LinuxCommandLibrary

ip-fou

Manage Foo-over-UDP tunnels

SYNOPSIS

ip fou {add|del|show} [PORT] [PROTO] [dev DEV] [udp SPORT:DPORT] [local ADDR] [peer ADDR]
ip fou help

PARAMETERS

add
    Add a FOU/GUE interface

del
    Delete a FOU/GUE interface

show
    Display FOU/GUE interfaces

PORT
    UDP destination port (required for add/del)

PROTO
    IP protocol: 4 (FOU/IP), 41 (GUE/IPv6), 67 (GUE/IP)

dev DEV
    Physical device for encapsulation

udp SPORT:DPORT
    Source:Dest UDP ports

local ADDR
    Local IP address

peer ADDR
    Remote peer IP address

help
    Print usage information

DESCRIPTION

ip fou is a command from the iproute2 suite used to configure and manage FOU (Fragmentation Over UDP) and GUE (Generic UDP Encapsulation) interfaces on Linux. These encapsulation protocols allow IP packets, including fragments, to be tunneled over UDP, solving fragmentation issues in PMTUD-challenged networks like those with firewalls blocking ICMP.

FOU prepends a 4-byte UDP header mimicking fragmentation, while GUE uses a flexible 8-byte header for metadata. Common use cases include cloud networking, VXLAN alternatives, or IPv6 over IPv4 tunneling without IPIP overhead. The command creates virtual devices that receive UDP-encapsulated packets and decapsulate them to the stack.

It supports adding/deleting/showing interfaces bound to UDP ports and protocols (IPPROTO_IP=4, IPPROTO_IPV6=41). Options specify local/remote UDP endpoints, devices, and peer addresses. Requires root privileges and kernel support (Linux 4.10+ for FOU, 4.18+ for GUE). Integrated with ip link for up/down and MTU settings post-creation.

CAVEATS

Requires CAP_NET_ADMIN; kernel 4.10+ needed; UDP ports must not conflict; no multicast support; MTU must be set manually via ip link; potential UDP checksum issues in asymmetric paths.

EXAMPLE USAGE

Add FOU: ip fou add 1234 ipproto 4 dev eth0 udp 54321:1234
Activate: ip link set fou0 up
Delete: ip fou del 1234 ipproto 4 dev eth0

KERNEL MODULE

Load via modprobe ip_tunnel fou or gue; check with lsmod | grep fou

HISTORY

Introduced in iproute2 4.10 (2017) with Linux kernel 4.10 FOU support; GUE added in kernel 4.18/iproute2 4.18. Developed for efficient UDP tunneling by David Miller and others at Red Hat.

SEE ALSO

ip(8), ip-link(8), ip-tunnel(8), fo-ipproto(7)

Copied to clipboard