Search

Chapter 25. Configuring static routes

download PDF

Routing ensures that you can send and receive traffic between mutually-connected networks. In larger environments, administrators typically configure services so that routers can dynamically learn about other routers. In smaller environments, administrators often configure static routes to ensure that traffic can reach from one network to the next.

You need static routes to achieve a functioning communication among multiple networks if all of these conditions apply:

  • The traffic has to pass multiple networks.
  • The exclusive traffic flow through the default gateways is not sufficient.

Section 25.1, “Example of a network that requires static routes” describes scenarios and how the traffic flows between different networks when you do not configure static routes.

25.1. Example of a network that requires static routes

You require static routes in this example because not all IP networks are directly connected through one router. Without the static routes, some networks cannot communicate with each other. Additionally, traffic from some networks flows only in one direction.

Note

The network topology in this example is artificial and only used to explain the concept of static routing. It is not a recommended topology in production environments.

For a functioning communication among all networks in this example, configure a static route to Raleigh (198.51.100.0/24) with next the hop Router 2 (203.0.113.10). The IP address of the next hop is the one of Router 2 in the data center network (203.0.113.0/24).

You can configure the static route as follows:

  • For a simplified configuration, set this static route only on Router 1. However, this increases the traffic on Router 1 because hosts from the data center (203.0.113.0/24) send traffic to Raleigh (198.51.100.0/24) always through Router 1 to Router 2.
  • For a more complex configuration, configure this static route on all hosts in the data center (203.0.113.0/24). All hosts in this subnet then send traffic directly to Router 2 (203.0.113.10) that is closer to Raleigh (198.51.100.0/24).

For more details between which networks traffic flows or not, see the explanations below the diagram.

routing example

In case that the required static routes are not configured, the following are the situations in which the communication works and when it does not:

  • Hosts in the Berlin network (192.0.2.0/24):

    • Can communicate with other hosts in the same subnet because they are directly connected.
    • Can communicate with the internet because Router 1 is in the Berlin network (192.0.2.0/24) and has a default gateway, which leads to the internet.
    • Can communicate with the data center network (203.0.113.0/24) because Router 1 has interfaces in both the Berlin (192.0.2.0/24) and the data center (203.0.113.0/24) networks.
    • Cannot communicate with the Raleigh network (198.51.100.0/24) because Router 1 has no interface in this network. Therefore, Router 1 sends the traffic to its own default gateway (internet).
  • Hosts in the data center network (203.0.113.0/24):

    • Can communicate with other hosts in the same subnet because they are directly connected.
    • Can communicate with the internet because they have their default gateway set to Router 1, and Router 1 has interfaces in both networks, the data center (203.0.113.0/24) and to the internet.
    • Can communicate with the Berlin network (192.0.2.0/24) because they have their default gateway set to Router 1, and Router 1 has interfaces in both the data center (203.0.113.0/24) and the Berlin (192.0.2.0/24) networks.
    • Cannot communicate with the Raleigh network (198.51.100.0/24) because the data center network has no interface in this network. Therefore, hosts in the data center (203.0.113.0/24) send traffic to their default gateway (Router 1). Router 1 also has no interface in the Raleigh network (198.51.100.0/24) and, as a result, Router 1 sends this traffic to its own default gateway (internet).
  • Hosts in the Raleigh network (198.51.100.0/24):

    • Can communicate with other hosts in the same subnet because they are directly connected.
    • Cannot communicate with hosts on the internet. Router 2 sends the traffic to Router 1 because of the default gateway settings. The actual behavior of Router 1 depends on the reverse path filter (rp_filter) system control (sysctl) setting. By default on RHEL, Router 1 drops the outgoing traffic instead of routing it to the internet. However, regardless of the configured behavior, communication is not possible without the static route.
    • Cannot communicate with the data center network (203.0.113.0/24). The outgoing traffic reaches the destination through Router 2 because of the default gateway setting. However, replies to packets do not reach the sender because hosts in the data center network (203.0.113.0/24) send replies to their default gateway (Router 1). Router 1 then sends the traffic to the internet.
    • Cannot communicate with the Berlin network (192.0.2.0/24). Router 2 sends the traffic to Router 1 because of the default gateway settings. The actual behavior of Router 1 depends on the rp_filter sysctl setting. By default on RHEL, Router 1 drops the outgoing traffic instead of sending it to the Berlin network (192.0.2.0/24). However, regardless of the configured behavior, communication is not possible without the static route.
Note

