ip-route.8 - oasis-root - Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/>

ip-route.8 (33420B)

.TH IP\-ROUTE 8 "13 Dec 2012" "iproute2" "Linux"
.SH "NAME"
ip-route \- routing table management
.SH "SYNOPSIS"
.sp
.ad l
.in +8
.ti -8
.B ip
.RI "[ " ip-OPTIONS " ]"
.B route
.RI " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
.ti -8
.BR "ip route" " { "
.BR show " | " flush " } "
.I  SELECTOR
.ti -8
.BR "ip route save"
.I SELECTOR
.ti -8
.BR "ip route restore"
.ti -8
.B  ip route get
.I ROUTE_GET_FLAGS
.IR ADDRESS " [ "
.BI from " ADDRESS " iif " STRING"
.RB " ] [ " oif
.IR STRING " ] [ "
.B  mark
.IR MARK " ] [ "
.B  tos
.IR TOS " ] [ "
.B  vrf
.IR NAME " ] [ "
.B  ipproto
.IR PROTOCOL " ] [ "
.B  sport
.IR NUMBER " ] [ "
.B  dport
.IR NUMBER " ] "
.ti -8
.BR "ip route" " { " add " | " del " | " change " | " append " | "\
replace " } "
.I  ROUTE
.ti -8
.IR SELECTOR " := "
.RB "[ " root
.IR PREFIX " ] [ "
.B  match
.IR PREFIX " ] [ "
.B  exact
.IR PREFIX " ] [ "
.B  table
.IR TABLE_ID " ] [ "
.B  vrf
.IR NAME " ] [ "
.B  proto
.IR RTPROTO " ] [ "
.B  type
.IR TYPE " ] [ "
.B  scope
.IR SCOPE " ]"
.ti -8
.IR ROUTE " := " NODE_SPEC " [ " INFO_SPEC " ]"
.ti -8
.IR NODE_SPEC " := [ " TYPE " ] " PREFIX " ["
.B  tos
.IR TOS " ] [ "
.B  table
.IR TABLE_ID " ] [ "
.B  proto
.IR RTPROTO " ] [ "
.B  scope
.IR SCOPE " ] [ "
.B  metric
.IR METRIC " ] [ "
.B  ttl-propagate
.RB "{ " enabled " | " disabled " } ]"
.ti -8
.IR INFO_SPEC " := { " NH " | "
.B nhid
.IR ID " } " "OPTIONS FLAGS" " ["
.B  nexthop
.IR NH " ] ..."
.ti -8
.IR NH " := [ "
.B  encap
.IR ENCAP " ] [ "
.B  via
[
.IR FAMILY " ] " ADDRESS " ] [ "
.B  dev
.IR STRING " ] [ "
.B  weight
.IR NUMBER " ] " NHFLAGS
.ti -8
.IR FAMILY " := [ "
.BR inet " | " inet6 " | " mpls " | " bridge " | " link " ]"
.ti -8
.IR OPTIONS " := " FLAGS " [ "
.B  mtu
.IR NUMBER " ] [ "
.B  advmss
.IR NUMBER " ] [ "
.B  as
[
.B to
]
.IR ADDRESS " ]"
.B  rtt
.IR TIME " ] [ "
.B  rttvar
.IR TIME " ] [ "
.B  reordering
.IR NUMBER " ] [ "
.B  window
.IR NUMBER " ] [ "
.B  cwnd
.IR NUMBER " ] [ "
.B  ssthresh
.IR NUMBER " ] [ "
.B  realms
.IR REALM " ] [ "
.B  rto_min
.IR TIME " ] [ "
.B  initcwnd
.IR NUMBER " ] [ "
.B  initrwnd
.IR NUMBER " ] [ "
.B  features
.IR FEATURES " ] [ "
.B  quickack
.IR BOOL " ] [ "
.B  congctl
.IR NAME " ] [ "
.B  pref
.IR PREF " ] [ "
.B  expires
.IR TIME " ] ["
.B  fastopen_no_cookie
.IR BOOL " ]"
.ti -8
.IR TYPE " := [ "
.BR unicast " | " local " | " broadcast " | " multicast " | "\
throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
.ti -8
.IR TABLE_ID " := [ "
.BR local "| " main " | " default " | " all " |"
.IR NUMBER " ]"
.ti -8
.IR SCOPE " := [ "
.BR host " | " link " | " global " |"
.IR NUMBER " ]"
.ti -8
.IR NHFLAGS " := [ "
.BR onlink " | " pervasive " ]"
.ti -8
.IR RTPROTO " := [ "
.BR kernel " | " boot " | " static " |"
.IR NUMBER " ]"
.ti -8
.IR FEATURES " := [ "
.BR ecn " | ]"
.ti -8
.IR PREF " := [ "
.BR low " | " medium " | " high " ]"
.ti -8
.IR ENCAP " := [ "
.IR ENCAP_MPLS " | " ENCAP_IP " | " ENCAP_BPF " | "
.IR ENCAP_SEG6 " | " ENCAP_SEG6LOCAL " | " ENCAP_IOAM6 " ] "
.ti -8
.IR ENCAP_MPLS " := "
.BR mpls " [ "
.IR LABEL " ] ["
.B  ttl
.IR TTL " ]"
.ti -8
.IR ENCAP_IP " := "
.B ip
.B id
.IR TUNNEL_ID
.B  dst
.IR REMOTE_IP " [ "
.B src
.IR SRC " ] ["
.B tos
.IR TOS " ] ["
.B  ttl
.IR TTL " ]"
.ti -8
.IR ENCAP_BPF " := "
.BR bpf " [ "
.B in
.IR PROG " ] ["
.B out
.IR PROG " ] ["
