcasts.
116 throw - a special control route used together with policy
119 rules. If such a route is selected, lookup in this table is
120 terminated pretending that no route was found. Without policy
121 routing it is equivalent to the absence of the route in the
122 routing table. The packets are dropped and the ICMP message net
123 unreachable is generated. The local senders get an ENETUNREACH
124 error.
125 nat - a special NAT route. Destinations covered by the prefix
128 are considered to be dummy (or external) addresses which re‐
129 quire translation to real (or internal) ones before forwarding.
130 The addresses to translate to are selected with the attribute
131 via. Warning: Route NAT is no longer supported in Linux 2.6.
132 anycast - not implemented the destinations are anycast ad‐
135 dresses assigned to this host. They are mainly equivalent to
136 local with one difference: such addresses are invalid when used
137 as the source address of any packet.
138 multicast - a special type used for multicast routing. It is
141 not present in normal routing tables.
142 Route tables: Linux-2.x can pack routes into several routing tables
145 identified by a number in the range from 1 to 2^32-1 or by name from
146 the file /etc/iproute2/rt_tables By default all normal routes are in‐
147 serted into the main table (ID 254) and the kernel only uses this table
148 when calculating routes. Values (0, 253, 254, and 255) are reserved
149 for built-in use.
150 Actually, one other table always exists, which is invisible but even
153 more important. It is the local table (ID 255). This table consists of
154 routes for local and broadcast addresses. The kernel maintains this ta‐
155 ble automatically and the administrator usually need not modify it or
156 even look at it.
157 The multiple routing tables enter the game when policy routing is used.
159 ip route add
162 add new route
163 ip route change
165 change route
166 ip route replace
168 change or add new one
169 to TYPE PREFIX (default)
171 the destination prefix of the route. If TYPE is omitted,
172 ip assumes type unicast. Other values of TYPE are listed
173 above. PREFIX is an IP or IPv6 address optionally fol‐
174 lowed by a slash and the prefix length. If the length of
175 the prefix is missing, ip assumes a full-length host
176 route. There is also a special PREFIX default - which is
177 equivalent to IP 0/0 or to IPv6 ::/0.
178 tos TOS
181 dsfield TOS
183 the Type Of Service (TOS) key. This key has no associated
184 mask and the longest match is understood as: First, com‐
185 pare the TOS of the route and of the packet. If they are
186 not equal, then the packet may still match a route with a
187 zero TOS. TOS is either an 8 bit hexadecimal number or
188 an identifier from /etc/iproute2/rt_dsfield.
189 metric NUMBER
192 preference NUMBER
194 the preference value of the route. NUMBER is an arbi‐
195 trary 32bit number, where routes with lower values are
196 preferred.
197 table TABLEID
200 the table to add this route to. TABLEID may be a number
201 or a string from the file /etc/iproute2/rt_tables. If
202 this parameter is omitted, ip assumes the main table,
203 with the exception of local, broadcast and nat routes,
204 which are put into the local table by default.
205 vrf NAME
208 the vrf name to add this route to. Implicitly means the
209 table associated with the VRF.
210 dev NAME
213 the output device name.
214 via [ FAMILY ] ADDRESS
217 the address of the nexthop router, in the address family
218 FAMILY. Actually, the sense of this field depends on the
219 route type. For normal unicast routes it is either the
220 true next hop router or, if it is a direct route in‐
221 stalled in BSD compatibility mode, it can be a local ad‐
222 dress of the interface. For NAT routes it is the first
223 address of the block of translated IP destinations.
224 src ADDRESS
227 the source address to prefer when sending to the destina‐
228 tions covered by the route prefix.
229 realm REALMID
232 the realm to which this route is assigned. REALMID may
233 be a number or a string from the file
234 /etc/iproute2/rt_realms.
