Ip command Manual II

Summary
This section describes how to use IP commands to manage system routes.

------------------------------------------------------------------------
--------
By nixe0n

7. Route table management

7. 1. Abbreviations

Route, Ro, R

7. 2. Object

Route entries are stored in the routing table of the kernel. They contain the path information to find other network nodes.
Route table entries contain a pair of network address/Mask Length and optional TOS values. If
The address is located in the range of the route entry, and the route's TOS is equal to 0 or equal to the packet's TOS,
It matches the route entry. If a data packet matches Multiple Route entries, the system kernel follows the following rules:
Decide which route to select:

Note: In this article, the expression of part/mask length after mask shielding is called
Prefix ). For example, 10/8 indicates the network 10.0.0.0, And the subnet mask length is 8 bits; 10.1/16 Table
Network 10.1.0.0, subnet mask length is 16 bits;

If the range is the smallest, priority matching is given;
The route TOS is equal to the matching of the data packet ToS and does not equal to giving up;
If there are still several routes after the above two steps, select the route with the highest priority;
If several routes are available, repeat the first step.

To simplify the process, we use {prefix, TOS, preference} to mark each route.

. Route attributes

The route entry provides the routing information and data (for example, output device, Next Hop) required for IP packet delivery.
(For example, the maximum transmission unit MTU or source address of the path ). These genus
Features will be detailed in later sections.

7. 4. Route type

The routing settings and other optional attributes depend on the routing type. The most important route type is
Unicast route. This type of Route represents the real route to another host. Generally
The route table only has this type of Route entries. However, there are other types of routes, and the syntax used is not
Same. The Linux-2.2 understands the following types of routing:

This type of routing describes the real path to the destination address.
Unreachable is inaccessible. If all sent packets are discarded and received
The destination address of the ICMP Host Unreachable is marked as inaccessible. In this case, the local
The sender will return an ehostunreach error.
Blackhole these destination addresses are not reachable, and all the packets sent in the past are discarded. In this case,
The local sender will return the einval error.
Prohibit is inaccessible. All data packets sent in the past are discarded and ICMP information is generated.
Communication administratively prohibited. The local sender will return an eaccess error.
.
The local destination address is assigned to the local machine. Data packets are delivered to the local device through the loop.
The Broadcast Destination Address is the broadcast address, and data packets are sent as link broadcasts.
Throw is the control route used by policy rule. If you select this route
If no route is found, the query in this table will be terminated. If no rule route is found, it is equivalent
If no route is found in the routing table, the packet is discarded and the ICMP information is generated. Net unreachable.
The local sender will return an enetunreach error.
A specific Nat route. The target address is a dumb address (or an external address). before forwarding, you must
For address translation.
Anycast is assigned to the local machine as the target anycast address. This type of address is similar to a local address, no
This type of address cannot be used as the source address of any data packet.
Multicast uses multicast routing. In a common routing table, this route does not exist.

7. 5. Route table

Starting from the Linux-2.2, the kernel has summarized the route into many routing tables which are numbered,
The number ranges from 1 to 255. For convenience, you can also go to/etc/iproute2/rt_tables
Name the route table. By default, all routes are inserted into the main table (No. 254. In
During route query, the kernel only uses the route table main.

In fact, another route table still exists, which is invisible and extremely important.
. This is the table local. This table stores local and broadcast routes. The kernel automatically maintains the route table.
The system administrator does not need to modify or even see it.

When Policy Routing is used, multiple routes are used. In this case
Table identifiers have many parameters. Therefore, you must use the {prefix, TOS, preference} format to uniquely identify a table.
Separate each route.

7.6.ip route add -- Add a new route entry
IP route change -- modify a route
IP Route Replace -- replace existing routes

