logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

ip-route.8 (33420B)


  1. .TH IP\-ROUTE 8 "13 Dec 2012" "iproute2" "Linux"
  2. .SH "NAME"
  3. ip-route \- routing table management
  4. .SH "SYNOPSIS"
  5. .sp
  6. .ad l
  7. .in +8
  8. .ti -8
  9. .B ip
  10. .RI "[ " ip-OPTIONS " ]"
  11. .B route
  12. .RI " { " COMMAND " | "
  13. .BR help " }"
  14. .sp
  15. .ti -8
  16. .ti -8
  17. .BR "ip route" " { "
  18. .BR show " | " flush " } "
  19. .I SELECTOR
  20. .ti -8
  21. .BR "ip route save"
  22. .I SELECTOR
  23. .ti -8
  24. .BR "ip route restore"
  25. .ti -8
  26. .B ip route get
  27. .I ROUTE_GET_FLAGS
  28. .IR ADDRESS " [ "
  29. .BI from " ADDRESS " iif " STRING"
  30. .RB " ] [ " oif
  31. .IR STRING " ] [ "
  32. .B mark
  33. .IR MARK " ] [ "
  34. .B tos
  35. .IR TOS " ] [ "
  36. .B vrf
  37. .IR NAME " ] [ "
  38. .B ipproto
  39. .IR PROTOCOL " ] [ "
  40. .B sport
  41. .IR NUMBER " ] [ "
  42. .B dport
  43. .IR NUMBER " ] "
  44. .ti -8
  45. .BR "ip route" " { " add " | " del " | " change " | " append " | "\
  46. replace " } "
  47. .I ROUTE
  48. .ti -8
  49. .IR SELECTOR " := "
  50. .RB "[ " root
  51. .IR PREFIX " ] [ "
  52. .B match
  53. .IR PREFIX " ] [ "
  54. .B exact
  55. .IR PREFIX " ] [ "
  56. .B table
  57. .IR TABLE_ID " ] [ "
  58. .B vrf
  59. .IR NAME " ] [ "
  60. .B proto
  61. .IR RTPROTO " ] [ "
  62. .B type
  63. .IR TYPE " ] [ "
  64. .B scope
  65. .IR SCOPE " ]"
  66. .ti -8
  67. .IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]"
  68. .ti -8
  69. .IR NODE_SPEC " := [ " TYPE " ] " PREFIX " ["
  70. .B tos
  71. .IR TOS " ] [ "
  72. .B table
  73. .IR TABLE_ID " ] [ "
  74. .B proto
  75. .IR RTPROTO " ] [ "
  76. .B scope
  77. .IR SCOPE " ] [ "
  78. .B metric
  79. .IR METRIC " ] [ "
  80. .B ttl-propagate
  81. .RB "{ " enabled " | " disabled " } ]"
  82. .ti -8
  83. .IR INFO_SPEC " := { " NH " | "
  84. .B nhid
  85. .IR ID " } " "OPTIONS FLAGS" " ["
  86. .B nexthop
  87. .IR NH " ] ..."
  88. .ti -8
  89. .IR NH " := [ "
  90. .B encap
  91. .IR ENCAP " ] [ "
  92. .B via
  93. [
  94. .IR FAMILY " ] " ADDRESS " ] [ "
  95. .B dev
  96. .IR STRING " ] [ "
  97. .B weight
  98. .IR NUMBER " ] " NHFLAGS
  99. .ti -8
  100. .IR FAMILY " := [ "
  101. .BR inet " | " inet6 " | " mpls " | " bridge " | " link " ]"
  102. .ti -8
  103. .IR OPTIONS " := " FLAGS " [ "
  104. .B mtu
  105. .IR NUMBER " ] [ "
  106. .B advmss
  107. .IR NUMBER " ] [ "
  108. .B as
  109. [
  110. .B to
  111. ]
  112. .IR ADDRESS " ]"
  113. .B rtt
  114. .IR TIME " ] [ "
  115. .B rttvar
  116. .IR TIME " ] [ "
  117. .B reordering
  118. .IR NUMBER " ] [ "
  119. .B window
  120. .IR NUMBER " ] [ "
  121. .B cwnd
  122. .IR NUMBER " ] [ "
  123. .B ssthresh
  124. .IR NUMBER " ] [ "
  125. .B realms
  126. .IR REALM " ] [ "
  127. .B rto_min
  128. .IR TIME " ] [ "
  129. .B initcwnd
  130. .IR NUMBER " ] [ "
  131. .B initrwnd
  132. .IR NUMBER " ] [ "
  133. .B features
  134. .IR FEATURES " ] [ "
  135. .B quickack
  136. .IR BOOL " ] [ "
  137. .B congctl
  138. .IR NAME " ] [ "
  139. .B pref
  140. .IR PREF " ] [ "
  141. .B expires
  142. .IR TIME " ] ["
  143. .B fastopen_no_cookie
  144. .IR BOOL " ]"
  145. .ti -8
  146. .IR TYPE " := [ "
  147. .BR unicast " | " local " | " broadcast " | " multicast " | "\
  148. throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
  149. .ti -8
  150. .IR TABLE_ID " := [ "
  151. .BR local "| " main " | " default " | " all " |"
  152. .IR NUMBER " ]"
  153. .ti -8
  154. .IR SCOPE " := [ "
  155. .BR host " | " link " | " global " |"
  156. .IR NUMBER " ]"
  157. .ti -8
  158. .IR NHFLAGS " := [ "
  159. .BR onlink " | " pervasive " ]"
  160. .ti -8
  161. .IR RTPROTO " := [ "
  162. .BR kernel " | " boot " | " static " |"
  163. .IR NUMBER " ]"
  164. .ti -8
  165. .IR FEATURES " := [ "
  166. .BR ecn " | ]"
  167. .ti -8
  168. .IR PREF " := [ "
  169. .BR low " | " medium " | " high " ]"
  170. .ti -8
  171. .IR ENCAP " := [ "
  172. .IR ENCAP_MPLS " | " ENCAP_IP " | " ENCAP_BPF " | "
  173. .IR ENCAP_SEG6 " | " ENCAP_SEG6LOCAL " | " ENCAP_IOAM6 " ] "
  174. .ti -8
  175. .IR ENCAP_MPLS " := "
  176. .BR mpls " [ "
  177. .IR LABEL " ] ["
  178. .B ttl
  179. .IR TTL " ]"
  180. .ti -8
  181. .IR ENCAP_IP " := "
  182. .B ip
  183. .B id
  184. .IR TUNNEL_ID
  185. .B dst
  186. .IR REMOTE_IP " [ "
  187. .B src
  188. .IR SRC " ] ["
  189. .B tos
  190. .IR TOS " ] ["
  191. .B ttl
  192. .IR TTL " ]"