In addition to configuring the static routes, you must enable IP forwarding on both routers.

25.2. How to use the nmcli command to configure a static route

To configure a static route, use the nmcli utility with the following syntax:

$ nmcli connection modify connection_name ipv4.routes "ip[/prefix] [next_hop] [metric] [attribute=value] [attribute=value] ..."

The command supports the following route attributes:

  • cwnd=n: Sets the congestion window (CWND) size, defined in number of packets.
  • lock-cwnd=true|false: Defines whether or not the kernel can update the CWND value.
  • lock-mtu=true|false: Defines whether or not the kernel can update the MTU to path MTU discovery.
  • lock-window=true|false: Defines whether or not the kernel can update the maximum window size for TCP packets.
  • mtu=n: Sets the maximum transfer unit (MTU) to use along the path to the destination.
  • onlink=true|false: Defines whether the next hop is directly attached to this link even if it does not match any interface prefix.
  • scope=n: For an IPv4 route, this attribute sets the scope of the destinations covered by the route prefix. Set the value as an integer (0-255).
  • src=address: Sets the source address to prefer when sending traffic to the destinations covered by the route prefix.
  • table=table_id: Sets the ID of the table the route should be added to. If you omit this parameter, NetworkManager uses the main table.
  • tos=n: Sets the type of service (TOS) key. Set the value as an integer (0-255).
  • type=value: Sets the route type. NetworkManager supports the unicast, local, blackhole, unreachable, prohibit, and throw route types. The default is unicast.
  • window=n: Sets the maximal window size for TCP to advertise to these destinations, measured in bytes.

If you use the ipv4.routes sub-command, nmcli overrides all current settings of this parameter.

To add a route:

$ nmcli connection modify connection_name +ipv4.routes "<route>"

Similarly, to remove a specific route:

$ nmcli connection modify connection_name -ipv4.routes "<route>"

25.3. Configuring a static route by using nmcli

You can add a static route to an existing NetworkManager connection profile using the nmcli connection modify command.

The procedure below configures the following routes:

  • An IPv4 route to the remote 198.51.100.0/24 network. The corresponding gateway with the IP address 192.0.2.10 is reachable through the example connection.
  • An IPv6 route to the remote 2001:db8:2::/64 network. The corresponding gateway with the IP address 2001:db8:1::10 is reachable through the example connection.

Prerequisites

  • The example connection profile exists and it configures this host to be in the same IP subnet as the gateways.

Procedure

  1. Add the static IPv4 route to the example connection profile:

    # nmcli connection modify example +ipv4.routes "198.51.100.0/24 192.0.2.10"

    To set multiple routes in one step, pass the individual routes comma-separated to the command. For example, to add a route to the 198.51.100.0/24 and 203.0.113.0/24 networks, both routed through the 192.0.2.10 gateway, enter:

    # nmcli connection modify example +ipv4.routes "198.51.100.0/24 192.0.2.10, 203.0.113.0/24 192.0.2.10"
  2. Add the static IPv6 route to the example connection profile:

    # nmcli connection modify example +ipv6.routes "2001:db8:2::/64 2001:db8:1::10"
  3. Re-activate the connection:

    # nmcli connection up example

Verification

  1. Display the IPv4 routes:

    # ip -4 route
    ...
    198.51.100.0/24 via 192.0.2.10 dev enp1s0
  2. Display the IPv6 routes:

    # ip -6 route
    ...
    2001:db8:2::/64 via 2001:db8:1::10 dev enp1s0 metric 1024 pref medium

Additional resources

  • nmcli(1) man page
  • nm-settings-nmcli(5) man page

25.4. Configuring a static route by using nmtui

The nmtui application provides a text-based user interface for NetworkManager. You can use nmtui to configure static routes on a host without a graphical interface.