Abbreviation: add, A; change, chg; replace, REPL

Parameters

The destination prefix of the to prefix or to type prefix (default) route ). If the type is
Ignore, the default type of unicast is used for the ip command. Other types are described in the previous section.
Prefix is an IP address or IPv6 address. It can also be followed by a slash and Mask Length. If no mask length exists
Degree, the ip command is assumed to be a single IP address. In addition, there is a special prefix -- default (
Default route), which is equal to 0/0 of IPv4, or IPv6:/0.
ToS TOS or defield TOS define service type keywords. During route matching, the kernel first compares
If there is no same route as the data packet's ToS and route's TOS, you can also select TOS
A route entry equal to 0. TOS is either a hexadecimal number or
The identifier defined by the/etc/iproute2/rt_dsfield file.
Metric number or preference number defines the priority of a route. Number is an arbitrary
A 32-bit number.
Table tableid route table to be added. Tableid or a number or
A string defined in the/etc/iproute2/rt_tables file. If you do not have this parameter, the ip command
The route is added to the main table, including local, broadcast, and Nat)
Except routing. By default, these types of routes are added to the local table.
Dev name: name of the output device
Via address specifies the address of the next hop router. In fact, the reliability of this domain depends on the route type.
. For a common unicast route, it is either the real next hop router address, or if it is
Direct route installed in BSD compatibility mode. It can be the local address of a network interface. For Nat routes,
It is the converted address.
The source address that SRC address selects when sending data packets to the destination prefix.
Realm realmid specifies the realm allocated by the route. Realm can be a number or
A string defined in the/etc/iproute2/rt_realms file. For more details about realm, see
Appendix (route realms and Policy propagation, rtacct ).
MTU or MTU lock MTU sets the maximum transmission unit (MTU) to reach the destination path ). If no
With the modifier lock, the kernel will find (path MTU discovery) More
New MTU; if the modifier lock is used, the kernel will not test the maximum transmission unit of the path. In this situation
In this case, all sent IPv4 packet DF domains are set to 0 (shard allowed). For IPv6 packets
You can also split the parts.
Window number specifies the maximum window value of the TCP connection to the destination address, in bytes. Use this
The parameter can limit the data transmission rate on the peer end.
RTT number estimation of the initial round-trip time)
Rttvar number estimation of the initial round-trip time deviation (RTT variance)
Ssthresh number to estimate the slow start threshold (slow start threshocould)
Cwnd number locks the congestion window value to number. If no lock mark exists
This value is ignored.
Advmss number is the maximum packet segment size declared to the destination address when a TCP connection is established.
(Maximal segment size, MSS ). If this parameter is not set, the Linux kernel uses
The value obtained by a large transmission unit.
Nexthop sets the next hop address of a multi-path route. Nexthop is complex, and its syntax and
The following high-level parameters are similar:

Via address -- indicates the next hop vro;
Dev name -- indicates the output device;
Weight Number -- weight of this element in a multi-route path. Indicates the relative bandwidth or service quality.
.

Scope scope_val the range covered by the prefix. Scope_val can be a number or
It can be a string defined in the/etc/iproute2/rt_scope file. If you do not have this parameter
In this case, we can guess based on the specific situation that the unicast route through the gateway is set to global.
Directly Connected unicast routes and broadcast routes are set to link; for local routes, they are set to host.

Protocol rtproto this route obtains the route protocol identifier. Rtproto can be a number or
Is a string defined in the/etc/iproute2/rt_protos file. If this parameter is not provided during use
The ip command uses the default value boot (that is, the ip command does not know how to add the route
). Some protocol values have fixed explanations:

Redirect -- the route is added by ICMP redirection;
Kernel-the route is added by the kernel during automatic configuration;
Boot-route is added during startup. If a route monitor program is about to start
Cleared;
Static -- a route manually added by the system administrator to overwrite the dynamic route. The routing monitoring program will also
Consider this type of routing first, or even advertise it to its peer end;
Ra-a route is added through the routing Discovery Protocol (Router Discovery Protocol ).
Other values are not retained, and the system administrator can freely allocate (or do not assign) to the Protocol tag. At least, path
The monitoring program should pay attention to the setting of some unique protocol values. These protocol values are in rtnetlink. hfile or
Allocated in the rt_protos database.

Onlink pretends to be directly connected to the next hop router, even if it does not match any interface prefix
(Prefix ).
Equalize allows random packets from multiple routes. Without this route modifier, the kernel
The address of the next hop route will be frozen.

