mirror of
				https://git.proxmox.com/git/mirror_iproute2
				synced 2025-10-25 01:02:10 +00:00 
			
		
		
		
	 7c503d88d2
			
		
	
	
		7c503d88d2
		
	
	
	
	
		
			
			The ability to specify the source adresse for 'encap ip' / 'encap ip6'
was added in commit 94a8722f2f but the man
page was not updated.
Also fixes a missing page in ip-route.8.in.
Signed-off-by: Damien Robert <damien.olivier.robert+git@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
		
	
			
		
			
				
	
	
		
			1178 lines
		
	
	
		
			25 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
			
		
		
	
	
			1178 lines
		
	
	
		
			25 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
| .TH IP\-ROUTE 8 "13 Dec 2012" "iproute2" "Linux"
 | |
| .SH "NAME"
 | |
| ip-route \- routing table management
 | |
| .SH "SYNOPSIS"
 | |
| .sp
 | |
| .ad l
 | |
| .in +8
 | |
| .ti -8
 | |
| .B ip
 | |
| .RI "[ " ip-OPTIONS " ]"
 | |
| .B route
 | |
| .RI " { " COMMAND " | "
 | |
| .BR help " }"
 | |
| .sp
 | |
| .ti -8
 | |
| 
 | |
| .ti -8
 | |
| .BR "ip route" " { "
 | |
| .BR show " | " flush " } "
 | |
| .I  SELECTOR
 | |
| 
 | |
| .ti -8
 | |
| .BR "ip route save"
 | |
| .I SELECTOR
 | |
| 
 | |
| .ti -8
 | |
| .BR "ip route restore"
 | |
| 
 | |
| .ti -8
 | |
| .B  ip route get
 | |
| .I ROUTE_GET_FLAGS
 | |
| .IR ADDRESS " [ "
 | |
| .BI from " ADDRESS " iif " STRING"
 | |
| .RB " ] [ " oif
 | |
| .IR STRING " ] [ "
 | |
| .B  mark
 | |
| .IR MARK " ] [ "
 | |
| .B  tos
 | |
| .IR TOS " ] [ "
 | |
| .B  vrf
 | |
| .IR NAME " ] [ "
 | |
| .B  ipproto
 | |
| .IR PROTOCOL " ] [ "
 | |
| .B  sport
 | |
| .IR NUMBER " ] [ "
 | |
| .B  dport
 | |
| .IR NUMBER " ] "
 | |
| 
 | |
| .ti -8
 | |
| .BR "ip route" " { " add " | " del " | " change " | " append " | "\
 | |
| replace " } "
 | |
| .I  ROUTE
 | |
| 
 | |
| .ti -8
 | |
| .IR SELECTOR " := "
 | |
| .RB "[ " root
 | |
| .IR PREFIX " ] [ "
 | |
| .B  match
 | |
| .IR PREFIX " ] [ "
 | |
| .B  exact
 | |
| .IR PREFIX " ] [ "
 | |
| .B  table
 | |
| .IR TABLE_ID " ] [ "
 | |
| .B  vrf
 | |
| .IR NAME " ] [ "
 | |
| .B  proto
 | |
| .IR RTPROTO " ] [ "
 | |
| .B  type
 | |
| .IR TYPE " ] [ "
 | |
| .B  scope
 | |
| .IR SCOPE " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR NODE_SPEC " := [ " TYPE " ] " PREFIX " ["
 | |
| .B  tos
 | |
| .IR TOS " ] [ "
 | |
| .B  table
 | |
| .IR TABLE_ID " ] [ "
 | |
| .B  proto
 | |
| .IR RTPROTO " ] [ "
 | |
| .B  scope
 | |
| .IR SCOPE " ] [ "
 | |
| .B  metric
 | |
| .IR METRIC " ] [ "
 | |
| .B  ttl-propagate
 | |
| .RB "{ " enabled " | " disabled " } ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR INFO_SPEC " := { " NH " | "
 | |
| .B nhid
 | |
| .IR ID " } " "OPTIONS FLAGS" " ["
 | |
| .B  nexthop
 | |
| .IR NH " ] ..."
 | |
| 
 | |
| .ti -8
 | |
| .IR NH " := [ "
 | |
| .B  encap
 | |
| .IR ENCAP " ] [ "
 | |
| .B  via
 | |
| [
 | |
| .IR FAMILY " ] " ADDRESS " ] [ "
 | |
| .B  dev
 | |
| .IR STRING " ] [ "
 | |
| .B  weight
 | |
| .IR NUMBER " ] " NHFLAGS
 | |
| 
 | |
| .ti -8
 | |
| .IR FAMILY " := [ "
 | |
| .BR inet " | " inet6 " | " mpls " | " bridge " | " link " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR OPTIONS " := " FLAGS " [ "
 | |
| .B  mtu
 | |
| .IR NUMBER " ] [ "
 | |
| .B  advmss
 | |
| .IR NUMBER " ] [ "
 | |
| .B  as
 | |
| [
 | |
| .B to
 | |
| ]
 | |
| .IR ADDRESS " ]"
 | |
| .B  rtt
 | |
| .IR TIME " ] [ "
 | |
| .B  rttvar
 | |
| .IR TIME " ] [ "
 | |
| .B  reordering
 | |
| .IR NUMBER " ] [ "
 | |
| .B  window
 | |
| .IR NUMBER " ] [ "
 | |
| .B  cwnd
 | |
| .IR NUMBER " ] [ "
 | |
| .B  ssthresh
 | |
| .IR NUMBER " ] [ "
 | |
| .B  realms
 | |
| .IR REALM " ] [ "
 | |
| .B  rto_min
 | |
| .IR TIME " ] [ "
 | |
| .B  initcwnd
 | |
| .IR NUMBER " ] [ "
 | |
| .B  initrwnd
 | |
| .IR NUMBER " ] [ "
 | |
| .B  features
 | |
| .IR FEATURES " ] [ "
 | |
| .B  quickack
 | |
| .IR BOOL " ] [ "
 | |
| .B  congctl
 | |
| .IR NAME " ] [ "
 | |
| .B  pref
 | |
| .IR PREF " ] [ "
 | |
| .B  expires
 | |
| .IR TIME " ] ["
 | |
| .B  fastopen_no_cookie
 | |
| .IR BOOL " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR TYPE " := [ "
 | |
| .BR unicast " | " local " | " broadcast " | " multicast " | "\
 | |
| throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR TABLE_ID " := [ "
 | |
| .BR local "| " main " | " default " | " all " |"
 | |
