Unix: Getting from here to there (routing basics)

You need to understanding routing tables if you're going to do any kind of network troubleshooting. Let's take a look at what Linux commands can tell you about how your system is making connections.

What is routing? It's the set of rules that govern how you make connections to other systems. Any time you make a connection from one system to another system -- whether you're sending email, transferring a set of files or logging in with ssh -- you're routing. And, since most connections aren't direct (in other words, they're travelling through one or more system en route to the target), most of the time you're going to be crossing a router -- or maybe a long series of routers -- to get there. To view the routing table on a Linux system, use the netstat -rn command. The output of this command will tell you how connections you initiate are going to be handled. The routing table on most Linux systems will look something like this:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0     U         0 0          0 eth0         UG        0 0          0 eth0

The fields in this output are: Destination -- where the connections are headed. This can be a specific network, one particular system or everything not covered by some other routing entry (i.e., the default). Gateway -- where those connections first have to go before being sent to the ultimate destination. This can be a local router or a "" (no router involved) kind of entry. Genmask -- the network mask that determines what systems are covered by your destination. Flags -- indicators that tell you more about each routing table entry (e.g., whether it's a gateway). MSS -- maximum segment size Window -- size of packet that can be transmitted irtt -- initial round trip time Iface -- the network interface that is involved For several of these settings, a size of 0 means that the default value is being used. Now, let's examine this output line by line.

Line 1

First, is the local network. How do you know this? Well, with a gateway of, connections clearly aren't going through another system. in this position in the routing table means your system will send packets directly to the target system (i.e., not through a router). You can confirm that your system is, indeed, on the network by running ifconfig.

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:35:69:BD:79
          inet addr:<b></b>  Bcast:  Mask:
          inet6 addr: fe88::211:35aa:fe66:bd79/64 Scope:Link
          RX packets:64419467 errors:0 dropped:0 overruns:0 frame:1
          TX packets:62220642 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4012707801 (3.7 GiB)  TX bytes:382601808 (364.8 MiB)
          Interrupt:217 Memory:fdef0000-fdf00000

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:433441 errors:0 dropped:0 overruns:0 frame:0
          TX packets:433441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36036194 (34.3 MiB)  TX bytes:36036194 (34.3 MiB)

The lo entry represents the loopback interface. If you have additional network interfaces, you will need to add the -a option to have them reported as well. The network mask or "Genmask" of tells us that our address space for this route is The use of is not surprising for a small LAN. It's one of the three internal IP ranges that anyone can use and the one that is the one most commonly used on small routers. The destination address of with the mask means any address between and (i.e., the local network) would be on the same LAN.

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0

Notice the netmask is So, this is the route you will use for any connections to other systems on the same LAN. The interface, which is likely the only one of this system, is eth0. And the flag set to U tells you this route is up. Flags can have various values, although the most commonly seen are U and G. Here they are with some of the other flags you might see.

  • U - route is up
  • H - target is a host (i.e., only that host can be reached through that route)
  • G - route is to a gateway
  • R - reinstate route for dynamic routing
  • D - dynamically installed by daemon or redirect
  • M - modified from routing daemon or redirect
  • A - installed by addrconf
  • C - cache entry
  • ! - reject route

Line 2

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
...     U         0 0          0 eth0

The entry requires some explanation. This is a link-local address -- a special address defined in RFC 5735 for link-local addressing. Its appearance in your netstat output doesn't mean it's being used. It just shows up unless you take steps to remove it. A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses. You can add NOZEROCONF=yes at the end of your /etc/sysconfig/network file to remove this additional route, though it does no harm being there.

$ cat /etc/sysconfig/network

Line 3

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
...         UG        0 0          0 eth0 is your default route. This is where connections are routed whenever those connections aren't headed for the local network segment or other specific routes. If you use the command netstat -r (without the -n option) , the word "default" will appear in place of The -n option suppresses translation of addresses to symbolic names.

