1IP-ROUTE(8) Linux IP-ROUTE(8)
2
6 ip-route - routing table management
7
9 ip [ ip-OPTIONS ] route { COMMAND | help }
10 ip route { show | flush } SELECTOR
13 ip route save SELECTOR
15 ip route restore
17 ip route get ROUTE_GET_FLAGS ADDRESS [ from ADDRESS iif STRING ] [ oif
19 STRING ] [ mark MARK ] [ tos TOS ] [ vrf NAME ] [ ipproto PRO‐
20 TOCOL ] [ sport NUMBER ] [ dport NUMBER ]
21 ip route { add | del | change | append | replace } ROUTE
23 SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table
25 TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type TYPE ] [ scope
26 SCOPE ]
27 ROUTE := NODE_SPEC [ INFO_SPEC ]
29 NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RT‐
31 PROTO ] [ scope SCOPE ] [ metric METRIC ] [ ttl-propagate { en‐
32 abled | disabled } ]
33 INFO_SPEC := { NH | nhid ID } OPTIONS FLAGS [ nexthop NH ] ...
35 NH := [ encap ENCAP ] [ via [ FAMILY ] ADDRESS ] [ dev STRING ] [
37 weight NUMBER ] NHFLAGS
38 FAMILY := [ inet | inet6 | mpls | bridge | link ]
40 OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
42 rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ] [ window NUM‐
43 BER ] [ cwnd NUMBER ] [ ssthresh NUMBER ] [ realms REALM ] [
44 rto_min TIME ] [ initcwnd NUMBER ] [ initrwnd NUMBER ] [ fea‐
45 tures FEATURES ] [ quickack BOOL ] [ congctl NAME ] [ pref PREF
46 ] [ expires TIME ] [ fastopen_no_cookie BOOL ]
47 TYPE := [ unicast | local | broadcast | multicast | throw | unreachable
49 | prohibit | blackhole | nat ]
50 TABLE_ID := [ local| main | default | all | NUMBER ]
52 SCOPE := [ host | link | global | NUMBER ]
54 NHFLAGS := [ onlink | pervasive ]
56 RTPROTO := [ kernel | boot | static | NUMBER ]
58 FEATURES := [ ecn | ]
60 PREF := [ low | medium | high ]
62 ENCAP := [ ENCAP_MPLS | ENCAP_IP | ENCAP_BPF | ENCAP_SEG6 | EN‐
64 CAP_SEG6LOCAL | ENCAP_IOAM6 ]
65 ENCAP_MPLS := mpls [ LABEL ] [ ttl TTL ]
67 ENCAP_IP := ip id TUNNEL_ID dst REMOTE_IP [ src SRC ] [ tos TOS ] [ ttl
69 TTL ]
70 ENCAP_BPF := bpf [ in PROG ] [ out PROG ] [ xmit PROG ] [ headroom SIZE
72 ]
73 ENCAP_SEG6 := seg6 mode [ encap | inline | l2encap ] segs SEGMENTS [
75 hmac KEYID ]
76 ENCAP_SEG6LOCAL := seg6local action SEG6_ACTION [ SEG6_ACTION_PARAM ] [
78 count ]
79 ENCAP_IOAM6 := ioam6 trace prealloc type IOAM6_TRACE_TYPE ns
81 IOAM6_NAMESPACE size IOAM6_TRACE_SIZE
82 ROUTE_GET_FLAGS := [ fibmatch ]
84
87 ip route is used to manipulate entries in the kernel routing tables.
88 Route types:
90 unicast - the route entry describes real paths to the destina‐
92 tions covered by the route prefix.
93 unreachable - these destinations are unreachable. Packets are
96 discarded and the ICMP message host unreachable is generated.
97 The local senders get an EHOSTUNREACH error.
98 blackhole - these destinations are unreachable. Packets are
101 discarded silently. The local senders get an EINVAL error.
