Master Linux Routing in 3 Days: Proven Ops Secrets from a 10‑Year Veteran

1. Routing Basics

1.1 What is Routing

Routing is the core mechanism that determines the path packets take from source to destination, managed by the Linux kernel through routing tables.

1.2 How Routing Works

When a packet needs to be sent, the kernel follows these steps:

Target address check : first verify whether the destination address belongs to the local host.

Routing table lookup : search the routing table for a matching entry.

Longest prefix match : select the entry with the longest subnet mask.

Default route : if no entry matches, use the default route.

Packet forwarding : forward the packet to the specified gateway or interface.

1.3 Routing Table Structure

The Linux routing table contains the following key fields:

Destination : target network or host.

Gateway : gateway address.

Netmask : subnet mask.

Flags : route flags.

Metric : route priority.

Interface : outgoing interface.

2. Route Types

2.1 By Scope

Local Routes

Directly connected networks.

Used for communication between local interfaces.

Automatically generated by the system.

Network Routes

Routes that point to specific network segments.

Require a gateway for forwarding.

Can be static or dynamic.

Host Routes

Routes that point to a specific host.

Netmask is 255.255.255.255.

Used for precise host‑level path control.

2.2 By Configuration

Static Routes

Manually configured entries.

Simple to configure, low performance overhead.

Suitable for relatively fixed topologies.

Dynamic Routes

Learned automatically via routing protocols.

Adapt to network changes.

Require a routing daemon.

3. Viewing Routes

3.1 route command

Basic syntax route [-n] [-v] [-A family] Common options -n: display numeric addresses, no DNS lookup. -v: verbose output. -A inet: specify IPv4 address family.

Example output

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0          192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

Flag meanings U: route is up. G: route uses a gateway. H: target is a host. R: route installed by a daemon. D: route installed dynamically. M: route modified by a daemon.

3.2 ip route command

Basic syntax ip route [list|show] [SELECTOR] Show all routes ip route show Show routes for a specific network ip route show 192.168.1.0/24 Show default route

ip route show default

3.3 netstat command

Show routing table netstat -rn Show IPv6 routes

netstat -rn -A inet6

4. Static Route Configuration

4.1 Adding routes

Using route

route add -net 192.168.2.0/24 gw 192.168.1.1 dev eth0

route add -host 192.168.2.100 gw 192.168.1.1 dev eth0

route add default gw 192.168.1.1 dev eth0

Using ip

ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0

ip route add 192.168.2.100/32 via 192.168.1.1 dev eth0

ip route add default via 192.168.1.1 dev eth0

4.2 Deleting routes

Using route

route del -net 192.168.2.0/24 gw 192.168.1.1
route del -host 192.168.2.100
route del default gw 192.168.1.1

Using ip

ip route del 192.168.2.0/24 via 192.168.1.1
ip route del 192.168.2.100/32 via 192.168.1.1
ip route del default via 192.168.1.1

4.3 Modifying routes

Replace route

ip route replace 192.168.2.0/24 via 192.168.1.2 dev eth0

Change route attributes

ip route change 192.168.2.0/24 via 192.168.1.2 dev eth0 metric 100

5. Persistent Route Configuration

5.1 Using configuration files

Red Hat family (CentOS/RHEL/Fedora)

# /etc/sysconfig/network-scripts/route-eth0
192.168.2.0/24 via 192.168.1.1 dev eth0
10.0.0.0/8 via 192.168.1.2 dev eth0

Debian/Ubuntu

auto eth0
iface eth0 inet static
    address 192.168.1.10
    netmask 255.255.255.0
    gateway 192.168.1.1
    up route add -net 192.168.2.0/24 gw 192.168.1.1 dev eth0
    down route del -net 192.168.2.0/24 gw 192.168.1.1 dev eth0

5.2 Using NetworkManager (nmcli)

# Add static route
nmcli con mod eth0 +ipv4.routes "192.168.2.0/24 192.168.1.1"

# Activate configuration
nmcli con up eth0

5.3 Using systemd-networkd

# /etc/systemd/network/eth0.network
[Match]
Name=eth0

[Network]
DHCP=no
Address=192.168.1.10/24
Gateway=192.168.1.1

[Route]
Destination=192.168.2.0/24
Gateway=192.168.1.1

6. Advanced Routing

6.1 Multipath routing (ECMP)

ip route add 192.168.2.0/24 \
    nexthop via 192.168.1.1 dev eth0 weight 1 \
    nexthop via 192.168.1.2 dev eth1 weight 1

View multipath route

ip route show 192.168.2.0/24

6.2 Policy routing

Create custom routing table

echo "100 custom_table" >> /etc/iproute2/rt_tables

Add policy rules

# Source‑based rule
ip rule add from 192.168.1.0/24 table custom_table

# Destination‑based rule
ip rule add to 10.0.0.0/8 table custom_table

# Interface‑based rule
ip rule add iif eth0 table custom_table

Add routes to the custom table

ip route add default via 192.168.2.1 table custom_table

6.3 Route priority and metric

Set route priority

ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0 metric 100
ip route add 192.168.2.0/24 via 192.168.1.2 dev eth1 metric 200