For example, the procedure below adds a route to the 192.0.2.0/24 network that uses the gateway running on 198.51.100.1, which is reachable through an existing connection profile.

Note

In nmtui:

  • Navigate by using the cursor keys.
  • Press a button by selecting it and hitting Enter.
  • Select and clear checkboxes by using Space.

Prerequisites

  • The network is configured.
  • The gateway for the static route must be directly reachable on the interface.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the command requires root permissions.

Procedure

  1. Start nmtui:

    # nmtui
  2. Select Edit a connection, and press Enter.
  3. Select the connection profile through which you can reach the next hop to the destination network, and press Enter.
  4. Depending on whether it is an IPv4 or IPv6 route, press the Show button next to the protocol’s configuration area.
  5. Press the Edit button next to Routing. This opens a new window where you configure static routes:

    1. Press the Add button and fill in:

      • The destination network, including the prefix in Classless Inter-Domain Routing (CIDR) format
      • The IP address of the next hop
      • A metric value, if you add multiple routes to the same network and want to prioritize the routes by efficiency
    2. Repeat the previous step for every route you want to add and that is reachable through this connection profile.
    3. Press the OK button to return to the window with the connection settings.

      Figure 25.1. Example of a static route without metric

      nmtui add static route
  6. Press the OK button to return to the nmtui main menu.
  7. Select Activate a connection and press Enter.
  8. Select the connection profile that you edited, and press Enter twice to deactivate and activate it again.

    Important

    Skip this step if you run nmtui over a remote connection, such as SSH, that uses the connection profile you want to reactivate. In this case, if you would deactivate it in nmtui, the connection is terminated and, consequently, you cannot activate it again. To avoid this problem, use the nmcli connection connection_profile_name up command to reactivate the connection in the mentioned scenario.

  9. Press the Back button to return to the main menu.
  10. Select Quit, and press Enter to close the nmtui application.

Verification

  • Verify that the route is active:

    $ ip route
    ...
    192.0.2.0/24 via 198.51.100.1 dev example proto static metric 100

25.5. Configuring a static route by using control-center

You can use control-center in GNOME to add a static route to the configuration of a network connection.

The procedure below configures the following routes:

  • An IPv4 route to the remote 198.51.100.0/24 network. The corresponding gateway has the IP address 192.0.2.10.
  • An IPv6 route to the remote 2001:db8:2::/64 network. The corresponding gateway has the IP address 2001:db8:1::10.

Prerequisites

Procedure

  1. On the IPv4 tab:

    1. Optional: Disable automatic routes by clicking the On button in the Routes section of the IPv4 tab to use only static routes. If automatic routes are enabled, Red Hat Enterprise Linux uses static routes and routes received from a DHCP server.
    2. Enter the address, netmask, gateway, and optionally a metric value of the IPv4 route:

      IPv4 static route in control center

  2. On the IPv6 tab:

    1. Optional: Disable automatic routes by clicking the On button i the Routes section of the IPv4 tab to use only static routes.
    2. Enter the address, netmask, gateway, and optionally a metric value of the IPv6 route:

      IPv6 static route in control center

  3. Click Apply.
  4. Back in the Network window, disable and re-enable the connection by switching the button for the connection to Off and back to On for changes to take effect.

    Warning

    Restarting the connection briefly disrupts connectivity on that interface.