102 prohibit - these destinations are unreachable. Packets are dis‐
105 carded and the ICMP message communication administratively pro‐
106 hibited is generated. The local senders get an EACCES error.
107 local - the destinations are assigned to this host. The packets
110 are looped back and delivered locally.
111 broadcast - the destinations are broadcast addresses. The pack‐
114 ets are sent as link broadcasts.
115 throw - a special control route used together with policy
118 rules. If such a route is selected, lookup in this table is
119 terminated pretending that no route was found. Without policy
120 routing it is equivalent to the absence of the route in the
121 routing table. The packets are dropped and the ICMP message net
122 unreachable is generated. The local senders get an ENETUNREACH
123 error.
124 nat - a special NAT route. Destinations covered by the prefix
127 are considered to be dummy (or external) addresses which re‐
128 quire translation to real (or internal) ones before forwarding.
129 The addresses to translate to are selected with the attribute
130 via. Warning: Route NAT is no longer supported in Linux 2.6.
131 anycast - not implemented the destinations are anycast ad‐
134 dresses assigned to this host. They are mainly equivalent to
135 local with one difference: such addresses are invalid when used
136 as the source address of any packet.
137 multicast - a special type used for multicast routing. It is
140 not present in normal routing tables.
141 Route tables: Linux-2.x can pack routes into several routing tables
144 identified by a number in the range from 1 to 2^32-1 or by name from
145 the file /etc/iproute2/rt_tables By default all normal routes are in‐
146 serted into the main table (ID 254) and the kernel only uses this table
147 when calculating routes. Values (0, 253, 254, and 255) are reserved
148 for built-in use.
149 Actually, one other table always exists, which is invisible but even
152 more important. It is the local table (ID 255). This table consists of
153 routes for local and broadcast addresses. The kernel maintains this ta‐
154 ble automatically and the administrator usually need not modify it or
155 even look at it.
156 The multiple routing tables enter the game when policy routing is used.
158 ip route add
161 add new route
162 ip route change
164 change route
165 ip route replace
167 change or add new one
168 to TYPE PREFIX (default)
170 the destination prefix of the route. If TYPE is omitted,
171 ip assumes type unicast. Other values of TYPE are listed
172 above. PREFIX is an IP or IPv6 address optionally fol‐
173 lowed by a slash and the prefix length. If the length of
174 the prefix is missing, ip assumes a full-length host
175 route. There is also a special PREFIX default - which is
176 equivalent to IP 0/0 or to IPv6 ::/0.
177 tos TOS
180 dsfield TOS
182 the Type Of Service (TOS) key. This key has no associated
183 mask and the longest match is understood as: First, com‐
184 pare the TOS of the route and of the packet. If they are
185 not equal, then the packet may still match a route with a
186 zero TOS. TOS is either an 8 bit hexadecimal number or
187 an identifier from /etc/iproute2/rt_dsfield.
188 metric NUMBER
191 preference NUMBER
193 the preference value of the route. NUMBER is an arbi‐
194 trary 32bit number, where routes with lower values are
195 preferred.
196 table TABLEID
199 the table to add this route to. TABLEID may be a number
200 or a string from the file /etc/iproute2/rt_tables. If
201 this parameter is omitted, ip assumes the main table,
202 with the exception of local, broadcast and nat routes,
203 which are put into the local table by default.
204 vrf NAME
207 the vrf name to add this route to. Implicitly means the
208 table associated with the VRF.
209 dev NAME
212 the output device name.
213 via [ FAMILY ] ADDRESS
216 the address of the nexthop router, in the address family
217 FAMILY. Actually, the sense of this field depends on the
218 route type. For normal unicast routes it is either the
219 true next hop router or, if it is a direct route in‐
220 stalled in BSD compatibility mode, it can be a local ad‐
221 dress of the interface. For NAT routes it is the first
222 address of the block of translated IP destinations.
223 src ADDRESS
226 the source address to prefer when sending to the destina‐
227 tions covered by the route prefix.
