Every time you open a browser, send an email, or query an API, IP routing decides how your packets get from source to destination. Routers examine destination addresses, consult their routing tables, and forward packets hop by hop until they reach the right network. Understanding how this process works – and which protocols automate it – is foundational knowledge for anyone managing networks.
This guide covers static and dynamic routing, the Linux routing table, major routing protocols (RIP, OSPF, BGP, EIGRP), turning a Linux box into a router with FRRouting, and troubleshooting routes with traceroute and mtr. The concepts apply across all Linux distributions and network environments. For protocol specifications, refer to the OSPF RFC 2328 and BGP RFC 4271 published by the IETF.
Step 1: Static vs Dynamic Routing
Routing falls into two broad categories: static and dynamic. The choice between them depends on network size, redundancy requirements, and how often paths change.
Static routing means an administrator manually defines every route. The router does not learn paths on its own – it only knows what you tell it. This works well for small networks with a single exit point (a stub network) or for default routes pointing to an upstream gateway. Static routes consume zero bandwidth because no routing updates are exchanged. The downside is obvious: if a link fails, traffic blackholes until someone manually updates the route.
Dynamic routing uses protocols that let routers discover and share network reachability information automatically. When a link goes down, routers detect the failure and recalculate paths without human intervention. This is essential in networks with multiple paths, redundant links, or hundreds of subnets where manual route management would be impractical.
In practice, most networks use a combination. A default static route points traffic toward the internet gateway, while dynamic protocols handle internal path selection between sites or data center segments.
Step 2: Understanding the Linux Routing Table
The kernel routing table is what Linux consults for every outbound packet. You can view it with the ip route command, which is part of the iproute2 toolset available on every modern distribution.
Display the current routing table:
ip route showA typical server with a single interface shows output like this:
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.50 metric 100Here is what each field means:
- default via 192.168.1.1 – the default gateway. Any packet not matching a more specific route goes here
- dev eth0 – the outgoing interface for this route
- proto kernel – route was auto-created by the kernel when the interface got an IP address
- proto static – route was added manually or by a network manager
- scope link – destination is directly attached (on the same Layer 2 segment)
- metric 100 – route priority. Lower metric wins when multiple routes exist for the same destination
To check which route a specific destination would use, query the routing decision engine directly:
ip route get 8.8.8.8The output confirms the next hop and outgoing interface for that particular destination:
8.8.8.8 via 192.168.1.1 dev eth0 src 192.168.1.50 uid 0
cacheStep 3: Configuring Static Routes on Linux
Static routes are added with the ip route add command. These are useful when you need to reach a network segment through a specific gateway that is not the default route. If you need to configure static IP addressing first, handle that before adding custom routes.
Add a route to the 10.10.0.0/16 network through gateway 192.168.1.254:
sudo ip route add 10.10.0.0/16 via 192.168.1.254 dev eth0Verify the route was added:
ip route show 10.10.0.0/16The output confirms the new route and its next hop:
10.10.0.0/16 via 192.168.1.254 dev eth0Routes added with ip route add are not persistent – they disappear on reboot. To make them permanent, use your distribution’s network configuration.
On systems using NetworkManager (RHEL, Rocky, AlmaLinux, Fedora), add a persistent route with nmcli:
sudo nmcli connection modify eth0 +ipv4.routes "10.10.0.0/16 192.168.1.254"
sudo nmcli connection up eth0On systems using Netplan (Ubuntu 24.04, Debian 13), edit the Netplan YAML file:
sudo vi /etc/netplan/01-netcfg.yamlAdd the routes section under your interface configuration:
network:
version: 2
ethernets:
eth0:
addresses:
- 192.168.1.50/24
routes:
- to: 10.10.0.0/16
via: 192.168.1.254
- to: default
via: 192.168.1.1Apply the Netplan configuration:
sudo netplan applyTo remove a static route:
sudo ip route del 10.10.0.0/16 via 192.168.1.254Step 4: RIP – Routing Information Protocol
RIP is the oldest dynamic routing protocol still in use. It is a distance-vector protocol, meaning each router shares its entire routing table with directly connected neighbors at regular intervals (every 30 seconds by default).
Key characteristics of RIP:
- Metric – hop count. Each router along the path adds 1. Maximum is 15 hops – anything beyond that is considered unreachable
- Convergence – slow. When a link fails, it can take several minutes for all routers to agree on the new topology due to periodic updates and hold-down timers
- RIPv1 – classful (no subnet mask in updates), broadcasts updates. Effectively obsolete
- RIPv2 – classless (carries subnet masks), uses multicast 224.0.0.9, supports authentication. The version you would use if deploying RIP today
- RIPng – RIP for IPv6 networks
RIP is only practical for small, flat networks (under 15 hops) where simplicity matters more than convergence speed. In any network with more than a handful of routers, OSPF or BGP is a better choice.
