This chapter covers the `ip route` and `ip addr` commands from the iproute2 suite, essential for configuring and troubleshooting IPv4 and IPv6 addressing and routing on Linux-based network devices. For the N10-009 exam, these commands appear in performance-based questions (PBQs) and multiple-choice questions under Domain 5.0 (Network Troubleshooting), specifically Objective 5.6: 'Given a scenario, troubleshoot common network issues using appropriate tools.' Approximately 10-15% of exam questions involve command-line tools, with ip commands being the most heavily tested. Mastering these commands is critical for passing the exam and for real-world network administration.
Jump to a section
Think of the ip route command as setting up a postal sorting office's delivery rules. Each router is a sorting office with a routing table — a list of destination neighborhoods (subnets) and the next sorting office (next-hop) or direct delivery (connected route) to get mail there. The ip addr command is like assigning a unique address to each sorting office's loading dock — every interface gets an IP address and subnet mask, defining which neighborhoods are local. When a letter (packet) arrives, the sorting office looks at the destination address and checks its routing table for the best match (longest prefix match). If the destination is local (on a directly connected network), it delivers directly. Otherwise, it forwards the letter to the next sorting office. Without proper ip route entries, letters get stuck or returned. Misconfigured routes cause loops — like two sorting offices passing the same letter back and forth until it expires (TTL). The ip addr command also defines which addresses the sorting office itself uses, so other offices know how to send replies. In summary, ip addr assigns identity, ip route defines forwarding behavior.
What Are ip route and ip addr?
The ip command is part of the iproute2 package, the modern replacement for legacy tools like ifconfig and route. It manages network interfaces, IP addresses, routing tables, ARP cache, and more. On CompTIA Network+ N10-009, you will be expected to interpret output and use these commands to troubleshoot connectivity issues.
ip addr (or ip address) displays and configures IP addresses on network interfaces. Each interface can have multiple IPv4 and IPv6 addresses, including secondary addresses and addresses from different subnets. The command shows the interface name, MAC address, assigned IP addresses, broadcast address, and state (UP/DOWN).
ip route (or ip route show) displays the routing table. The routing table contains entries that tell the system how to reach different networks. Each entry includes: destination network (prefix), next-hop gateway, metric, and interface. The command also adds, deletes, and modifies routes.
How ip addr Works
When you assign an IP address to an interface using ip addr add, the kernel adds a local route for that subnet (if the subnet is directly connected) and an entry to the local table. The syntax:
ip addr add 192.168.1.10/24 dev eth0This assigns the IP 192.168.1.10 with a 24-bit subnet mask (255.255.255.0) to interface eth0. The kernel automatically creates a connected route: destination 192.168.1.0/24 via dev eth0. It also adds a local route for the specific address (192.168.1.10/32) to the local table.
To display addresses:
ip addr showOutput example:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link
valid_lft forever preferred_lft foreverKey fields: inet (IPv4 address/prefix), brd (broadcast address), scope (global, link, host). valid_lft and preferred_lft are relevant for DHCP-assigned addresses with leases.
How ip route Works
The routing table is consulted for every outgoing packet. The kernel performs a longest prefix match (LPM) against the destination IP. The route with the most specific prefix wins. If no match, the default route (0.0.0.0/0) is used. If no default route exists, the packet is dropped and an ICMP Destination Unreachable (Network Unreachable) is sent.
Display the routing table:
ip route showExample output:
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10 metric 100
10.0.0.0/8 via 10.0.0.1 dev eth1 proto static metric 100Each line: destination prefix, next-hop (via), interface (dev), protocol (proto: kernel, static, dhcp), scope, source address (src), metric. The kernel route (proto kernel) is automatically added when an address is assigned. Static routes are added manually.
Adding Routes
To add a static route:
ip route add 10.0.0.0/8 via 192.168.1.100 dev eth0This sends traffic for 10.x.x.x to gateway 192.168.1.100 via eth0. To add a default gateway:
ip route add default via 192.168.1.1Equivalent to ip route add 0.0.0.0/0 via 192.168.1.1.
Deleting Routes
ip route del 10.0.0.0/8If multiple routes match, you may need to specify the gateway and interface.