228 realm REALMID
231 the realm to which this route is assigned. REALMID may
232 be a number or a string from the file
233 /etc/iproute2/rt_realms.
234 mtu MTU
237 mtu lock MTU
239 the MTU along the path to the destination. If the modi‐
240 fier lock is not used, the MTU may be updated by the ker‐
241 nel due to Path MTU Discovery. If the modifier lock is
242 used, no path MTU discovery will be tried, all packets
243 will be sent without the DF bit in IPv4 case or frag‐
244 mented to MTU for IPv6.
245 window NUMBER
248 the maximal window for TCP to advertise to these destina‐
249 tions, measured in bytes. It limits maximal data bursts
250 that our TCP peers are allowed to send to us.
251 rtt TIME
254 the initial RTT ('Round Trip Time') estimate. If no suf‐
255 fix is specified the units are raw values passed directly
256 to the routing code to maintain compatibility with previ‐
257 ous releases. Otherwise if a suffix of s, sec or secs is
258 used to specify seconds and ms, msec or msecs to specify
259 milliseconds.
260 rttvar TIME (Linux 2.3.15+ only)
264 the initial RTT variance estimate. Values are specified
265 as with rtt above.
266 rto_min TIME (Linux 2.6.23+ only)
269 the minimum TCP Retransmission TimeOut to use when commu‐
270 nicating with this destination. Values are specified as
271 with rtt above.
272 ssthresh NUMBER (Linux 2.3.15+ only)
275 an estimate for the initial slow start threshold.
276 cwnd NUMBER (Linux 2.3.15+ only)
279 the clamp for congestion window. It is ignored if the
280 lock flag is not used.
281 initcwnd NUMBER (Linux 2.5.70+ only)
284 the initial congestion window size for connections to
285 this destination. Actual window size is this value mul‐
286 tiplied by the MSS (``Maximal Segment Size'') for same
287 connection. The default is zero, meaning to use the val‐
288 ues specified in RFC2414.
289 initrwnd NUMBER (Linux 2.6.33+ only)
292 the initial receive window size for connections to this
293 destination. Actual window size is this value multiplied
294 by the MSS of the connection. The default value is zero,
295 meaning to use Slow Start value.
296 features FEATURES (Linux3.18+only)
299 Enable or disable per-route features. Only available fea‐
300 ture at this time is ecn to enable explicit congestion
301 notification when initiating connections to the given
302 destination network. When responding to a connection re‐
303 quest from the given network, ecn will also be used even
304 if the net.ipv4.tcp_ecn sysctl is set to 0.
305 quickack BOOL (Linux 3.11+ only)
308 Enable or disable quick ack for connections to this des‐
309 tination.
310 fastopen_no_cookie BOOL (Linux 4.15+ only)
313 Enable TCP Fastopen without a cookie for connections to
314 this destination.
315 congctl NAME (Linux 3.20+ only)
318 congctl lock NAME (Linux 3.20+ only)
320 Sets a specific TCP congestion control algorithm only for
321 a given destination. If not specified, Linux keeps the
322 current global default TCP congestion control algorithm,
323 or the one set from the application. If the modifier lock
324 is not used, an application may nevertheless overwrite
325 the suggested congestion control algorithm for that des‐
326 tination. If the modifier lock is used, then an applica‐
327 tion is not allowed to overwrite the specified congestion
328 control algorithm for that destination, thus it will be
329 enforced/guaranteed to use the proposed algorithm.
330 advmss NUMBER (Linux 2.3.15+ only)
333 the MSS ('Maximal Segment Size') to advertise to these
334 destinations when establishing TCP connections. If it is
335 not given, Linux uses a default value calculated from the
336 first hop device MTU. (If the path to these destination
337 is asymmetric, this guess may be wrong.)
338 reordering NUMBER (Linux 2.3.15+ only)
341 Maximal reordering on the path to this destination. If
342 it is not given, Linux uses the value selected with
343 sysctl variable net/ipv4/tcp_reordering.
