Chapter 19. Configuring static routes

By default, and if a default gateway is configured, Red Hat Enterprise Linux forwards traffic for networks that are not directly connected to the host to the default gateway. Using a static route, you can configure that Red Hat Enterprise Linux forwards the traffic for a specific host or network to a different router than the default gateway. This section describes different options how to configure static routes.

19.1. How to use the nmcli command to configure a static route

To configure a static route, use the nmcli utility with the following syntax: 

$ nmcli connection modify connection_name ipv4.routes "ip[/prefix] [next_hop] [metric] [attribute=value] [attribute=value] ..."

The command supports the following route attributes:

  • table=n
  • src=address
  • tos=n
  • onlink=true|false
  • window=n
  • cwnd=n
  • mtu=n
  • lock-window=true|false
  • lock-cwdn=true|false
  • lock-mtu=true|false

If you use the ipv4.routes sub-command, nmcli overrides all current settings of this parameter. To add an additional route, use the nmcli connection modify connection_name +ipv4.routes "…​" command. In a similar way, you can use nmcli connection modify connection_name -ipv4.routes "…​" to remove a specific route.

19.2. Configuring a static route using an nmcli command

You can add a static route to the configuration of a network connection using the nmcli connection modify command.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable through the example connection.

Prerequisites

  • The network is configured
  • The gateway for the static route must be directly reachable on the interface.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the command requires root permissions.

Procedure

  1. Add the static route to the example connection: 

    $ sudo nmcli connection modify example +ipv4.routes "192.0.2.0/24 198.51.100.1"

    To set multiple routes in one step, pass the individual routes comma-separated to the command. For example, to add a route to the 192.0.2.0/24 and 203.0.113.0/24 networks, both routed through the 198.51.100.1 gateway, enter: 

    $ sudo nmcli connection modify example +ipv4.routes "192.0.2.0/24 198.51.100.1, 203.0.113.0/24 198.51.100.1"

  2. Optionally, verify that the routes were added correctly to the configuration: 

    $ nmcli connection show example
...
ipv4.routes:        { ip = 192.0.2.1/24, nh = 198.51.100.1 }
...

  3. Restart the network connection: 

    $ sudo nmcli connection up example
    Warning

    Restarting the connection briefly disrupts connectivity on that interface.

  4. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

Additional resources

  • For further details about nmcli, see the nmcli(1) man page.

19.3. Configuring a static route using control-center

You can use control-center in GNOME to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1.

Prerequisites

Procedure

  1. Open the IPv4 tab.
  2. Optionally, disable automatic routes by clicking the On button in the Routes section of the IPv4 tab to use only static routes. If automatic routes are enabled, Red Hat Enterprise Linux uses static routes and routes received from a DHCP server.

  3. Enter the address, netmask, gateway, and optionally a metric value:

    IPv4 static route in control center

  4. Click Apply.

  5. Back in the Network window, disable and re-enable the connection by switching the button for the connection to Off and back to On for changes to take effect.

    Warning

    Restarting the connection briefly disrupts connectivity on that interface.

  6. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

19.4. Configuring a static route using nm-connection-editor

You can use the nm-connection-editor application to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable trough the example connection.

Prerequisites

  • The network is configured.
  • The gateway for the static route must be directly reachable on the interface.

Procedure

  1. Open a terminal and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Select the example connection and click the gear wheel icon to edit the existing connection.
  3. Open the IPv4 tab.
  4. Click the Routes button.

  5. Click the Add button and enter the address, netmask, gateway, and optionally a metric value.

    IPv4 static route in nm connection editor

  6. Click OK.
  7. Click Save.

  8. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    $ sudo nmcli connection up example

  9. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

19.5. Configuring a static route using the nmcli interactive mode

You can use the interactive mode of the nmcli utility to add a static route to the configuration of a network connection.

The procedure in this section describes how to add a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable trough the example connection.

Prerequisites

  • The network is configured
  • The gateway for the static route must be directly reachable on the interface.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the command requires root permissions.

Procedure

  1. Open the nmcli interactive mode for the example connection: 

    $ sudo nmcli connection edit example

  2. Add the static route: 

    nmcli> set ipv4.routes 192.0.2.0/24 198.51.100.1

  3. Optionally, verify that the routes were added correctly to the configuration: 

    nmcli> print
...
ipv4.routes:        { ip = 192.0.2.1/24, nh = 198.51.100.1 }
...

    The ip attribute displays the network to route and the nh attribute the gateway (next hop).

  4. Save the configuration: 

    nmcli> save persistent

  5. Restart the network connection: 

    nmcli> activate example
    Warning

    When you restart the connection, all connections currently using this connection will be temporarily interrupted.

  6. Leave the nmcli interactive mode: 

    nmcli> quit

  7. Optionally, verify that the route is active: 

    $ ip route
...
192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

Additional resources

  • For the list of commands available in the interactive mode, enter help in the interactive shell.

19.6. Configuring a static route using RHEL System Roles

You can use the networking RHEL System Role to configure static routes.

Important

When you run a play that uses the networking RHEL System Role, the System Role overrides an existing connection profile with the same name if the settings do not match the ones specified in the play. Therefore, always specify the whole configuration of the network connection profile in the play, even if, for example, the IP configuration already exists. Otherwise, the role resets these values to their defaults.