.B xmit
.IR PROG " ] ["
.B headroom
.IR SIZE " ]"
.ti -8
.IR ENCAP_SEG6 " := "
.B seg6
.BR mode " [ "
.BR encap " | " encap.red " | " inline " | " l2encap " | " l2encap.red " ] "
.B segs
.IR SEGMENTS " [ "
.B hmac
.IR KEYID " ]"
.ti -8
.IR ENCAP_SEG6LOCAL " := "
.B seg6local
.BR action
.IR SEG6_ACTION " [ "
.IR SEG6_ACTION_PARAM " ] [ "
.BR count " ] "
.ti -8
.IR ENCAP_IOAM6 " := "
.BR ioam6 " ["
.B freq
.IR K "/" N " ] "
.BR mode " [ "
.BR inline " | " encap " | " auto " ] ["
.B tundst
.IR ADDRESS " ] "
.B trace
.B prealloc
.B type
.IR IOAM6_TRACE_TYPE
.B ns
.IR IOAM6_NAMESPACE
.B size
.IR IOAM6_TRACE_SIZE
.ti -8
.IR ROUTE_GET_FLAGS " := "
.BR " [ "
.BR fibmatch
.BR " ] "
.SH DESCRIPTION
.B ip route
is used to manipulate entries in the kernel routing tables.
.sp
.B Route types:
.in +8
.B unicast
- the route entry describes real paths to the destinations covered
by the route prefix.
.sp
.B unreachable
- these destinations are unreachable. Packets are discarded and the
ICMP message
.I host unreachable
is generated.
The local senders get an
.I EHOSTUNREACH
error.
.sp
.B blackhole
- these destinations are unreachable. Packets are discarded silently.
The local senders get an
.I EINVAL
error.
.sp
.B prohibit
- these destinations are unreachable. Packets are discarded and the
ICMP message
.I communication administratively prohibited
is generated. The local senders get an
.I EACCES
error.
.sp
.B local
- the destinations are assigned to this host. The packets are looped
back and delivered locally.
.sp
.B broadcast
- the destinations are broadcast addresses. The packets are sent as
link broadcasts.
.sp
.B throw
- a special control route used together with policy rules. If such a
route is selected, lookup in this table is terminated pretending that
no route was found. Without policy routing it is equivalent to the
absence of the route in the routing table. The packets are dropped
and the ICMP message
.I net unreachable
is generated. The local senders get an
.I ENETUNREACH
error.
.sp
.B nat
- a special NAT route. Destinations covered by the prefix
are considered to be dummy (or external) addresses which require translation
to real (or internal) ones before forwarding. The addresses to translate to
are selected with the attribute
.BR "via" .
.B Warning:
Route NAT is no longer supported in Linux 2.6.
.sp
.B anycast
.RI "- " "not implemented"
the destinations are
.I anycast
addresses assigned to this host. They are mainly equivalent
to
.B local
with one difference: such addresses are invalid when used
as the source address of any packet.
.sp
.B multicast
- a special type used for multicast routing. It is not present in
normal routing tables.
.in -8
.P
.B Route tables:
Linux-2.x can pack routes into several routing tables identified
by a number in the range from 1 to 2^32-1 or by name from
.BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
(has precedence if exists).
By default all normal routes are inserted into the
.B main
table (ID 254) and the kernel only uses this table when calculating routes.
Values (0, 253, 254, and 255) are reserved for built-in use.
.sp
Actually, one other table always exists, which is invisible but
even more important. It is the
.B local
table (ID 255). This table
consists of routes for local and broadcast addresses. The kernel maintains
this table automatically and the administrator usually need not modify it
or even look at it.
