ip-route(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | NOTES | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON

IP-ROUTE(8)                       Linux                      IP-ROUTE(8)

NAME         top

       ip-route - routing table management

SYNOPSIS         top

       ip [ ip-OPTIONS ] route  { COMMAND | help }

       ip route { show | flush } SELECTOR

       ip route save SELECTOR

       ip route restore

       ip route get ROUTE_GET_FLAGS ADDRESS [ from ADDRESS iif STRING  ]
               [ oif STRING ] [ mark MARK ] [ tos TOS ] [ vrf NAME ] [
               ipproto PROTOCOL ] [ sport NUMBER ] [ dport NUMBER ]

       ip route { add | del | change | append | replace } ROUTE

       SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [
               table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type
               TYPE ] [ scope SCOPE ]

       ROUTE := NODE_SPEC [ INFO_SPEC ]

       NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [
               proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ] [ ttl-
               propagate { enabled | disabled } ]

       INFO_SPEC := { NH | nhid ID } OPTIONS FLAGS [ nexthop NH ] ...

       NH := [ encap ENCAP ] [ via [ FAMILY ] ADDRESS ] [ dev STRING ] [
               weight NUMBER ] NHFLAGS

       FAMILY := [ inet | inet6 | mpls | bridge | link ]

       OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ]
               ADDRESS ] rtt TIME ] [ rttvar TIME ] [ reordering NUMBER
               ] [ window NUMBER ] [ cwnd NUMBER ] [ ssthresh NUMBER ] [
               realms REALM ] [ rto_min TIME ] [ initcwnd NUMBER ] [
               initrwnd NUMBER ] [ features FEATURES ] [ quickack BOOL ]
               [ congctl NAME ] [ pref PREF ] [ expires TIME ] [
               fastopen_no_cookie BOOL ]

       TYPE := [ unicast | local | broadcast | multicast | throw |
               unreachable | prohibit | blackhole | nat ]

       TABLE_ID := [ local| main | default | all | NUMBER ]

       SCOPE := [ host | link | global | NUMBER ]

       NHFLAGS := [ onlink | pervasive ]

       RTPROTO := [ kernel | boot | static | NUMBER ]

       FEATURES := [ ecn | ]

       PREF := [ low | medium | high ]

       ENCAP := [ ENCAP_MPLS | ENCAP_IP | ENCAP_BPF | ENCAP_SEG6 |
               ENCAP_SEG6LOCAL | ENCAP_IOAM6 ]

       ENCAP_MPLS := mpls [ LABEL ] [ ttl TTL ]

       ENCAP_IP := ip id TUNNEL_ID dst REMOTE_IP [ src SRC ] [ tos TOS ]
               [ ttl TTL ]

       ENCAP_BPF := bpf [ in PROG ] [ out PROG ] [ xmit PROG ] [
               headroom SIZE ]

       ENCAP_SEG6 := seg6 mode [ encap | encap.red | inline | l2encap |
               l2encap.red ] segs SEGMENTS [ hmac KEYID ]

       ENCAP_SEG6LOCAL := seg6local action SEG6_ACTION [
               SEG6_ACTION_PARAM ] [ count ]

       ENCAP_IOAM6 := ioam6 [ freq K/N ] mode [ inline | encap | auto ]
               [ tundst ADDRESS ] trace prealloc type IOAM6_TRACE_TYPE
               ns IOAM6_NAMESPACE size IOAM6_TRACE_SIZE

       ROUTE_GET_FLAGS :=  [ fibmatch  ]

DESCRIPTION         top

       ip route is used to manipulate entries in the kernel routing
       tables.