235 mtu MTU
238 mtu lock MTU
240 the MTU along the path to the destination. If the modi‐
241 fier lock is not used, the MTU may be updated by the ker‐
242 nel due to Path MTU Discovery. If the modifier lock is
243 used, no path MTU discovery will be tried, all packets
244 will be sent without the DF bit in IPv4 case or frag‐
245 mented to MTU for IPv6.
246 window NUMBER
249 the maximal window for TCP to advertise to these destina‐
250 tions, measured in bytes. It limits maximal data bursts
251 that our TCP peers are allowed to send to us.
252 rtt TIME
255 the initial RTT ('Round Trip Time') estimate. If no suf‐
256 fix is specified the units are raw values passed directly
257 to the routing code to maintain compatibility with previ‐
258 ous releases. Otherwise if a suffix of s, sec or secs is
259 used to specify seconds and ms, msec or msecs to specify
260 milliseconds.
261 rttvar TIME (Linux 2.3.15+ only)
265 the initial RTT variance estimate. Values are specified
266 as with rtt above.
267 rto_min TIME (Linux 2.6.23+ only)
270 the minimum TCP Retransmission TimeOut to use when commu‐
271 nicating with this destination. Values are specified as
272 with rtt above.
273 ssthresh NUMBER (Linux 2.3.15+ only)
276 an estimate for the initial slow start threshold.
277 cwnd NUMBER (Linux 2.3.15+ only)
280 the clamp for congestion window. It is ignored if the
281 lock flag is not used.
282 initcwnd NUMBER (Linux 2.5.70+ only)
285 the initial congestion window size for connections to
286 this destination. Actual window size is this value mul‐
287 tiplied by the MSS (``Maximal Segment Size'') for same
288 connection. The default is zero, meaning to use the val‐
289 ues specified in RFC2414.
290 initrwnd NUMBER (Linux 2.6.33+ only)
293 the initial receive window size for connections to this
294 destination. Actual window size is this value multiplied
295 by the MSS of the connection. The default value is zero,
296 meaning to use Slow Start value.
297 features FEATURES (Linux3.18+only)
300 Enable or disable per-route features. Only available fea‐
301 ture at this time is ecn to enable explicit congestion
302 notification when initiating connections to the given
303 destination network. When responding to a connection re‐
304 quest from the given network, ecn will also be used even
305 if the net.ipv4.tcp_ecn sysctl is set to 0.
306 quickack BOOL (Linux 3.11+ only)
309 Enable or disable quick ack for connections to this des‐
310 tination.
311 fastopen_no_cookie BOOL (Linux 4.15+ only)
314 Enable TCP Fastopen without a cookie for connections to
315 this destination.
316 congctl NAME (Linux 3.20+ only)
319 congctl lock NAME (Linux 3.20+ only)
321 Sets a specific TCP congestion control algorithm only for
322 a given destination. If not specified, Linux keeps the
323 current global default TCP congestion control algorithm,
324 or the one set from the application. If the modifier lock
325 is not used, an application may nevertheless overwrite
326 the suggested congestion control algorithm for that des‐
327 tination. If the modifier lock is used, then an applica‐
328 tion is not allowed to overwrite the specified congestion
329 control algorithm for that destination, thus it will be
330 enforced/guaranteed to use the proposed algorithm.
331 advmss NUMBER (Linux 2.3.15+ only)
334 the MSS ('Maximal Segment Size') to advertise to these
335 destinations when establishing TCP connections. If it is
336 not given, Linux uses a default value calculated from the
337 first hop device MTU. (If the path to these destination
338 is asymmetric, this guess may be wrong.)
339 reordering NUMBER (Linux 2.3.15+ only)
342 Maximal reordering on the path to this destination. If
343 it is not given, Linux uses the value selected with
344 sysctl variable net/ipv4/tcp_reordering.
345 nexthop NEXTHOP
348 the nexthop of a multipath route. NEXTHOP is a complex
349 value with its own syntax similar to the top level argu‐
350 ment lists:
351 via [ FAMILY ] ADDRESS - is the nexthop router.
