- Routing Tables
- Editing the routing tables
- How to View the Network Routing Table in Ubuntu Linux
- How to View Routing Table?
- Method 1: Through the netstat command
- Method 2: Through the route command
- Method 3: Through the ip route command
- Search
- About This Site
- Latest Tutorials
- What is the routing table in Linux?
- More by Jim
Routing Tables
This section describes the way to setup routing table as well as it explains the logic used to prioritize interfaces.
The routing table is stored in the kernel which merely acts upon it. The route itself is set by the user-space tools. There is no preference as any tool created for this reason will do. It can be either a DHCP client, ip command or route command.
It is important to understand that NetworkManager changes the routing table whenever it creates a new connection.
Routing table acts as a junction and is there to show where the different network subnets will be routed to. An example of a routing table is shown below.
$ ip route \ default via 10.0.0.1 dev wlp3s0 proto static metric 600 \ 10.0.0.0/24 dev wlp3s0 proto kernel scope link src 10.0.0.73 metric 600 \ 10.0.1.0/24 dev lxcbr0 proto kernel scope link src 10.0.1.1 \ 169.254.0.0/16 dev docker0 scope link metric 1000 linkdown \ 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown \ 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
The first column is the subnet with the “default” being a wildcard for everything else. The “via” fragment points to the however when it is missing it indicates that that network is connected directly and instead it describes a source address.
The metric field/column translates to the number of hops required to reach the destination and is used to determine which route shall be preferred when there are more than one route available for a specific destination. Since this value is related to the concept of distance, the lower it’s value is the better.
The metric value can be set manually however when NetworkManager creates a connection the following defaults are applied:
Editing the routing tables
The routing table can be added or modified using the standard ip command which is available on Ubuntu Core. You can find more information on its man page.
Separately it is possible to modify routing information per single connection using the nmcli tool. The parameters such as: gateway, routes and metrics can be modified.
The following options are responsible:
ipv4.gateway: ipv4.routes: ipv4.route-metric: ipv6.gateway: ipv6.routes: ipv6.route-metric:
These options can be modified in a following way:
$ nmcli connection modify +ipv4.routes ipv4.gateway $ nmcli connection modify ipv4.route-metric
Where is the connection name. You can obtain it by listing available connections on the system:
- is the destination network provided as a static IP address, subnet or “default”.
- is the new gateway information. is the new metric information.
Note that this kind of changes can be made separately for each connection thus it is possible to provide a fine grained control over how the packets directed to different networks are routed.
It is also important to understand that bringing up and down connections with different values set for these options is in fact changing the routing table.
How to View the Network Routing Table in Ubuntu Linux
Routing is the transfer of an IP packet from one point to another across the network. When you send someone an email, you’re actually transmitting a series of IP packets or datagrams from your system to the other person’s computer. The packets sent from your computer pass through several gateways or routers to get to the destination computer system. The same is true for all Internet protocols such as HTTP, IRC, FTP, etc.
In all Linux and UNIX systems, the information about how the IP packets should be routed is stored in a kernel structure. These structures are called routing tables. If you want your system to communicate with other computers, you may want to configure these routing tables. First, it is important to know how to view these routing tables on your Linux system.
In this article, we explain how to view the routing tables in Ubuntu using the following three common commands:
We have run the commands and procedures mentioned in this article on a Ubuntu 22.04 LTS system.
We are using the Ubuntu command line, the Terminal, in order to run the above-mentioned commands. You can open the Terminal either through the system Dash or the Ctrl+Alt+T shortcut.
How to View Routing Table?
Method 1: Through the netstat command
The netstat command has always been a widely used method of printing routing table information in Linux. However, it is officially replaced by the ip route command. We are including it anyway as it is still an approach to retrieve the required information.
Here is how you can use this command:
-r This flag is used to display the Kernel routing tables
-n This flag is used to display the numerical addresses
This is what the output indicates:
Destination | This column indicates the destination network. |
Gateway | This column indicates the defined gateway for the network. If you see an * in this column, it means that no forwarding gateway is needed for the specified network. |
Genmask | This column indicates the netmask of the network. |
Flags | The U output in this columns means that the route is up. The G output indicates that specified gateway should be used for this route. D stands for dynamically installed, M stands for modified, and R means reinstated. |
MSS | This column indicates the default Maximum Segment Size(MSS) for TCP connections for this route. |
Window | This column indicates the default window size for TCP connections over this route. |
Irtt | This column indicates the Initial Round Trip Time for this route. |
Iface | The Iface column shows the network interface. If you had more than one interface, you would see lo (for loopback), eth0 (first Ethernet device), and eth1 (for the second Ethernet device), and so on for the number of interfaces, you have installed. |
Method 2: Through the route command
The route command also falls under the category of once widely used but now obsolete command to view routing tables. The manual page of this command also mentions that the command is now replaced by the ip route command.