Depending on whether it already exists, the procedure creates or updates the enp7s0 connection profile with the following settings:

  • A static IPv4 address - 198.51.100.20 with a /24 subnet mask
  • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
  • An IPv4 default gateway - 198.51.100.254
  • An IPv6 default gateway - 2001:db8:1::fffe
  • An IPv4 DNS server - 198.51.100.200
  • An IPv6 DNS server - 2001:db8:1::ffbb
  • A DNS search domain - example.com

  • Static routes:

    • 192.0.2.0/24 with gateway 198.51.100.1
    • 203.0.113.0/24 with gateway 198.51.100.2

Prerequisites

  • The ansible and rhel-system-roles packages are installed on the control node.
  • If you use a different remote user than root when you run the playbook, this user has appropriate sudo permissions on the managed node.

Procedure

  1. If the host on which you want to execute the instructions in the playbook is not yet inventoried, add the IP or name of this host to the /etc/ansible/hosts Ansible inventory file: 

    node.example.com

  2. Create the ~/add-static-routes.yml playbook with the following content: 

    ---
- name: Configure an Ethernet connection with static IP and additional routes
  hosts: node.example.com
  become: true
  tasks:
  - include_role:
      name: linux-system-roles.network

    vars:
      network_connections:
        - name: enp7s0
          type: ethernet
          autoconnect: yes
          ip:
            address:
              - 198.51.100.20/24
              - 2001:db8:1::1/64
            gateway4: 198.51.100.254
            gateway6: 2001:db8:1::fffe
            dns:
              - 198.51.100.200
              - 2001:db8:1::ffbb
            dns_search:
              - example.com
            route:
              - network: 192.0.2.0
                prefix: 24
                gateway: 198.51.100.1
              - network: 203.0.113.0
                prefix: 24
                gateway: 198.51.100.2
          state: up

  3. Run the playbook:

    • To connect as root user to the managed host, enter: 

      # ansible-playbook -u root ~/add-static-routes.yml

    • To connect as a user to the managed host, enter: 

      # ansible-playbook -u user_name --ask-become-pass ~/add-static-routes.yml

      The --ask-become-pass option makes sure that the ansible-playbook command prompts for the sudo password of the user defined in the -u user_name option.

    If you do not specify the -u user_name option, ansible-playbook connects to the managed host as the user that is currently logged in to the control node.

Verification steps

  • Display the routing table: 

    # ip -4 route
default via 198.51.100.254 dev enp7s0 proto static metric 100
192.0.2.0/24 via 198.51.100.1 dev enp7s0 proto static metric 100
203.0.113.0/24 via 198.51.100.2 dev enp7s0 proto static metric 100
...

Additional resources

  • For details about the parameters used in network_connections and for additional information about the network System Role, see the /usr/share/ansible/roles/rhel-system-roles.network/README.md file.
  • For details about the ansible-playbook command, see the ansible-playbook(1) man page.

19.7. Creating static routes configuration files in key-value-format when using the legacy network scripts

This procedure describes how to manually create a routing configuration file for an IPv4 route to the 192.0.2.0/24 network when you use the legacy network scripts instead of NetworkManager. In this example, the corresponding gateway with the IP address 198.51.100.1 is reachable via the enp1s0 interface.

The example in this procedure uses configuration entries in key-value-format.

Note

The legacy network scripts support the key-value-format only for static IPv4 routes. For IPv6 routes, use the ip-command-format. See Creating static routes configuration files in ip-command-format when using the legacy network scripts.

Prerequisites

  • The gateway for the static route must be directly reachable on the interface.
  • The NetworkManager package is not installed, or the NetworkManager service is disabled.
  • The network-scripts package is installed.

Procedure

  1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-enp0s1 file: 

    ADDRESS0=192.0.2.0
NETMASK0=255.255.255.0
GATEWAY0=198.51.100.1
    • The ADDRESS0 variable defines the network of the first routing entry.
    • The NETMASK0 variable defines the netmask of the first routing entry.

    • The GATEWAY0 variable defines the IP address of the gateway to the remote network or host for the first routing entry.

      If you add multiple static routes, increase the number in the variable names. Note that the variables for each route must be numbered sequentially. For example, ADDRESS0, ADDRESS1, ADDRESS3, and so on.

  2. Restart the network: 

    # systemctl restart network

Additional resources

  • For further details about configuring legacy network scripts, see the /usr/share/doc/network-scripts/sysconfig.txt file.

19.8. Creating static routes configuration files in ip-command-format when using the legacy network scripts

This procedure describes how to manually create a routing configuration file for the following static routes when you use legacy network scripts:

  • An IPv4 route to the 192.0.2.0/24 network. The corresponding gateway with the IP address 198.51.100.1 is reachable via the enp1s0 interface.
  • An IPv6 route to the 2001:db8:1::/64 network. The corresponding gateway with the IP address 2001:db8:2::1 is reachable via the enp1s0 interface.

The example in this procedure uses configuration entries in ip-command-format.

Prerequisites

  • The gateway for the static route must be directly reachable on the interface.
  • The NetworkManager package is not installed, or the NetworkManager service is disabled.
  • The network-scripts package is installed.

Procedure

  1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-enp0s1 file: 

    192.0.2.0/24 via 198.51.100.1 dev enp0s1

  2. Add the static IPv6 route to the /etc/sysconfig/network-scripts/route6-enp0s1 file: 

    2001:db8:1::/64 via 2001:db8:2::1 dev enp0s1

  3. Restart the network: 

    # systemctl restart network

Additional Resources

  • For further details about configuring legacy network scripts, see the /usr/share/doc/network-scripts/sysconfig.txt file.