The multiple routing tables enter the game when
.I policy routing
is used.
.TP
ip route add
add new route
.TP
ip route change
change route
.TP
ip route replace
change or add new one
.RS
.TP
.BI to " TYPE PREFIX " (default)
the destination prefix of the route. If
.I TYPE
is omitted,
.B ip
assumes type
.BR "unicast" .
Other values of
.I TYPE
are listed above.
.I PREFIX
is an IP or IPv6 address optionally followed by a slash and the
prefix length. If the length of the prefix is missing,
.B ip
assumes a full-length host route. There is also a special
.I PREFIX
.B default
- which is equivalent to IP
.B 0/0
or to IPv6
.BR "::/0" .
.TP
.BI tos " TOS"
.TP
.BI dsfield " TOS"
the Type Of Service (TOS) key. This key has no associated mask and
the longest match is understood as: First, compare the TOS
of the route and of the packet. If they are not equal, then the packet
may still match a route with a zero TOS.
.I TOS
is either an 8 bit hexadecimal number or an identifier
from
.BR /share/iproute2/rt_dsfield " or " /etc/iproute2/rt_dsfield
(has precedence if exists).
.TP
.BI metric " NUMBER"
.TP
.BI preference " NUMBER"
the preference value of the route.
.I NUMBER
is an arbitrary 32bit number, where routes with lower values are preferred.
.TP
.BI table " TABLEID"
the table to add this route to.
.I TABLEID
may be a number or a string from
.BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
(has precedence if exists).
If this parameter is omitted,
.B ip
assumes the
.B main
table, with the exception of
.BR local ", " broadcast " and " nat
routes, which are put into the
.B local
table by default.
.TP
.BI vrf " NAME"
the vrf name to add this route to. Implicitly means the table
associated with the VRF.
.TP
.BI dev " NAME"
the output device name.
.TP
.BI via " [ FAMILY ] ADDRESS"
the address of the nexthop router, in the address family FAMILY.
Actually, the sense of this field depends on the route type.  For
normal
.B unicast
routes it is either the true next hop router or, if it is a direct
route installed in BSD compatibility mode, it can be a local address
of the interface. For NAT routes it is the first address of the block
of translated IP destinations.
.TP
.BI src " ADDRESS"
the source address to prefer when sending to the destinations
covered by the route prefix.
.TP
.BI realm " REALMID"
the realm to which this route is assigned.
.I REALMID
may be a number or a string from
.BR /share/iproute2/rt_realms " or " /etc/iproute2/rt_realms
(has precedence if exists).
.TP
.BI mtu " MTU"
.TP
.BI "mtu lock" " MTU"
the MTU along the path to the destination. If the modifier
.B lock
is not used, the MTU may be updated by the kernel due to
Path MTU Discovery. If the modifier
.B lock
is used, no path MTU discovery will be tried, all packets
will be sent without the DF bit in IPv4 case or fragmented
to MTU for IPv6.
.TP
.BI window " NUMBER"
the maximal window for TCP to advertise to these destinations,
measured in bytes. It limits maximal data bursts that our TCP
peers are allowed to send to us.
.TP
.BI rtt " TIME"
the initial RTT ('Round Trip Time') estimate. If no suffix is
specified the units are raw values passed directly to the
routing code to maintain compatibility with previous releases.
Otherwise if a suffix of s, sec or secs is used to specify
seconds and ms, msec or msecs to specify milliseconds.
.TP
.BI rttvar " TIME " "(Linux 2.3.15+ only)"
the initial RTT variance estimate. Values are specified as with
.BI rtt
above.
.TP
.BI rto_min " TIME " "(Linux 2.6.23+ only)"
the minimum TCP Retransmission TimeOut to use when communicating with this
destination. Values are specified as with
.BI rtt
above.
.TP
.BI ssthresh " NUMBER " "(Linux 2.3.15+ only)"
an estimate for the initial slow start threshold.
.TP
.BI cwnd " NUMBER " "(Linux 2.3.15+ only)"
the clamp for congestion window. It is ignored if the
.B lock
flag is not used.
.TP
.BI initcwnd " NUMBER " "(Linux 2.5.70+ only)"
the initial congestion window size for connections to this destination.
Actual window size is this value multiplied by the MSS
(``Maximal Segment Size'') for same connection. The default is
zero, meaning to use the values specified in RFC2414.
.TP
.BI initrwnd " NUMBER " "(Linux 2.6.33+ only)"
the initial receive window size for connections to this destination.
Actual window size is this value multiplied by the MSS of the connection.