Example

The route destined for 10.0.0/24 goes through the gateway 193.233.7.65.
IP Route add 10.0.0/24 Via 193.233.7.65

Modify the direct route to 10.0.0/24 so that it passes through the device dummy
IP Route chg 10.0.0/24 Dev dummy

Add the default multi-path route to share the load between ppp0 and ppp1 (Note: The scope value is not required,
It tells the kernel that the route must go through the gateway instead of directly connected. In fact, if you know
And use the via Parameter ).
IP Route add default scope global nexthop Dev ppp0
Nexthop Dev ppp1

Set a NAT route. Before forwarding packets from 192.203.80.144, perform Network Address Translation first,
Convert the address to 193.233.7.83 (the returned conversion will be introduced in the later chapter Routing Policy)
.
IP Route add Nat 192.203.80.142 via 193.233.7.83

7.7.ip route Delete -- delete a route

Abbreviation: delete, Del, d

Parameters

IP Route del uses the same parameters as IP Route add, but the syntax is slightly different. This command
Use keywords (to, TOS, preference, and table) to select the route to be deleted. If you use
The ip command checks whether this attribute is consistent with the route to be deleted. If no key is specified
If the word or attribute is inconsistent, IP Route del fails.

Example

Delete the multi-path route added to the previous command
IP Route del default scope global nexthop Dev ppp0
Nexthop Dev ppp1

7.8.ip route show -- list routes

Abbreviations: Show, list, sh, ls, l

Introduction

With this command, you can view the contents of the route table or query the routes that meet certain conditions.

Parameters

To selector (default) only selects the route to the given address. Selector is composed of modifiers (root,
Match, exact, optional) and a prefix. Root prefix indicates prefix Selection
(Prefix) routes not shorter than the prefix. For example, root 0/0 Selects all routes in the route table;
Match prefix indicates that the prefix is not longer than the prefix.
Prefix is all routes of 10.1/16, 10./8, and 0/0, While exact prefix (or just
Prefix) indicates exact match. If these options are not available (IP Route ls), IP commands are assumed to be IP
Route ls to root 0/0 will list all the routes of the system.
ToS TOS or dsfield TOS only lists routes with the same TOS as TOS
Table tableid lists the routes in the table ID of the route table. The default setting is table main.
Tableid is either a real route table ID or a word defined in the/etc/iproute2/rt_tables File
Or the following special values:

All -- lists the routes of all tables;
Cache-list the content of the route cache.

Cloned or cached lists the cloned routes (because some routing attributes change, such as MTU,
Routes derived from some routes ). In fact, its content is the same as that cached in the table.

The syntax of from selector and to is the same, except that the destination address is changed to the source address. Note:
This option applies to the cloned route.
Protocol rtproto only lists routes whose protocols are rtproto
Scope scope_val only lists routes with scope_val ranges.
Type type only lists routes of type.
Dev name only lists routes by device name
Via prefix only lists the routes that pass the prefix in the next hop.
SRC prefix only lists routes whose source address belongs to the prefix.
Realm realmid or raalm fromrealm/torealm only lists routes whose realm is realmid.

Example

Calculate the number of routes using the gated/BGP protocol
Kuznet @ AMBER :~ $ IP Route ls proto gated/BGP | WC
1413 9891 79010
Kuznet @ AMBER :~ $

Calculate the number of entries in the route cache. Because the cached route attributes may be greater than one row, you need to use
-O Option
UZNET @ AMBER :~ $ IP-O route ls cloned | WC
159 2543 18707
Kuznet @ AMBER :~ $

Output Format

Generally, each route record occupies one line in the output information of this command. However, sometimes some records
It may contain more than one row, such as the cloned route or some additional information. If
The-O option is used. In each record, the return mark is used instead of the carriage return. For example:

Kuznet @ AMBER :~ $ IP Ro ls 193.233.7/24
193.233.7.0/24 Dev eth0 proto gated/Conn scope link SRC 193.233.7.65
Realms INR. AC
Kuznet @ AMBER :~ $

If the cloned entries are listed, the output information is in another form. For example:

Kuznet @ AMBER :~ $ IP Ro ls 193.233.7.82 tab Cache
193.233.7.82 from 193.233.7.82 Dev eth0 SRC 193.233.7.65 realms INR.
AC/INR. AC
Cache <Src-direct, redirect> MTU 1500 RTT 300 IIF eth0
193.233.7.82 Dev eth0 SRC 193.233.7.65 realms INR. AC
Cache MTU 1500 RTT 300
Kuznet @ AMBER :~ $

The second line of the output information starts with the keyword cache and displays other cache tags and attributes of the route.
. The first domain of this row is the cache <cache tag>. The cache tag includes:

