"route" - Manage Routing Table

Ubuntu Tutorials - Herong's Tutorial Examples

∟"route" - Manage Routing Table

This section provides a tutorial example on how to use 'route' command to view and update the routing table for network traffic.

"route" is a command line tool that allows you to view and update the main network routing table currently u sed in the system. Here are some examples on using the "route" command:

Show me the main routing table:

herong$ route

Kernel IP routing table
Destination   Gateway    Genmask         Flags Metric Ref  Use Iface
default       _gateway   0.0.0.0         UG    600    0      0 wlp3s0
10.0.0.0      0.0.0.0    255.255.255.0   U     600    0      0 wlp3s0
link-local    0.0.0.0    255.255.0.0     U     1000   0      0 wlp3s0

Show me the routing table using numeric IP addresses:

herong$ route -n 

Kernel IP routing table
Destination   Gateway    Genmask         Flags Metric Ref  Use Iface
0.0.0.0       10.0.0.1   0.0.0.0         UG    600    0      0 wlp3s0
10.0.0.0      0.0.0.0    255.255.255.0   U     600    0      0 wlp3s0
169.254.0.0   0.0.0.0    255.255.0.0     U     1000   0      0 wlp3s0

Here is what I can read from the output:

The first entry, "0.0.0.0 10.0.0.1 0.0.0.0 ... wlp3s0" is all hosts (0.0.0.0). Network packets should send to gateway 10.0.0.1 over interface "wlp3s0".
The second entry, "10.0.0.0 0.0.0.0 255.255.255.0 ... wlp3s0", is for all computers on my local Wi-Fi network. They are assigned with IP addresses of "10.0.0.*", and requires no gateway (0.0.0.0). I can send network packets directly over interface "wlp3s0" to any one on my Wi-Fi network.
The third entry, "169.254.0.0 0.0.0.0 255.255.0.0 ... wlp3s0" is for a special network (169.254.*.*) called "link-local" with no gateway (0.0.0.0) using interface "wlp3s0".

Not that routing for the "loopback" network is not defined the main routing table. It is defined in a separate local routing table. You can use the "ip" command to compare the main routing table and the local routing table.

herong$ ip route show table main 
  default via 10.0.0.1 dev wlp3s0 proto dhcp metric 600 
  10.0.0.0/24 dev wlp3s0 proto kernel scope link src 10.0.0.2 metric 600 
  169.254.0.0/16 dev wlp3s0 scope link metric 1000 

herong$ ip route show table local 
  broadcast 10.0.0.0 dev wlp3s0 proto kernel scope link src 10.0.0.2 
  local 10.0.0.2 dev wlp3s0 proto kernel scope host src 10.0.0.2 
  broadcast 10.0.0.255 dev wlp3s0 proto kernel scope link src 10.0.0.2 

  broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 
  local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 
  local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 

  broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1

"route" command also allows you to add or delete entries in the main routing table. For example, I am adding an entry to stop packets going to facebook.com's network 157.240.*.*.

herong$ sudo route add -net 157.240.0.0 netmask 255.255.0.0 reject

herong$ route -n
  Destination   Gateway    Genmask         Flags Metric Ref   Use Iface
  0.0.0.0       10.0.0.1   0.0.0.0         UG    600    0       0 wlp3s0
  10.0.0.0      0.0.0.0    255.255.255.0   U     600    0       0 wlp3s0
  157.240.0.0   -          255.255.0.0     !     0      -       0 -
  169.254.0.0   0.0.0.0    255.255.0.0     U     1000   0       0 wlp3s0

Try to ping facebook.com with IPv4 address. No connections as expected.

herong$ ping -4 -c 3 facebook.com 

connect: No route to host

But I can will reach facebook.com with IPv6 address.

herong$ ping -6 -c 3 facebook.com 

from ... (2a03:2880:f172:81:face:b00c:...): icmp_seq=1 ttl=54 time=20.3 ms
from ... (2a03:2880:f172:81:face:b00c:...): icmp_seq=2 ttl=54 time=78.4 ms
from ... (2a03:2880:f172:81:face:b00c:...): icmp_seq=3 ttl=54 time=133 ms

So we need to look at the IPv6 routing table:

 
herong$ route -6 

Kernel IPv6 routing table
Destination               Next Hop   Flag Met Ref Use If
ip6-localhost/128         [::]       U    256 2     0 lo
ubuntu/128                [::]       U    600 1     0 wlp3s0
2601:195:c287:95a0::/64   [::]       U    600 1     0 wlp3s0
fe80::/64                 [::]       U    256 1     0 wlp3s0
fe80::/64                 [::]       U    600 1     0 wlp3s0
[::]/0                    _gateway   UG   600 5     0 wlp3s0
ip6-localhost/128         [::]       Un   0   7     0 lo
ubuntu/128                [::]       Un   0   4     0 wlp3s0
ubuntu/128                [::]       Un   0   6     0 wlp3s0
ubuntu/128                [::]       Un   0   4     0 wlp3s0
ubuntu/128                [::]       Un   0   4     0 wlp3s0
ip6-mcastprefix/8         [::]       U    256 5     0 wlp3s0
[::]/0                    [::]       !n   -1  1     0 lo

Now let me delete the facebook.com entry from the routing table.

herong$ sudo route add -net 157.240.0.0 netmask 255.255.0.0 reject

herong$ ping -4 -c 3 facebook.com 
  from ... (157.240.245.35): icmp_seq=1 ttl=54 time=16.8 ms
  from ... (157.240.245.35): icmp_seq=2 ttl=54 time=19.6 ms
  from ... (157.240.245.35): icmp_seq=3 ttl=54 time=20.7 ms

You may also notice that two entries in the routing table may cover overlapping IP addresses. For example, 10.0.0.99 is covered by the 2 entries. So which one wins?

The answer is the second entry, because Linux systems use the LPM (Longest Prefix Match) rule to pick the one with the longest prefix (the mask bit sequence).