344 nexthop NEXTHOP
347 the nexthop of a multipath route. NEXTHOP is a complex
348 value with its own syntax similar to the top level argu‐
349 ment lists:
350 via [ FAMILY ] ADDRESS - is the nexthop router.
352 dev NAME - is the output device.
355 weight NUMBER - is a weight for this element of a
358 multipath route reflecting its relative bandwidth
359 or quality.
360 The internal buffer used in iproute2 limits the maximum
362 number of nexthops that may be specified in one go. If
363 only ADDRESS is given, the current buffer size allows for
364 144 IPv6 nexthops and 253 IPv4 ones. For IPv4, this ef‐
365 fectively limits the number of nexthops possible per
366 route. With IPv6, further nexthops may be appended to the
367 same route via ip route append command.
368 scope SCOPE_VAL
371 the scope of the destinations covered by the route pre‐
372 fix. SCOPE_VAL may be a number or a string from the file
373 /etc/iproute2/rt_scopes. If this parameter is omitted,
374 ip assumes scope global for all gatewayed unicast routes,
375 scope link for direct unicast and broadcast routes and
376 scope host for local routes.
377 protocol RTPROTO
380 the routing protocol identifier of this route. RTPROTO
381 may be a number or a string from the file
382 /etc/iproute2/rt_protos. If the routing protocol ID is
383 not given, ip assumes protocol boot (i.e. it assumes the
384 route was added by someone who doesn't understand what
385 they are doing). Several protocol values have a fixed in‐
386 terpretation. Namely:
387 redirect - the route was installed due to an ICMP
389 redirect.
390 kernel - the route was installed by the kernel
393 during autoconfiguration.
394 boot - the route was installed during the bootup
397 sequence. If a routing daemon starts, it will
398 purge all of them.
399 static - the route was installed by the adminis‐
402 trator to override dynamic routing. Routing dae‐
403 mon will respect them and, probably, even adver‐
404 tise them to its peers.
405 ra - the route was installed by Router Discovery
408 protocol.
409 The rest of the values are not reserved and the adminis‐
412 trator is free to assign (or not to assign) protocol
413 tags.
414 onlink pretend that the nexthop is directly attached to this
417 link, even if it does not match any interface prefix.
418 pref PREF
421 the IPv6 route preference. PREF is a string specifying
422 the route preference as defined in RFC4191 for Router
423 Discovery messages. Namely:
424 low - the route has a lowest priority
426 medium - the route has a default priority
429 high - the route has a highest priority
432 nhid ID
436 use nexthop object with given id as nexthop specifica‐
437 tion.
438 encap ENCAPTYPE ENCAPHDR
441 attach tunnel encapsulation attributes to this route.
442 ENCAPTYPE is a string specifying the supported encapsula‐
444 tion type. Namely:
445 mpls - encapsulation type MPLS
447 ip - IP encapsulation (Geneve, GRE, VXLAN, ...)
449 bpf - Execution of BPF program
451 seg6 - encapsulation type IPv6 Segment Routing
453 seg6local - local SRv6 segment processing
455 ioam6 - encapsulation type IPv6 IOAM
457 ENCAPHDR is a set of encapsulation attributes specific to
459 the ENCAPTYPE.
460 mpls
462 MPLSLABEL - mpls label stack with labels sepa‐
463 rated by /
464 ttl TTL - TTL to use for MPLS header or 0 to
467 inherit from IP header
468 ip
471 id TUNNEL_ID dst REMOTE_IP [ src SRC ] [ tos
472 TOS ] [ ttl TTL ] [ key ] [ csum ] [ seq ]
473 bpf
476 in PROG - BPF program to execute for incoming
477 packets
478 out PROG - BPF program to execute for outgoing
481 packets
482 xmit PROG - BPF program to execute for trans‐
485 mitted packets
486 headroom SIZE - Size of header BPF program will
489 attach (xmit)
490 seg6
493 mode inline - Directly insert Segment Routing
494 Header after IPv6 header
495 mode encap - Encapsulate packet in an outer
498 IPv6 header with SRH
499 mode l2encap - Encapsulate ingress L2 frame
502 within an outer IPv6 header and SRH
503 SEGMENTS - List of comma-separated IPv6 ad‐
506 dresses
507 KEYID - Numerical value in decimal representa‐
510 tion. See ip-sr(8).