| .IR NUMBER " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR SCOPE " := [ "
 | |
| .BR host " | " link " | " global " |"
 | |
| .IR NUMBER " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR NHFLAGS " := [ "
 | |
| .BR onlink " | " pervasive " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR RTPROTO " := [ "
 | |
| .BR kernel " | " boot " | " static " |"
 | |
| .IR NUMBER " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR FEATURES " := [ "
 | |
| .BR ecn " | ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR PREF " := [ "
 | |
| .BR low " | " medium " | " high " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP " := [ "
 | |
| .IR ENCAP_MPLS " | " ENCAP_IP " | " ENCAP_BPF " | "
 | |
| .IR ENCAP_SEG6 " | " ENCAP_SEG6LOCAL " ] "
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP_MPLS " := "
 | |
| .BR mpls " [ "
 | |
| .IR LABEL " ] ["
 | |
| .B  ttl
 | |
| .IR TTL " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP_IP " := "
 | |
| .B ip
 | |
| .B id
 | |
| .IR TUNNEL_ID
 | |
| .B  dst
 | |
| .IR REMOTE_IP " [ "
 | |
| .B src
 | |
| .IR SRC " ] ["
 | |
| .B tos
 | |
| .IR TOS " ] ["
 | |
| .B  ttl
 | |
| .IR TTL " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP_BPF " := "
 | |
| .BR bpf " [ "
 | |
| .B in
 | |
| .IR PROG " ] ["
 | |
| .B out
 | |
| .IR PROG " ] ["
 | |
| .B xmit
 | |
| .IR PROG " ] ["
 | |
| .B headroom
 | |
| .IR SIZE " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP_SEG6 " := "
 | |
| .B seg6
 | |
| .BR mode " [ "
 | |
| .BR encap " | " inline " | " l2encap " ] "
 | |
| .B segs
 | |
| .IR SEGMENTS " [ "
 | |
| .B hmac
 | |
| .IR KEYID " ]"
 | |
| 
 | |
| .ti -8
 | |
| .IR ENCAP_SEG6LOCAL " := "
 | |
| .B seg6local
 | |
| .BR action
 | |
| .IR SEG6_ACTION " [ "
 | |
| .IR SEG6_ACTION_PARAM " ] "
 | |
| 
 | |
| .ti -8
 | |
| .IR ROUTE_GET_FLAGS " := "
 | |
| .BR " [ "
 | |
| .BR fibmatch
 | |
| .BR " ] "
 | |
| 
 | |
| .SH DESCRIPTION
 | |
| .B ip route
 | |
| is used to manipulate entries in the kernel routing tables.
 | |
| .sp
 | |
| .B Route types:
 | |
| 
 | |
| .in +8
 | |
| .B unicast
 | |
| - the route entry describes real paths to the destinations covered
 | |
| by the route prefix.
 | |
| 
 | |
| .sp
 | |
| .B unreachable
 | |
| - these destinations are unreachable. Packets are discarded and the
 | |
| ICMP message
 | |
| .I host unreachable
 | |
| is generated.
 | |
| The local senders get an
 | |
| .I EHOSTUNREACH
 | |
| error.
 | |
| 
 | |
| .sp
 | |
| .B blackhole
 | |
| - these destinations are unreachable. Packets are discarded silently.
 | |
| The local senders get an
 | |
| .I EINVAL
 | |
| error.
 | |
| 
 | |
| .sp
 | |
| .B prohibit
 | |
| - these destinations are unreachable. Packets are discarded and the
 | |
| ICMP message
 | |
| .I communication administratively prohibited
 | |
| is generated. The local senders get an
 | |
| .I EACCES
 | |
| error.
 | |
| 
 | |
| .sp
 | |
| .B local
 | |
| - the destinations are assigned to this host. The packets are looped
 | |
| back and delivered locally.
 | |
| 
 | |
| .sp
 | |
| .B broadcast
 | |
| - the destinations are broadcast addresses. The packets are sent as
 | |
| link broadcasts.
 | |
| 
 | |
| .sp
 | |
| .B throw
 | |
| - a special control route used together with policy rules. If such a
 | |
| route is selected, lookup in this table is terminated pretending that
 | |
| no route was found. Without policy routing it is equivalent to the
 | |
| absence of the route in the routing table. The packets are dropped
 | |
| and the ICMP message
 | |
| .I net unreachable
 | |
| is generated. The local senders get an
 | |
| .I ENETUNREACH
 | |
| error.
 | |
| 
 | |
| .sp
 | |
| .B nat
 | |
| - a special NAT route. Destinations covered by the prefix
 | |
| are considered to be dummy (or external) addresses which require translation
 | |
| to real (or internal) ones before forwarding. The addresses to translate to
 | |
| are selected with the attribute
 | |
| .BR "via" .
 | |
| .B Warning:
 | |
| Route NAT is no longer supported in Linux 2.6.
 | |
| 
 | |
| .sp
 | |
| .B anycast
 | |
| .RI "- " "not implemented"
 | |
| the destinations are
 | |
| .I anycast
 | |
| addresses assigned to this host. They are mainly equivalent
 | |
| to
 | |
| .B local
 | |
| with one difference: such addresses are invalid when used
 | |