       Route types:

               unicast - the route entry describes real paths to the
               destinations covered by the route prefix.

               unreachable - these destinations are unreachable. Packets
               are discarded and the ICMP message host unreachable is
               generated.  The local senders get an EHOSTUNREACH error.

               blackhole - these destinations are unreachable. Packets
               are discarded silently.  The local senders get an EINVAL
               error.

               prohibit - these destinations are unreachable. Packets
               are discarded and the ICMP message communication
               administratively prohibited is generated. The local
               senders get an EACCES error.

               local - the destinations are assigned to this host. The
               packets are looped back and delivered locally.

               broadcast - the destinations are broadcast addresses. The
               packets are sent as link broadcasts.

               throw - a special control route used together with policy
               rules. If such a route is selected, lookup in this table
               is terminated pretending that no route was found. Without
               policy routing it is equivalent to the absence of the
               route in the routing table. The packets are dropped and
               the ICMP message net unreachable is generated. The local
               senders get an ENETUNREACH error.

               nat - a special NAT route. Destinations covered by the
               prefix are considered to be dummy (or external) addresses
               which require translation to real (or internal) ones
               before forwarding. The addresses to translate to are
               selected with the attribute via.  Warning: Route NAT is
               no longer supported in Linux 2.6.

               anycast - not implemented the destinations are anycast
               addresses assigned to this host. They are mainly
               equivalent to local with one difference: such addresses
               are invalid when used as the source address of any
               packet.

               multicast - a special type used for multicast routing. It
               is not present in normal routing tables.

       Route tables: Linux-2.x can pack routes into several routing
       tables identified by a number in the range from 1 to 2^32-1 or by
       name from /usr/lib/iproute2/rt_tables or /etc/iproute2/rt_tables
       (has precedence if exists).  By default all normal routes are
       inserted into the main table (ID 254) and the kernel only uses
       this table when calculating routes.  Values (0, 253, 254, and
       255) are reserved for built-in use.

       Actually, one other table always exists, which is invisible but
       even more important. It is the local table (ID 255). This table
       consists of routes for local and broadcast addresses. The kernel
       maintains this table automatically and the administrator usually
       need not modify it or even look at it.

       The multiple routing tables enter the game when policy routing is
       used.

       ip route add
              add new route

       ip route change
              change route

       ip route replace
              change or add new one

              to TYPE PREFIX (default)
                     the destination prefix of the route. If TYPE is
                     omitted, ip assumes type unicast.  Other values of
                     TYPE are listed above.  PREFIX is an IP or IPv6
                     address optionally followed by a slash and the
                     prefix length. If the length of the prefix is
                     missing, ip assumes a full-length host route. There
                     is also a special PREFIX default - which is
                     equivalent to IP 0/0 or to IPv6 ::/0.

              tos TOS

              dsfield TOS
                     the Type Of Service (TOS) key. This key has no
                     associated mask and the longest match is understood
                     as: First, compare the TOS of the route and of the
                     packet. If they are not equal, then the packet may
                     still match a route with a zero TOS.  TOS is either
                     an 8 bit hexadecimal number or an identifier from
                     /usr/lib/iproute2/rt_dsfieldor
                     /etc/iproute2/rt_dsfield(hasprecedenceifexists).

              metric NUMBER

              preference NUMBER
                     the preference value of the route.  NUMBER is an
                     arbitrary 32bit number, where routes with lower
                     values are preferred.

              table TABLEID
                     the table to add this route to.  TABLEID may be a
                     number or a string from
                     /usr/lib/iproute2/rt_tablesor
                     /etc/iproute2/rt_tables(hasprecedenceifexists).  If
                     this parameter is omitted, ip assumes the main
                     table, with the exception of local, broadcast and
                     nat routes, which are put into the local table by
                     default.

              vrf NAME
                     the vrf name to add this route to. Implicitly means
                     the table associated with the VRF.

              dev NAME
                     the output device name.

              via [ FAMILY ] ADDRESS
                     the address of the nexthop router, in the address
                     family FAMILY.  Actually, the sense of this field
                     depends on the route type.  For normal unicast
                     routes it is either the true next hop router or, if
                     it is a direct route installed in BSD compatibility
                     mode, it can be a local address of the interface.
                     For NAT routes it is the first address of the block
                     of translated IP destinations.

              src ADDRESS
                     the source address to prefer when sending to the
                     destinations covered by the route prefix.

              realm REALMID
                     the realm to which this route is assigned.  REALMID
                     may be a number or a string from
                     /usr/lib/iproute2/rt_realmsor
                     /etc/iproute2/rt_realms(hasprecedenceifexists).