  193. .ti -8
  194. .IR ENCAP_BPF " := "
  195. .BR bpf " [ "
  196. .B in
  197. .IR PROG " ] ["
  198. .B out
  199. .IR PROG " ] ["
  200. .B xmit
  201. .IR PROG " ] ["
  202. .B headroom
  203. .IR SIZE " ]"
  204. .ti -8
  205. .IR ENCAP_SEG6 " := "
  206. .B seg6
  207. .BR mode " [ "
  208. .BR encap " | " encap.red " | " inline " | " l2encap " | " l2encap.red " ] "
  209. .B segs
  210. .IR SEGMENTS " [ "
  211. .B hmac
  212. .IR KEYID " ]"
  213. .ti -8
  214. .IR ENCAP_SEG6LOCAL " := "
  215. .B seg6local
  216. .BR action
  217. .IR SEG6_ACTION " [ "
  218. .IR SEG6_ACTION_PARAM " ] [ "
  219. .BR count " ] "
  220. .ti -8
  221. .IR ENCAP_IOAM6 " := "
  222. .BR ioam6 " ["
  223. .B freq
  224. .IR K "/" N " ] "
  225. .BR mode " [ "
  226. .BR inline " | " encap " | " auto " ] ["
  227. .B tundst
  228. .IR ADDRESS " ] "
  229. .B trace
  230. .B prealloc
  231. .B type
  232. .IR IOAM6_TRACE_TYPE
  233. .B ns
  234. .IR IOAM6_NAMESPACE
  235. .B size
  236. .IR IOAM6_TRACE_SIZE
  237. .ti -8
  238. .IR ROUTE_GET_FLAGS " := "
  239. .BR " [ "
  240. .BR fibmatch
  241. .BR " ] "
  242. .SH DESCRIPTION
  243. .B ip route
  244. is used to manipulate entries in the kernel routing tables.
  245. .sp
  246. .B Route types:
  247. .in +8
  248. .B unicast
  249. - the route entry describes real paths to the destinations covered
  250. by the route prefix.
  251. .sp
  252. .B unreachable
  253. - these destinations are unreachable. Packets are discarded and the
  254. ICMP message
  255. .I host unreachable
  256. is generated.
  257. The local senders get an
  258. .I EHOSTUNREACH
  259. error.
  260. .sp
  261. .B blackhole
  262. - these destinations are unreachable. Packets are discarded silently.
  263. The local senders get an
  264. .I EINVAL
  265. error.
  266. .sp
  267. .B prohibit
  268. - these destinations are unreachable. Packets are discarded and the
  269. ICMP message
  270. .I communication administratively prohibited
  271. is generated. The local senders get an
  272. .I EACCES
  273. error.
  274. .sp
  275. .B local
  276. - the destinations are assigned to this host. The packets are looped
  277. back and delivered locally.
  278. .sp
  279. .B broadcast
  280. - the destinations are broadcast addresses. The packets are sent as
  281. link broadcasts.
  282. .sp
  283. .B throw
  284. - a special control route used together with policy rules. If such a
  285. route is selected, lookup in this table is terminated pretending that
  286. no route was found. Without policy routing it is equivalent to the
  287. absence of the route in the routing table. The packets are dropped
  288. and the ICMP message
  289. .I net unreachable
  290. is generated. The local senders get an
  291. .I ENETUNREACH
  292. error.
  293. .sp
  294. .B nat
  295. - a special NAT route. Destinations covered by the prefix
  296. are considered to be dummy (or external) addresses which require translation
  297. to real (or internal) ones before forwarding. The addresses to translate to
  298. are selected with the attribute
  299. .BR "via" .
  300. .B Warning:
  301. Route NAT is no longer supported in Linux 2.6.
  302. .sp
  303. .B anycast
  304. .RI "- " "not implemented"
  305. the destinations are
  306. .I anycast
  307. addresses assigned to this host. They are mainly equivalent
  308. to
  309. .B local
  310. with one difference: such addresses are invalid when used
  311. as the source address of any packet.
  312. .sp
  313. .B multicast
  314. - a special type used for multicast routing. It is not present in
  315. normal routing tables.
  316. .in -8
  317. .P
  318. .B Route tables:
  319. Linux-2.x can pack routes into several routing tables identified
  320. by a number in the range from 1 to 2^32-1 or by name from
  321. .BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
  322. (has precedence if exists).
  323. By default all normal routes are inserted into the
  324. .B main
  325. table (ID 254) and the kernel only uses this table when calculating routes.
  326. Values (0, 253, 254, and 255) are reserved for built-in use.
  327. .sp
  328. Actually, one other table always exists, which is invisible but
  329. even more important. It is the
  330. .B local
  331. table (ID 255). This table
  332. consists of routes for local and broadcast addresses. The kernel maintains
  333. this table automatically and the administrator usually need not modify it
  334. or even look at it.