353 dev NAME - is the output device.
356 weight NUMBER - is a weight for this element of a
359 multipath route reflecting its relative bandwidth
360 or quality.
361 The internal buffer used in iproute2 limits the maximum
363 number of nexthops that may be specified in one go. If
364 only ADDRESS is given, the current buffer size allows for
365 144 IPv6 nexthops and 253 IPv4 ones. For IPv4, this ef‐
366 fectively limits the number of nexthops possible per
367 route. With IPv6, further nexthops may be appended to the
368 same route via ip route append command.
369 scope SCOPE_VAL
372 the scope of the destinations covered by the route pre‐
373 fix. SCOPE_VAL may be a number or a string from the file
374 /etc/iproute2/rt_scopes. If this parameter is omitted,
375 ip assumes scope global for all gatewayed unicast routes,
376 scope link for direct unicast and broadcast routes and
377 scope host for local routes.
378 protocol RTPROTO
381 the routing protocol identifier of this route. RTPROTO
382 may be a number or a string from the file
383 /etc/iproute2/rt_protos. If the routing protocol ID is
384 not given, ip assumes protocol boot (i.e. it assumes the
385 route was added by someone who doesn't understand what
386 they are doing). Several protocol values have a fixed in‐
387 terpretation. Namely:
388 redirect - the route was installed due to an ICMP
390 redirect.
391 kernel - the route was installed by the kernel
394 during autoconfiguration.
395 boot - the route was installed during the bootup
398 sequence. If a routing daemon starts, it will
399 purge all of them.
400 static - the route was installed by the adminis‐
403 trator to override dynamic routing. Routing dae‐
404 mon will respect them and, probably, even adver‐
405 tise them to its peers.
406 ra - the route was installed by Router Discovery
409 protocol.
410 The rest of the values are not reserved and the adminis‐
413 trator is free to assign (or not to assign) protocol
414 tags.
415 onlink pretend that the nexthop is directly attached to this
418 link, even if it does not match any interface prefix.
419 pref PREF
422 the IPv6 route preference. PREF is a string specifying
423 the route preference as defined in RFC4191 for Router
424 Discovery messages. Namely:
425 low - the route has a lowest priority
427 medium - the route has a default priority
430 high - the route has a highest priority
433 nhid ID
437 use nexthop object with given id as nexthop specifica‐
438 tion.
439 encap ENCAPTYPE ENCAPHDR
442 attach tunnel encapsulation attributes to this route.
443 ENCAPTYPE is a string specifying the supported encapsula‐
445 tion type. Namely:
446 mpls - encapsulation type MPLS
448 ip - IP encapsulation (Geneve, GRE, VXLAN, ...)
450 bpf - Execution of BPF program
452 seg6 - encapsulation type IPv6 Segment Routing
454 seg6local - local SRv6 segment processing
456 ioam6 - encapsulation type IPv6 IOAM
458 xfrm - encapsulation type XFRM
460 ENCAPHDR is a set of encapsulation attributes specific to
462 the ENCAPTYPE.
463 mpls
465 MPLSLABEL - mpls label stack with labels sepa‐
466 rated by /
467 ttl TTL - TTL to use for MPLS header or 0 to
470 inherit from IP header
471 ip
474 id TUNNEL_ID dst REMOTE_IP [ src SRC ] [ tos
475 TOS ] [ ttl TTL ] [ key ] [ csum ] [ seq ]
476 bpf
479 in PROG - BPF program to execute for incoming
480 packets
481 out PROG - BPF program to execute for outgoing
484 packets
485 xmit PROG - BPF program to execute for trans‐
488 mitted packets
489 headroom SIZE - Size of header BPF program will
492 attach (xmit)
493 seg6
496 mode inline - Directly insert Segment Routing
497 Header after IPv6 header
498 mode encap - Encapsulate packet in an outer
501 IPv6 header with SRH
502 mode encap.red - Encapsulate packet in an outer
505 IPv6 header with SRH applying the reduced seg‐
506 ment list. When there is only one segment and
507 the HMAC is not present, the SRH is omitted.