Routing Table Types
Linux supports multiple routing tables (default: local, main, default). The main table is used for normal routing. The local table contains local and broadcast routes. You can specify a table with table <id>.
Interaction with ARP
When a route specifies a next-hop, the kernel must resolve the next-hop IP to a MAC address using ARP (IPv4) or NDP (IPv6). The ARP cache is displayed with ip neigh. If ARP fails, the route is not usable.
IPv6 with ip -6
For IPv6, use the -6 option:
ip -6 addr show
ip -6 route show
ip -6 route add 2001:db8::/32 via fe80::1 dev eth0Troubleshooting with ip
Common troubleshooting steps:
Check interface state: ip link show — ensure interface is UP.
Check IP configuration: ip addr show — verify correct IP and subnet mask.
Check routing table: ip route show — verify default route and necessary static routes.
Check ARP: ip neigh show — ensure neighbor reachability.
Test connectivity: ping and traceroute.
Default Values and Timers
ARP timeout: typically 60 seconds (configurable via /proc/sys/net/ipv4/neigh/default/gc_stale_time).
Route metric: default 0 for connected, 100 for static (varies by distribution).
TTL: 64 (Linux default) or 128 (Windows).
Exam Relevance
The N10-009 exam tests your ability to read ip addr and ip route output to identify misconfigurations. For example, a missing default route will cause traffic to external networks to fail. An incorrect subnet mask will cause the host to think some destinations are local when they are not, leading to ARP failures.
Identify Interface and IP Mismatch
Use `ip addr show` to list all interfaces and their assigned IP addresses. Check for common issues: duplicate IP addresses (two interfaces with same subnet), incorrect subnet mask (e.g., /24 instead of /16), or missing IP assignment. If a host cannot reach a device on the same subnet, verify that both have addresses in the same subnet. For example, if host A has 192.168.1.10/24 and host B has 192.168.2.20/24, they are on different subnets and need a router. A misconfigured subnet mask can cause a host to think a remote host is local, leading to ARP requests that never get answered.
Check Default Route Presence
Run `ip route show` and look for a default route (0.0.0.0/0). If missing, traffic to external networks (like the internet) will fail. Common causes: DHCP failed to provide a default gateway, or a static route was accidentally deleted. On exam questions, a scenario where a user can access internal resources but not the internet often points to a missing default route. Verify that the default route points to the correct gateway IP and that the gateway is reachable (ping it).
Verify Static Route Configuration
For networks with multiple subnets, check that static routes exist for each remote network. Use `ip route show` to list all routes. A missing static route will cause traffic to be sent to the default gateway, which may not know how to reach the destination, resulting in ICMP Destination Unreachable. When adding a static route, ensure the next-hop IP is reachable (directly connected or via another route). Also check the metric: if a better metric route exists, the static route may not be used.
Examine Interface State
Use `ip link show` to check if the interface is UP. If an interface is DOWN, no traffic can flow. Common reasons: cable unplugged, disabled by administrator (`ip link set eth0 down`), or driver issues. The output shows state: UP, DOWN, or UNKNOWN (usually for loopback). Also check for carrier detect (LOWER_UP flag). If the interface is UP but has no carrier, the physical connection is faulty.
Validate ARP Resolution
Use `ip neigh show` to display the ARP cache. If a neighbor is listed as INCOMPLETE or FAILED, the host cannot resolve the MAC address of the next-hop or destination. This can happen if the destination is on the same subnet but does not exist, or if the next-hop gateway is down. For example, if a static route points to 192.168.1.1 but that IP is not active, ARP will fail and packets will be queued or dropped. Check that the next-hop IP is reachable via ping.
Enterprise Scenario 1: Branch Office Connectivity
A company has a branch office connected to headquarters via a site-to-site VPN. The branch router (Linux-based) has a WAN interface (eth0) with public IP and a LAN interface (eth1) with private IP 10.0.1.1/24. To route traffic to the corporate network 10.0.0.0/16, a static route is needed: ip route add 10.0.0.0/16 via 10.0.0.1 dev eth0 (assuming the VPN peer is 10.0.0.1). If the route is missing, branch users cannot reach corporate servers. Performance consideration: route metrics can prioritize primary and backup links. Misconfiguration: if the next-hop IP is incorrect, traffic is black-holed. Troubleshooting involves ip route show to verify the route and ping 10.0.0.1 to test next-hop reachability.