              mtu MTU

              mtu lock MTU
                     the MTU along the path to the destination. If the
                     modifier lock is not used, the MTU may be updated
                     by the kernel due to Path MTU Discovery. If the
                     modifier lock is used, no path MTU discovery will
                     be tried, all packets will be sent without the DF
                     bit in IPv4 case or fragmented to MTU for IPv6.

              window NUMBER
                     the maximal window for TCP to advertise to these
                     destinations, measured in bytes. It limits maximal
                     data bursts that our TCP peers are allowed to send
                     to us.

              rtt TIME
                     the initial RTT ('Round Trip Time') estimate. If no
                     suffix is specified the units are raw values passed
                     directly to the routing code to maintain
                     compatibility with previous releases.  Otherwise if
                     a suffix of s, sec or secs is used to specify
                     seconds and ms, msec or msecs to specify
                     milliseconds.

              rttvar TIME (Linux 2.3.15+ only)
                     the initial RTT variance estimate. Values are
                     specified as with rtt above.

              rto_min TIME (Linux 2.6.23+ only)
                     the minimum TCP Retransmission TimeOut to use when
                     communicating with this destination. Values are
                     specified as with rtt above.

              ssthresh NUMBER (Linux 2.3.15+ only)
                     an estimate for the initial slow start threshold.

              cwnd NUMBER (Linux 2.3.15+ only)
                     the clamp for congestion window. It is ignored if
                     the lock flag is not used.

              initcwnd NUMBER (Linux 2.5.70+ only)
                     the initial congestion window size for connections
                     to this destination.  Actual window size is this
                     value multiplied by the MSS (``Maximal Segment
                     Size'') for same connection. The default is zero,
                     meaning to use the values specified in RFC2414.

              initrwnd NUMBER (Linux 2.6.33+ only)
                     the initial receive window size for connections to
                     this destination.  Actual window size is this value
                     multiplied by the MSS of the connection.  The
                     default value is zero, meaning to use Slow Start
                     value.

              features FEATURES (Linux3.18+only)
                     Enable or disable per-route features. Only
                     available feature at this time is ecn to enable
                     explicit congestion notification when initiating
                     connections to the given destination network.  When
                     responding to a connection request from the given
                     network, ecn will also be used even if the
                     net.ipv4.tcp_ecn sysctl is set to 0.

              quickack BOOL (Linux 3.11+ only)
                     Enable or disable quick ack for connections to this
                     destination.

              fastopen_no_cookie BOOL (Linux 4.15+ only)
                     Enable TCP Fastopen without a cookie for
                     connections to this destination.

              congctl NAME (Linux 3.20+ only)

              congctl lock NAME (Linux 3.20+ only)
                     Sets a specific TCP congestion control algorithm
                     only for a given destination.  If not specified,
                     Linux keeps the current global default TCP
                     congestion control algorithm, or the one set from
                     the application. If the modifier lock is not used,
                     an application may nevertheless overwrite the
                     suggested congestion control algorithm for that
                     destination. If the modifier lock is used, then an
                     application is not allowed to overwrite the
                     specified congestion control algorithm for that
                     destination, thus it will be enforced/guaranteed to
                     use the proposed algorithm.

              advmss NUMBER (Linux 2.3.15+ only)
                     the MSS ('Maximal Segment Size') to advertise to
                     these destinations when establishing TCP
                     connections. If it is not given, Linux uses a
                     default value calculated from the first hop device
                     MTU.  (If the path to these destination is
                     asymmetric, this guess may be wrong.)

              reordering NUMBER (Linux 2.3.15+ only)
                     Maximal reordering on the path to this destination.
                     If it is not given, Linux uses the value selected
                     with sysctl variable net/ipv4/tcp_reordering.

              nexthop NEXTHOP
                     the nexthop of a multipath route.  NEXTHOP is a
                     complex value with its own syntax similar to the
                     top level argument lists:

                             via [ FAMILY ] ADDRESS - is the nexthop
                             router.

                             dev NAME - is the output device.

                             weight NUMBER - is a weight for this
                             element of a multipath route reflecting its
                             relative bandwidth or quality.