Local data packets are shipped to the local device. It applies to the local loopback one-way propagation (unicast) route.
Hosts are a member of the corresponding broadcast group. It is also applicable to broadcast routes and multicast routes.
The reject path is invalid. Any attempt to use this route will cause errors.
MC is used to specify the multicast address (Multicast ).
BRD aims to broadcast address (broadcast ).
The Src-direct source address is in a direct connection interface.
The redirected route is created by ICMP redirection.
The redirect packet will trigger ICMP redirection through this route.
Fastroute routing is suitable for Fast Routing (fastroute ).
Equalize randomly routes data packets.
DST-Nat destination address needs to be converted.
The Src-Nat source address needs to be converted.
The masq source address must be masked ).
Notify modifying/deleting this route will trigger the rtnetlink alarm.

Then there are some routing attributes. The supported attributes are as follows:

Error indicates the reject route. This is the error code returned to the local sender. These error codes will also be converted
It is an ICMP error code and sent to a remote sender.
When the expires, the entry disappears.
IIF needs the route data packets to arrive at this interface as scheduled.

Statistical options

If you use the-Statistics option in the command, the ip command provides more detailed information:

The number of users using this route.
Age displays the time when the route was last used.
The number of times that used has been queried since the route was created.

7.9.ip route flush -- Erase the route table

Abbreviation: flush, F

Introduction

With this command, you can easily Delete routes that meet certain conditions.

Parameters

The parameters of this command are the same as those of the IP route show command, but the operated route table is not
Will be displayed. The only difference between it and the IP route show command is their default operation, IP
Route Show Displays all the main entries in the route table, while IP Route flush only provides help information.
Does not perform any operations on the route table. I'm afraid I don't have to explain the difference?

Statistical options

If the-Statistics option is used in this command, it displays some redundant information. These
Information includes the number of routes to be deleted and the number of Route tables to be traversed during the deletion process. If this option is used
Twice, the IP will also output detailed information about the route to be deleted.

Example

The first example is to delete all gateway routes in the main route table (for example, when the route monitor fails
):

Netadm @ AMBER :~ # IP-4 Ro flush scope global type unicast

The second example is to clear all cloned IPv6 routes:

Netadm @ AMBER :~ # IP-6-s RO flush Cache
3ffe: 2400: 220: AFFF: fef4: c5d1 via 3ffe: 2400: 220: AFFF: fef4: c5d1
Dev eth0 metric 0
Cache used 2 age 12sec MTU 1500 RTT 300
3ffe: 2400: 280: adff: feb7: 8034 via 3ffe: 2400: 280: adff: feb7: 8034
Dev eth0 metric 0
Cache used 2 age 15sec MTU 1500 RTT 300
3ffe: 2400: 280: c8ff: fe59: 5bcc via 3ffe: 2400: 280: c8ff: fe59: 5bcc
Dev eth0 metric 0
Cache users 1 used 1 Age 23sec MTU 1500 RTT 300
3ffe: 2400: 0: 1: 2a0: CCFF: fe66: 1878 via 3ffe: 2400: 0: 1: 2a0: CCFF: fe66: 1878
Dev eth1 metric 0
Cache used 2 age 20sec MTU 1500 RTT 300
3ffe: 2400: 0: 1: a00: 20ff: fe71: fb30 via 3ffe: 2400: 0: 1: a00: 20ff: fe71: fb30
Dev eth1 metric 0
Cache used 2 age 33sec MTU 1500 RTT 300
Ff02: 1 via ff02: 1 Dev eth1 metric 0
Cache users 1 used 1 Age 45sec MTU 1500 RTT 300

* ** Round 1, deleting 6 entries ***
* ** Flush is complete after 1 round ***
Netadm @ AMBER :~ # IP-6-s RO flush Cache
Nothing to flush.
Netadm @ AMBER :~ #

The third example is to clear all BGP routes after the gated program fails:

Netadm @ AMBER :~ # IP Ro ls proto gated/BGP | WC
1408 9856 78730
Netadm @ AMBER :~ # IP-s ro f proto gated/BGP
*** Round 1, deleting 1408 entries ***
* ** Flush is complete after 1 round ***
Netadm @ AMBER :~ # IP Ro F proto gated/BGP
Nothing to flush.
Netadm @ AMBER :~ # IP Ro ls proto gated/BGP
Netadm @ AMBER :~ #

7.10.ip route get -- obtain a single route

Abbreviation: Get, G

Introduction

Use this command to obtain a route entry to the destination address and its exact content.