The default value is zero, meaning to use Slow Start value.
.TP
.BI features " FEATURES " (Linux 3.18+ only)
Enable or disable per-route features. Only available feature at this
time is
.B ecn
to enable explicit congestion notification when initiating connections to the
given destination network.
When responding to a connection request from the given network, ecn will
also be used even if the
.B net.ipv4.tcp_ecn
sysctl is set to 0.
.TP
.BI quickack " BOOL " "(Linux 3.11+ only)"
Enable or disable quick ack for connections to this destination.
.TP
.BI fastopen_no_cookie " BOOL " "(Linux 4.15+ only)"
Enable TCP Fastopen without a cookie for connections to this destination.
.TP
.BI congctl " NAME " "(Linux 3.20+ only)"
.TP
.BI "congctl lock" " NAME " "(Linux 3.20+ only)"
Sets a specific TCP congestion control algorithm only for a given destination.
If not specified, Linux keeps the current global default TCP congestion control
algorithm, or the one set from the application. If the modifier
.B lock
is not used, an application may nevertheless overwrite the suggested congestion
control algorithm for that destination. If the modifier
.B lock
is used, then an application is not allowed to overwrite the specified congestion
control algorithm for that destination, thus it will be enforced/guaranteed to
use the proposed algorithm.
.TP
.BI advmss " NUMBER " "(Linux 2.3.15+ only)"
the MSS ('Maximal Segment Size') to advertise to these
destinations when establishing TCP connections. If it is not given,
Linux uses a default value calculated from the first hop device MTU.
(If the path to these destination is asymmetric, this guess may be wrong.)
.TP
.BI reordering " NUMBER " "(Linux 2.3.15+ only)"
Maximal reordering on the path to this destination.
If it is not given, Linux uses the value selected with
.B sysctl
variable
.BR "net/ipv4/tcp_reordering" .
.TP
.BI nexthop " NEXTHOP"
the nexthop of a multipath route.
.I NEXTHOP
is a complex value with its own syntax similar to the top level
argument lists:
.in +8
.BI via " [ FAMILY ] ADDRESS"
- is the nexthop router.
.sp
.BI dev " NAME"
- is the output device.
.sp
.BI weight " NUMBER"
- is a weight for this element of a multipath
route reflecting its relative bandwidth or quality.
.in -8
The internal buffer used in iproute2 limits the maximum number of nexthops that
may be specified in one go. If only
.I ADDRESS
is given, the current buffer size allows for 144 IPv6 nexthops and 253 IPv4
ones. For IPv4, this effectively limits the number of nexthops possible per
route. With IPv6, further nexthops may be appended to the same route via
.B "ip route append"
command.
.TP
.BI scope " SCOPE_VAL"
the scope of the destinations covered by the route prefix.
.I SCOPE_VAL
may be a number or a string from
.BR /share/iproute2/rt_scopes " or " /etc/iproute2/rt_scopes
(has precedence if exists).
If this parameter is omitted,
.B ip
assumes scope
.B global
for all gatewayed
.B unicast
routes, scope
.B link
for direct
.BR unicast " and " broadcast
routes and scope
.BR host " for " local
routes.
.TP
.BI protocol " RTPROTO"
the routing protocol identifier of this route.
.I RTPROTO
may be a number or a string from
.BR /share/iproute2/rt_protos " or " /etc/iproute2/rt_protos
(has precedence if exists).
If the routing protocol ID is not given,
.B ip assumes protocol
.B boot
(i.e. it assumes the route was added by someone who doesn't
understand what they are doing). Several protocol values have
a fixed interpretation.
Namely:
.in +8
.B redirect
- the route was installed due to an ICMP redirect.
.sp
.B kernel
- the route was installed by the kernel during autoconfiguration.
.sp
.B boot
- the route was installed during the bootup sequence.
If a routing daemon starts, it will purge all of them.
.sp
.B static
- the route was installed by the administrator
to override dynamic routing. Routing daemon will respect them
and, probably, even advertise them to its peers.
.sp
.B ra
- the route was installed by Router Discovery protocol.
.in -8
.sp
The rest of the values are not reserved and the administrator is free
to assign (or not to assign) protocol tags.
.TP
.B onlink
pretend that the nexthop is directly attached to this link,
even if it does not match any interface prefix.
.TP
.BI pref " PREF"
the IPv6 route preference.
.I PREF
is a string specifying the route preference as defined in RFC4191 for Router
Discovery messages. Namely:
.in +8
.B low
- the route has a lowest priority
.sp
.B medium
- the route has a default priority
.sp
.B high
- the route has a highest priority
.sp
.TP
.BI nhid " ID"
use nexthop object with given id as nexthop specification.