                     The internal buffer used in iproute2 limits the
                     maximum number of nexthops that may be specified in
                     one go. If only ADDRESS is given, the current
                     buffer size allows for 144 IPv6 nexthops and 253
                     IPv4 ones. For IPv4, this effectively limits the
                     number of nexthops possible per route. With IPv6,
                     further nexthops may be appended to the same route
                     via ip route append command.

              scope SCOPE_VAL
                     the scope of the destinations covered by the route
                     prefix.  SCOPE_VAL may be a number or a string from
                     /usr/lib/iproute2/rt_scopesor
                     /etc/iproute2/rt_scopes(hasprecedenceifexists).  If
                     this parameter is omitted, ip assumes scope global
                     for all gatewayed unicast routes, scope link for
                     direct unicast and broadcast routes and scope host
                     for local routes.

              protocol RTPROTO
                     the routing protocol identifier of this route.
                     RTPROTO may be a number or a string from
                     /etc/iproute2/rt_protosor
                     /etc/iproute2/rt_protos(hasprecedenceifexists).  If
                     the routing protocol ID is not given, ip assumes
                     protocol boot (i.e. it assumes the route was added
                     by someone who doesn't understand what they are
                     doing). Several protocol values have a fixed
                     interpretation.  Namely:

                             redirect - the route was installed due to
                             an ICMP redirect.

                             kernel - the route was installed by the
                             kernel during autoconfiguration.

                             boot - the route was installed during the
                             bootup sequence.  If a routing daemon
                             starts, it will purge all of them.

                             static - the route was installed by the
                             administrator to override dynamic routing.
                             Routing daemon will respect them and,
                             probably, even advertise them to its peers.

                             ra - the route was installed by Router
                             Discovery protocol.

                     The rest of the values are not reserved and the
                     administrator is free to assign (or not to assign)
                     protocol tags.

              onlink pretend that the nexthop is directly attached to
                     this link, even if it does not match any interface
                     prefix.

              pref PREF
                     the IPv6 route preference.  PREF is a string
                     specifying the route preference as defined in
                     RFC4191 for Router Discovery messages. Namely:

                             low - the route has a lowest priority

                             medium - the route has a default priority

                             high - the route has a highest priority

              nhid ID
                     use nexthop object with given id as nexthop
                     specification.

              encap ENCAPTYPE ENCAPHDR
                     attach tunnel encapsulation attributes to this
                     route.

                     ENCAPTYPE is a string specifying the supported
                     encapsulation type. Namely:

                             mpls - encapsulation type MPLS

                             ip - IP encapsulation (Geneve, GRE, VXLAN,
                             ...)

                             bpf - Execution of BPF program

                             seg6 - encapsulation type IPv6 Segment
                             Routing

                             seg6local - local SRv6 segment processing

                             ioam6 - encapsulation type IPv6 IOAM

                             xfrm - encapsulation type XFRM

                     ENCAPHDR is a set of encapsulation attributes
                     specific to the ENCAPTYPE.

                             mpls
                               MPLSLABEL - mpls label stack with labels
                               separated by /

                               ttl TTL - TTL to use for MPLS header or 0
                               to inherit from IP header

                             ip
                               id TUNNEL_ID dst REMOTE_IP [ src SRC ] [
                               tos TOS ] [ ttl TTL ] [ key ] [ csum ] [
                               seq ]

                             bpf
                               in PROG - BPF program to execute for
                               incoming packets

                               out PROG - BPF program to execute for
                               outgoing packets

                               xmit PROG - BPF program to execute for
                               transmitted packets

                               headroom SIZE - Size of header BPF
                               program will attach (xmit)

                             seg6
                               mode inline - Directly insert Segment
                               Routing Header after IPv6 header

                               mode encap - Encapsulate packet in an
                               outer IPv6 header with SRH

                               mode encap.red - Encapsulate packet in an
                               outer IPv6 header with SRH applying the
                               reduced segment list. When there is only
                               one segment and the HMAC is not present,
                               the SRH is omitted.

                               mode l2encap - Encapsulate ingress L2
                               frame within an outer IPv6 header and SRH

                               mode l2encap.red - Encapsulate ingress L2
                               frame within an outer IPv6 header and SRH
                               applying the reduced segment list. When
                               there is only one segment and the HMAC is
                               not present, the SRH is omitted.