511 seg6local
514 SEG6_ACTION [ SEG6_ACTION_PARAM ] [ count ] -
515 Operation to perform on matching packets. The
516 optional count attribute is used to collect
517 statistics on the processing of actions. Three
518 counters are implemented: 1) packets correctly
519 processed; 2) bytes correctly processed; 3)
520 packets that cause a processing error (i.e.,
521 missing SID List, wrong SID List, etc). To re‐
522 trieve the counters related to an action use
523 the -s flag in the show command. The following
524 actions are currently supported (Linux 4.14+
525 only).
526 End - Regular SRv6 processing as intermediate
528 segment endpoint. This action only accepts
529 packets with a non-zero Segments Left value.
530 Other matching packets are dropped.
531 End.X nh6 NEXTHOP - Regular SRv6 processing
533 as intermediate segment endpoint. Addition‐
534 ally, forward processed packets to given
535 next-hop. This action only accepts packets
536 with a non-zero Segments Left value. Other
537 matching packets are dropped.
538 End.DX6 nh6 NEXTHOP - Decapsulate inner IPv6
540 packet and forward it to the specified next-
541 hop. If the argument is set to ::, then the
542 next-hop is selected according to the local
543 selection rules. This action only accepts
544 packets with either a zero Segments Left
545 value or no SRH at all, and an inner IPv6
546 packet. Other matching packets are dropped.
547 End.DT6 { table | vrftable } TABLEID - Decap‐
549 sulate the inner IPv6 packet and forward it
550 according to the specified lookup table.
551 TABLEID is either a number or a string from
552 the file /etc/iproute2/rt_tables. If
553 vrftable is used, the argument must be a VRF
554 device associated with the table id. More‐
555 over, the VRF table associated with the table
556 id must be configured with the VRF strict
557 mode turned on (net.vrf.strict_mode=1). This
558 action only accepts packets with either a
559 zero Segments Left value or no SRH at all,
560 and an inner IPv6 packet. Other matching
561 packets are dropped.
562 End.DT4 vrftable TABLEID - Decapsulate the
564 inner IPv4 packet and forward it according to
565 the specified lookup table. TABLEID is ei‐
566 ther a number or a string from the file
567 /etc/iproute2/rt_tables. The argument must
568 be a VRF device associated with the table id.
569 Moreover, the VRF table associated with the
570 table id must be configured with the VRF
571 strict mode turned on
572 (net.vrf.strict_mode=1). This action only ac‐
573 cepts packets with either a zero Segments
574 Left value or no SRH at all, and an inner
575 IPv4 packet. Other matching packets are
576 dropped.
577 End.DT46 vrftable TABLEID - Decapsulate the
579 inner IPv4 or IPv6 packet and forward it ac‐
580 cording to the specified lookup table.
581 TABLEID is either a number or a string from
582 the file /etc/iproute2/rt_tables. The argu‐
583 ment must be a VRF device associated with the
584 table id. Moreover, the VRF table associated
585 with the table id must be configured with the
586 VRF strict mode turned on
587 (net.vrf.strict_mode=1). This action only ac‐
588 cepts packets with either a zero Segments
589 Left value or no SRH at all, and an inner
590 IPv4 or IPv6 packet. Other matching packets
591 are dropped.
592 End.B6 srh segs SEGMENTS [ hmac KEYID ] - In‐
594 sert the specified SRH immediately after the
595 IPv6 header, update the DA with the first
596 segment of the newly inserted SRH, then for‐
597 ward the resulting packet. The original SRH
598 is not modified. This action only accepts
599 packets with a non-zero Segments Left value.