508 mode l2encap - Encapsulate ingress L2 frame
511 within an outer IPv6 header and SRH
512 mode l2encap.red - Encapsulate ingress L2 frame
515 within an outer IPv6 header and SRH applying
516 the reduced segment list. When there is only
517 one segment and the HMAC is not present, the
518 SRH is omitted.
519 SEGMENTS - List of comma-separated IPv6 ad‐
522 dresses
523 KEYID - Numerical value in decimal representa‐
526 tion. See ip-sr(8).
527 seg6local
530 SEG6_ACTION [ SEG6_ACTION_PARAM ] [ count ] -
531 Operation to perform on matching packets. The
532 optional count attribute is used to collect
533 statistics on the processing of actions. Three
534 counters are implemented: 1) packets correctly
535 processed; 2) bytes correctly processed; 3)
536 packets that cause a processing error (i.e.,
537 missing SID List, wrong SID List, etc). To re‐
538 trieve the counters related to an action use
539 the -s flag in the show command. The following
540 actions are currently supported (Linux 4.14+
541 only).
542 End [ flavors FLAVORS ] - Regular SRv6 pro‐
544 cessing as intermediate segment endpoint.
545 This action only accepts packets with a non-
546 zero Segments Left value. Other matching
547 packets are dropped. The presence of flavors
548 can change the regular processing of an End
549 behavior according to the user-provided Fla‐
550 vor operations and information carried in the
551 packet. See Flavors parameters section.
552 End.X nh6 NEXTHOP - Regular SRv6 processing
554 as intermediate segment endpoint. Addition‐
555 ally, forward processed packets to given
556 next-hop. This action only accepts packets
557 with a non-zero Segments Left value. Other
558 matching packets are dropped.
559 End.DX6 nh6 NEXTHOP - Decapsulate inner IPv6
561 packet and forward it to the specified next-
562 hop. If the argument is set to ::, then the
563 next-hop is selected according to the local
564 selection rules. This action only accepts
565 packets with either a zero Segments Left
566 value or no SRH at all, and an inner IPv6
567 packet. Other matching packets are dropped.
568 End.DT6 { table | vrftable } TABLEID - Decap‐
570 sulate the inner IPv6 packet and forward it
571 according to the specified lookup table.
572 TABLEID is either a number or a string from
573 the file /etc/iproute2/rt_tables. If
574 vrftable is used, the argument must be a VRF
575 device associated with the table id. More‐
576 over, the VRF table associated with the table
577 id must be configured with the VRF strict
578 mode turned on (net.vrf.strict_mode=1). This
579 action only accepts packets with either a
580 zero Segments Left value or no SRH at all,
581 and an inner IPv6 packet. Other matching
582 packets are dropped.
583 End.DT4 vrftable TABLEID - Decapsulate the
585 inner IPv4 packet and forward it according to
586 the specified lookup table. TABLEID is ei‐
587 ther a number or a string from the file
588 /etc/iproute2/rt_tables. The argument must
589 be a VRF device associated with the table id.
590 Moreover, the VRF table associated with the
591 table id must be configured with the VRF
592 strict mode turned on
593 (net.vrf.strict_mode=1). This action only ac‐
594 cepts packets with either a zero Segments
595 Left value or no SRH at all, and an inner
596 IPv4 packet. Other matching packets are
597 dropped.
598 End.DT46 vrftable TABLEID - Decapsulate the
600 inner IPv4 or IPv6 packet and forward it ac‐
601 cording to the specified lookup table.