                               SEGMENTS - List of comma-separated IPv6
                               addresses

                               KEYID - Numerical value in decimal
                               representation. See ip-sr(8).

                             seg6local
                               SEG6_ACTION [ SEG6_ACTION_PARAM ] [ count
                               ] - Operation to perform on matching
                               packets. The optional count attribute is
                               used to collect statistics on the
                               processing of actions.  Three counters
                               are implemented: 1) packets correctly
                               processed; 2) bytes correctly processed;
                               3) packets that cause a processing error
                               (i.e., missing SID List, wrong SID List,
                               etc). To retrieve the counters related to
                               an action use the -s flag in the show
                               command.  The following actions are
                               currently supported (Linux 4.14+ only).

                                 End [ flavors FLAVORS ] - Regular SRv6
                                 processing as intermediate segment
                                 endpoint.  This action only accepts
                                 packets with a non-zero Segments Left
                                 value. Other matching packets are
                                 dropped. The presence of flavors can
                                 change the regular processing of an End
                                 behavior according to the user-provided
                                 Flavor operations and information
                                 carried in the packet.  See Flavors
                                 parameters section.

                                 End.X nh6 NEXTHOP [ flavors FLAVORS ] -
                                 Regular SRv6 processing as intermediate
                                 segment endpoint.  Additionally,
                                 forward processed packets to given
                                 next-hop.  This action only accepts
                                 packets with a non-zero Segments Left
                                 value. Other matching packets are
                                 dropped. The presence of flavors can
                                 change the regular processing of an
                                 End.X behavior according to the user-
                                 provided Flavor operations and
                                 information carried in the packet.  See
                                 Flavors parameters section.

                                 End.DX6 nh6 NEXTHOP - Decapsulate inner
                                 IPv6 packet and forward it to the
                                 specified next-hop. If the argument is
                                 set to ::, then the next-hop is
                                 selected according to the local
                                 selection rules. This action only
                                 accepts packets with either a zero
                                 Segments Left value or no SRH at all,
                                 and an inner IPv6 packet. Other
                                 matching packets are dropped.

                                 End.DT6 { table | vrftable } TABLEID -
                                 Decapsulate the inner IPv6 packet and
                                 forward it according to the specified
                                 lookup table.  TABLEID is either a
                                 number or a string from
                                 /usr/lib/iproute2/rt_tablesor
                                 /etc/iproute2/rt_tables(hasprecedenceifexists).
                                 If vrftable is used, the argument must
                                 be a VRF device associated with the
                                 table id. Moreover, the VRF table
                                 associated with the table id must be
                                 configured with the VRF strict mode
                                 turned on (net.vrf.strict_mode=1). This
                                 action only accepts packets with either
                                 a zero Segments Left value or no SRH at
                                 all, and an inner IPv6 packet. Other
                                 matching packets are dropped.

                                 End.DT4 vrftable TABLEID - Decapsulate
                                 the inner IPv4 packet and forward it
                                 according to the specified lookup
                                 table.  TABLEID is either a number or a
                                 string from
                                 /usr/lib/iproute2/rt_tablesor
                                 /etc/iproute2/rt_tables(hasprecedenceifexists).
                                 The argument must be a VRF device
                                 associated with the table id.
                                 Moreover, the VRF table associated with
                                 the table id must be configured with
                                 the VRF strict mode turned on
                                 (net.vrf.strict_mode=1). This action
                                 only accepts packets with either a zero
                                 Segments Left value or no SRH at all,
                                 and an inner IPv4 packet. Other
                                 matching packets are dropped.

                                 End.DT46 vrftable TABLEID - Decapsulate
                                 the inner IPv4 or IPv6 packet and
                                 forward it according to the specified
                                 lookup table.  TABLEID is either a
                                 number or a string from
                                 /usr/lib/iproute2/rt_tablesor
                                 /etc/iproute2/rt_tables(hasprecedenceifexists).
                                 The argument must be a VRF device
                                 associated with the table id.
                                 Moreover, the VRF table associated with
                                 the table id must be configured with
                                 the VRF strict mode turned on
                                 (net.vrf.strict_mode=1). This action
                                 only accepts packets with either a zero
                                 Segments Left value or no SRH at all,
                                 and an inner IPv4 or IPv6 packet. Other
                                 matching packets are dropped.