Enterprise Scenario 2: Multi-Homed Server
A web server has two interfaces: eth0 (public IP 203.0.113.10/24) and eth1 (private IP 192.168.1.10/24). The default route points to the public gateway (203.0.113.1). However, response traffic to internal clients should go through eth1. Without proper routing (policy routing or source-based routing), replies may go out the public interface and be dropped. Using ip route add default via 192.168.1.1 table 100 and ip rule add from 192.168.1.10 table 100 can solve this. Misconfiguration leads to asymmetric routing and connectivity issues.
Enterprise Scenario 3: Virtual Machine Host
A hypervisor with multiple VMs uses Linux bridging. Each VM has a virtual interface (vnet0, vnet1) connected to a bridge (br0). The host uses ip addr add 10.0.0.10/24 dev br0 and ip route add default via 10.0.0.1. If the bridge is not properly configured, VMs may not get IP addresses via DHCP. Common error: forgetting to assign an IP to the bridge interface, causing the host to be unreachable. Checking ip addr show br0 reveals the issue. Scaling: with hundreds of VMs, route tables can become large; using route summarization reduces entries.
N10-009 Objective 5.6: Troubleshooting Tools
The exam specifically tests your ability to interpret the output of ip addr and ip route to diagnose network problems. You will see command output in multiple-choice questions and PBQs. Key areas:
Identifying missing default route: A common scenario: a user can ping local devices but not the internet. The correct answer is to check for a default route. Wrong answer: checking DNS (DNS is for name resolution, not routing).
Subnet mask misconfiguration: If two hosts are on the same physical network but have different subnet masks (e.g., /24 vs /16), they may not communicate. The exam may show ip addr output with mismatched masks. The wrong answer is to blame the switch or cable.
Duplicate IP addresses: Two interfaces with the same IP cause intermittent connectivity. The exam may show ip addr output with two interfaces having the same IP. The wrong answer is to assume a routing loop.
Static route pointing to unreachable next-hop: The route exists but traffic fails. The exam expects you to check ip neigh for ARP failure. Wrong answer: check firewall rules first.
Common Wrong Answers
Choosing 'ping' as the first step: While ping is useful, the exam wants you to first verify IP configuration using ip addr.
Blaming DNS for routing issues: DNS resolution is separate; if you can ping an IP but not a hostname, DNS is the issue. But if you cannot ping an IP, check routing.
Assuming interface is down when IP is missing: An interface can be UP but have no IP; check ip addr not ip link alone.
Edge Cases
IPv6 link-local addresses: Routes for link-local addresses use scope link. The exam may ask why a ping to a link-local address fails if the interface is not specified (e.g., ping fe80::1%eth0).
Multiple default routes: Linux uses the one with lowest metric. If two default routes with same metric exist, it uses the last added. The exam may test metric preference.
Route with 'dev' only (no next-hop): Used for point-to-point interfaces. The exam may ask how traffic is forwarded.
How to Eliminate Wrong Answers
Always map the symptom to the OSI layer: Layer 3 issues (routing) are diagnosed with ip route. If the problem is local subnet, check ip addr and ARP. If it's cross-subnet, check routing table. If you see 'Destination Host Unreachable', check ARP. If 'Network Unreachable', check routing. This logical elimination is key.
Use `ip addr show` to verify IP address, subnet mask, and interface state.
Use `ip route show` to check for default route and static routes.
A missing default route prevents access to external networks.
Incorrect subnet mask causes hosts to misidentify local vs remote networks.
Static routes require a reachable next-hop IP; verify with ping and ARP.
The `ip neigh show` command displays ARP cache for troubleshooting Layer 2 resolution.
Linux uses longest prefix match for routing decisions; more specific routes take precedence.