602 TABLEID is either a number or a string from
603 the file /etc/iproute2/rt_tables. The argu‐
604 ment must be a VRF device associated with the
605 table id. Moreover, the VRF table associated
606 with the table id must be configured with the
607 VRF strict mode turned on
608 (net.vrf.strict_mode=1). This action only ac‐
609 cepts packets with either a zero Segments
610 Left value or no SRH at all, and an inner
611 IPv4 or IPv6 packet. Other matching packets
612 are dropped.
613 End.B6 srh segs SEGMENTS [ hmac KEYID ] - In‐
615 sert the specified SRH immediately after the
616 IPv6 header, update the DA with the first
617 segment of the newly inserted SRH, then for‐
618 ward the resulting packet. The original SRH
619 is not modified. This action only accepts
620 packets with a non-zero Segments Left value.
621 Other matching packets are dropped.
622 End.B6.Encaps srh segs SEGMENTS [ hmac KEYID
624 ] - Regular SRv6 processing as intermediate
625 segment endpoint. Additionally, encapsulate
626 the matching packet within an outer IPv6
627 header followed by the specified SRH. The
628 destination address of the outer IPv6 header
629 is set to the first segment of the new SRH.
630 The source address is set as described in ip-
631 sr(8).
632 Flavors parameters
634 The flavors represent additional operations
636 that can modify or extend a subset of the ex‐
637 isting behaviors.
638 flavors OPERATION[,OPERATION] [ATTRIBUTES]
640 OPERATION := { psp | usp | usd | next-
642 csid }
643 ATTRIBUTES := { KEY VALUE } [ ATTRIBUTES
645 ]
646 KEY := { lblen | nflen }
648 psp - The Penultimate Segment Pop (PSP)
650 copies the last SID from the SID List (car‐
651 ried by the outermost SRH) into the IPv6
652 Destination Address (DA) and removes (i.e.
653 pops) the SRH from the IPv6 header. The
654 PSP operation takes place only at a penul‐
655 timate SR Segment Endpoint node (e.g., the
656 Segment Left must be one) and does not hap‐
657 pen at non-penultimate endpoint nodes.
658 usp - Ultimate Segment Pop of the SRH (not
660 yet supported in kernel)
661 usd - Ultimate Segment Decapsulation (not
663 yet supported in kernel)
664 next-csid - The NEXT-C-SID mechanism offers
666 the possibility of encoding several SRv6
667 segments within a single 128 bit SID ad‐
668 dress. The NEXT-C-SID flavor can be config‐
669 ured to support user-provided Locator-Block
670 and Locator-Node Function lengths. If Loca‐
671 tor-Block and/or Locator-Node Function
672 lengths are not provided by the user during
673 configuration of an SRv6 End behavior in‐
674 stance with NEXT-C-SID flavor, the default
675 value is 32-bit for Locator-Block and
676 16-bit for Locator-Node Function.
677 lblen VALUE - defines the Locator-Block
679 length for NEXT-C-SID flavor. The Locator-
680 Block length must be greater than 0 and
681 evenly divisible by 8. This attribute can
682 be used only with NEXT-C-SID flavor.
683 nflen VALUE - defines the Locator-Node
685 Function length for NEXT-C-SID flavors. The
686 Locator-Node Function length must be
687 greater than 0 and evenly divisible by 8.
688 This attribute can be used only with NEXT-
689 C-SID flavor.
690 ioam6
692 freq K/N - Inject IOAM in K packets every N
693 packets (default is 1/1).
694 mode inline - Directly insert IOAM after IPv6
696 header (default mode).
697 mode encap - Encapsulate packet in an outer
700 IPv6 header with IOAM.
701 mode auto - Automatically use inline mode for
704 local packets and encap mode for in-transit
705 packets.
706 tundst ADDRESS - IPv6 address of the tunnel
709 destination (outer header), not used with in‐
710 line mode.
711 type IOAM6_TRACE_TYPE - List of IOAM data re‐
713 quired in the trace, represented by a bit‐
714 field (24 bits).
715 ns IOAM6_NAMESPACE - Numerical value to rep‐
718 resent an IOAM namespace. See ip-ioam(8).