                                 End.B6 srh segs SEGMENTS [ hmac KEYID ]
                                 - Insert the specified SRH immediately
                                 after the IPv6 header, update the DA
                                 with the first segment of the newly
                                 inserted SRH, then forward the
                                 resulting packet. The original SRH is
                                 not modified. This action only accepts
                                 packets with a non-zero Segments Left
                                 value. Other matching packets are
                                 dropped.

                                 End.B6.Encaps srh segs SEGMENTS [ hmac
                                 KEYID ] - Regular SRv6 processing as
                                 intermediate segment endpoint.
                                 Additionally, encapsulate the matching
                                 packet within an outer IPv6 header
                                 followed by the specified SRH. The
                                 destination address of the outer IPv6
                                 header is set to the first segment of
                                 the new SRH. The source address is set
                                 as described in ip-sr(8).

                                 Flavors parameters

                                 The flavors represent additional
                                 operations that can modify or extend a
                                 subset of the existing behaviors.

                                   flavors OPERATION[,OPERATION]
                                   [ATTRIBUTES]

                                     OPERATION := { psp | usp | usd |
                                     next-csid }

                                     ATTRIBUTES := { KEY VALUE } [
                                     ATTRIBUTES ]

                                     KEY := { lblen | nflen }

                                   psp - The Penultimate Segment Pop
                                   (PSP) copies the last SID from the
                                   SID List (carried by the outermost
                                   SRH) into the IPv6 Destination
                                   Address (DA) and removes (i.e. pops)
                                   the SRH from the IPv6 header.  The
                                   PSP operation takes place only at a
                                   penultimate SR Segment Endpoint node
                                   (e.g., the Segment Left must be one)
                                   and does not happen at non-
                                   penultimate endpoint nodes. This
                                   flavor is currently only supported by
                                   End behavior.

                                   usp - Ultimate Segment Pop of the SRH
                                   (not yet supported in kernel)

                                   usd - Ultimate Segment Decapsulation
                                   (not yet supported in kernel)

                                   next-csid - The NEXT-C-SID mechanism
                                   offers the possibility of encoding
                                   several SRv6 segments within a single
                                   128 bit SID address. The NEXT-C-SID
                                   flavor can be configured to support
                                   user-provided Locator-Block and
                                   Locator-Node Function lengths. If
                                   Locator-Block and/or Locator-Node
                                   Function lengths are not provided by
                                   the user during configuration of an
                                   SRv6 End behavior instance with NEXT-
                                   C-SID flavor, the default value is
                                   32-bit for Locator-Block and 16-bit
                                   for Locator-Node Function.

                                   lblen VALUE - defines the Locator-
                                   Block length for NEXT-C-SID flavor.
                                   The Locator-Block length must be
                                   greater than 0 and evenly divisible
                                   by 8. This attribute can be used only
                                   with NEXT-C-SID flavor.

                                   nflen VALUE - defines the Locator-
                                   Node Function length for NEXT-C-SID
                                   flavors. The Locator-Node Function
                                   length must be greater than 0 and
                                   evenly divisible by 8. This attribute
                                   can be used only with NEXT-C-SID
                                   flavor.

                               ioam6
                                 freq K/N - Inject IOAM in K packets
                                 every N packets (default is 1/1).

                                 mode inline - Directly insert IOAM
                                 after IPv6 header (default mode).

                                 mode encap - Encapsulate packet in an
                                 outer IPv6 header with IOAM.

                                 mode auto - Automatically use inline
                                 mode for local packets and encap mode
                                 for in-transit packets.

                                 tundst ADDRESS - IPv6 address of the
                                 tunnel destination (outer header), not
                                 used with inline mode.

                                 type IOAM6_TRACE_TYPE - List of IOAM
                                 data required in the trace, represented
                                 by a bitfield (24 bits).

                                 ns IOAM6_NAMESPACE - Numerical value to
                                 represent an IOAM namespace. See
                                 ip-ioam(8).

                                 size IOAM6_TRACE_SIZE - Size, in
                                 octets, of the pre-allocated trace data
                                 block.