| as the source address of any packet.
 | |
| 
 | |
| .sp
 | |
| .B multicast
 | |
| - a special type used for multicast routing. It is not present in
 | |
| normal routing tables.
 | |
| .in -8
 | |
| 
 | |
| .P
 | |
| .B Route tables:
 | |
| Linux-2.x can pack routes into several routing tables identified
 | |
| by a number in the range from 1 to 2^32-1 or by name from the file
 | |
| .B @SYSCONFDIR@/rt_tables
 | |
| By default all normal routes are inserted into the
 | |
| .B main
 | |
| table (ID 254) and the kernel only uses this table when calculating routes.
 | |
| Values (0, 253, 254, and 255) are reserved for built-in use.
 | |
| 
 | |
| .sp
 | |
| Actually, one other table always exists, which is invisible but
 | |
| even more important. It is the
 | |
| .B local
 | |
| table (ID 255). This table
 | |
| consists of routes for local and broadcast addresses. The kernel maintains
 | |
| this table automatically and the administrator usually need not modify it
 | |
| or even look at it.
 | |
| 
 | |
| The multiple routing tables enter the game when
 | |
| .I policy routing
 | |
| is used.
 | |
| 
 | |
| .TP
 | |
| ip route add
 | |
| add new route
 | |
| .TP
 | |
| ip route change
 | |
| change route
 | |
| .TP
 | |
| ip route replace
 | |
| change or add new one
 | |
| .RS
 | |
| .TP
 | |
| .BI to " TYPE PREFIX " (default)
 | |
| the destination prefix of the route. If
 | |
| .I TYPE
 | |
| is omitted,
 | |
| .B ip
 | |
| assumes type
 | |
| .BR "unicast" .
 | |
| Other values of
 | |
| .I TYPE
 | |
| are listed above.
 | |
| .I PREFIX
 | |
| is an IP or IPv6 address optionally followed by a slash and the
 | |
| prefix length. If the length of the prefix is missing,
 | |
| .B ip
 | |
| assumes a full-length host route. There is also a special
 | |
| .I PREFIX
 | |
| .B default
 | |
| - which is equivalent to IP
 | |
| .B 0/0
 | |
| or to IPv6
 | |
| .BR "::/0" .
 | |
| 
 | |
| .TP
 | |
| .BI tos " TOS"
 | |
| .TP
 | |
| .BI dsfield " TOS"
 | |
| the Type Of Service (TOS) key. This key has no associated mask and
 | |
| the longest match is understood as: First, compare the TOS
 | |
| of the route and of the packet. If they are not equal, then the packet
 | |
| may still match a route with a zero TOS.
 | |
| .I TOS
 | |
| is either an 8 bit hexadecimal number or an identifier
 | |
| from
 | |
| .BR "@SYSCONFDIR@/rt_dsfield" .
 | |
| 
 | |
| .TP
 | |
| .BI metric " NUMBER"
 | |
| .TP
 | |
| .BI preference " NUMBER"
 | |
| the preference value of the route.
 | |
| .I NUMBER
 | |
| is an arbitrary 32bit number, where routes with lower values are preferred.
 | |
| 
 | |
| .TP
 | |
| .BI table " TABLEID"
 | |
| the table to add this route to.
 | |
| .I TABLEID
 | |
| may be a number or a string from the file
 | |
| .BR "@SYSCONFDIR@/rt_tables" .
 | |
| If this parameter is omitted,
 | |
| .B ip
 | |
| assumes the
 | |
| .B main
 | |
| table, with the exception of
 | |
| .BR local ", " broadcast " and " nat
 | |
| routes, which are put into the
 | |
| .B local
 | |
| table by default.
 | |
| 
 | |
| .TP
 | |
| .BI vrf " NAME"
 | |
| the vrf name to add this route to. Implicitly means the table
 | |
| associated with the VRF.
 | |
| 
 | |
| .TP
 | |
| .BI dev " NAME"
 | |
| the output device name.
 | |
| 
 | |
| .TP
 | |
| .BI via " [ FAMILY ] ADDRESS"
 | |
| the address of the nexthop router, in the address family FAMILY.
 | |
| Actually, the sense of this field depends on the route type.  For
 | |
| normal
 | |
| .B unicast
 | |
| routes it is either the true next hop router or, if it is a direct
 | |
| route installed in BSD compatibility mode, it can be a local address
 | |
| of the interface. For NAT routes it is the first address of the block
 | |
| of translated IP destinations.
 | |
| 
 | |
| .TP
 | |
| .BI src " ADDRESS"
 | |
| the source address to prefer when sending to the destinations
 | |
| covered by the route prefix.
 | |
| 
 | |
| .TP
 | |
| .BI realm " REALMID"
 | |
| the realm to which this route is assigned.
 | |
| .I REALMID
 | |
| may be a number or a string from the file
 | |
| .BR "@SYSCONFDIR@/rt_realms" .
 | |
| 
 | |
| .TP
 | |
| .BI mtu " MTU"
 | |
| .TP
 | |
| .BI "mtu lock" " MTU"
 | |
| the MTU along the path to the destination. If the modifier
 | |
| .B lock
 | |
| is not used, the MTU may be updated by the kernel due to
 | |