Through this command, you can view exactly the same information that you could, through the netstat command. Here is how you can use it:
-n This flag is used to display the numerical addresses only
Method 3: Through the ip route command
Last but not least, here is the most recommended way of printing routing table information in Linux. Here is how to use this command:
Though this information is not much reader-friendly as that of the previously mentioned commands, it is still enough for you to configure the router.
These were a few commands to view the routing table information in Ubuntu. Though the ip route command in not neat looking, it is still the most recommended way of looking up for relevant routing table information. Though the other commands are considered obsolete, they are sometimes really helpful in deriving what you need to extract.
Search
About This Site
Vitux.com aims to become a Linux compendium with lots of unique and up to date tutorials.
Latest Tutorials
What is the routing table in Linux?
You may have used the IP address 127.0.0.1 before. You may not have used 127.0.0.2 . What is this? Try it out by listening on this IP address:
Now, from the same machine, you can open a TCP connection, and have a conversation:
This was new to me! How is this working? Let’s see what’s going on at the IP packet level using tcpdump :
$ sudo tcpdump -n -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 00:41:53.550184 IP 127.0.0.1.39070 > 127.0.0.2.1234: Flags [S], seq 273312456, win 43690, options [mss 65495,sackOK,TS val 633989 ecr 0,nop,wscale 6], length 0 00:41:53.550192 IP 127.0.0.2.1234 > 127.0.0.1.39070: Flags [S.], seq 858890764, ack 273312457, win 43690, options [mss 65495,sackOK,TS val 633989 ecr 633989,nop,wscale 6], length 0 00:41:53.550200 IP 127.0.0.1.39070 > 127.0.0.2.1234: Flags [.], ack 1, win 683, options [nop,nop,TS val 633989 ecr 633989], length 0
All traffic happens over the lo interface, or “loopback”. I was aware that packets to 127.0.0.1 would go to the loopback interface, but it seems that packets to 127.0.0.2 also go to the loopback interface. Notice that 127.0.0.1 is still used as the IP address opening the connection, and 127.0.0.1 is used in the response packets. How does this happen?
Linux has some procedures to determine which network interface should get a packet. This procedure is called “routing”. Linux determines the route based on the destination IP address of the packet. The procedure uses the Linux “routing policy database”, which is a list of rules. We can see that list with the ip tool:
$ ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
Linux visits each of these rules in order until one of them determines a route. So Linux first runs the rule from all lookup local . This says to look in the table called local . We can see that table with another ip command:
$ ip route show table local broadcast 10.0.2.0 dev eth0 proto kernel scope link src 10.0.2.15 local 10.0.2.15 dev eth0 proto kernel scope host src 10.0.2.15 broadcast 10.0.2.255 dev eth0 proto kernel scope link src 10.0.2.15 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
Our packet with destination 127.0.0.2 matches the following route:
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
127.0.0.2 matches the subnet 127.0.0.0/8 , i.e. 127.*.*.* . (So we could even have used the address 127.42.43.45 .) dev lo says, “put this packet on the loopback device.”
What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? This year, I’m writing Busy Beavers, a unique interactive book on computability theory. You and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!
It’s only $19, and you can get 50% off if you find the discount code . Not quite. Hackers use the console!
After months of secret toil, I and Andrew Carr released Everyday Data Science, a unique interactive online course! You’ll make the perfect glass of lemonade using Thompson sampling. You’ll lose weight with differential equations. And you might just qualify for the Olympics with a bit of statistics!
It’s $29, but you can get 50% off if you find the discount code . Not quite. Hackers use the console!
More by Jim
- Your syntax highlighter is wrong
- Granddad died today
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- I hate telephones
- The sorry state of OpenSSL usability
- The dots do matter: how to scam a Gmail user
- My parents are Flat-Earthers
- How Hacker News stays interesting
- Project C-43: the lost origins of asymmetric crypto
- The hacker hype cycle
- The inception bar: a new phishing method
- Time is running out to catch COVID-19
- A probabilistic pub quiz for nerds
- Smear phishing: a new Android vulnerability
Tagged . All content copyright James Fisher 2018. This post is not associated with my employer. Found an error? Edit this page.