  335. The multiple routing tables enter the game when
  336. .I policy routing
  337. is used.
  338. .TP
  339. ip route add
  340. add new route
  341. .TP
  342. ip route change
  343. change route
  344. .TP
  345. ip route replace
  346. change or add new one
  347. .RS
  348. .TP
  349. .BI to " TYPE PREFIX " (default)
  350. the destination prefix of the route. If
  351. .I TYPE
  352. is omitted,
  353. .B ip
  354. assumes type
  355. .BR "unicast" .
  356. Other values of
  357. .I TYPE
  358. are listed above.
  359. .I PREFIX
  360. is an IP or IPv6 address optionally followed by a slash and the
  361. prefix length. If the length of the prefix is missing,
  362. .B ip
  363. assumes a full-length host route. There is also a special
  364. .I PREFIX
  365. .B default
  366. - which is equivalent to IP
  367. .B 0/0
  368. or to IPv6
  369. .BR "::/0" .
  370. .TP
  371. .BI tos " TOS"
  372. .TP
  373. .BI dsfield " TOS"
  374. the Type Of Service (TOS) key. This key has no associated mask and
  375. the longest match is understood as: First, compare the TOS
  376. of the route and of the packet. If they are not equal, then the packet
  377. may still match a route with a zero TOS.
  378. .I TOS
  379. is either an 8 bit hexadecimal number or an identifier
  380. from
  381. .BR /share/iproute2/rt_dsfield " or " /etc/iproute2/rt_dsfield
  382. (has precedence if exists).
  383. .TP
  384. .BI metric " NUMBER"
  385. .TP
  386. .BI preference " NUMBER"
  387. the preference value of the route.
  388. .I NUMBER
  389. is an arbitrary 32bit number, where routes with lower values are preferred.
  390. .TP
  391. .BI table " TABLEID"
  392. the table to add this route to.
  393. .I TABLEID
  394. may be a number or a string from
  395. .BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
  396. (has precedence if exists).
  397. If this parameter is omitted,
  398. .B ip
  399. assumes the
  400. .B main
  401. table, with the exception of
  402. .BR local ", " broadcast " and " nat
  403. routes, which are put into the
  404. .B local
  405. table by default.
  406. .TP
  407. .BI vrf " NAME"
  408. the vrf name to add this route to. Implicitly means the table
  409. associated with the VRF.
  410. .TP
  411. .BI dev " NAME"
  412. the output device name.
  413. .TP
  414. .BI via " [ FAMILY ] ADDRESS"
  415. the address of the nexthop router, in the address family FAMILY.
  416. Actually, the sense of this field depends on the route type. For
  417. normal
  418. .B unicast
  419. routes it is either the true next hop router or, if it is a direct
  420. route installed in BSD compatibility mode, it can be a local address
  421. of the interface. For NAT routes it is the first address of the block
  422. of translated IP destinations.
  423. .TP
  424. .BI src " ADDRESS"
  425. the source address to prefer when sending to the destinations
  426. covered by the route prefix.
  427. .TP
  428. .BI realm " REALMID"
  429. the realm to which this route is assigned.
  430. .I REALMID
  431. may be a number or a string from
  432. .BR /share/iproute2/rt_realms " or " /etc/iproute2/rt_realms
  433. (has precedence if exists).
  434. .TP
  435. .BI mtu " MTU"
  436. .TP
  437. .BI "mtu lock" " MTU"
  438. the MTU along the path to the destination. If the modifier
  439. .B lock
  440. is not used, the MTU may be updated by the kernel due to
  441. Path MTU Discovery. If the modifier
  442. .B lock
  443. is used, no path MTU discovery will be tried, all packets
  444. will be sent without the DF bit in IPv4 case or fragmented
  445. to MTU for IPv6.
  446. .TP
  447. .BI window " NUMBER"
  448. the maximal window for TCP to advertise to these destinations,
  449. measured in bytes. It limits maximal data bursts that our TCP
  450. peers are allowed to send to us.
  451. .TP
  452. .BI rtt " TIME"
  453. the initial RTT ('Round Trip Time') estimate. If no suffix is
  454. specified the units are raw values passed directly to the
  455. routing code to maintain compatibility with previous releases.
  456. Otherwise if a suffix of s, sec or secs is used to specify
  457. seconds and ms, msec or msecs to specify milliseconds.
  458. .TP
  459. .BI rttvar " TIME " "(Linux 2.3.15+ only)"
  460. the initial RTT variance estimate. Values are specified as with
  461. .BI rtt
  462. above.
  463. .TP
  464. .BI rto_min " TIME " "(Linux 2.6.23+ only)"
  465. the minimum TCP Retransmission TimeOut to use when communicating with this
  466. destination. Values are specified as with
  467. .BI rtt
  468. above.
  469. .TP
  470. .BI ssthresh " NUMBER " "(Linux 2.3.15+ only)"
  471. an estimate for the initial slow start threshold.
  472. .TP
  473. .BI cwnd " NUMBER " "(Linux 2.3.15+ only)"
  474. the clamp for congestion window. It is ignored if the
  475. .B lock
  476. flag is not used.
  477. .TP
  478. .BI initcwnd " NUMBER " "(Linux 2.5.70+ only)"
  479. the initial congestion window size for connections to this destination.
  480. Actual window size is this value multiplied by the MSS
  481. (``Maximal Segment Size'') for same connection. The default is
  482. zero, meaning to use the values specified in RFC2414.
  483. .TP
  484. .BI initrwnd " NUMBER " "(Linux 2.6.33+ only)"
  485. the initial receive window size for connections to this destination.
  486. Actual window size is this value multiplied by the MSS of the connection.
  487. The default value is zero, meaning to use Slow Start value.
  488. .TP
  489. .BI features " FEATURES " (Linux 3.18+ only)
  490. Enable or disable per-route features. Only available feature at this
  491. time is
  492. .B ecn
  493. to enable explicit congestion notification when initiating connections to the
  494. given destination network.