| Path MTU Discovery. If the modifier
 | |
| .B lock
 | |
| is used, no path MTU discovery will be tried, all packets
 | |
| will be sent without the DF bit in IPv4 case or fragmented
 | |
| to MTU for IPv6.
 | |
| 
 | |
| .TP
 | |
| .BI window " NUMBER"
 | |
| the maximal window for TCP to advertise to these destinations,
 | |
| measured in bytes. It limits maximal data bursts that our TCP
 | |
| peers are allowed to send to us.
 | |
| 
 | |
| .TP
 | |
| .BI rtt " TIME"
 | |
| the initial RTT ('Round Trip Time') estimate. If no suffix is
 | |
| specified the units are raw values passed directly to the
 | |
| routing code to maintain compatibility with previous releases.
 | |
| Otherwise if a suffix of s, sec or secs is used to specify
 | |
| seconds and ms, msec or msecs to specify milliseconds.
 | |
| 
 | |
| 
 | |
| .TP
 | |
| .BI rttvar " TIME " "(Linux 2.3.15+ only)"
 | |
| the initial RTT variance estimate. Values are specified as with
 | |
| .BI rtt
 | |
| above.
 | |
| 
 | |
| .TP
 | |
| .BI rto_min " TIME " "(Linux 2.6.23+ only)"
 | |
| the minimum TCP Retransmission TimeOut to use when communicating with this
 | |
| destination. Values are specified as with
 | |
| .BI rtt
 | |
| above.
 | |
| 
 | |
| .TP
 | |
| .BI ssthresh " NUMBER " "(Linux 2.3.15+ only)"
 | |
| an estimate for the initial slow start threshold.
 | |
| 
 | |
| .TP
 | |
| .BI cwnd " NUMBER " "(Linux 2.3.15+ only)"
 | |
| the clamp for congestion window. It is ignored if the
 | |
| .B lock
 | |
| flag is not used.
 | |
| 
 | |
| .TP
 | |
| .BI initcwnd " NUMBER " "(Linux 2.5.70+ only)"
 | |
| the initial congestion window size for connections to this destination.
 | |
| Actual window size is this value multiplied by the MSS
 | |
| (``Maximal Segment Size'') for same connection. The default is
 | |
| zero, meaning to use the values specified in RFC2414.
 | |
| 
 | |
| .TP
 | |
| .BI initrwnd " NUMBER " "(Linux 2.6.33+ only)"
 | |
| the initial receive window size for connections to this destination.
 | |
| Actual window size is this value multiplied by the MSS of the connection.
 | |
| The default value is zero, meaning to use Slow Start value.
 | |
| 
 | |
| .TP
 | |
| .BI features " FEATURES " (Linux 3.18+ only)
 | |
| Enable or disable per-route features. Only available feature at this
 | |
| time is
 | |
| .B ecn
 | |
| to enable explicit congestion notification when initiating connections to the
 | |
| given destination network.
 | |
| When responding to a connection request from the given network, ecn will
 | |
| also be used even if the
 | |
| .B net.ipv4.tcp_ecn
 | |
| sysctl is set to 0.
 | |
| 
 | |
| .TP
 | |
| .BI quickack " BOOL " "(Linux 3.11+ only)"
 | |
| Enable or disable quick ack for connections to this destination.
 | |
| 
 | |
| .TP
 | |
| .BI fastopen_no_cookie " BOOL " "(Linux 4.15+ only)"
 | |
| Enable TCP Fastopen without a cookie for connections to this destination.
 | |
| 
 | |
| .TP
 | |
| .BI congctl " NAME " "(Linux 3.20+ only)"
 | |
| .TP
 | |
| .BI "congctl lock" " NAME " "(Linux 3.20+ only)"
 | |
| Sets a specific TCP congestion control algorithm only for a given destination.
 | |
| If not specified, Linux keeps the current global default TCP congestion control
 | |
| algorithm, or the one set from the application. If the modifier
 | |
| .B lock
 | |
| is not used, an application may nevertheless overwrite the suggested congestion
 | |
| control algorithm for that destination. If the modifier
 | |
| .B lock
 | |
| is used, then an application is not allowed to overwrite the specified congestion
 | |
| control algorithm for that destination, thus it will be enforced/guaranteed to
 | |
| use the proposed algorithm.
 | |
| 
 | |
| .TP
 | |
| .BI advmss " NUMBER " "(Linux 2.3.15+ only)"
 | |
| the MSS ('Maximal Segment Size') to advertise to these
 | |
| destinations when establishing TCP connections. If it is not given,
 | |
| Linux uses a default value calculated from the first hop device MTU.
 | |
| (If the path to these destination is asymmetric, this guess may be wrong.)
 | |
| 
 | |
| .TP
 | |
| .BI reordering " NUMBER " "(Linux 2.3.15+ only)"
 | |
| Maximal reordering on the path to this destination.
 | |
| If it is not given, Linux uses the value selected with
 | |
| .B sysctl
 | |
| variable
 | |
| .BR "net/ipv4/tcp_reordering" .
 | |
