Menu Close

Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 23. Configuring static routes

By default, and if a default gateway is configured, Red Hat Enterprise Linux forwards traffic for networks that are not directly connected to the host to the default gateway. Using a static route, you can configure that Red Hat Enterprise Linux forwards the traffic for a specific host or network to a different router than the default gateway. This section describes different options how to configure static routes.

23.1. How to use the nmcli command to configure a static route

To configure a static route, use the nmcli utility with the following syntax: 

$ nmcli connection modify connection_name ipv4.routes "ip[/prefix] [next_hop] [metric] [attribute=value] [attribute=value] ..."

The command supports the following route attributes:

  • cwnd=n: Sets the congestion window (CWND) size, defined in number of packets.
  • lock-cwnd=true|false: Defines whether or not the kernel can update the CWND value.
  • lock-mtu=true|false: Defines whether or not the kernel can update the MTU to path MTU discovery.
  • lock-window=true|false: Defines whether or not the kernel can update the maximum window size for TCP packets.
  • mtu=n: Sets the maximum transfer unit (MTU) to use along the path to the destination.
  • onlink=true|false: Defines whether the next hop is directly attached to this link even if it does not match any interface prefix.
  • scope=n: For an IPv4 route, this attribute sets the scope of the destinations covered by the route prefix. Set the value as an integer (0-255).
  • src=address: Sets the source address to prefer when sending traffic to the destinations covered by the route prefix.
  • table=table_id: Sets the ID of the table the route should be added to. If you omit this parameter, NetworkManager uses the main table.
  • tos=n: Sets the type of service (TOS) key. Set the value as an integer (0-255).
  • type=value: Sets the route type. NetworkManager supports the unicast, local, blackhole, unreachable, prohibit, and throw route types. The default is unicast.
  • window=n: Sets the maximal window size for TCP to advertise to these destinations, measured in bytes.

If you use the ipv4.routes sub-command, nmcli overrides all current settings of this parameter.

To add a route: 

$ nmcli connection modify connection_name +ipv4.routes "..."

Similarly, to remove a specific route: 

$ nmcli connection modify connection_name -ipv4.routes "..."

23.2. Configuring a static route using an nmcli command

You can add a static route to the configuration of a network connection using the nmcli connection modify command.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable through the example connection.

Prerequisites

  • The network is configured
  • The gateway for the static route must be directly reachable on the interface.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the command requires root permissions.

Procedure

  1. Add the static route to the example connection: 

    $ sudo nmcli connection modify example +ipv4.routes "192.0.2.0/24 198.51.100.1"

    To set multiple routes in one step, pass the individual routes comma-separated to the command. For example, to add a route to the 192.0.2.0/24 and 203.0.113.0/24 networks, both routed through the 198.51.100.1 gateway, enter: 

    $ sudo nmcli connection modify example +ipv4.routes "192.0.2.0/24 198.51.100.1, 203.0.113.0/24 198.51.100.1"

  2. Optionally, verify that the routes were added correctly to the configuration: 

    $ nmcli connection show example
...
ipv4.routes:        { ip = 192.0.2.1/24, nh = 198.51.100.1 }
...

  3. Restart the network connection: 

    $ sudo nmcli connection up example
    Warning

    Restarting the connection briefly disrupts connectivity on that interface.

  4. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

Additional resources

  • nmcli(1) man page

23.3. Configuring a static route using control-center

You can use control-center in GNOME to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1.

Prerequisites

Procedure

  1. Open the IPv4 tab.
  2. Optionally, disable automatic routes by clicking the On button in the Routes section of the IPv4 tab to use only static routes. If automatic routes are enabled, Red Hat Enterprise Linux uses static routes and routes received from a DHCP server.

  3. Enter the address, netmask, gateway, and optionally a metric value:

    IPv4 static route in control center

  4. Click Apply.

  5. Back in the Network window, disable and re-enable the connection by switching the button for the connection to Off and back to On for changes to take effect.

    Warning

    Restarting the connection briefly disrupts connectivity on that interface.

  6. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

23.4. Configuring a static route using nm-connection-editor

You can use the nm-connection-editor application to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable trough the example connection.