.sp
.TP
.BI encap " ENCAPTYPE ENCAPHDR"
attach tunnel encapsulation attributes to this route.
.sp
.I ENCAPTYPE
is a string specifying the supported encapsulation type. Namely:
.in +8
.BI mpls
- encapsulation type MPLS
.sp
.BI ip
- IP encapsulation (Geneve, GRE, VXLAN, ...)
.sp
.BI bpf
- Execution of BPF program
.sp
.BI seg6
- encapsulation type IPv6 Segment Routing
.sp
.BI seg6local
- local SRv6 segment processing
.sp
.BI ioam6
- encapsulation type IPv6 IOAM
.sp
.BI xfrm
- encapsulation type XFRM
.in -8
.I ENCAPHDR
is a set of encapsulation attributes specific to the
.I ENCAPTYPE.
.in +8
.B mpls
.in +2
.I MPLSLABEL
- mpls label stack with labels separated by
.I "/"
.sp
.B ttl
.I TTL
- TTL to use for MPLS header or 0 to inherit from IP header
.in -2
.sp
.B ip
.in +2
.B id
.I TUNNEL_ID
.B  dst
.IR REMOTE_IP " [ "
.B src
.IR SRC " ] ["
.B tos
.IR TOS " ] ["
.B  ttl
.IR TTL " ] [ "
.BR key " ] [ " csum " ] [ " seq " ] "
.in -2
.sp
.B bpf
.in +2
.B in
.I PROG
- BPF program to execute for incoming packets
.sp
.B out
.I PROG
- BPF program to execute for outgoing packets
.sp
.B xmit
.I PROG
- BPF program to execute for transmitted packets
.sp
.B headroom
.I SIZE
- Size of header BPF program will attach (xmit)
.in -2
.sp
.B seg6
.in +2
.B mode inline
- Directly insert Segment Routing Header after IPv6 header
.sp
.B mode encap
- Encapsulate packet in an outer IPv6 header with SRH
.sp
.B mode encap.red
- Encapsulate packet in an outer IPv6 header with SRH applying the
reduced segment list. When there is only one segment and the HMAC is
not present, the SRH is omitted.
.sp
.B mode l2encap
- Encapsulate ingress L2 frame within an outer IPv6 header and SRH
.sp
.B mode l2encap.red
- Encapsulate ingress L2 frame within an outer IPv6 header and SRH
applying the reduced segment list. When there is only one segment
and the HMAC is not present, the SRH is omitted.
.sp
.I SEGMENTS
- List of comma-separated IPv6 addresses
.sp
.I KEYID
- Numerical value in decimal representation. See \fBip-sr\fR(8).
.in -2
.sp
.B seg6local
.in +2
.IR SEG6_ACTION " [ "
.IR SEG6_ACTION_PARAM " ] [ "
.BR count " ] "
- Operation to perform on matching packets. The optional \fBcount\fR
attribute is used to collect statistics on the processing of actions.
Three counters are implemented: 1) packets correctly processed;
2) bytes correctly processed; 3) packets that cause a processing error
(i.e., missing SID List, wrong SID List, etc). To retrieve the counters
related to an action use the \fB-s\fR flag in the \fBshow\fR command.
The following actions are currently supported (\fBLinux 4.14+ only\fR).
.in +2
.BR End " [ " flavors
.IR FLAVORS " ] "
- Regular SRv6 processing as intermediate segment endpoint.
This action only accepts packets with a non-zero Segments Left
value. Other matching packets are dropped. The presence of flavors
can change the regular processing of an End behavior according to
the user-provided Flavor operations and information carried in the packet.
See \fBFlavors parameters\fR section.
.B End.X nh6
.I NEXTHOP
.RB [ " flavors "
.IR FLAVORS " ] "
- Regular SRv6 processing as intermediate segment endpoint.
Additionally, forward processed packets to given next-hop.
This action only accepts packets with a non-zero Segments Left
value. Other matching packets are dropped. The presence of flavors
can change the regular processing of an End.X behavior according to
the user-provided Flavor operations and information carried in the packet.
See \fBFlavors parameters\fR section.
.B End.DX6 nh6
.I NEXTHOP
- Decapsulate inner IPv6 packet and forward it to the
specified next-hop. If the argument is set to ::, then
the next-hop is selected according to the local selection
rules. This action only accepts packets with either a zero Segments
Left value or no SRH at all, and an inner IPv6 packet. Other
matching packets are dropped.
.BR End.DT6 " { " table " | " vrftable " } "
.I TABLEID
- Decapsulate the inner IPv6 packet and forward it according to the
specified lookup table.