| 
 | |
| .TP
 | |
| .BI nexthop " NEXTHOP"
 | |
| the nexthop of a multipath route.
 | |
| .I NEXTHOP
 | |
| is a complex value with its own syntax similar to the top level
 | |
| argument lists:
 | |
| 
 | |
| .in +8
 | |
| .BI via " [ FAMILY ] ADDRESS"
 | |
| - is the nexthop router.
 | |
| .sp
 | |
| 
 | |
| .BI dev " NAME"
 | |
| - is the output device.
 | |
| .sp
 | |
| 
 | |
| .BI weight " NUMBER"
 | |
| - is a weight for this element of a multipath
 | |
| route reflecting its relative bandwidth or quality.
 | |
| .in -8
 | |
| 
 | |
| The internal buffer used in iproute2 limits the maximum number of nexthops that
 | |
| may be specified in one go. If only
 | |
| .I ADDRESS
 | |
| is given, the current buffer size allows for 144 IPv6 nexthops and 253 IPv4
 | |
| ones. For IPv4, this effectively limits the number of nexthops possible per
 | |
| route. With IPv6, further nexthops may be appended to the same route via
 | |
| .B "ip route append"
 | |
| command.
 | |
| 
 | |
| .TP
 | |
| .BI scope " SCOPE_VAL"
 | |
| the scope of the destinations covered by the route prefix.
 | |
| .I SCOPE_VAL
 | |
| may be a number or a string from the file
 | |
| .BR "@SYSCONFDIR@/rt_scopes" .
 | |
| If this parameter is omitted,
 | |
| .B ip
 | |
| assumes scope
 | |
| .B global
 | |
| for all gatewayed
 | |
| .B unicast
 | |
| routes, scope
 | |
| .B link
 | |
| for direct
 | |
| .BR unicast " and " broadcast
 | |
| routes and scope
 | |
| .BR host " for " local
 | |
| routes.
 | |
| 
 | |
| .TP
 | |
| .BI protocol " RTPROTO"
 | |
| the routing protocol identifier of this route.
 | |
| .I RTPROTO
 | |
| may be a number or a string from the file
 | |
| .BR "@SYSCONFDIR@/rt_protos" .
 | |
| If the routing protocol ID is not given,
 | |
| .B ip assumes protocol
 | |
| .B boot
 | |
| (i.e. it assumes the route was added by someone who doesn't
 | |
| understand what they are doing). Several protocol values have
 | |
| a fixed interpretation.
 | |
| Namely:
 | |
| 
 | |
| .in +8
 | |
| .B redirect
 | |
| - the route was installed due to an ICMP redirect.
 | |
| .sp
 | |
| 
 | |
| .B kernel
 | |
| - the route was installed by the kernel during autoconfiguration.
 | |
| .sp
 | |
| 
 | |
| .B boot
 | |
| - the route was installed during the bootup sequence.
 | |
| If a routing daemon starts, it will purge all of them.
 | |
| .sp
 | |
| 
 | |
| .B static
 | |
| - the route was installed by the administrator
 | |
| to override dynamic routing. Routing daemon will respect them
 | |
| and, probably, even advertise them to its peers.
 | |
| .sp
 | |
| 
 | |
| .B ra
 | |
| - the route was installed by Router Discovery protocol.
 | |
| .in -8
 | |
| 
 | |
| .sp
 | |
| The rest of the values are not reserved and the administrator is free
 | |
| to assign (or not to assign) protocol tags.
 | |
| 
 | |
| .TP
 | |
| .B onlink
 | |
| pretend that the nexthop is directly attached to this link,
 | |
| even if it does not match any interface prefix.
 | |
| 
 | |
| .TP
 | |
| .BI pref " PREF"
 | |
| the IPv6 route preference.
 | |
| .I PREF
 | |
| is a string specifying the route preference as defined in RFC4191 for Router
 | |
| Discovery messages. Namely:
 | |
| 
 | |
| .in +8
 | |
| .B low
 | |
| - the route has a lowest priority
 | |
| .sp
 | |
| 
 | |
| .B medium
 | |
| - the route has a default priority
 | |
| .sp
 | |
| 
 | |
| .B high
 | |
| - the route has a highest priority
 | |
| .sp
 | |
| 
 | |
| .TP
 | |
| .BI nhid " ID"
 | |
| use nexthop object with given id as nexthop specification.
 | |
| .sp
 | |
| .TP
 | |
| .BI encap " ENCAPTYPE ENCAPHDR"
 | |
| attach tunnel encapsulation attributes to this route.
 | |
| .sp
 | |
| .I ENCAPTYPE
 | |
| is a string specifying the supported encapsulation type. Namely:
 | |
| 
 | |
| .in +8
 | |
| .BI mpls
 | |
| - encapsulation type MPLS
 | |
| .sp
 | |
| .BI ip
 | |
| - IP encapsulation (Geneve, GRE, VXLAN, ...)
 | |
| .sp
 | |
| .BI bpf
 | |
| - Execution of BPF program
 | |
| .sp
 | |
| .BI seg6
 | |
| - encapsulation type IPv6 Segment Routing
 | |
| .sp
 | |
| .BI seg6local
 | |
| - local SRv6 segment processing
 | |
| 
 | |
| .in -8
 | |
| .I ENCAPHDR
 | |
| is a set of encapsulation attributes specific to the
 | |
| .I ENCAPTYPE.
 | |
| 
 | |
| .in +8
 | |
| .B mpls
 | |
| .in +2
 | |
| .I MPLSLABEL
 | |