  495. When responding to a connection request from the given network, ecn will
  496. also be used even if the
  497. .B net.ipv4.tcp_ecn
  498. sysctl is set to 0.
  499. .TP
  500. .BI quickack " BOOL " "(Linux 3.11+ only)"
  501. Enable or disable quick ack for connections to this destination.
  502. .TP
  503. .BI fastopen_no_cookie " BOOL " "(Linux 4.15+ only)"
  504. Enable TCP Fastopen without a cookie for connections to this destination.
  505. .TP
  506. .BI congctl " NAME " "(Linux 3.20+ only)"
  507. .TP
  508. .BI "congctl lock" " NAME " "(Linux 3.20+ only)"
  509. Sets a specific TCP congestion control algorithm only for a given destination.
  510. If not specified, Linux keeps the current global default TCP congestion control
  511. algorithm, or the one set from the application. If the modifier
  512. .B lock
  513. is not used, an application may nevertheless overwrite the suggested congestion
  514. control algorithm for that destination. If the modifier
  515. .B lock
  516. is used, then an application is not allowed to overwrite the specified congestion
  517. control algorithm for that destination, thus it will be enforced/guaranteed to
  518. use the proposed algorithm.
  519. .TP
  520. .BI advmss " NUMBER " "(Linux 2.3.15+ only)"
  521. the MSS ('Maximal Segment Size') to advertise to these
  522. destinations when establishing TCP connections. If it is not given,
  523. Linux uses a default value calculated from the first hop device MTU.
  524. (If the path to these destination is asymmetric, this guess may be wrong.)
  525. .TP
  526. .BI reordering " NUMBER " "(Linux 2.3.15+ only)"
  527. Maximal reordering on the path to this destination.
  528. If it is not given, Linux uses the value selected with
  529. .B sysctl
  530. variable
  531. .BR "net/ipv4/tcp_reordering" .
  532. .TP
  533. .BI nexthop " NEXTHOP"
  534. the nexthop of a multipath route.
  535. .I NEXTHOP
  536. is a complex value with its own syntax similar to the top level
  537. argument lists:
  538. .in +8
  539. .BI via " [ FAMILY ] ADDRESS"
  540. - is the nexthop router.
  541. .sp
  542. .BI dev " NAME"
  543. - is the output device.
  544. .sp
  545. .BI weight " NUMBER"
  546. - is a weight for this element of a multipath
  547. route reflecting its relative bandwidth or quality.
  548. .in -8
  549. The internal buffer used in iproute2 limits the maximum number of nexthops that
  550. may be specified in one go. If only
  551. .I ADDRESS
  552. is given, the current buffer size allows for 144 IPv6 nexthops and 253 IPv4
  553. ones. For IPv4, this effectively limits the number of nexthops possible per
  554. route. With IPv6, further nexthops may be appended to the same route via
  555. .B "ip route append"
  556. command.
  557. .TP
  558. .BI scope " SCOPE_VAL"
  559. the scope of the destinations covered by the route prefix.
  560. .I SCOPE_VAL
  561. may be a number or a string from
  562. .BR /share/iproute2/rt_scopes " or " /etc/iproute2/rt_scopes
  563. (has precedence if exists).
  564. If this parameter is omitted,
  565. .B ip
  566. assumes scope
  567. .B global
  568. for all gatewayed
  569. .B unicast
  570. routes, scope
  571. .B link
  572. for direct
  573. .BR unicast " and " broadcast
  574. routes and scope
  575. .BR host " for " local
  576. routes.
  577. .TP
  578. .BI protocol " RTPROTO"
  579. the routing protocol identifier of this route.
  580. .I RTPROTO
  581. may be a number or a string from
  582. .BR /share/iproute2/rt_protos " or " /etc/iproute2/rt_protos
  583. (has precedence if exists).
  584. If the routing protocol ID is not given,
  585. .B ip assumes protocol
  586. .B boot
  587. (i.e. it assumes the route was added by someone who doesn't
  588. understand what they are doing). Several protocol values have
  589. a fixed interpretation.
  590. Namely:
  591. .in +8
  592. .B redirect
  593. - the route was installed due to an ICMP redirect.
  594. .sp
  595. .B kernel
  596. - the route was installed by the kernel during autoconfiguration.
  597. .sp
  598. .B boot
  599. - the route was installed during the bootup sequence.
  600. If a routing daemon starts, it will purge all of them.
  601. .sp
  602. .B static
  603. - the route was installed by the administrator
  604. to override dynamic routing. Routing daemon will respect them
  605. and, probably, even advertise them to its peers.
  606. .sp
  607. .B ra
  608. - the route was installed by Router Discovery protocol.
  609. .in -8
  610. .sp
  611. The rest of the values are not reserved and the administrator is free
  612. to assign (or not to assign) protocol tags.
  613. .TP
  614. .B onlink
  615. pretend that the nexthop is directly attached to this link,
  616. even if it does not match any interface prefix.
  617. .TP
  618. .BI pref " PREF"
  619. the IPv6 route preference.
  620. .I PREF
  621. is a string specifying the route preference as defined in RFC4191 for Router
  622. Discovery messages. Namely:
  623. .in +8
  624. .B low
  625. - the route has a lowest priority
  626. .sp
  627. .B medium
  628. - the route has a default priority
  629. .sp
  630. .B high
  631. - the route has a highest priority
  632. .sp
  633. .TP
  634. .BI nhid " ID"
  635. use nexthop object with given id as nexthop specification.
  636. .sp
  637. .TP
  638. .BI encap " ENCAPTYPE ENCAPHDR"
  639. attach tunnel encapsulation attributes to this route.