Prerequisites

  • The network is configured.
  • The gateway for the static route must be directly reachable on the interface.

Procedure

  1. Open a terminal and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Select the example connection and click the gear wheel icon to edit the existing connection.
  3. Open the IPv4 tab.
  4. Click the Routes button.

  5. Click the Add button and enter the address, netmask, gateway, and optionally a metric value.

    IPv4 static route in nm connection editor

  6. Click OK.
  7. Click Save.

  8. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    $ sudo nmcli connection up example

  9. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

23.5. Configuring a static route using the nmcli interactive mode

You can use the interactive mode of the nmcli utility to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable trough the example connection.

Prerequisites

  • The network is configured
  • The gateway for the static route must be directly reachable on the interface.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the command requires root permissions.

Procedure

  1. Open the nmcli interactive mode for the example connection: 

    $ sudo nmcli connection edit example

  2. Add the static route: 

    nmcli> set ipv4.routes 192.0.2.0/24 198.51.100.1

  3. Optionally, verify that the routes were added correctly to the configuration: 

    nmcli> print
...
ipv4.routes:        { ip = 192.0.2.1/24, nh = 198.51.100.1 }
...

    The ip attribute displays the network to route and the nh attribute the gateway (next hop).

  4. Save the configuration: 

    nmcli> save persistent

  5. Restart the network connection: 

    nmcli> activate example
    Warning

    When you restart the connection, all connections currently using this connection will be temporarily interrupted.

  6. Leave the nmcli interactive mode: 

    nmcli> quit

  7. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

23.6. Configuring a static route using nmstatectl

You can add a static route to the configuration of a network connection using the nmstatectl utility.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable through the enp1s0 interface.

Prerequisites

  • The enp1s0 network interface is configured.
  • The gateway for the static route must be directly reachable on the interface.
  • The nmstate package is installed.

Procedure

  1. Create a YAML file, for example ~/add-static-route-to-enp1s0.yml, with the following contents: 

    ---
routes:
  config:
  - destination: 192.0.2.0/24
    next-hop-address: 198.51.100.1
    next-hop-interface: enp1s0

  2. Apply the settings to the system: 

    # nmstatectl apply ~/add-static-route-to-enp1s0.yml

Additional resources

  • nmstatectl(8) man page
  • /usr/share/doc/nmstate/examples/

23.7. Configuring a static route using RHEL System Roles

You can use the Networking RHEL System Role to configure static routes.

Important

When you run a play that uses the Networking RHEL System Role, the system role overrides an existing connection profile with the same name if the value of settings does not match the ones specified in the play. Therefore, always specify the whole configuration of the network connection profile in the play, even if, for example, the IP configuration already exists. Otherwise, the role resets these values to their defaults.

Depending on whether it already exists, the procedure creates or updates the enp7s0 connection profile with the following settings:

  • A static IPv4 address - 198.51.100.20 with a /24 subnet mask
  • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
  • An IPv4 default gateway - 198.51.100.254
  • An IPv6 default gateway - 2001:db8:1::fffe
  • An IPv4 DNS server - 198.51.100.200
  • An IPv6 DNS server - 2001:db8:1::ffbb
  • A DNS search domain - example.com

  • Static routes:

    • 192.0.2.0/24 with gateway 198.51.100.1
    • 203.0.113.0/24 with gateway 198.51.100.2

Prerequisites

  • The ansible and rhel-system-roles packages are installed on the control node.
  • If you use a different remote user than root when you run the playbook, this user has appropriate sudo permissions on the managed node.