| - mpls label stack with labels separated by
 | |
| .I "/"
 | |
| .sp
 | |
| 
 | |
| .B ttl
 | |
| .I TTL
 | |
| - TTL to use for MPLS header or 0 to inherit from IP header
 | |
| .in -2
 | |
| .sp
 | |
| 
 | |
| .B ip
 | |
| .in +2
 | |
| .B id
 | |
| .I TUNNEL_ID
 | |
| .B  dst
 | |
| .IR REMOTE_IP " [ "
 | |
| .B src
 | |
| .IR SRC " ] ["
 | |
| .B tos
 | |
| .IR TOS " ] ["
 | |
| .B  ttl
 | |
| .IR TTL " ] [ "
 | |
| .BR key " ] [ " csum " ] [ " seq " ] "
 | |
| .in -2
 | |
| .sp
 | |
| 
 | |
| .B bpf
 | |
| .in +2
 | |
| .B in
 | |
| .I PROG
 | |
| - BPF program to execute for incoming packets
 | |
| .sp
 | |
| 
 | |
| .B out
 | |
| .I PROG
 | |
| - BPF program to execute for outgoing packets
 | |
| .sp
 | |
| 
 | |
| .B xmit
 | |
| .I PROG
 | |
| - BPF program to execute for transmitted packets
 | |
| .sp
 | |
| 
 | |
| .B headroom
 | |
| .I SIZE
 | |
| - Size of header BPF program will attach (xmit)
 | |
| .in -2
 | |
| .sp
 | |
| 
 | |
| .B seg6
 | |
| .in +2
 | |
| .B mode inline
 | |
| - Directly insert Segment Routing Header after IPv6 header
 | |
| .sp
 | |
| 
 | |
| .B mode encap
 | |
| - Encapsulate packet in an outer IPv6 header with SRH
 | |
| .sp
 | |
| 
 | |
| .B mode l2encap
 | |
| - Encapsulate ingress L2 frame within an outer IPv6 header and SRH
 | |
| .sp
 | |
| 
 | |
| .I SEGMENTS
 | |
| - List of comma-separated IPv6 addresses
 | |
| .sp
 | |
| 
 | |
| .I KEYID
 | |
| - Numerical value in decimal representation. See \fBip-sr\fR(8).
 | |
| .in -2
 | |
| .sp
 | |
| 
 | |
| .B seg6local
 | |
| .in +2
 | |
| .IR SEG6_ACTION " [ "
 | |
| .IR SEG6_ACTION_PARAM " ] "
 | |
| - Operation to perform on matching packets.
 | |
| The following actions are currently supported (\fBLinux 4.14+ only\fR).
 | |
| .in +2
 | |
| 
 | |
| .B End
 | |
| - Regular SRv6 processing as intermediate segment endpoint.
 | |
| This action only accepts packets with a non-zero Segments Left
 | |
| value. Other matching packets are dropped.
 | |
| 
 | |
| .B End.X nh6
 | |
| .I NEXTHOP
 | |
| - Regular SRv6 processing as intermediate segment endpoint.
 | |
| Additionally, forward processed packets to given next-hop.
 | |
| This action only accepts packets with a non-zero Segments Left
 | |
| value. Other matching packets are dropped.
 | |
| 
 | |
| .B End.DX6 nh6
 | |
| .I NEXTHOP
 | |
| - Decapsulate inner IPv6 packet and forward it to the
 | |
| specified next-hop. If the argument is set to ::, then
 | |
| the next-hop is selected according to the local selection
 | |
| rules. This action only accepts packets with either a zero Segments
 | |
| Left value or no SRH at all, and an inner IPv6 packet. Other
 | |
| matching packets are dropped.
 | |
| 
 | |
| .B End.B6 srh segs
 | |
| .IR SEGMENTS " [ "
 | |
| .B hmac
 | |
| .IR KEYID " ] "
 | |
| - Insert the specified SRH immediately after the IPv6 header,
 | |
| update the DA with the first segment of the newly inserted SRH,
 | |
| then forward the resulting packet. The original SRH is not
 | |
| modified. This action only accepts packets with a non-zero
 | |
| Segments Left value. Other matching packets are dropped.
 | |
| 
 | |
| .B End.B6.Encaps srh segs
 | |
| .IR SEGMENTS " [ "
 | |
| .B hmac
 | |
| .IR KEYID " ] "
 | |
| - Regular SRv6 processing as intermediate segment endpoint.
 | |
| Additionally, encapsulate the matching packet within an outer IPv6 header
 | |
| followed by the specified SRH. The destination address of the outer IPv6
 | |
| header is set to the first segment of the new SRH. The source
 | |
| address is set as described in \fBip-sr\fR(8).
 | |
| .in -4
 | |
| 
 | |
| .in -8
 | |
| 
 | |
| .TP
 | |
| .BI expires " TIME " "(Linux 4.4+ only)"
 | |
| the route will be deleted after the expires time.
 | |
| .B Only
 | |
| support IPv6 at present.
 | |
| 
 | |
| .TP
 | |
| .BR ttl-propagate " { " enabled " | " disabled " } "
 | |
| Control whether TTL should be propagated from any encap into the
 | |
| un-encapsulated packet, overriding any global configuration. Only
 | |
| supported for MPLS at present.
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route delete
 | |
| delete route
 | |
| .RS
 | |
| .B ip route del
 | |
| has the same arguments as
 | |
| .BR "ip route add" ,
 | |
| but their semantics are a bit different.
 | |
| 
 | |
| Key values
 | |
| .RB "(" to ", " tos ", " preference " and " table ")"