.I TABLEID
is either a number or a string from
.BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
(has precedence if exists).
If
.B vrftable
is used, the argument must be a VRF device associated with
the table id. Moreover, the VRF table associated with the
table id must be configured with the VRF strict mode turned
on (net.vrf.strict_mode=1). This action only accepts packets
with either a zero Segments Left value or no SRH at all,
and an inner IPv6 packet. Other matching packets are dropped.
.B End.DT4 vrftable
.I TABLEID
- Decapsulate the inner IPv4 packet and forward it according to the
specified lookup table.
.I TABLEID
is either a number or a string from
.BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
(has precedence if exists).
The argument must be a VRF device associated with the table id.
Moreover, the VRF table associated with the table id must be configured
with the VRF strict mode turned on (net.vrf.strict_mode=1). This action
only accepts packets with either a zero Segments Left value or no SRH
at all, and an inner IPv4 packet. Other matching packets are dropped.
.B End.DT46 vrftable
.I TABLEID
- Decapsulate the inner IPv4 or IPv6 packet and forward it according
to the specified lookup table.
.I TABLEID
is either a number or a string from
.BR /share/iproute2/rt_tables " or " /etc/iproute2/rt_tables
(has precedence if exists).
The argument must be a VRF device associated with the table id.
Moreover, the VRF table associated with the table id must be configured
with the VRF strict mode turned on (net.vrf.strict_mode=1). This action
only accepts packets with either a zero Segments Left value or no SRH
at all, and an inner IPv4 or IPv6 packet. Other matching packets are
dropped.
.B End.B6 srh segs
.IR SEGMENTS " [ "
.B hmac
.IR KEYID " ] "
- Insert the specified SRH immediately after the IPv6 header,
update the DA with the first segment of the newly inserted SRH,
then forward the resulting packet. The original SRH is not
modified. This action only accepts packets with a non-zero
Segments Left value. Other matching packets are dropped.
.B End.B6.Encaps srh segs
.IR SEGMENTS " [ "
.B hmac
.IR KEYID " ] "
- Regular SRv6 processing as intermediate segment endpoint.
Additionally, encapsulate the matching packet within an outer IPv6 header
followed by the specified SRH. The destination address of the outer IPv6
header is set to the first segment of the new SRH. The source
address is set as described in \fBip-sr\fR(8).
.B Flavors parameters
The flavors represent additional operations that can modify or extend a
subset of the existing behaviors.
.in +2
.B flavors
.IR OPERATION "[," OPERATION "] [" ATTRIBUTES "]"
.in +2
.IR OPERATION " := { "
.BR psp " | "
.BR usp " | "
.BR usd " | "
.BR next-csid " }"
.IR ATTRIBUTES " := {"
.IR "KEY VALUE" " } ["
.IR ATTRIBUTES " ]"
.IR KEY " := { "
.BR lblen " | "
.BR nflen " } "
.in -2
.B psp
- The Penultimate Segment Pop (PSP) copies the last SID from the SID List
(carried by the outermost SRH) into the IPv6 Destination Address (DA) and
removes (i.e. pops) the SRH from the IPv6 header.
The PSP operation takes place only at a penultimate SR Segment Endpoint node
(e.g., the Segment Left must be one) and does not happen at non-penultimate
endpoint nodes. This flavor is currently only supported by End behavior.
.B usp
- Ultimate Segment Pop of the SRH (not yet supported in kernel)
.B usd
- Ultimate Segment Decapsulation (not yet supported in kernel)
.B next-csid
- The NEXT-C-SID mechanism offers the possibility of encoding
several SRv6 segments within a single 128 bit SID address. The NEXT-C-SID
flavor can be configured to support user-provided Locator-Block and
Locator-Node Function lengths. If Locator-Block and/or Locator-Node Function
lengths are not provided by the user during configuration of an SRv6 End
behavior instance with NEXT-C-SID flavor, the default value is 32-bit for
Locator-Block and 16-bit for Locator-Node Function.
.BI lblen " VALUE "
- defines the Locator-Block length for NEXT-C-SID flavor.
The Locator-Block length must be greater than 0 and evenly divisible by 8. This
attribute can be used only with NEXT-C-SID flavor.
.BI nflen " VALUE "
- defines the Locator-Node Function length for NEXT-C-SID
flavors. The Locator-Node Function length must be greater than 0 and evenly
divisible by 8. This attribute can be used only with NEXT-C-SID flavor.
.in -4
.B ioam6
.in +2
.B freq K/N
- Inject IOAM in K packets every N packets (default is 1/1).