600 Other matching packets are dropped.
601 End.B6.Encaps srh segs SEGMENTS [ hmac KEYID
603 ] - Regular SRv6 processing as intermediate
604 segment endpoint. Additionally, encapsulate
605 the matching packet within an outer IPv6
606 header followed by the specified SRH. The
607 destination address of the outer IPv6 header
608 is set to the first segment of the new SRH.
609 The source address is set as described in ip-
610 sr(8).
611 ioam6
613 IOAM6_TRACE_TYPE - List of IOAM data required
614 in the trace, represented by a bitfield (24
615 bits).
616 IOAM6_NAMESPACE - Numerical value to repre‐
619 sent an IOAM namespace. See ip-ioam(8).
620 IOAM6_TRACE_SIZE - Size, in octets, of the
623 pre-allocated trace data block.
624 expires TIME (Linux 4.4+ only)
628 the route will be deleted after the expires time. Only
629 support IPv6 at present.
630 ttl-propagate { enabled | disabled }
633 Control whether TTL should be propagated from any encap
634 into the un-encapsulated packet, overriding any global
635 configuration. Only supported for MPLS at present.
636 ip route delete
639 delete route
640 ip route del has the same arguments as ip route add, but their
641 semantics are a bit different.
642 Key values (to, tos, preference and table) select the route to
644 delete. If optional attributes are present, ip verifies that
645 they coincide with the attributes of the route to delete. If no
646 route with the given key and attributes was found, ip route del
647 fails.
648 ip route show
651 list routes
652 the command displays the contents of the routing tables or the
653 route(s) selected by some criteria.
654 to SELECTOR (default)
657 only select routes from the given range of destinations.
658 SELECTOR consists of an optional modifier (root, match or
659 exact) and a prefix. root PREFIX selects routes with
660 prefixes not shorter than PREFIX. F.e. root 0/0 selects
661 the entire routing table. match PREFIX selects routes
662 with prefixes not longer than PREFIX. F.e. match
663 10.0/16 selects 10.0/16, 10/8 and 0/0, but it does not
664 select 10.1/16 and 10.0.0/24. And exact PREFIX (or just
665 PREFIX) selects routes with this exact prefix. If neither
666 of these options are present, ip assumes root 0/0 i.e. it
667 lists the entire table.
668 tos TOS
671 dsfield TOS
673 only select routes with the given TOS.
674 table TABLEID
677 show the routes from this table(s). The default setting
678 is to show table main. TABLEID may either be the ID of a
679 real table or one of the special values:
680 all - list all of the tables.
682 cache - dump the routing cache.
684 vrf NAME
687 show the routes for the table associated with the vrf
688 name
689 cloned
692 cached list cloned routes i.e. routes which were dynamically
694 forked from other routes because some route attribute
695 (f.e. MTU) was updated. Actually, it is equivalent to
696 table cache.
697 from SELECTOR
700 the same syntax as for to, but it binds the source ad‐
701 dress range rather than destinations. Note that the from
702 option only works with cloned routes.
703 protocol RTPROTO
706 only list routes of this protocol.
707 scope SCOPE_VAL
710 only list routes with this scope.
711 type TYPE
714 only list routes of this type.
715 dev NAME
718 only list routes going via this device.
719 via [ FAMILY ] PREFIX
722 only list routes going via the nexthop routers selected
723 by PREFIX.
724 src PREFIX
727 only list routes with preferred source addresses selected
728 by PREFIX.
729 realm REALMID
732 realms FROMREALM/TOREALM
734 only list routes with these realms.
735 ip route flush
738 flush routing tables
739 this command flushes routes selected by some criteria.
740 The arguments have the same syntax and semantics as the argu‐
743 ments of ip route show, but routing tables are not listed but
744 purged. The only difference is the default action: show dumps
745 all the IP main routing table but flush prints the helper page.