Verification

  1. Display the IPv4 routes:

    # ip -4 route
    ...
    198.51.100.0/24 via 192.0.2.10 dev enp1s0
  2. Display the IPv6 routes:

    # ip -6 route
    ...
    2001:db8:2::/64 via 2001:db8:1::10 dev enp1s0 metric 1024 pref medium

25.6. Configuring a static route by using nm-connection-editor

You can use the nm-connection-editor application to add a static route to the configuration of a network connection.

The procedure below configures the following routes:

  • An IPv4 route to the remote 198.51.100.0/24 network. The corresponding gateway with the IP address 192.0.2.10 is reachable through the example connection.
  • An IPv6 route to the remote 2001:db8:2::/64 network. The corresponding gateway with the IP address 2001:db8:1::10 is reachable through the example connection.

Prerequisites

  • The network is configured.
  • This host is in the same IP subnet as the gateways.

Procedure

  1. Open a terminal, and enter nm-connection-editor:

    $ nm-connection-editor
  2. Select the example connection profile, and click the gear wheel icon to edit the existing connection.
  3. On the IPv4 Settings tab:

    1. Click the Routes button.
    2. Click the Add button and enter the address, netmask, gateway, and optionally a metric value.

      IPv4 static route in nm connection editor

    3. Click OK.
  4. On the IPv6 Settings tab:

    1. Click the Routes button.
    2. Click the Add button and enter the address, netmask, gateway, and optionally a metric value.

      IPv6 static route in nm connection editor

    3. Click OK.
  5. Click Save.
  6. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line:

    # nmcli connection up example

Verification

  1. Display the IPv4 routes:

    # ip -4 route
    ...
    198.51.100.0/24 via 192.0.2.10 dev enp1s0
  2. Display the IPv6 routes:

    # ip -6 route
    ...
    2001:db8:2::/64 via 2001:db8:1::10 dev enp1s0 metric 1024 pref medium

25.7. Configuring a static route by using the nmcli interactive mode

You can use the interactive mode of the nmcli utility to add a static route to the configuration of a network connection.

The procedure below configures the following routes:

  • An IPv4 route to the remote 198.51.100.0/24 network. The corresponding gateway with the IP address 192.0.2.10 is reachable through the example connection.
  • An IPv6 route to the remote 2001:db8:2::/64 network. The corresponding gateway with the IP address 2001:db8:1::10 is reachable through the example connection.

Prerequisites

  • The example connection profile exists and it configures this host to be in the same IP subnet as the gateways.

Procedure

  1. Open the nmcli interactive mode for the example connection:

    # nmcli connection edit example
  2. Add the static IPv4 route:

    nmcli> set ipv4.routes 198.51.100.0/24 192.0.2.10
  3. Add the static IPv6 route:

    nmcli> set ipv6.routes 2001:db8:2::/64 2001:db8:1::10
  4. Optionally, verify that the routes were added correctly to the configuration:

    nmcli> print
    ...
    ipv4.routes:    { ip = 198.51.100.0/24, nh = 192.0.2.10 }
    ...
    ipv6.routes:    { ip = 2001:db8:2::/64, nh = 2001:db8:1::10 }
    ...

    The ip attribute displays the network to route and the nh attribute the gateway (next hop).

  5. Save the configuration:

    nmcli> save persistent
  6. Restart the network connection:

    nmcli> activate example
  7. Leave the nmcli interactive mode:

    nmcli> quit

Verification

  1. Display the IPv4 routes:

    # ip -4 route
    ...
    198.51.100.0/24 via 192.0.2.10 dev enp1s0
  2. Display the IPv6 routes:

    # ip -6 route
    ...
    2001:db8:2::/64 via 2001:db8:1::10 dev enp1s0 metric 1024 pref medium

Additional resources

  • nmcli(1) man page
  • nm-settings-nmcli(5) man page

25.8. Configuring a static route by using nmstatectl

Use the nmstatectl utility to configure a static route through the Nmstate API. The Nmstate API ensures that, after setting the configuration, the result matches the configuration file. If anything fails, nmstatectl automatically rolls back the changes to avoid leaving the system in an incorrect state.