                               xfrm
                                 if_id IF_ID  [ link_dev LINK_DEV ]

              expires TIME (Linux 4.4+ only)
                     the route will be deleted after the expires time.
                     Only support IPv6 at present.

              ttl-propagate { enabled | disabled }
                     Control whether TTL should be propagated from any
                     encap into the un-encapsulated packet, overriding
                     any global configuration. Only supported for MPLS
                     at present.

       ip route delete
              delete route
              ip route del has the same arguments as ip route add, but
              their semantics are a bit different.

              Key values (to, tos, preference and table) select the
              route to delete. If optional attributes are present, ip
              verifies that they coincide with the attributes of the
              route to delete.  If no route with the given key and
              attributes was found, ip route del fails.

       ip route show
              list routes
              the command displays the contents of the routing tables or
              the route(s) selected by some criteria.

              to SELECTOR (default)
                     only select routes from the given range of
                     destinations.  SELECTOR consists of an optional
                     modifier (root, match or exact) and a prefix.  root
                     PREFIX selects routes with prefixes not shorter
                     than PREFIX.  F.e.  root 0/0 selects the entire
                     routing table.  match PREFIX selects routes with
                     prefixes not longer than PREFIX.  F.e.  match
                     10.0/16 selects 10.0/16, 10/8 and 0/0, but it does
                     not select 10.1/16 and 10.0.0/24.  And exact PREFIX
                     (or just PREFIX) selects routes with this exact
                     prefix. If neither of these options are present, ip
                     assumes root 0/0 i.e. it lists the entire table.

              tos TOS

              dsfield TOS
                     only select routes with the given TOS.

              table TABLEID
                     show the routes from this table(s). The default
                     setting is to show table main.  TABLEID may either
                     be the ID of a real table or one of the special
                     values:

                             all - list all of the tables.

                             cache - dump the routing cache.

              vrf NAME
                     show the routes for the table associated with the
                     vrf name

              cloned

              cached list cloned routes i.e. routes which were
                     dynamically forked from other routes because some
                     route attribute (f.e. MTU) was updated.  Actually,
                     it is equivalent to table cache.

              from SELECTOR
                     the same syntax as for to, but it binds the source
                     address range rather than destinations.  Note that
                     the from option only works with cloned routes.

              protocol RTPROTO
                     only list routes of this protocol.

              scope SCOPE_VAL
                     only list routes with this scope.

              type TYPE
                     only list routes of this type.

              dev NAME
                     only list routes going via this device.

              via [ FAMILY ] PREFIX
                     only list routes going via the nexthop routers
                     selected by PREFIX.

              src PREFIX
                     only list routes with preferred source addresses
                     selected by PREFIX.

              realm REALMID

              realms FROMREALM/TOREALM
                     only list routes with these realms.

       ip route flush
              flush routing tables
              this command flushes routes selected by some criteria.

              The arguments have the same syntax and semantics as the
              arguments of ip route show, but routing tables are not
              listed but purged. The only difference is the default
              action: show dumps all the IP main routing table but flush
              prints the helper page.

              With the -statistics option, the command becomes verbose.
              It prints out the number of deleted routes and the number
              of rounds made to flush the routing table. If the option
              is given twice, ip route flush also dumps all the deleted
              routes in the format described in the previous subsection.

       ip route get
              get a single route
              this command gets a single route to a destination and
              prints its contents exactly as the kernel sees it.

              fibmatch
                     Return full fib lookup matched route. Default is to
                     return the resolved dst entry

              to ADDRESS (default)
                     the destination address.

              from ADDRESS
                     the source address.

              tos TOS

              dsfield TOS
                     the Type Of Service.

              iif NAME
                     the device from which this packet is expected to
                     arrive.

              oif NAME
                     force the output device on which this packet will
                     be routed.

              mark MARK
                     the firewall mark (fwmark)

              vrf NAME
                     force the vrf device on which this packet will be
                     routed.

              ipproto PROTOCOL
                     ip protocol as seen by the route lookup

              sport NUMBER
                     source port as seen by the route lookup

              dport NUMBER
                     destination port as seen by the route lookup

              connected
                     if no source address (option from) was given,
                     relookup the route with the source set to the
                     preferred address received from the first lookup.
                     If policy routing is used, it may be a different
                     route.