.B mode inline
- Directly insert IOAM after IPv6 header (default mode).
.sp
.B mode encap
- Encapsulate packet in an outer IPv6 header with IOAM.
.sp
.B mode auto
- Automatically use inline mode for local packets and encap mode for in-transit
packets.
.sp
.B tundst
.I ADDRESS
- IPv6 address of the tunnel destination (outer header), not used with inline
mode.
.B type
.I IOAM6_TRACE_TYPE
- List of IOAM data required in the trace, represented by a bitfield (24 bits).
.sp
.B ns
.I IOAM6_NAMESPACE
- Numerical value to represent an IOAM namespace. See \fBip-ioam\fR(8).
.sp
.B size
.I IOAM6_TRACE_SIZE
- Size, in octets, of the pre-allocated trace data block.
.in -2
.B xfrm
.in +2
.B if_id
.I IF_ID
.B  " [ link_dev
.IR LINK_DEV " ] "
.in -4
.in -8
.TP
.BI expires " TIME " "(Linux 4.4+ only)"
the route will be deleted after the expires time.
.B Only
support IPv6 at present.
.TP
.BR ttl-propagate " { " enabled " | " disabled " } "
Control whether TTL should be propagated from any encap into the
un-encapsulated packet, overriding any global configuration. Only
supported for MPLS at present.
.RE
.TP
ip route delete
delete route
.RS
.B ip route del
has the same arguments as
.BR "ip route add" ,
but their semantics are a bit different.
Key values
.RB "(" to ", " tos ", " preference " and " table ")"
select the route to delete. If optional attributes are present,
.B ip
verifies that they coincide with the attributes of the route to delete.
If no route with the given key and attributes was found,
.B ip route del
fails.
.RE
.TP
ip route show
list routes
.RS
the command displays the contents of the routing tables or the route(s)
selected by some criteria.
.TP
.BI to " SELECTOR " (default)
only select routes from the given range of destinations.
.I SELECTOR
consists of an optional modifier
.RB "(" root ", " match " or " exact ")"
and a prefix.
.BI root " PREFIX"
selects routes with prefixes not shorter than
.IR PREFIX "."
F.e.
.BI root " 0/0"
selects the entire routing table.
.BI match " PREFIX"
selects routes with prefixes not longer than
.IR PREFIX "."
F.e.
.BI match " 10.0/16"
selects
.IR 10.0/16 ","
.IR 10/8 " and " 0/0 ,
but it does not select
.IR 10.1/16 " and " 10.0.0/24 .
And
.BI exact " PREFIX"
(or just
.IR PREFIX ")"
selects routes with this exact prefix. If neither of these options
are present,
.B ip
assumes
.BI root " 0/0"
i.e. it lists the entire table.
.TP
.BI tos " TOS"
.TP
.BI dsfield " TOS"
only select routes with the given TOS.
.TP
.BI table " TABLEID"
show the routes from this table(s). The default setting is to show table
.BR main "."
.I TABLEID
may either be the ID of a real table or one of the special values:
.sp
.in +8
.B all
- list all of the tables.
.sp
.B cache
- dump the routing cache.
.in -8
.TP
.BI vrf " NAME"
show the routes for the table associated with the vrf name
.TP
.B cloned
.TP
.B cached
list cloned routes i.e. routes which were dynamically forked from
other routes because some route attribute (f.e. MTU) was updated.
Actually, it is equivalent to
.BR "table cache" "."
.TP
.BI from " SELECTOR"
the same syntax as for
.BR to ","
but it binds the source address range rather than destinations.
Note that the
.B from
option only works with cloned routes.
.TP
.BI protocol " RTPROTO"
only list routes of this protocol.
.TP
.BI scope " SCOPE_VAL"
only list routes with this scope.
.TP
.BI type " TYPE"
only list routes of this type.
.TP
.BI dev " NAME"
only list routes going via this device.
.TP
.BI via " [ FAMILY ] PREFIX"
only list routes going via the nexthop routers selected by
.IR PREFIX "."
.TP
.BI src " PREFIX"
only list routes with preferred source addresses selected
by
.IR PREFIX "."
.TP
.BI realm " REALMID"
.TP
.BI realms " FROMREALM/TOREALM"
only list routes with these realms.
.RE
.TP
ip route flush
flush routing tables
.RS
this command flushes routes selected by some criteria.
.sp
The arguments have the same syntax and semantics as the arguments of
.BR "ip route show" ,
but routing tables are not listed but purged. The only difference is
the default action:
.B show
dumps all the IP main routing table but
.B flush
prints the helper page.