Parameters

To address (default) Destination Address
From Address Source Address
ToS TOS or dsfield TOS service type
Device Where the IIF name data packet comes in
The device where the OIF name data packet is sent out.
The connected IP Route GET command must have at least the to address parameter. Use the connected parameter, as shown in figure
If the source address (from address) is not provided, the IP address will be queried again in the routing table to reach the destination address.
The source address, which is the route from the first source address to the destination address. If a policy route is used
Different.

The operations performed by the IP Route GET command and the IP route show command are different. IP Route
The show command only displays existing routes, while the IP Route GET command derives a new route when necessary.

Output Format

The output format of this command is the same as that of IP Route ls.

Example

Search for Route 193.233.7.82
Kuznet @ AMBER :~ $ IP Route get 193.233.7.82
193.233.7.82 Dev eth0 SRC 193.233.7.65 realms INR. AC
Cache MTU 1500 RTT 300
Kuznet @ AMBER :~ $

The destination address of the search is 193.233.7.82 from the route entry of the 193.233.7.82 device from eth0 (this
Command will generate a very interesting route, which is a loop route to 193.233.7.82)
Kuznet @ AMBER :~ $ Ip r g 193.233.7.82 from 193.233.7.82 IIF eth0
193.233.7.82 from 193.233.7.82 Dev eth0 SRC 193.233.7.65
Realms INR. AC/INR. AC
Cache <Src-direct, redirect> MTU 1500 RTT 300 IIF eth0
Kuznet @ AMBER :~ $

Obtain a multicast route. The data packet comes from the host 193.233.7.82 and enters from the eth0 device. The destination address is
Multicast Group address 224.2.127.254 (you need to run the Multicast Route Monitoring Program pimd ). This command generates
A route is not the same as the preceding one. It contains the common and multicast parts. The common part is used to ship data packets.
To the local IP monitoring program. Here, the local address is not a member of the multicast group, so this route does not have a local
Tag, used only for packet forwarding. The output device of this route is the loopback device. The multicast part contains additional
Output interface.
Kuznet @ AMBER :~ $ Ip r g 224.2.127.254 from 193.233.7.82 IIF eth0
Multicast 224.2.127.254 from 193.233.7.82 Dev Lo
SRC 193.233.7.65 realms INR. AC/Cosmos
Cache <MC> IIF eth0 oifs: eth1 pimreg
Kuznet @ AMBER :~ $

The following is a complex example. First, add an invalid network address to the target address.
In fact, it is directly connected to this address.

Netadm @ Alisa :~ # IP Route add 193.233.7.98 via 193.233.7.254
Netadm @ Alisa :~ # IP Route get 193.233.7.98
193.233.7.98 via 193.233.7.254 Dev eth0 SRC 193.233.7.90
Cache MTU 1500 RTT 3072
Netadm @ Alisa :~ #

Ping 193.233.7.98:

Netadm @ Alisa :~ # Ping-N 193.233.7.98
Ping 193.233.7.98 (193.233.7.98) from 193.233.7.90: 56 data bytes
From 193.233.7.254: Redirect host (New nexthop: 193.233.7.98)
64 bytes from 193.233.7.98: icmp_seq = 0 TTL = 255 time = 3.5 MS
From 193.233.7.254: Redirect host (New nexthop: 193.233.7.98)
64 bytes from 193.233.7.98: icmp_seq = 1 TTL = 255 time = 2.2 MS
64 bytes from 193.233.7.98: icmp_seq = 2 TTL = 255 time = 0.4 MS

64 bytes from 193.233.7.98: icmp_seq = 3 TTL = 255 time = 0.4 MS
64 bytes from 193.233.7.98: icmp_seq = 4 TTL = 255 time = 0.4 MS
^ C
--- 193.233.7.98 Ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
Round-trip min/AVG/max = 0.4/1.3/3.5 MS
Netadm @ Alisa :~ #

The output result shows that the vro19193.233.7.254 knows that there is a better route. Therefore,
ICMP redirection information. Then, let's look at the route table:

Netadm @ Alisa :~ # IP Route get 193.233.7.98
193.233.7.98 Dev eth0 SRC 193.233.7.90
Cache <redirected> MTU 1500 RTT 3072
Netadm @ Alisa :~ #
--