  640. .sp
  641. .I ENCAPTYPE
  642. is a string specifying the supported encapsulation type. Namely:
  643. .in +8
  644. .BI mpls
  645. - encapsulation type MPLS
  646. .sp
  647. .BI ip
  648. - IP encapsulation (Geneve, GRE, VXLAN, ...)
  649. .sp
  650. .BI bpf
  651. - Execution of BPF program
  652. .sp
  653. .BI seg6
  654. - encapsulation type IPv6 Segment Routing
  655. .sp
  656. .BI seg6local
  657. - local SRv6 segment processing
  658. .sp
  659. .BI ioam6
  660. - encapsulation type IPv6 IOAM
  661. .sp
  662. .BI xfrm
  663. - encapsulation type XFRM
  664. .in -8
  665. .I ENCAPHDR
  666. is a set of encapsulation attributes specific to the
  667. .I ENCAPTYPE.
  668. .in +8
  669. .B mpls
  670. .in +2
  671. .I MPLSLABEL
  672. - mpls label stack with labels separated by
  673. .I "/"
  674. .sp
  675. .B ttl
  676. .I TTL
  677. - TTL to use for MPLS header or 0 to inherit from IP header
  678. .in -2
  679. .sp
  680. .B ip
  681. .in +2
  682. .B id
  683. .I TUNNEL_ID
  684. .B dst
  685. .IR REMOTE_IP " [ "
  686. .B src
  687. .IR SRC " ] ["
  688. .B tos
  689. .IR TOS " ] ["
  690. .B ttl
  691. .IR TTL " ] [ "
  692. .BR key " ] [ " csum " ] [ " seq " ] "
  693. .in -2
  694. .sp
  695. .B bpf
  696. .in +2
  697. .B in
  698. .I PROG
  699. - BPF program to execute for incoming packets
  700. .sp
  701. .B out
  702. .I PROG
  703. - BPF program to execute for outgoing packets
  704. .sp
  705. .B xmit
  706. .I PROG
  707. - BPF program to execute for transmitted packets
  708. .sp
  709. .B headroom
  710. .I SIZE
  711. - Size of header BPF program will attach (xmit)
  712. .in -2
  713. .sp
  714. .B seg6
  715. .in +2
  716. .B mode inline
  717. - Directly insert Segment Routing Header after IPv6 header
  718. .sp
  719. .B mode encap
  720. - Encapsulate packet in an outer IPv6 header with SRH
  721. .sp
  722. .B mode encap.red
  723. - Encapsulate packet in an outer IPv6 header with SRH applying the
  724. reduced segment list. When there is only one segment and the HMAC is
  725. not present, the SRH is omitted.
  726. .sp
  727. .B mode l2encap
  728. - Encapsulate ingress L2 frame within an outer IPv6 header and SRH
  729. .sp
  730. .B mode l2encap.red
  731. - Encapsulate ingress L2 frame within an outer IPv6 header and SRH
  732. applying the reduced segment list. When there is only one segment
  733. and the HMAC is not present, the SRH is omitted.
  734. .sp
  735. .I SEGMENTS
  736. - List of comma-separated IPv6 addresses
  737. .sp
  738. .I KEYID
  739. - Numerical value in decimal representation. See \fBip-sr\fR(8).
  740. .in -2
  741. .sp
  742. .B seg6local
  743. .in +2
  744. .IR SEG6_ACTION " [ "
  745. .IR SEG6_ACTION_PARAM " ] [ "
  746. .BR count " ] "
  747. - Operation to perform on matching packets. The optional \fBcount\fR
  748. attribute is used to collect statistics on the processing of actions.
  749. Three counters are implemented: 1) packets correctly processed;
  750. 2) bytes correctly processed; 3) packets that cause a processing error
  751. (i.e., missing SID List, wrong SID List, etc). To retrieve the counters
  752. related to an action use the \fB-s\fR flag in the \fBshow\fR command.
  753. The following actions are currently supported (\fBLinux 4.14+ only\fR).
  754. .in +2
  755. .BR End " [ " flavors
  756. .IR FLAVORS " ] "
  757. - Regular SRv6 processing as intermediate segment endpoint.
  758. This action only accepts packets with a non-zero Segments Left
  759. value. Other matching packets are dropped. The presence of flavors
  760. can change the regular processing of an End behavior according to
  761. the user-provided Flavor operations and information carried in the packet.
  762. See \fBFlavors parameters\fR section.
  763. .B End.X nh6
  764. .I NEXTHOP
  765. .RB [ " flavors "
  766. .IR FLAVORS " ] "
  767. - Regular SRv6 processing as intermediate segment endpoint.
  768. Additionally, forward processed packets to given next-hop.
  769. This action only accepts packets with a non-zero Segments Left
  770. value. Other matching packets are dropped. The presence of flavors
  771. can change the regular processing of an End.X behavior according to
  772. the user-provided Flavor operations and information carried in the packet.
  773. See \fBFlavors parameters\fR section.
  774. .B End.DX6 nh6
  775. .I NEXTHOP
  776. - Decapsulate inner IPv6 packet and forward it to the
  777. specified next-hop. If the argument is set to ::, then
  778. the next-hop is selected according to the local selection
  779. rules. This action only accepts packets with either a zero Segments
  780. Left value or no SRH at all, and an inner IPv6 packet. Other
  781. matching packets are dropped.
  782. .BR End.DT6 " { " table " | " vrftable " } "
  783. .I TABLEID
  784. - Decapsulate the inner IPv6 packet and forward it according to the
  785. specified lookup table.
  786. .I TABLEID
  787. is either a number or a string from
  788. .BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
  789. (has precedence if exists).