.sp
With the
.B -statistics
option, the command becomes verbose. It prints out the number of
deleted routes and the number of rounds made to flush the routing
table. If the option is given
twice,
.B ip route flush
also dumps all the deleted routes in the format described in the
previous subsection.
.RE
.TP
ip route get
get a single route
.RS
this command gets a single route to a destination and prints its
contents exactly as the kernel sees it.
.TP
.BI fibmatch
Return full fib lookup matched route. Default is to return the resolved
dst entry
.TP
.BI to " ADDRESS " (default)
the destination address.
.TP
.BI from " ADDRESS"
the source address.
.TP
.BI tos " TOS"
.TP
.BI dsfield " TOS"
the Type Of Service.
.TP
.BI iif " NAME"
the device from which this packet is expected to arrive.
.TP
.BI oif " NAME"
force the output device on which this packet will be routed.
.TP
.BI mark " MARK"
the firewall mark
.RB ( "fwmark" )
.TP
.BI vrf " NAME"
force the vrf device on which this packet will be routed.
.TP
.BI ipproto " PROTOCOL"
ip protocol as seen by the route lookup
.TP
.BI sport " NUMBER"
source port as seen by the route lookup
.TP
.BI dport " NUMBER"
destination port as seen by the route lookup
.TP
.B connected
if no source address
.RB "(option " from ")"
was given, relookup the route with the source set to the preferred
address received from the first lookup.
If policy routing is used, it may be a different route.
.P
Note that this operation is not equivalent to
.BR "ip route show" .
.B show
shows existing routes.
.B get
resolves them and creates new clones if necessary. Essentially,
.B get
is equivalent to sending a packet along this path.
If the
.B iif
argument is not given, the kernel creates a route
to output packets towards the requested destination.
This is equivalent to pinging the destination
with a subsequent
.BR "ip route ls cache" ,
however, no packets are actually sent. With the
.B iif
argument, the kernel pretends that a packet arrived from this interface
and searches for a path to forward the packet.
.RE
.TP
ip route save
save routing table information to stdout
.RS
This command behaves like
.BR "ip route show"
except that the output is raw data suitable for passing to
.BR "ip route restore" .
.RE
.TP
ip route restore
restore routing table information from stdin
.RS
This command expects to read a data stream as returned from
.BR "ip route save" .
It will attempt to restore the routing table information exactly as
it was at the time of the save, so any translation of information
in the stream (such as device indexes) must be done first. Any existing
routes are left unchanged. Any routes specified in the data stream that
already exist in the table will be ignored.
.RE
.SH NOTES
Starting with Linux kernel version 3.6, there is no routing cache for IPv4
anymore. Hence
.B "ip route show cached"
will never print any entries on systems with this or newer kernel versions.
.SH EXAMPLES
.PP
ip ro
.RS 4
Show all route entries in the kernel.
.RE
.PP
ip route add default via 192.168.1.1 dev eth0
.RS 4
Adds a default route (for all addresses) via the local gateway 192.168.1.1 that can
be reached on device eth0.
.RE
.PP
ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
.RS 4
Adds an ipv4 route with mpls encapsulation attributes attached to it.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
.RS 4
Adds an IPv6 route with SRv6 encapsulation and two segments attached.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap seg6local action End.DT46 vrftable 100 dev vrf100
.RS 4
Adds an IPv6 route with SRv6 decapsulation and forward with lookup in VRF table.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors psp dev eth0
.RS 4
Adds an IPv6 route with SRv6 End behavior with psp flavor enabled.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors next-csid dev eth0
.RS 4
Adds an IPv6 route with SRv6 End behavior with next-csid flavor enabled.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap seg6local action End flavors next-csid lblen 48 nflen 16 dev eth0
.RS 4
Adds an IPv6 route with SRv6 End behavior with next-csid flavor enabled and user-provided Locator-Block and Locator-Node Function lengths.
.RE
.PP
ip -6 route add 2001:db8:1::/64 encap ioam6 freq 2/5 mode encap tundst 2001:db8:42::1 trace prealloc type 0x800000 ns 1 size 12 dev eth0
.RS 4
Adds an IPv6 route with an IOAM Pre-allocated Trace encapsulation (ip6ip6) that only includes the hop limit and the node id, configured for the IOAM namespace 1 and a pre-allocated data block of 12 octets (will be injected in 2 packets every 5 packets).
.RE
.PP
ip route add 10.1.1.0/30 nhid 10
.RS 4
Adds an ipv4 route using nexthop object with id 10.
.RE
.SH SEE ALSO
.br
.BR ip (8)
.SH AUTHOR
Original Manpage by Michail Litvak <mci@owl.openwall.com>