$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface     *        U         0 0          0 eth0     *          U         0 0          0 eth0
<b>default</b>         pix            UG        0 0          0 eth0

This also shows the name of the gateway -- appearently a Cisco PIX router. Think of the default route as "everywhere else". In this case, we can see that to connect to systems anywhere other than the local network, we have to go through Most network admins will use the .1 address of each LAN for its router -- a very is a sensible convention. So, if your connection is headed anywhere else, you need to go through the gateway listed in the second column -- generally your default router. The flags for the default route line clearly include G, confirming that this is a router or "gateway".

Using traceroute

If you want to see the specific route that a connection might take and get an idea how well that route performs, then traceroute is the command to use. This command will display each hop that a connection might take and will show you how long each hop takes. The traceroute command does this by sending a number of echo request packets (like ping does) but with varying time-to-live (TTL) settings so that it can calculate the time that each hop requires. For example, for the first hop, the TTL is set to 1. For the second hop, it's set to 2, etc.

$ traceroute world.std.com
traceroute to world.std.com (, 30 hops max, 40 byte packets
 1  * * *
 2  gig0-8.umcp-core.net.ums.edu (  2.634 ms  2.632 ms  2.610 ms
 3  ten2-0.stpaul-core.net.ums.edu (  3.515 ms  3.508 ms  3.486 ms
 4  te4-3.ccr01.bwi01.atlas.cogentco.com (  4.169 ms  4.163 ms  4.143
 5  te4-2.ccr01.phl01.atlas.cogentco.com (  6.268 ms  6.262 ms 
     te3-3.ccr01.phl01.atlas.cogentco.com (  6.950 ms
 6  te0-0-0-19.mpd21.jfk02.atlas.cogentco.com (  9.835 ms 
     te0-0-0-7.ccr22.jfk02.atlas.cogentco.com (  8.937 ms  8.925 ms
 7  te0-1-0-4.ccr22.bos01.atlas.cogentco.com (  14.768 ms 
     te0-2-0-6.ccr22.bos01.atlas.cogentco.com (  14.129 ms te0-1-0-    
     2.ccr21.bos01.atlas.cogentco.com (  14.740 ms
 8  te4-1.mag01.bos01.atlas.cogentco.com (  14.450 ms 
     te7-1.mag02.bos01.atlas.cogentco.com (  13.859 ms  
     (  14.816 ms
 9  vl3884.na31.b000502-0.bos01.atlas.cogentco.com (  18.336 ms  16.398
     ms  16.699 ms
10  cogent.bos.ma.towerstream.com (  13.925 ms  13.840 ms  13.720 ms
11  g6-2.cr.bos1.ma.towerstream.com (  21.495 ms  15.647 ms  15.458 ms
12 (  33.680 ms  33.602 ms  33.419 ms
13 (  31.961 ms  30.079 ms *
14  world.std.com (  34.695 ms  34.698 ms  34.159 ms

The ping command is popularly used to test connectivity with a remote system and verifies that you can (or can't) reach the remote system.

Route Caching

The route -Cn command displays routing cache information. This shows routes associated with active connections. Linux caches this information so that it can route packets faster.

route -Cn
Kernel IP routing cache
Source          Destination     Gateway         Flags Metric Ref    Use Iface     il    0      0       13 lo           0      0        0 eth0           0      2        0 eth0           0      0        4 eth0           0      1        0 eth0     l     0      0       79 lo

Rejecting connections

You can also specifically reject specific network connections using route commands. Using a command such as this one, you would redirect connections to a system you don't want to permit to your loopback interface.

# route add gw lo

To reverse this, you would do this:

# route delete

You could also do block connections to a particular system or subnet using a command such as these:

# route add -host reject
# route add -net reject

Wrap Up

Managing routing configuration on Linux systems is relatively easy, but a good handle on what the basic commands can tell you and do for you is essential.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.