 | |
| select the route to delete. If optional attributes are present,
 | |
| .B ip
 | |
| verifies that they coincide with the attributes of the route to delete.
 | |
| If no route with the given key and attributes was found,
 | |
| .B ip route del
 | |
| fails.
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route show
 | |
| list routes
 | |
| .RS
 | |
| the command displays the contents of the routing tables or the route(s)
 | |
| selected by some criteria.
 | |
| 
 | |
| .TP
 | |
| .BI to " SELECTOR " (default)
 | |
| only select routes from the given range of destinations.
 | |
| .I SELECTOR
 | |
| consists of an optional modifier
 | |
| .RB "(" root ", " match " or " exact ")"
 | |
| and a prefix.
 | |
| .BI root " PREFIX"
 | |
| selects routes with prefixes not shorter than
 | |
| .IR PREFIX "."
 | |
| F.e.
 | |
| .BI root " 0/0"
 | |
| selects the entire routing table.
 | |
| .BI match " PREFIX"
 | |
| selects routes with prefixes not longer than
 | |
| .IR PREFIX "."
 | |
| F.e.
 | |
| .BI match " 10.0/16"
 | |
| selects
 | |
| .IR 10.0/16 ","
 | |
| .IR 10/8 " and " 0/0 ,
 | |
| but it does not select
 | |
| .IR 10.1/16 " and " 10.0.0/24 .
 | |
| And
 | |
| .BI exact " PREFIX"
 | |
| (or just
 | |
| .IR PREFIX ")"
 | |
| selects routes with this exact prefix. If neither of these options
 | |
| are present,
 | |
| .B ip
 | |
| assumes
 | |
| .BI root " 0/0"
 | |
| i.e. it lists the entire table.
 | |
| 
 | |
| .TP
 | |
| .BI tos " TOS"
 | |
| .TP
 | |
| .BI dsfield " TOS"
 | |
| only select routes with the given TOS.
 | |
| 
 | |
| .TP
 | |
| .BI table " TABLEID"
 | |
| show the routes from this table(s). The default setting is to show table
 | |
| .BR main "."
 | |
| .I TABLEID
 | |
| may either be the ID of a real table or one of the special values:
 | |
| .sp
 | |
| .in +8
 | |
| .B all
 | |
| - list all of the tables.
 | |
| .sp
 | |
| .B cache
 | |
| - dump the routing cache.
 | |
| .in -8
 | |
| 
 | |
| .TP
 | |
| .BI vrf " NAME"
 | |
| show the routes for the table associated with the vrf name
 | |
| 
 | |
| .TP
 | |
| .B cloned
 | |
| .TP
 | |
| .B cached
 | |
| list cloned routes i.e. routes which were dynamically forked from
 | |
| other routes because some route attribute (f.e. MTU) was updated.
 | |
| Actually, it is equivalent to
 | |
| .BR "table cache" "."
 | |
| 
 | |
| .TP
 | |
| .BI from " SELECTOR"
 | |
| the same syntax as for
 | |
| .BR to ","
 | |
| but it binds the source address range rather than destinations.
 | |
| Note that the
 | |
| .B from
 | |
| option only works with cloned routes.
 | |
| 
 | |
| .TP
 | |
| .BI protocol " RTPROTO"
 | |
| only list routes of this protocol.
 | |
| 
 | |
| .TP
 | |
| .BI scope " SCOPE_VAL"
 | |
| only list routes with this scope.
 | |
| 
 | |
| .TP
 | |
| .BI type " TYPE"
 | |
| only list routes of this type.
 | |
| 
 | |
| .TP
 | |
| .BI dev " NAME"
 | |
| only list routes going via this device.
 | |
| 
 | |
| .TP
 | |
| .BI via " [ FAMILY ] PREFIX"
 | |
| only list routes going via the nexthop routers selected by
 | |
| .IR PREFIX "."
 | |
| 
 | |
| .TP
 | |
| .BI src " PREFIX"
 | |
| only list routes with preferred source addresses selected
 | |
| by
 | |
| .IR PREFIX "."
 | |
| 
 | |
| .TP
 | |
| .BI realm " REALMID"
 | |
| .TP
 | |
| .BI realms " FROMREALM/TOREALM"
 | |
| only list routes with these realms.
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route flush
 | |
| flush routing tables
 | |
| .RS
 | |
| this command flushes routes selected by some criteria.
 | |
| 
 | |
| .sp
 | |
| The arguments have the same syntax and semantics as the arguments of
 | |
| .BR "ip route show" ,
 | |
| but routing tables are not listed but purged. The only difference is
 | |
| the default action:
 | |
| .B show
 | |
| dumps all the IP main routing table but
 | |
| .B flush
 | |
| prints the helper page.
 | |
| 
 | |
| .sp
 | |
| With the
 | |
| .B -statistics
 | |
| option, the command becomes verbose. It prints out the number of
 | |
| deleted routes and the number of rounds made to flush the routing
 | |
| table. If the option is given
 | |
| twice,
 | |
| .B ip route flush
 | |
| also dumps all the deleted routes in the format described in the
 | |
| previous subsection.
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route get
 | |
