LinuxCommandLibrary

ip-route-add

Add routing table entries

TLDR

Add a default route using gateway forwarding

$ sudo ip [[r|route]] [[a|add]] default via [gateway_ip]
copy

Add a default route using ethX
$ sudo ip [[r|route]] [[a|add]] default dev [ethX]
copy

Add a static route
$ sudo ip [[r|route]] [[a|add]] [destination_ip] via [gateway_ip] dev [ethX]
copy

Add a route to a specific routing table
$ sudo ip [[r|route]] [[a|add]] [destination_ip] dev [ethX] [[t|table]] [ip]
copy

SYNOPSIS

ip route add { DESTINATION | default } [via GATEWAY] [dev DEVICE] [src SOURCE_IP] [metric METRIC] [proto PROTOCOL] [scope SCOPE] [table TABLE_ID] [type TYPE] [onlink]

PARAMETERS

DESTINATION | default
    The destination network or host. Can be an IP address (e.g., 192.168.1.1), a CIDR block (e.g., 192.168.1.0/24), or 'default' for the default route.

via GATEWAY
    Specifies the IP address of the next-hop router or gateway to reach the destination.

dev DEVICE
    Defines the network interface through which packets for the destination will be sent (e.g., eth0, enp0s3, wlan0).

src SOURCE_IP
    Sets the source IP address for packets sent out via this route. Useful in multi-homed scenarios.

metric METRIC
    An integer value indicating the preference for this route. Lower metrics are preferred when multiple routes exist for the same destination.

proto PROTOCOL
    A numeric or symbolic identifier for the routing protocol that installed this route (e.g., 'static', 'boot', 'kernel', 'redirect', 'dhcp').

scope SCOPE
    Defines the scope of the destination address: 'global' (reachable anywhere), 'link' (only on the directly connected link), or 'host' (only reachable locally).

table TABLE_ID
    Specifies the routing table to add the route to. Common tables include 'main', 'local', 'default', or a numeric ID.

type TYPE
    The type of route: 'unicast' (normal route), 'blackhole' (discards packets silently), 'prohibit' (discards packets and sends ICMP Prohibit), 'unreachable' (discards and sends ICMP Unreachable), 'local', 'broadcast', 'throw', etc.

onlink
    Forces the kernel to believe the destination is directly connected via the specified device, bypassing checks for the gateway's reachability.

DESCRIPTION

The `ip route add` command is a fundamental utility within the `iproute2` suite, used to manually insert new entries into the Linux kernel's IP routing table. This table dictates how network traffic is forwarded from the local system to various destinations. Each entry, or "route," specifies a destination network or host, often a `gateway` (the next hop to reach that destination), and the `device` (network interface) through which the traffic should exit.

By adding routes, administrators can direct traffic for specific destinations through particular interfaces, gateways, or even define rules for traffic rejection. For instance, you might add a route to a private network accessible via a VPN tunnel, or a default route to the internet via your router. `ip route add` superseded the older `route add` command, offering more advanced features like policy routing, support for multiple routing tables, and comprehensive IPv6 management. Understanding and utilizing this command is crucial for configuring complex network topologies and ensuring proper network connectivity on Linux systems.

CAVEATS

ip route add requires root privileges to execute.

Changes made with `ip route add` are ephemeral; they are not persistent across system reboots. To make routes persistent, they must be configured through system-specific network configuration files or services (e.g., `netplan`, `NetworkManager`, `/etc/network/interfaces` on Debian/Ubuntu, `/etc/sysconfig/network-scripts` on RHEL/CentOS).

Incorrectly adding routes can disrupt network connectivity, potentially making the system inaccessible. Always verify changes using `ip route show` after modification.

ROUTE PERSISTENCE

Routes added with `ip route add` are active immediately but are lost upon system reboot. To ensure routes are re-established after a restart, you must configure them in your system's network configuration files. The exact method varies by distribution:
- On Debian/Ubuntu, edit `/etc/network/interfaces`.
- On RHEL/CentOS, use `nmcli` or configure files in `/etc/sysconfig/network-scripts/`.
- Modern distributions often use `netplan` or `NetworkManager` for declarative network configuration.

ADDING A DEFAULT ROUTE

The most common use case is adding a default route (gateway to the internet). This is achieved by specifying `default` as the destination:
`ip route add default via 192.168.1.1 dev eth0`
This directs all traffic for unknown destinations through the specified gateway on the given interface.

SPECIAL ROUTE TYPES

Beyond the standard `unicast` route, `ip route add` supports several special types for specific network behaviors:
- `blackhole`: Silently drops packets destined for this route. Useful for blocking malicious traffic or unused subnets.
- `prohibit`: Drops packets and sends an ICMP 'Communication Administratively Prohibited' message back to the sender.
- `unreachable`: Drops packets and sends an ICMP 'Destination Unreachable' message.
These are invaluable for enforcing network policies and security.

HISTORY

The `ip route` command is part of the `iproute2` utility suite, which was developed to replace the older `net-tools` (including `ifconfig`, `route`, `netstat`) in Linux. `iproute2` emerged in the late 1990s as a more powerful and flexible alternative, specifically designed to handle advanced networking features like policy routing, multiple routing tables, traffic control, and comprehensive IPv6 support, which were not well-supported by the legacy tools. Over time, `iproute2` has become the standard and recommended toolset for configuring networking on modern Linux distributions.

SEE ALSO

ip route show(8), ip route del(8), ip route change(8), ip rule(8), ip(8), route(8)

Copied to clipboard