ip-route-add

Add a default route using gateway forwarding

$ sudo ip [[r|route]] [[a|add]] default via [gateway_ip]

$ sudo ip [[r|route]] [[a|add]] default dev [ethX]

$ sudo ip [[r|route]] [[a|add]] [destination_ip] via [gateway_ip] dev [ethX]

$ sudo ip [[r|route]] [[a|add]] [destination_ip] dev [ethX] [[t|table]] [ip]

ip route add { DESTINATION | default } [via GATEWAY] [dev DEVICE] [src SOURCE_IP] [metric METRIC] [proto PROTOCOL] [scope SCOPE] [table TABLE_ID] [type TYPE] [onlink]

DESTINATION | default
    The destination network or host. Can be an IP address (e.g., 192.168.1.1), a CIDR block (e.g., 192.168.1.0/24), or 'default' for the default route.

via GATEWAY
    Specifies the IP address of the next-hop router or gateway to reach the destination.

dev DEVICE
    Defines the network interface through which packets for the destination will be sent (e.g., eth0, enp0s3, wlan0).

src SOURCE_IP
    Sets the source IP address for packets sent out via this route. Useful in multi-homed scenarios.

metric METRIC
    An integer value indicating the preference for this route. Lower metrics are preferred when multiple routes exist for the same destination.

proto PROTOCOL
    A numeric or symbolic identifier for the routing protocol that installed this route (e.g., 'static', 'boot', 'kernel', 'redirect', 'dhcp').

scope SCOPE
    Defines the scope of the destination address: 'global' (reachable anywhere), 'link' (only on the directly connected link), or 'host' (only reachable locally).

table TABLE_ID
    Specifies the routing table to add the route to. Common tables include 'main', 'local', 'default', or a numeric ID.

type TYPE
    The type of route: 'unicast' (normal route), 'blackhole' (discards packets silently), 'prohibit' (discards packets and sends ICMP Prohibit), 'unreachable' (discards and sends ICMP Unreachable), 'local', 'broadcast', 'throw', etc.

onlink
    Forces the kernel to believe the destination is directly connected via the specified device, bypassing checks for the gateway's reachability.

The `ip route add` command is a fundamental utility within the `iproute2` suite, used to manually insert new entries into the Linux kernel's IP routing table. This table dictates how network traffic is forwarded from the local system to various destinations. Each entry, or "route," specifies a destination network or host, often a `gateway` (the next hop to reach that destination), and the `device` (network interface) through which the traffic should exit.

By adding routes, administrators can direct traffic for specific destinations through particular interfaces, gateways, or even define rules for traffic rejection. For instance, you might add a route to a private network accessible via a VPN tunnel, or a default route to the internet via your router. `ip route add` superseded the older `route add` command, offering more advanced features like policy routing, support for multiple routing tables, and comprehensive IPv6 management. Understanding and utilizing this command is crucial for configuring complex network topologies and ensuring proper network connectivity on Linux systems.

ip route add requires root privileges to execute.

Changes made with `ip route add` are ephemeral; they are not persistent across system reboots. To make routes persistent, they must be configured through system-specific network configuration files or services (e.g., `netplan`, `NetworkManager`, `/etc/network/interfaces` on Debian/Ubuntu, `/etc/sysconfig/network-scripts` on RHEL/CentOS).

Incorrectly adding routes can disrupt network connectivity, potentially making the system inaccessible. Always verify changes using `ip route show` after modification.

Routes added with `ip route add` are active immediately but are lost upon system reboot. To ensure routes are re-established after a restart, you must configure them in your system's network configuration files. The exact method varies by distribution:
- On Debian/Ubuntu, edit `/etc/network/interfaces`.
- On RHEL/CentOS, use `nmcli` or configure files in `/etc/sysconfig/network-scripts/`.
- Modern distributions often use `netplan` or `NetworkManager` for declarative network configuration.

The most common use case is adding a default route (gateway to the internet). This is achieved by specifying `default` as the destination:
`ip route add default via 192.168.1.1 dev eth0`
This directs all traffic for unknown destinations through the specified gateway on the given interface.

Beyond the standard `unicast` route, `ip route add` supports several special types for specific network behaviors:
- `blackhole`: Silently drops packets destined for this route. Useful for blocking malicious traffic or unused subnets.
- `prohibit`: Drops packets and sends an ICMP 'Communication Administratively Prohibited' message back to the sender.
- `unreachable`: Drops packets and sends an ICMP 'Destination Unreachable' message.
These are invaluable for enforcing network policies and security.

The `ip route` command is part of the `iproute2` utility suite, which was developed to replace the older `net-tools` (including `ifconfig`, `route`, `netstat`) in Linux. `iproute2` emerged in the late 1990s as a more powerful and flexible alternative, specifically designed to handle advanced networking features like policy routing, multiple routing tables, traffic control, and comprehensive IPv6 support, which were not well-supported by the legacy tools. Over time, `iproute2` has become the standard and recommended toolset for configuring networking on modern Linux distributions.

ip route show(8), ip route del(8), ip route change(8), ip rule(8), ip(8), route(8)