  790. If
  791. .B vrftable
  792. is used, the argument must be a VRF device associated with
  793. the table id. Moreover, the VRF table associated with the
  794. table id must be configured with the VRF strict mode turned
  795. on (net.vrf.strict_mode=1). This action only accepts packets
  796. with either a zero Segments Left value or no SRH at all,
  797. and an inner IPv6 packet. Other matching packets are dropped.
  798. .B End.DT4 vrftable
  799. .I TABLEID
  800. - Decapsulate the inner IPv4 packet and forward it according to the
  801. specified lookup table.
  802. .I TABLEID
  803. is either a number or a string from
  804. .BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
  805. (has precedence if exists).
  806. The argument must be a VRF device associated with the table id.
  807. Moreover, the VRF table associated with the table id must be configured
  808. with the VRF strict mode turned on (net.vrf.strict_mode=1). This action
  809. only accepts packets with either a zero Segments Left value or no SRH
  810. at all, and an inner IPv4 packet. Other matching packets are dropped.
  811. .B End.DT46 vrftable
  812. .I TABLEID
  813. - Decapsulate the inner IPv4 or IPv6 packet and forward it according
  814. to the specified lookup table.
  815. .I TABLEID
  816. is either a number or a string from
  817. .BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
  818. (has precedence if exists).
  819. The argument must be a VRF device associated with the table id.
  820. Moreover, the VRF table associated with the table id must be configured
  821. with the VRF strict mode turned on (net.vrf.strict_mode=1). This action
  822. only accepts packets with either a zero Segments Left value or no SRH
  823. at all, and an inner IPv4 or IPv6 packet. Other matching packets are
  824. dropped.
  825. .B End.B6 srh segs
  826. .IR SEGMENTS " [ "
  827. .B hmac
  828. .IR KEYID " ] "
  829. - Insert the specified SRH immediately after the IPv6 header,
  830. update the DA with the first segment of the newly inserted SRH,
  831. then forward the resulting packet. The original SRH is not
  832. modified. This action only accepts packets with a non-zero
  833. Segments Left value. Other matching packets are dropped.
  834. .B End.B6.Encaps srh segs
  835. .IR SEGMENTS " [ "
  836. .B hmac
  837. .IR KEYID " ] "
  838. - Regular SRv6 processing as intermediate segment endpoint.
  839. Additionally, encapsulate the matching packet within an outer IPv6 header
  840. followed by the specified SRH. The destination address of the outer IPv6
  841. header is set to the first segment of the new SRH. The source
  842. address is set as described in \fBip-sr\fR(8).
  843. .B Flavors parameters
  844. The flavors represent additional operations that can modify or extend a
  845. subset of the existing behaviors.
  846. .in +2
  847. .B flavors
  848. .IR OPERATION "[," OPERATION "] [" ATTRIBUTES "]"
  849. .in +2
  850. .IR OPERATION " := { "
  851. .BR psp " | "
  852. .BR usp " | "
  853. .BR usd " | "
  854. .BR next-csid " }"
  855. .IR ATTRIBUTES " := {"
  856. .IR "KEY VALUE" " } ["
  857. .IR ATTRIBUTES " ]"
  858. .IR KEY " := { "
  859. .BR lblen " | "
  860. .BR nflen " } "
  861. .in -2
  862. .B psp
  863. - The Penultimate Segment Pop (PSP) copies the last SID from the SID List
  864. (carried by the outermost SRH) into the IPv6 Destination Address (DA) and
  865. removes (i.e. pops) the SRH from the IPv6 header.
  866. The PSP operation takes place only at a penultimate SR Segment Endpoint node
  867. (e.g., the Segment Left must be one) and does not happen at non-penultimate
  868. endpoint nodes. This flavor is currently only supported by End behavior.
  869. .B usp
  870. - Ultimate Segment Pop of the SRH (not yet supported in kernel)
  871. .B usd
  872. - Ultimate Segment Decapsulation (not yet supported in kernel)
  873. .B next-csid
  874. - The NEXT-C-SID mechanism offers the possibility of encoding
  875. several SRv6 segments within a single 128 bit SID address. The NEXT-C-SID
  876. flavor can be configured to support user-provided Locator-Block and
  877. Locator-Node Function lengths. If Locator-Block and/or Locator-Node Function
  878. lengths are not provided by the user during configuration of an SRv6 End
  879. behavior instance with NEXT-C-SID flavor, the default value is 32-bit for
  880. Locator-Block and 16-bit for Locator-Node Function.
  881. .BI lblen " VALUE "
  882. - defines the Locator-Block length for NEXT-C-SID flavor.
  883. The Locator-Block length must be greater than 0 and evenly divisible by 8. This
  884. attribute can be used only with NEXT-C-SID flavor.
  885. .BI nflen " VALUE "
  886. - defines the Locator-Node Function length for NEXT-C-SID
  887. flavors. The Locator-Node Function length must be greater than 0 and evenly
  888. divisible by 8. This attribute can be used only with NEXT-C-SID flavor.
  889. .in -4
  890. .B ioam6
  891. .in +2
  892. .B freq K/N
  893. - Inject IOAM in K packets every N packets (default is 1/1).
  894. .B mode inline
  895. - Directly insert IOAM after IPv6 header (default mode).
  896. .sp
  897. .B mode encap
  898. - Encapsulate packet in an outer IPv6 header with IOAM.
  899. .sp
  900. .B mode auto
  901. - Automatically use inline mode for local packets and encap mode for in-transit
  902. packets.
  903. .sp
  904. .B tundst
  905. .I ADDRESS
  906. - IPv6 address of the tunnel destination (outer header), not used with inline
  907. mode.
  908. .B type
  909. .I IOAM6_TRACE_TYPE
  910. - List of IOAM data required in the trace, represented by a bitfield (24 bits).
  911. .sp
  912. .B ns
  913. .I IOAM6_NAMESPACE
  914. - Numerical value to represent an IOAM namespace. See \fBip-ioam\fR(8).