746 With the -statistics option, the command becomes verbose. It
749 prints out the number of deleted routes and the number of rounds
750 made to flush the routing table. If the option is given twice,
751 ip route flush also dumps all the deleted routes in the format
752 described in the previous subsection.
753 ip route get
756 get a single route
757 this command gets a single route to a destination and prints its
758 contents exactly as the kernel sees it.
759 fibmatch
762 Return full fib lookup matched route. Default is to re‐
763 turn the resolved dst entry
764 to ADDRESS (default)
767 the destination address.
768 from ADDRESS
771 the source address.
772 tos TOS
775 dsfield TOS
777 the Type Of Service.
778 iif NAME
781 the device from which this packet is expected to arrive.
782 oif NAME
785 force the output device on which this packet will be
786 routed.
787 mark MARK
790 the firewall mark (fwmark)
791 vrf NAME
794 force the vrf device on which this packet will be routed.
795 ipproto PROTOCOL
798 ip protocol as seen by the route lookup
799 sport NUMBER
802 source port as seen by the route lookup
803 dport NUMBER
806 destination port as seen by the route lookup
807 connected
810 if no source address (option from) was given, relookup
811 the route with the source set to the preferred address
812 received from the first lookup. If policy routing is
813 used, it may be a different route.
814 Note that this operation is not equivalent to ip route show.
817 show shows existing routes. get resolves them and creates new
818 clones if necessary. Essentially, get is equivalent to sending a
819 packet along this path. If the iif argument is not given, the
820 kernel creates a route to output packets towards the requested
821 destination. This is equivalent to pinging the destination with
822 a subsequent ip route ls cache, however, no packets are actually
823 sent. With the iif argument, the kernel pretends that a packet
824 arrived from this interface and searches for a path to forward
825 the packet.
826 ip route save
829 save routing table information to stdout
830 This command behaves like ip route show except that the output
831 is raw data suitable for passing to ip route restore.
832 ip route restore
835 restore routing table information from stdin
836 This command expects to read a data stream as returned from ip
837 route save. It will attempt to restore the routing table infor‐
838 mation exactly as it was at the time of the save, so any trans‐
839 lation of information in the stream (such as device indexes)
840 must be done first. Any existing routes are left unchanged. Any
841 routes specified in the data stream that already exist in the
842 table will be ignored.
843
846 Starting with Linux kernel version 3.6, there is no routing cache for
847 IPv4 anymore. Hence ip route show cached will never print any entries
848 on systems with this or newer kernel versions.
849
852 ip ro
853 Show all route entries in the kernel.
854 ip route add default via 192.168.1.1 dev eth0
856 Adds a default route (for all addresses) via the local gateway
857 192.168.1.1 that can be reached on device eth0.
858 ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
860 Adds an ipv4 route with mpls encapsulation attributes attached to
861 it.
862 ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs
864 2001:db8:42::1,2001:db8:ffff::2 dev eth0
865 Adds an IPv6 route with SRv6 encapsulation and two segments at‐
866 tached.
867 ip -6 route add 2001:db8:1::/64 encap seg6local action End.DT46
869 vrftable 100 dev vrf100
870 Adds an IPv6 route with SRv6 decapsulation and forward with lookup
871 in VRF table.
872 ip -6 route add 2001:db8:1::/64 encap ioam6 trace prealloc type
874 0x800000 ns 1 size 12 dev eth0
875 Adds an IPv6 route with an IOAM Pre-allocated Trace encapsulation
876 that only includes the hop limit and the node id, configured for
877 the IOAM namespace 1 and a pre-allocated data block of 12 octets.
878 ip route add 10.1.1.0/30 nhid 10
880 Adds an ipv4 route using nexthop object with id 10.
881
883 ip(8)
884
887 Original Manpage by Michail Litvak <mci@owl.openwall.com>
888iproute2 13 Dec 2012 IP-ROUTE(8)