View route metrics

ip route show 192.168.2.0/24

7. Route Table Management

7.1 Multiple routing tables

List tables cat /etc/iproute2/rt_tables Show routes in a specific table

ip route show table main
ip route show table local
ip route show table 100

7.2 Route cache

View cache ip route show cache Flush cache

ip route flush cache

7.3 Route rule management

List all rules ip rule show Delete a rule

ip rule del from 192.168.1.0/24 table custom_table

8. Dynamic Routing Configuration

8.1 RIP

Install quagga

# CentOS/RHEL
yum install quagga
# Debian/Ubuntu
apt-get install quagga

Configure RIP

# /etc/quagga/ripd.conf
router rip
 version 2
 network 192.168.1.0/24
 network 192.168.2.0/24
 redistribute connected

8.2 OSPF

# /etc/quagga/ospfd.conf
router ospf
 network 192.168.1.0/24 area 0
 network 192.168.2.0/24 area 0

8.3 BGP

# /etc/quagga/bgpd.conf
router bgp 65001
 bgp router-id 192.168.1.1
 network 192.168.1.0/24
 neighbor 192.168.2.1 remote-as 65002

9. Troubleshooting

9.1 Common routing problems

Unreachable routes

Check if the routing table contains the required entry.

Verify that the gateway is reachable.

Confirm interface status.

Routing loops

Check for circular references in the routing table.

Validate route priority settings.

Inspect dynamic routing protocol configuration.

9.2 Diagnostic tools

ping ping -c 4 192.168.2.100 traceroute traceroute 192.168.2.100 mtr mtr 192.168.2.100 tcpdump tcpdump -i eth0 host 192.168.2.100 System logs

journalctl -u network
tail -f /var/log/messages

Routing daemon logs

journalctl -u quagga

10. Performance Optimization

10.1 Routing table optimization

Reduce table size

Use route aggregation.

Delete unnecessary entries.

Optimize table structure.

Route cache tuning

# Adjust cache parameters
echo 1024 > /proc/sys/net/ipv4/route/max_size
echo 300 > /proc/sys/net/ipv4/route/gc_timeout

10.2 Kernel parameter tuning

Enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

Routing performance parameters

# Adjust refresh interval
echo 1 > /proc/sys/net/ipv4/route/gc_interval
# Increase max table size
echo 32768 > /proc/sys/net/ipv4/route/max_size

11. Security Configuration

11.1 Route security

Prevent route spoofing

# Enable reverse‑path filtering
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

Restrict route updates

# Add authentication in routing protocol configs (example placeholder)

11.2 Access control

Control routing with iptables

# Drop traffic from a specific subnet
iptables -I FORWARD -s 192.168.3.0/24 -j DROP

12. Monitoring and Maintenance

12.1 Route monitoring

Real‑time monitoring ip monitor route Monitor table size

#!/bin/bash
while true; do
    route_count=$(ip route show | wc -l)
    echo "$(date): Route count: $route_count"
    sleep 60
done

12.2 Automated maintenance

Backup script

#!/bin/bash
backup_dir="/backup/network"
timestamp=$(date +%Y%m%d_%H%M%S)

# Backup routes
ip route show > "${backup_dir}/routes_${timestamp}.txt"

# Backup rules
ip rule show > "${backup_dir}/rules_${timestamp}.txt"

Restore script

#!/bin/bash
backup_file="/backup/network/routes_20240101_120000.txt"

# Flush current routes
ip route flush table main

# Restore routes
while read line; do
    ip route add $line
done < "$backup_file"

13. Best Practices

13.1 Configuration standards

Use meaningful routing table names.

Assign fixed IDs to custom tables.

Keep configuration file comments complete.

Version‑control network configuration files.

Record reasons for each change.

Establish rollback mechanisms.

13.2 Operational recommendations

Regularly verify routing table correctness.

Monitor routing performance metrics.

Promptly clean up stale routes.

Maintain network topology diagrams.

Document routing policies and rationales.

Define clear fault‑handling procedures.

13.3 Disaster recovery design

Configure redundant routes with appropriate metrics.

Implement automatic failover.

Prepare route configuration templates and automated deployment.

Conduct periodic recovery drills.

14. Case Studies

14.1 Enterprise network design

Requirements

Interconnect multiple subnets.

Internet access.

High availability.

Solution

# Primary routes
ip route add 10.1.0.0/16 via 192.168.1.1 dev eth0 metric 10
ip route add 10.2.0.0/16 via 192.168.1.2 dev eth1 metric 10

# Backup routes
ip route add 10.1.0.0/16 via 192.168.1.3 dev eth2 metric 20
ip route add 10.2.0.0/16 via 192.168.1.4 dev eth3 metric 20

# Default routes
ip route add default via 192.168.1.1 dev eth0 metric 10
ip route add default via 192.168.1.2 dev eth1 metric 20

14.2 Load‑balancing routing

Multi‑link ECMP

# Configure multipath default route
ip route add default scope global \
    nexthop via 192.168.1.1 dev eth0 weight 1 \
    nexthop via 192.168.1.2 dev eth1 weight 1

Policy‑based load balancing

# Create load‑balance table
echo "200 load_balance" >> /etc/iproute2/rt_tables

# Policy rule
ip rule add from 192.168.1.0/24 table load_balance

# Table route
ip route add default via 192.168.1.1 table load_balance

15. Summary

Linux routing is a core skill for network administrators. Understanding routing fundamentals, mastering static and dynamic configuration, and applying advanced techniques such as policy routing, multipath, and security hardening enable reliable and performant network operations. Always test changes in a safe environment, keep configurations version‑controlled, and have rollback and monitoring procedures in place.