Step 5: OSPF – Open Shortest Path First
OSPF is the most widely deployed interior gateway protocol (IGP) in enterprise networks. It is a link-state protocol – instead of sharing full routing tables like RIP, each router builds a complete map of the network topology and independently calculates the shortest path to every destination using Dijkstra’s algorithm.
Key characteristics of OSPF:
- Metric – cost, calculated from interface bandwidth. A 1 Gbps link has lower cost than a 100 Mbps link, so OSPF naturally prefers faster paths
- Convergence – fast. When a link state changes, the affected router immediately floods a Link State Advertisement (LSA) to all routers in the area. Convergence typically happens in seconds
- Areas – OSPF uses a hierarchical design. Area 0 (the backbone) connects all other areas. This limits the scope of LSA flooding and reduces CPU load on routers
- Router roles – Designated Router (DR) and Backup Designated Router (BDR) reduce adjacency overhead on multi-access networks like Ethernet
- Authentication – supports MD5 and SHA-HMAC authentication of routing updates
- OSPFv2 – for IPv4. OSPFv3 – for IPv6
OSPF scales to hundreds of routers when areas are designed properly. It is the standard choice for campus networks, data centers, and multi-site WANs where all routers are under a single administrative domain.
Step 6: BGP – Border Gateway Protocol
BGP is the routing protocol that holds the internet together. It is a path-vector protocol designed to exchange routing information between autonomous systems (AS) – independent networks operated by different organizations such as ISPs, cloud providers, and large enterprises.
Key characteristics of BGP:
- Metric – BGP does not use a single metric. It uses a set of path attributes (AS path length, local preference, MED, weight, origin) evaluated in a specific order to select the best path
- Convergence – deliberate. BGP prioritizes stability over speed. Updates include dampening mechanisms to prevent route flapping from destabilizing the internet
- eBGP – External BGP runs between routers in different autonomous systems. This is what ISPs use to peer with each other
- iBGP – Internal BGP runs between routers within the same AS. Used to distribute externally learned routes inside a network
- TCP-based – BGP runs over TCP port 179, providing reliable delivery of routing updates
- Policy control – BGP gives administrators fine-grained control over which routes to accept, prefer, or advertise through route maps, prefix lists, and community attributes
BGP is not limited to internet peering. Many data center fabrics use eBGP between leaf and spine switches (the BGP-on-the-host model), and large enterprises run iBGP internally for traffic engineering. If you are managing network traffic at scale, you can monitor routing behavior with tools from our list of open source network monitoring tools.
Step 7: EIGRP Overview
EIGRP (Enhanced Interior Gateway Routing Protocol) is a Cisco-developed protocol that combines characteristics of both distance-vector and link-state protocols. Cisco published an informational RFC (RFC 7868) documenting the protocol, and FRRouting includes an EIGRP implementation, but in practice EIGRP remains a Cisco-centric protocol.
Key characteristics of EIGRP:
- Metric – composite metric based on bandwidth, delay, reliability, and load. By default only bandwidth and delay are used in the calculation
- Algorithm – DUAL (Diffusing Update Algorithm). It pre-computes backup paths (feasible successors) so failover is near-instant without recalculating the entire topology
- Convergence – very fast. If a feasible successor exists, failover happens in milliseconds with no queries to other routers
- Partial updates – only sends changes, not the full routing table. Reduces bandwidth usage compared to RIP
- Unequal-cost load balancing – a feature unique to EIGRP. It can distribute traffic across paths with different metrics using the variance command
EIGRP is commonly found in Cisco-only enterprise networks that were built before OSPF became the dominant IGP choice. For new deployments or mixed-vendor environments, OSPF is the standard recommendation.
Step 8: Routing Protocol Comparison
This table summarizes the key differences between the four major routing protocols. Use it as a quick reference when choosing a protocol for your network design.
| Protocol | Type | Metric | Convergence | Best Use Case |
|---|---|---|---|---|
| RIP | Distance-vector | Hop count (max 15) | Slow (minutes) | Small stub networks |
| OSPF | Link-state | Cost (bandwidth-based) | Fast (seconds) | Enterprise, campus, data center |
| BGP | Path-vector | Path attributes (AS path, local pref, MED) | Deliberate (stability-focused) | Internet peering, multi-AS, DC fabric |
| EIGRP | Advanced distance-vector | Composite (bandwidth + delay) | Very fast (milliseconds with feasible successor) | Cisco-only enterprise networks |
Step 9: Using Linux as a Router with FRRouting
A standard Linux server can function as a full-featured IP router. The kernel already has packet forwarding capability built in – you just need to enable it and optionally run a routing daemon for dynamic protocols.