719 size IOAM6_TRACE_SIZE - Size, in octets, of
722 the pre-allocated trace data block.
723 xfrm
725 if_id IF_ID [ link_dev LINK_DEV ]
726 expires TIME (Linux 4.4+ only)
730 the route will be deleted after the expires time. Only
731 support IPv6 at present.
732 ttl-propagate { enabled | disabled }
735 Control whether TTL should be propagated from any encap
736 into the un-encapsulated packet, overriding any global
737 configuration. Only supported for MPLS at present.
738 ip route delete
741 delete route
742 ip route del has the same arguments as ip route add, but their
743 semantics are a bit different.
744 Key values (to, tos, preference and table) select the route to
746 delete. If optional attributes are present, ip verifies that
747 they coincide with the attributes of the route to delete. If no
748 route with the given key and attributes was found, ip route del
749 fails.
750 ip route show
753 list routes
754 the command displays the contents of the routing tables or the
755 route(s) selected by some criteria.
756 to SELECTOR (default)
759 only select routes from the given range of destinations.
760 SELECTOR consists of an optional modifier (root, match or
761 exact) and a prefix. root PREFIX selects routes with
762 prefixes not shorter than PREFIX. F.e. root 0/0 selects
763 the entire routing table. match PREFIX selects routes
764 with prefixes not longer than PREFIX. F.e. match
765 10.0/16 selects 10.0/16, 10/8 and 0/0, but it does not
766 select 10.1/16 and 10.0.0/24. And exact PREFIX (or just
767 PREFIX) selects routes with this exact prefix. If neither
768 of these options are present, ip assumes root 0/0 i.e. it
769 lists the entire table.
770 tos TOS
773 dsfield TOS
775 only select routes with the given TOS.
776 table TABLEID
779 show the routes from this table(s). The default setting
780 is to show table main. TABLEID may either be the ID of a
781 real table or one of the special values:
782 all - list all of the tables.
784 cache - dump the routing cache.
786 vrf NAME
789 show the routes for the table associated with the vrf
790 name
791 cloned
794 cached list cloned routes i.e. routes which were dynamically
796 forked from other routes because some route attribute
797 (f.e. MTU) was updated. Actually, it is equivalent to
798 table cache.
799 from SELECTOR
802 the same syntax as for to, but it binds the source ad‐
803 dress range rather than destinations. Note that the from
804 option only works with cloned routes.
805 protocol RTPROTO
808 only list routes of this protocol.
809 scope SCOPE_VAL
812 only list routes with this scope.
813 type TYPE
816 only list routes of this type.
817 dev NAME
820 only list routes going via this device.
821 via [ FAMILY ] PREFIX
824 only list routes going via the nexthop routers selected
825 by PREFIX.
826 src PREFIX
829 only list routes with preferred source addresses selected
830 by PREFIX.
831 realm REALMID
834 realms FROMREALM/TOREALM
836 only list routes with these realms.
837 ip route flush
840 flush routing tables
841 this command flushes routes selected by some criteria.
842 The arguments have the same syntax and semantics as the argu‐
845 ments of ip route show, but routing tables are not listed but
846 purged. The only difference is the default action: show dumps
847 all the IP main routing table but flush prints the helper page.
848 With the -statistics option, the command becomes verbose. It
851 prints out the number of deleted routes and the number of rounds
852 made to flush the routing table. If the option is given twice,
853 ip route flush also dumps all the deleted routes in the format
854 described in the previous subsection.
855 ip route get
858 get a single route
859 this command gets a single route to a destination and prints its
860 contents exactly as the kernel sees it.
861 fibmatch
864 Return full fib lookup matched route. Default is to re‐
865 turn the resolved dst entry
866 to ADDRESS (default)
869 the destination address.
870 from ADDRESS
873 the source address.
874 tos TOS
877 dsfield TOS
879 the Type Of Service.