| get a single route
 | |
| .RS
 | |
| this command gets a single route to a destination and prints its
 | |
| contents exactly as the kernel sees it.
 | |
| 
 | |
| .TP
 | |
| .BI fibmatch
 | |
| Return full fib lookup matched route. Default is to return the resolved
 | |
| dst entry
 | |
| 
 | |
| .TP
 | |
| .BI to " ADDRESS " (default)
 | |
| the destination address.
 | |
| 
 | |
| .TP
 | |
| .BI from " ADDRESS"
 | |
| the source address.
 | |
| 
 | |
| .TP
 | |
| .BI tos " TOS"
 | |
| .TP
 | |
| .BI dsfield " TOS"
 | |
| the Type Of Service.
 | |
| 
 | |
| .TP
 | |
| .BI iif " NAME"
 | |
| the device from which this packet is expected to arrive.
 | |
| 
 | |
| .TP
 | |
| .BI oif " NAME"
 | |
| force the output device on which this packet will be routed.
 | |
| 
 | |
| .TP
 | |
| .BI mark " MARK"
 | |
| the firewall mark
 | |
| .RB ( "fwmark" )
 | |
| 
 | |
| .TP
 | |
| .BI vrf " NAME"
 | |
| force the vrf device on which this packet will be routed.
 | |
| 
 | |
| .TP
 | |
| .BI ipproto " PROTOCOL"
 | |
| ip protocol as seen by the route lookup
 | |
| 
 | |
| .TP
 | |
| .BI sport " NUMBER"
 | |
| source port as seen by the route lookup
 | |
| 
 | |
| .TP
 | |
| .BI dport " NUMBER"
 | |
| destination port as seen by the route lookup
 | |
| 
 | |
| .TP
 | |
| .B connected
 | |
| if no source address
 | |
| .RB "(option " from ")"
 | |
| was given, relookup the route with the source set to the preferred
 | |
| address received from the first lookup.
 | |
| If policy routing is used, it may be a different route.
 | |
| 
 | |
| .P
 | |
| Note that this operation is not equivalent to
 | |
| .BR "ip route show" .
 | |
| .B show
 | |
| shows existing routes.
 | |
| .B get
 | |
| resolves them and creates new clones if necessary. Essentially,
 | |
| .B get
 | |
| is equivalent to sending a packet along this path.
 | |
| If the
 | |
| .B iif
 | |
| argument is not given, the kernel creates a route
 | |
| to output packets towards the requested destination.
 | |
| This is equivalent to pinging the destination
 | |
| with a subsequent
 | |
| .BR "ip route ls cache" ,
 | |
| however, no packets are actually sent. With the
 | |
| .B iif
 | |
| argument, the kernel pretends that a packet arrived from this interface
 | |
| and searches for a path to forward the packet.
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route save
 | |
| save routing table information to stdout
 | |
| .RS
 | |
| This command behaves like
 | |
| .BR "ip route show"
 | |
| except that the output is raw data suitable for passing to
 | |
| .BR "ip route restore" .
 | |
| .RE
 | |
| 
 | |
| .TP
 | |
| ip route restore
 | |
| restore routing table information from stdin
 | |
| .RS
 | |
| This command expects to read a data stream as returned from
 | |
| .BR "ip route save" .
 | |
| It will attempt to restore the routing table information exactly as
 | |
| it was at the time of the save, so any translation of information
 | |
| in the stream (such as device indexes) must be done first. Any existing
 | |
| routes are left unchanged. Any routes specified in the data stream that
 | |
| already exist in the table will be ignored.
 | |
| .RE
 | |
| 
 | |
| .SH NOTES
 | |
| Starting with Linux kernel version 3.6, there is no routing cache for IPv4
 | |
| anymore. Hence
 | |
| .B "ip route show cached"
 | |
| will never print any entries on systems with this or newer kernel versions.
 | |
| 
 | |
| .SH EXAMPLES
 | |
| .PP
 | |
| ip ro
 | |
| .RS 4
 | |
| Show all route entries in the kernel.
 | |
| .RE
 | |
| .PP
 | |
| ip route add default via 192.168.1.1 dev eth0
 | |
| .RS 4
 | |
| Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can
 | |
| be reached on device eth0.
 | |
| .RE
 | |
| .PP
 | |
| ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
 | |
| .RS 4
 | |
| Adds an ipv4 route with mpls encapsulation attributes attached to it.
 | |
| .RE
 | |
| .PP
 | |
| ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
 | |
| .RS 4
 | |
| Adds an IPv6 route with SRv6 encapsulation and two segments attached.
 | |
| .RE
 | |
| .PP
 | |
| ip route add 10.1.1.0/30 nhid 10
 | |
| .RS 4
 | |
| Adds an ipv4 route using nexthop object with id 10.
 | |
| .RE
 | |
| .SH SEE ALSO
 | |
| .br
 | |
| .BR ip (8)
 | |
| 
 | |
| .SH AUTHOR
 | |
| Original Manpage by Michail Litvak <mci@owl.openwall.com>
 |