Procedure

  1. If the host on which you want to execute the instructions in the playbook is not yet inventoried, add the IP or name of this host to the /etc/ansible/hosts Ansible inventory file: 

    node.example.com

  2. Create the ~/add-static-routes.yml playbook with the following content: 

    ---
- name: Configure an Ethernet connection with static IP and additional routes
  hosts: node.example.com
  become: true
  tasks:
  - include_role:
      name: rhel-system-roles.network

    vars:
      network_connections:
        - name: enp7s0
          type: ethernet
          autoconnect: yes
          ip:
            address:
              - 198.51.100.20/24
              - 2001:db8:1::1/64
            gateway4: 198.51.100.254
            gateway6: 2001:db8:1::fffe
            dns:
              - 198.51.100.200
              - 2001:db8:1::ffbb
            dns_search:
              - example.com
            route:
              - network: 192.0.2.0
                prefix: 24
                gateway: 198.51.100.1
              - network: 203.0.113.0
                prefix: 24
                gateway: 198.51.100.2
          state: up

  3. Run the playbook:

    • To connect as root user to the managed host, enter: 

      # ansible-playbook -u root ~/add-static-routes.yml

    • To connect as a user to the managed host, enter: 

      # ansible-playbook -u user_name --ask-become-pass ~/add-static-routes.yml

      The --ask-become-pass option makes sure that the ansible-playbook command prompts for the sudo password of the user defined in the -u user_name option.

    If you do not specify the -u user_name option, ansible-playbook connects to the managed host as the user that is currently logged in to the control node.

Verification steps

  • Display the routing table: 

    # ip -4 route
default via 198.51.100.254 dev enp7s0 proto static metric 100
192.0.2.0/24 via 198.51.100.1 dev enp7s0 proto static metric 100
203.0.113.0/24 via 198.51.100.2 dev enp7s0 proto static metric 100
...

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.network/README.md file
  • ansible-playbook(1) man page

23.8. Creating static routes configuration files in key-value-format when using the legacy network scripts

This procedure describes how to manually create a routing configuration file for an IPv4 route to the 192.0.2.0/24 network when you use the legacy network scripts instead of NetworkManager. In this example, the corresponding gateway with the IP address 198.51.100.1 is reachable via the enp1s0 interface.

The example in this procedure uses configuration entries in key-value-format.

Note

The legacy network scripts support the key-value-format only for static IPv4 routes. For IPv6 routes, use the ip-command-format. See Creating static routes configuration files in ip-command-format when using the legacy network scripts.

Prerequisites

  • The gateway for the static route must be directly reachable on the interface.
  • The NetworkManager package is not installed, or the NetworkManager service is disabled.
  • The network-scripts package is installed.

Procedure

  1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-enp0s1 file: 

    ADDRESS0=192.0.2.0
NETMASK0=255.255.255.0
GATEWAY0=198.51.100.1
    • The ADDRESS0 variable defines the network of the first routing entry.
    • The NETMASK0 variable defines the netmask of the first routing entry.

    • The GATEWAY0 variable defines the IP address of the gateway to the remote network or host for the first routing entry.

      If you add multiple static routes, increase the number in the variable names. Note that the variables for each route must be numbered sequentially. For example, ADDRESS0, ADDRESS1, ADDRESS3, and so on.

  2. Restart the network: 

    # systemctl restart network

Additional resources

  • /usr/share/doc/network-scripts/sysconfig.txt

23.9. Creating static routes configuration files in ip-command-format when using the legacy network scripts

This procedure describes how to manually create a routing configuration file for the following static routes when you use legacy network scripts:

  • An IPv4 route to the 192.0.2.0/24 network. The corresponding gateway with the IP address 198.51.100.1 is reachable via the enp1s0 interface.
  • An IPv6 route to the 2001:db8:1::/64 network. The corresponding gateway with the IP address 2001:db8:2::1 is reachable via the enp1s0 interface.

The example in this procedure uses configuration entries in ip-command-format.

Prerequisites

  • The gateway for the static route must be directly reachable on the interface.
  • The NetworkManager package is not installed, or the NetworkManager service is disabled.
  • The network-scripts package is installed.

Procedure

  1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-enp0s1 file: 

    192.0.2.0/24 via 198.51.100.1 dev enp0s1

  2. Add the static IPv6 route to the /etc/sysconfig/network-scripts/route6-enp0s1 file: 

    2001:db8:1::/64 via 2001:db8:2::1 dev enp0s1

  3. Restart the network: 

    # systemctl restart network

Additional Resources

  • For further details about configuring legacy network scripts, see the /usr/share/doc/network-scripts/sysconfig.txt file.