  915. .sp
  916. .B size
  917. .I IOAM6_TRACE_SIZE
  918. - Size, in octets, of the pre-allocated trace data block.
  919. .in -2
  920. .B xfrm
  921. .in +2
  922. .B if_id
  923. .I IF_ID
  924. .B " [ link_dev
  925. .IR LINK_DEV " ] "
  926. .in -4
  927. .in -8
  928. .TP
  929. .BI expires " TIME " "(Linux 4.4+ only)"
  930. the route will be deleted after the expires time.
  931. .B Only
  932. support IPv6 at present.
  933. .TP
  934. .BR ttl-propagate " { " enabled " | " disabled " } "
  935. Control whether TTL should be propagated from any encap into the
  936. un-encapsulated packet, overriding any global configuration. Only
  937. supported for MPLS at present.
  938. .RE
  939. .TP
  940. ip route delete
  941. delete route
  942. .RS
  943. .B ip route del
  944. has the same arguments as
  945. .BR "ip route add" ,
  946. but their semantics are a bit different.
  947. Key values
  948. .RB "(" to ", " tos ", " preference " and " table ")"
  949. select the route to delete. If optional attributes are present,
  950. .B ip
  951. verifies that they coincide with the attributes of the route to delete.
  952. If no route with the given key and attributes was found,
  953. .B ip route del
  954. fails.
  955. .RE
  956. .TP
  957. ip route show
  958. list routes
  959. .RS
  960. the command displays the contents of the routing tables or the route(s)
  961. selected by some criteria.
  962. .TP
  963. .BI to " SELECTOR " (default)
  964. only select routes from the given range of destinations.
  965. .I SELECTOR
  966. consists of an optional modifier
  967. .RB "(" root ", " match " or " exact ")"
  968. and a prefix.
  969. .BI root " PREFIX"
  970. selects routes with prefixes not shorter than
  971. .IR PREFIX "."
  972. F.e.
  973. .BI root " 0/0"
  974. selects the entire routing table.
  975. .BI match " PREFIX"
  976. selects routes with prefixes not longer than
  977. .IR PREFIX "."
  978. F.e.
  979. .BI match " 10.0/16"
  980. selects
  981. .IR 10.0/16 ","
  982. .IR 10/8 " and " 0/0 ,
  983. but it does not select
  984. .IR 10.1/16 " and " 10.0.0/24 .
  985. And
  986. .BI exact " PREFIX"
  987. (or just
  988. .IR PREFIX ")"
  989. selects routes with this exact prefix. If neither of these options
  990. are present,
  991. .B ip
  992. assumes
  993. .BI root " 0/0"
  994. i.e. it lists the entire table.
  995. .TP
  996. .BI tos " TOS"
  997. .TP
  998. .BI dsfield " TOS"
  999. only select routes with the given TOS.
  1000. .TP
  1001. .BI table " TABLEID"
  1002. show the routes from this table(s). The default setting is to show table
  1003. .BR main "."
  1004. .I TABLEID
  1005. may either be the ID of a real table or one of the special values:
  1006. .sp
  1007. .in +8
  1008. .B all
  1009. - list all of the tables.
  1010. .sp
  1011. .B cache
  1012. - dump the routing cache.
  1013. .in -8
  1014. .TP
  1015. .BI vrf " NAME"
  1016. show the routes for the table associated with the vrf name
  1017. .TP
  1018. .B cloned
  1019. .TP
  1020. .B cached
  1021. list cloned routes i.e. routes which were dynamically forked from
  1022. other routes because some route attribute (f.e. MTU) was updated.
  1023. Actually, it is equivalent to
  1024. .BR "table cache" "."
  1025. .TP
  1026. .BI from " SELECTOR"
  1027. the same syntax as for
  1028. .BR to ","
  1029. but it binds the source address range rather than destinations.
  1030. Note that the
  1031. .B from
  1032. option only works with cloned routes.
  1033. .TP
  1034. .BI protocol " RTPROTO"
  1035. only list routes of this protocol.
  1036. .TP
  1037. .BI scope " SCOPE_VAL"
  1038. only list routes with this scope.
  1039. .TP
  1040. .BI type " TYPE"
  1041. only list routes of this type.
  1042. .TP
  1043. .BI dev " NAME"
  1044. only list routes going via this device.
  1045. .TP
  1046. .BI via " [ FAMILY ] PREFIX"
  1047. only list routes going via the nexthop routers selected by
  1048. .IR PREFIX "."
  1049. .TP
  1050. .BI src " PREFIX"
  1051. only list routes with preferred source addresses selected
  1052. by
  1053. .IR PREFIX "."
  1054. .TP
  1055. .BI realm " REALMID"
  1056. .TP
  1057. .BI realms " FROMREALM/TOREALM"
  1058. only list routes with these realms.
  1059. .RE
  1060. .TP
  1061. ip route flush
  1062. flush routing tables
  1063. .RS
  1064. this command flushes routes selected by some criteria.
  1065. .sp
  1066. The arguments have the same syntax and semantics as the arguments of
  1067. .BR "ip route show" ,
  1068. but routing tables are not listed but purged. The only difference is
  1069. the default action:
  1070. .B show
  1071. dumps all the IP main routing table but
  1072. .B flush
  1073. prints the helper page.
  1074. .sp
  1075. With the
  1076. .B -statistics
  1077. option, the command becomes verbose. It prints out the number of
  1078. deleted routes and the number of rounds made to flush the routing
  1079. table. If the option is given
  1080. twice,
  1081. .B ip route flush
  1082. also dumps all the deleted routes in the format described in the
  1083. previous subsection.
  1084. .RE
  1085. .TP
  1086. ip route get
  1087. get a single route
  1088. .RS
  1089. this command gets a single route to a destination and prints its
  1090. contents exactly as the kernel sees it.