These come up on the exam all the time. Here's how to tell them apart.
ip addr
Part of iproute2 suite, modern replacement
Supports multiple addresses per interface natively
Output is more readable and consistent
Can manage IPv6 addresses without additional flags
Displays additional info like broadcast address and scope
ifconfig
Legacy tool from net-tools, deprecated in many distros
Shows only one address per interface unless aliases used
Output format varies between distributions
IPv6 support requires separate command (ifconfig -a)
Does not show scope or valid lifetime
ip route
Shows routing table with more detail (metric, scope, src)
Supports multiple routing tables
Can add/delete routes with more options (e.g., table, metric)
Output is easier to parse for scripting
Part of iproute2, actively maintained
route (netstat -r)
Legacy command, output less detailed
Only shows the main routing table
Limited options for route manipulation
Output format can be ambiguous
Deprecated in many modern Linux distributions
Mistake
The `ip addr` command shows the MAC address of the interface.
Correct
`ip addr` shows the MAC address in the 'link/ether' field. The MAC is part of Layer 2, but `ip addr` displays both Layer 2 and Layer 3 information. However, the primary purpose is Layer 3 addressing.
Mistake
Adding an IP address with `ip addr add` automatically creates a default route.
Correct
It creates a connected route for the subnet, but not a default route. A default route must be added separately or obtained via DHCP.
Mistake
The `ip route` command shows only static routes.
Correct
It shows all routes: connected, static, dynamic (from routing protocols), and default. The 'proto' field indicates the source (kernel, static, dhcp, etc.).
Mistake
If an interface is UP and has an IP, it can always communicate with other hosts on the same subnet.
Correct
Communication also requires correct subnet mask, no firewall rules blocking traffic, and proper ARP resolution. A misconfigured netmask can cause the host to think the destination is on a different subnet.
Mistake
The `ip` command is only available on Linux.
Correct
While iproute2 is native to Linux, it is also available on other Unix-like systems (e.g., FreeBSD via ports). However, the exam focuses on Linux-based network devices.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
It displays all network interfaces with their MAC addresses, assigned IP addresses (IPv4 and IPv6), subnet masks, broadcast addresses, and interface state (UP/DOWN). It also shows scope (global, link, host) and lifetime for addresses obtained via DHCP. Example output includes lo (loopback) and eth0 (Ethernet). This command is the primary tool for verifying Layer 3 configuration.
Use `ip route add default via <gateway-IP> dev <interface>`. For example, `ip route add default via 192.168.1.1 dev eth0`. This adds a route to 0.0.0.0/0 via the specified gateway. To make it persistent across reboots, you must add it to the distribution's network configuration files (e.g., /etc/network/interfaces or /etc/sysconfig/network-scripts/).
Possible causes: the other host is down, the subnet mask is incorrect on one host (causing them to think they are on different subnets), a firewall is blocking ICMP, or there is an ARP issue. Check `ip neigh show` to see if the neighbor's MAC is resolved. If it shows INCOMPLETE, the ARP request failed. Also verify both hosts have the same subnet mask and are on the same VLAN.
`ip route` manages routing table entries (destination-based forwarding). `ip rule` manages policy routing rules that select which routing table to use based on criteria like source IP, TOS, or fwmark. Policy routing is more advanced and used for load balancing or multi-homed setups. For N10-009, focus on `ip route`.
Use `ip route del <prefix> [via <gateway>] [dev <interface>]`. For example, `ip route del 10.0.0.0/8` deletes the route to that network. If multiple routes exist, specify the gateway and interface to avoid ambiguity. You can also delete the default route with `ip route del default`.
It indicates the route was automatically added by the kernel when an IP address was assigned to an interface. These are connected routes for the directly attached subnet. They cannot be deleted manually with `ip route del`; you must remove the IP address instead. For example, if eth0 has 192.168.1.10/24, the kernel adds a route to 192.168.1.0/24 via dev eth0.
Yes, you can add multiple IP addresses to the same interface using `ip addr add <ip>/<prefix> dev <interface>`. Each additional address is considered a secondary address. There is no limit, but too many can cause performance issues. This is useful for hosting multiple services on different IPs or for virtual hosting.
You've just covered ip route and ip addr Commands — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?