              Note that this operation is not equivalent to ip route
              show.  show shows existing routes.  get resolves them and
              creates new clones if necessary. Essentially, get is
              equivalent to sending a packet along this path.  If the
              iif argument is not given, the kernel creates a route to
              output packets towards the requested destination.  This is
              equivalent to pinging the destination with a subsequent ip
              route ls cache, however, no packets are actually sent.
              With the iif argument, the kernel pretends that a packet
              arrived from this interface and searches for a path to
              forward the packet.

       ip route save
              save routing table information to stdout
              This command behaves like ip route show except that the
              output is raw data suitable for passing to ip route
              restore.

       ip route restore
              restore routing table information from stdin
              This command expects to read a data stream as returned
              from ip route save.  It will attempt to restore the
              routing table information exactly as it was at the time of
              the save, so any translation of information in the stream
              (such as device indexes) must be done first. Any existing
              routes are left unchanged. Any routes specified in the
              data stream that already exist in the table will be
              ignored.

NOTES         top

       Starting with Linux kernel version 3.6, there is no routing cache
       for IPv4 anymore. Hence ip route show cached will never print any
       entries on systems with this or newer kernel versions.

EXAMPLES         top

       ip ro
           Show all route entries in the kernel.

       ip route add default via 192.168.1.1 dev eth0
           Adds a default route (for all addresses) via the local
           gateway 192.168.1.1 that can be reached on device eth0.

       ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
           Adds an ipv4 route with mpls encapsulation attributes
           attached to it.

       ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs
       2001:db8:42::1,2001:db8:ffff::2 dev eth0
           Adds an IPv6 route with SRv6 encapsulation and two segments
           attached.

       ip -6 route add 2001:db8:1::/64 encap seg6local action End.DT46
       vrftable 100 dev vrf100
           Adds an IPv6 route with SRv6 decapsulation and forward with
           lookup in VRF table.

       ip -6 route add 2001:db8:1::/64 encap seg6local action End
       flavors psp dev eth0
           Adds an IPv6 route with SRv6 End behavior with psp flavor
           enabled.

       ip -6 route add 2001:db8:1::/64 encap seg6local action End
       flavors next-csid dev eth0
           Adds an IPv6 route with SRv6 End behavior with next-csid
           flavor enabled.

       ip -6 route add 2001:db8:1::/64 encap seg6local action End
       flavors next-csid lblen 48 nflen 16 dev eth0
           Adds an IPv6 route with SRv6 End behavior with next-csid
           flavor enabled and user-provided Locator-Block and Locator-
           Node Function lengths.

       ip -6 route add 2001:db8:1::/64 encap ioam6 freq 2/5 mode encap
       tundst 2001:db8:42::1 trace prealloc type 0x800000 ns 1 size 12
       dev eth0
           Adds an IPv6 route with an IOAM Pre-allocated Trace
           encapsulation (ip6ip6) that only includes the hop limit and
           the node id, configured for the IOAM namespace 1 and a pre-
           allocated data block of 12 octets (will be injected in 2
           packets every 5 packets).

       ip route add 10.1.1.0/30 nhid 10
           Adds an ipv4 route using nexthop object with id 10.

SEE ALSO         top

       ip(8)

AUTHOR         top

       Original Manpage by Michail Litvak <mci@owl.openwall.com>

COLOPHON         top

       This page is part of the iproute2 (utilities for controlling
       TCP/IP networking and traffic) project.  Information about the
       project can be found at 
       ⟨http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2⟩.
       If you have a bug report for this manual page, send it to
       netdev@vger.kernel.org, shemminger@osdl.org.  This page was
       obtained from the project's upstream Git repository
       ⟨https://git.kernel.org/pub/scm/network/iproute2/iproute2.git⟩ on
       2024-06-14.  (At that time, the date of the most recent commit
       that was found in the repository was 2024-06-11.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to man-pages@man7.org

iproute2                       13 Dec 2012                   IP-ROUTE(8)

Pages that refer to this page: ip(8)ip-ioam(8)ip-sr(8)ip-vrf(8)tc-route(8)wg(8)wg-quick(8)