  1091. .TP
  1092. .BI fibmatch
  1093. Return full fib lookup matched route. Default is to return the resolved
  1094. dst entry
  1095. .TP
  1096. .BI to " ADDRESS " (default)
  1097. the destination address.
  1098. .TP
  1099. .BI from " ADDRESS"
  1100. the source address.
  1101. .TP
  1102. .BI tos " TOS"
  1103. .TP
  1104. .BI dsfield " TOS"
  1105. the Type Of Service.
  1106. .TP
  1107. .BI iif " NAME"
  1108. the device from which this packet is expected to arrive.
  1109. .TP
  1110. .BI oif " NAME"
  1111. force the output device on which this packet will be routed.
  1112. .TP
  1113. .BI mark " MARK"
  1114. the firewall mark
  1115. .RB ( "fwmark" )
  1116. .TP
  1117. .BI vrf " NAME"
  1118. force the vrf device on which this packet will be routed.
  1119. .TP
  1120. .BI ipproto " PROTOCOL"
  1121. ip protocol as seen by the route lookup
  1122. .TP
  1123. .BI sport " NUMBER"
  1124. source port as seen by the route lookup
  1125. .TP
  1126. .BI dport " NUMBER"
  1127. destination port as seen by the route lookup
  1128. .TP
  1129. .B connected
  1130. if no source address
  1131. .RB "(option " from ")"
  1132. was given, relookup the route with the source set to the preferred
  1133. address received from the first lookup.
  1134. If policy routing is used, it may be a different route.
  1135. .P
  1136. Note that this operation is not equivalent to
  1137. .BR "ip route show" .
  1138. .B show
  1139. shows existing routes.
  1140. .B get
  1141. resolves them and creates new clones if necessary. Essentially,
  1142. .B get
  1143. is equivalent to sending a packet along this path.
  1144. If the
  1145. .B iif
  1146. argument is not given, the kernel creates a route
  1147. to output packets towards the requested destination.
  1148. This is equivalent to pinging the destination
  1149. with a subsequent
  1150. .BR "ip route ls cache" ,
  1151. however, no packets are actually sent. With the
  1152. .B iif
  1153. argument, the kernel pretends that a packet arrived from this interface
  1154. and searches for a path to forward the packet.
  1155. .RE
  1156. .TP
  1157. ip route save
  1158. save routing table information to stdout
  1159. .RS
  1160. This command behaves like
  1161. .BR "ip route show"
  1162. except that the output is raw data suitable for passing to
  1163. .BR "ip route restore" .
  1164. .RE
  1165. .TP
  1166. ip route restore
  1167. restore routing table information from stdin
  1168. .RS
  1169. This command expects to read a data stream as returned from
  1170. .BR "ip route save" .
  1171. It will attempt to restore the routing table information exactly as
  1172. it was at the time of the save, so any translation of information
  1173. in the stream (such as device indexes) must be done first. Any existing
  1174. routes are left unchanged. Any routes specified in the data stream that
  1175. already exist in the table will be ignored.
  1176. .RE
  1177. .SH NOTES
  1178. Starting with Linux kernel version 3.6, there is no routing cache for IPv4
  1179. anymore. Hence
  1180. .B "ip route show cached"
  1181. will never print any entries on systems with this or newer kernel versions.
  1182. .SH EXAMPLES
  1183. .PP
  1184. ip ro
  1185. .RS 4
  1186. Show all route entries in the kernel.
  1187. .RE
  1188. .PP
  1189. ip route add default via 192.168.1.1 dev eth0
  1190. .RS 4
  1191. Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can
  1192. be reached on device eth0.
  1193. .RE
  1194. .PP
  1195. ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
  1196. .RS 4
  1197. Adds an ipv4 route with mpls encapsulation attributes attached to it.
  1198. .RE
  1199. .PP
  1200. ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
  1201. .RS 4
  1202. Adds an IPv6 route with SRv6 encapsulation and two segments attached.
  1203. .RE
  1204. .PP
  1205. ip -6 route add 2001:db8:1::/64 encap seg6local action End.DT46 vrftable 100 dev vrf100
  1206. .RS 4
  1207. Adds an IPv6 route with SRv6 decapsulation and forward with lookup in VRF table.
  1208. .RE
  1209. .PP
  1210. ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors psp dev eth0
  1211. .RS 4
  1212. Adds an IPv6 route with SRv6 End behavior with psp flavor enabled.
  1213. .RE
  1214. .PP
  1215. ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors next-csid dev eth0
  1216. .RS 4
  1217. Adds an IPv6 route with SRv6 End behavior with next-csid flavor enabled.
  1218. .RE
  1219. .PP
  1220. ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors next-csid lblen 48 nflen 16 dev eth0
  1221. .RS 4
  1222. Adds an IPv6 route with SRv6 End behavior with next-csid flavor enabled and user-provided Locator-Block and Locator-Node Function lengths.
  1223. .RE
  1224. .PP
  1225. ip -6 route add 2001:db8:1::/64 encap ioam6 freq 2/5 mode encap tundst 2001:db8:42::1 trace prealloc type 0x800000 ns 1 size 12 dev eth0
  1226. .RS 4
  1227. Adds an IPv6 route with an IOAM Pre-allocated Trace encapsulation (ip6ip6) that only includes the hop limit and the node id, configured for the IOAM namespace 1 and a pre-allocated data block of 12 octets (will be injected in 2 packets every 5 packets).
  1228. .RE
  1229. .PP
  1230. ip route add 10.1.1.0/30 nhid 10
  1231. .RS 4
  1232. Adds an ipv4 route using nexthop object with id 10.
  1233. .RE
  1234. .SH SEE ALSO
  1235. .br
  1236. .BR ip (8)
  1237. .SH AUTHOR
  1238. Original Manpage by Michail Litvak <mci@owl.openwall.com>