Prerequisites

  • The enp1s0 network interface is configured and is in the same IP subnet as the gateways.
  • The nmstate package is installed.

Procedure

  1. Create a YAML file, for example ~/add-static-route-to-enp1s0.yml, with the following content:

    ---
    routes:
      config:
      - destination: 198.51.100.0/24
        next-hop-address: 192.0.2.10
        next-hop-interface: enp1s0
      - destination: 2001:db8:2::/64
        next-hop-address: 2001:db8:1::10
        next-hop-interface: enp1s0

    These settings define the following static routes:

    • An IPv4 route to the remote 198.51.100.0/24 network. The corresponding gateway with the IP address 192.0.2.10 is reachable through the enp1s0 interface.
    • An IPv6 route to the remote 2001:db8:2::/64 network. The corresponding gateway with the IP address 2001:db8:1::10 is reachable through the enp1s0 interface.
  2. Apply the settings to the system:

    # nmstatectl apply ~/add-static-route-to-enp1s0.yml

Verification

  1. Display the IPv4 routes:

    # ip -4 route
    ...
    198.51.100.0/24 via 192.0.2.10 dev enp1s0
  2. Display the IPv6 routes:

    # ip -6 route
    ...
    2001:db8:2::/64 via 2001:db8:1::10 dev enp1s0 metric 1024 pref medium

Additional resources

  • nmstatectl(8) man page
  • /usr/share/doc/nmstate/examples/ directory

25.9. Configuring a static route by using the network RHEL system role

You can use the network RHEL system role to configure static routes.

Important

When you run a play that uses the network RHEL system role and if the setting values do not match the values specified in the play, the role overrides the existing connection profile with the same name. To prevent resetting these values to their defaults, always specify the whole configuration of the network connection profile in the play, even if the configuration, for example the IP configuration, already exists.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content:

    ---
    - name: Configure the network
      hosts: managed-node-01.example.com
      tasks:
        - name: Configure an Ethernet connection with static IP and additional routes
          ansible.builtin.include_role:
            name: rhel-system-roles.network
          vars:
            network_connections:
              - name: enp7s0
                type: ethernet
                autoconnect: yes
                ip:
                  address:
                    - 192.0.2.1/24
                    - 2001:db8:1::1/64
                  gateway4: 192.0.2.254
                  gateway6: 2001:db8:1::fffe
                  dns:
                    - 192.0.2.200
                    - 2001:db8:1::ffbb
                  dns_search:
                    - example.com
                  route:
                    - network: 198.51.100.0
                      prefix: 24
                      gateway: 192.0.2.10
                    - network: 2001:db8:2::
                      prefix: 64
                      gateway: 2001:db8:1::10
                state: up

    Depending on whether it already exists, the procedure creates or updates the enp7s0 connection profile with the following settings:

    • A static IPv4 address - 192.0.2.1 with a /24 subnet mask
    • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
    • An IPv4 default gateway - 192.0.2.254
    • An IPv6 default gateway - 2001:db8:1::fffe
    • An IPv4 DNS server - 192.0.2.200
    • An IPv6 DNS server - 2001:db8:1::ffbb
    • A DNS search domain - example.com
    • Static routes:

      • 198.51.100.0/24 with gateway 192.0.2.10
      • 2001:db8:2::/64 with gateway 2001:db8:1::10
  2. Validate the playbook syntax:

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    $ ansible-playbook ~/playbook.yml

Verification

  1. On the managed nodes:

    1. Display the IPv4 routes:

      # ip -4 route
      ...
      198.51.100.0/24 via 192.0.2.10 dev enp7s0
    2. Display the IPv6 routes:

      # ip -6 route
      ...
      2001:db8:2::/64 via 2001:db8:1::10 dev enp7s0 metric 1024 pref medium

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.network/README.md file
  • /usr/share/doc/rhel-system-roles/network/ directory
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.