Enable IP Forwarding
By default, Linux drops packets that are not destined for its own IP addresses. To make it forward packets between interfaces like a router, enable IP forwarding:
sudo sysctl -w net.ipv4.ip_forward=1Make it persistent across reboots:
sudo vi /etc/sysctl.d/99-routing.confAdd the following lines to enable forwarding for both IPv4 and IPv6:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1Apply the sysctl settings without rebooting:
sudo sysctl -p /etc/sysctl.d/99-routing.confVerify forwarding is enabled:
sysctl net.ipv4.ip_forwardThe output should confirm forwarding is active:
net.ipv4.ip_forward = 1Install FRRouting for Dynamic Routing Protocols
FRRouting (FRR) is the standard open-source routing suite for Linux. It supports OSPF, BGP, RIP, IS-IS, EIGRP, and more – giving a Linux box the same protocol support as commercial routers. FRR uses a Cisco-like CLI (vtysh) that network engineers will feel immediately familiar with.
Install FRRouting on Ubuntu/Debian:
sudo apt update
sudo apt install frr frr-pythontools -yInstall FRRouting on RHEL/Rocky/AlmaLinux:
sudo dnf install frr -yEnable the routing daemons you need by editing the FRR daemons configuration file:
sudo vi /etc/frr/daemonsSet the daemons you want to run to yes. For example, to enable OSPF and BGP:
zebra=yes
ospfd=yes
bgpd=yes
ripd=no
isisd=no
eigrpd=noStart and enable the FRR service:
sudo systemctl enable --now frrVerify FRR is running:
sudo systemctl status frrThe service should show active (running). Access the FRR interactive shell to configure routing protocols:
sudo vtyshInside vtysh, you can view the routing table managed by FRR:
show ip routeThis displays all routes from every active protocol with source codes (K for kernel, C for connected, O for OSPF, B for BGP) so you can see how each route was learned.
If you run a firewall on this router, make sure to allow the relevant protocol traffic. OSPF uses IP protocol 89, BGP uses TCP port 179, and RIP uses UDP port 520. Adjust your firewall rules accordingly.
Step 10: Troubleshooting IP Routing
When packets are not reaching their destination, the first step is identifying where they stop. These tools trace the path packets take and reveal which hop is causing the problem.
traceroute
traceroute sends packets with incrementally increasing TTL values. Each router along the path decrements the TTL by 1 and, when it hits zero, sends back an ICMP Time Exceeded message. This reveals every hop between source and destination.
traceroute 8.8.8.8The output shows each hop’s IP address and three round-trip time measurements:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.234 ms 1.112 ms 1.089 ms
2 10.0.0.1 (10.0.0.1) 5.678 ms 5.543 ms 5.321 ms
3 72.14.215.85 (72.14.215.85) 12.456 ms 12.321 ms 12.234 ms
4 8.8.8.8 (8.8.8.8) 11.987 ms 11.876 ms 11.765 msAn asterisk (* * *) at a hop means that router is not responding to the probe packets. This does not always mean the hop is down – many routers are configured to drop ICMP or rate-limit responses. Look at subsequent hops to determine if traffic is actually being forwarded.
mtr – Combining Ping and Traceroute
mtr provides a continuously updating view that combines traceroute path discovery with ping-style statistics. It is far more useful than a single traceroute run because it shows packet loss percentage and latency variation at each hop over time.
mtr -rw -c 20 8.8.8.8The -r flag produces a report after sending all probes, -w uses wide output with full hostnames, and -c 20 sends 20 probes per hop:
Start: 2026-03-22T10:30:00+0000
HOST: router1 Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.1.1 0.0% 20 1.2 1.3 1.0 2.1 0.3
2.|-- 10.0.0.1 0.0% 20 5.4 5.6 5.1 7.2 0.5
3.|-- 72.14.215.85 5.0% 20 12.3 12.8 11.9 15.1 0.8
4.|-- 8.8.8.8 0.0% 20 12.0 12.1 11.7 13.2 0.4When reading mtr output, look for patterns. If a single hop shows high loss but subsequent hops are fine, that hop is just rate-limiting ICMP – not actually dropping real traffic. If loss starts at a specific hop and continues through all remaining hops, that hop is the problem.
Additional Diagnostic Commands
Check if a specific route exists for a destination:
ip route get 10.10.5.1View the ARP table to confirm Layer 2 reachability to the next hop. You can also use ss or netstat to verify that routing protocol sessions (like BGP on TCP 179) are established:
ip neigh showThe neighbor table shows IP-to-MAC mappings and their state (REACHABLE, STALE, or FAILED). A FAILED entry means the kernel could not resolve the next hop’s MAC address, which points to a Layer 2 connectivity issue.
For deeper packet analysis when routing issues are not obvious from the routing table, capture traffic at specific interfaces with Wireshark or tcpdump to see exactly what is being sent and received.
Conclusion
IP routing is the mechanism that moves packets across networks, and routing protocols are what automate path selection at scale. Static routes work for simple topologies, OSPF handles enterprise and campus networks efficiently, BGP manages inter-domain routing on the internet, and Linux with FRRouting can serve as a capable software router running any of these protocols.
For production routing deployments, enable authentication on all protocol peerings (MD5 for OSPF, TCP-MD5 or TCP-AO for BGP), implement prefix filtering to prevent route leaks, and monitor routing table changes with syslog or a dedicated network monitoring platform.