880 iif NAME
883 the device from which this packet is expected to arrive.
884 oif NAME
887 force the output device on which this packet will be
888 routed.
889 mark MARK
892 the firewall mark (fwmark)
893 vrf NAME
896 force the vrf device on which this packet will be routed.
897 ipproto PROTOCOL
900 ip protocol as seen by the route lookup
901 sport NUMBER
904 source port as seen by the route lookup
905 dport NUMBER
908 destination port as seen by the route lookup
909 connected
912 if no source address (option from) was given, relookup
913 the route with the source set to the preferred address
914 received from the first lookup. If policy routing is
915 used, it may be a different route.
916 Note that this operation is not equivalent to ip route show.
919 show shows existing routes. get resolves them and creates new
920 clones if necessary. Essentially, get is equivalent to sending a
921 packet along this path. If the iif argument is not given, the
922 kernel creates a route to output packets towards the requested
923 destination. This is equivalent to pinging the destination with
924 a subsequent ip route ls cache, however, no packets are actually
925 sent. With the iif argument, the kernel pretends that a packet
926 arrived from this interface and searches for a path to forward
927 the packet.
928 ip route save
931 save routing table information to stdout
932 This command behaves like ip route show except that the output
933 is raw data suitable for passing to ip route restore.
934 ip route restore
937 restore routing table information from stdin
938 This command expects to read a data stream as returned from ip
939 route save. It will attempt to restore the routing table infor‐
940 mation exactly as it was at the time of the save, so any trans‐
941 lation of information in the stream (such as device indexes)
942 must be done first. Any existing routes are left unchanged. Any
943 routes specified in the data stream that already exist in the
944 table will be ignored.
945
948 Starting with Linux kernel version 3.6, there is no routing cache for
949 IPv4 anymore. Hence ip route show cached will never print any entries
950 on systems with this or newer kernel versions.
951
954 ip ro
955 Show all route entries in the kernel.
956 ip route add default via 192.168.1.1 dev eth0
958 Adds a default route (for all addresses) via the local gateway
959 192.168.1.1 that can be reached on device eth0.
960 ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
962 Adds an ipv4 route with mpls encapsulation attributes attached to
963 it.
964 ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs
966 2001:db8:42::1,2001:db8:ffff::2 dev eth0
967 Adds an IPv6 route with SRv6 encapsulation and two segments at‐
968 tached.
969 ip -6 route add 2001:db8:1::/64 encap seg6local action End.DT46
971 vrftable 100 dev vrf100
972 Adds an IPv6 route with SRv6 decapsulation and forward with lookup
973 in VRF table.
974 ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors psp
976 dev eth0
977 Adds an IPv6 route with SRv6 End behavior with psp flavor enabled.
978 ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors
980 next-csid dev eth0
981 Adds an IPv6 route with SRv6 End behavior with next-csid flavor en‐
982 abled.
983 ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors
985 next-csid lblen 48 nflen 16 dev eth0
986 Adds an IPv6 route with SRv6 End behavior with next-csid flavor en‐
987 abled and user-provided Locator-Block and Locator-Node Function
988 lengths.
989 ip -6 route add 2001:db8:1::/64 encap ioam6 freq 2/5 mode encap tundst
991 2001:db8:42::1 trace prealloc type 0x800000 ns 1 size 12 dev eth0
992 Adds an IPv6 route with an IOAM Pre-allocated Trace encapsulation
993 (ip6ip6) that only includes the hop limit and the node id, config‐
994 ured for the IOAM namespace 1 and a pre-allocated data block of 12
995 octets (will be injected in 2 packets every 5 packets).
996 ip route add 10.1.1.0/30 nhid 10
998 Adds an ipv4 route using nexthop object with id 10.
999
1001 ip(8)
1002
1005 Original Manpage by Michail Litvak <mci@owl.openwall.com>
1006iproute2 13 Dec 2012 IP-ROUTE(8)