1. Setting Up Networking
  2. Configuring the System's Network

1 Configuring the System's Network

WARNING:

Oracle Linux 7 is now in Extended Support. See Oracle Linux Extended Support and Oracle Open Source Support Policies for more information.

Migrate applications and data to Oracle Linux 8 or Oracle Linux 9 as soon as possible.

This chapter describes how to configure a system's network interfaces and network routing.

About Network Interface Names

Each physical and virtual network device on an Oracle Linux system has an associated configuration file named ifcfg-interface in the /etc/sysconfig/network-scripts directory, where interface is the name of the interface. For example: 

cd /etc/sysconfig/network-scripts
ls ifcfg-*
ifcfg-em1  ifcfg-em2  ifcfg-lo

In this example, there are two configuration files for motherboard-based Ethernet interfaces, ifcfg-em1 and ifcfg-em2, and one for the loopback interface, ifcfg-lo. The system reads the configuration files at boot time to configure the network interfaces.

On your system, you might see other names for network interfaces. See About Network Interface Names.

The following are sample entries from an ifcfg-em1 file for a network interface that obtains its IP address using the Dynamic Host Configuration Protocol (DHCP): 

DEVICE="em1"
NM_CONTROLLED="yes"
ONBOOT=yes
USERCTL=no
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System em1"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
HWADDR=08:00:27:16:C3:33
PEERDNS=yes
PEERROUTES=yes

If the interface is configured with a static IP address, the file contains entries such as the following: 

DEVICE="em1"
NM_CONTROLLED="yes"
ONBOOT=yes
USERCTL=no
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System em1"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
HWADDR=08:00:27:16:C3:33
IPADDR=192.168.1.101
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
PEERDNS=yes
PEERROUTES=yes

The following configuration parameters are typically used in interface configuration files:

BOOTPROTO

How the interface obtains its IP address:

bootp

Bootstrap Protocol (BOOTP).

dhcp

Dynamic Host Configuration Protocol (DHCP).

none

Statically configured IP address.

BROADCAST

IPv4 broadcast address.

DEFROUTE

Whether this interface is the default route.

DEVICE

Name of the physical network interface device (or a PPP logical device).

GATEWAY N

IPv4 gateway address for the interface. As an interface can be associated with several combinations of IP address, network mask prefix length, and gateway address, these are numbered starting from 0.

HWADDR

Media access control (MAC) address of an Ethernet device.

IPADDR N

IPv4 address of the interface.

IPV4_FAILURE_FATAL

Whether the device is disabled if IPv4 configuration fails.

IPV6_DEFAULTGW

IPv6 gateway address for the interface. For example: IPV6_DEFAULTGW=2001:0daa::2%em1.

IPV6_FAILURE_FATAL

Whether the device is disabled if IPv6 configuration fails.

IPV6ADDR

IPv6 address of the interface in CIDR notation, including the network mask prefix length. For example: IPV6ADDR="2001:0db8:1e11:115b::1/32"

IPV6INIT

Whether to enable IPv6 for the interface.

MASTER

Specifies the name of the primary bonded interface, of which this interface is backup.

NAME

Name of the interface as displayed in the Network Connections GUI.

NETWORK

IPV4 address of the network.

NM_CONTROLLED

Whether the network interface device is controlled by the network management daemon, NetworkManager.

ONBOOT

Whether the interface is activated at boot time.

PEERDNS

Whether the /etc/resolv.conf file used for DNS resolution contains information obtained from the DHCP server.

PEERROUTES

Whether the information for the routing table entry that defines the default gateway for the interface is obtained from the DHCP server.

PREFIX N

Length of the IPv4 network mask prefix for the interface.

SLAVE

Specifies that this interface is a backup of a bonded interface.

TYPE

Interface type.

USERCTL

Whether users other than root can control the state of this interface.

UUID

Universally unique identifier for the network interface device.

About Network Interface Names

Network interface names are based on information derived from the system BIOS or alternatively from a device's firmware, system path, or MAC address. This feature ensures that interface names persist across system reboots, hardware reconfiguration, and updates to device drivers and the kernel.

If you enable the biosdevname boot option (biosdevname=1), the biosdevname plugin to the udev device manager assigns names to network interfaces as follows:

  • Ethernet interfaces on the motherboard are named em N, where N is the number of the interface starting from 1.

  • Network interfaces on a PCI card are named p S p P, where S is the slot number and P is the port number.

  • Virtual interfaces are named p S p P _ V, where S is the slot number, P is the port number, and V is the virtual interface number.

If biosdevname is set to 0 (the default), systemd naming assigns the prefixes, en, wl, and ww to Ethernet, wireless LAN, and wireless WAN interfaces respectively. The prefix is followed by a suffix based on the hardware configuration, system bus configuration, or MAC address of the device:

o N

Onboard device with index number N.

pBsS[fF][dD]

PCI device with bus number B, slot number S, function number F, and device ID D.

pBsS[fF][uP]...[cC][iI]

USB device with bus number B, slot number S, function number F, port number P, configuration number C, and interface number I.

sS[fF][dD]

Hot-plug device with slot number S, function number F, and device ID D.

x M

Device with MAC address M.

For example, an Ethernet port on the motherboard might be named eno1 or em1, depending on whether the value of biosdevname is 0 or 1.

The kernel assigns a legacy, unpredictable network interface name (eth N and wlan N) only if it cannot discover any information about the device that would allow it to disambiguate the device from other such devices. You can use the net.ifnames=0 boot parameter to reinstate the legacy naming scheme.

Caution:

Using the net.ifnames or biosdevname boot parameters to change the naming scheme can rendering existing firewall rules invalid. Changing the naming scheme can also affect other software that refers to network interface names.

About Network Configuration Files

The following sections describe additional network configuration files that you might need to configure on a system.

About the /etc/hosts File

The /etc/hosts file associates host names with IP addresses. It allows the system to look up (resolve) the IP address of a host given its name, or the name given the IP address. Most networks use DNS (Domain Name Service) to perform address or name resolution. Even if your network uses DNS, it is usual to include lines in this file that specify the IPv4 and IPv6 addresses of the loopback device, for example: 

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

The first and second column contains the IP address and host name. Additional columns contain aliases for the host name.

For more information, see the hosts(5) manual page.

About the /etc/nsswitch.conf File

The /etc/nsswitch.conf file configures how the system uses various databases and name resolution mechanisms. The first field of entries in this file identifies the name of the database. The second field defines a list of resolution mechanisms in the order in which the system attempts to resolve queries on the database.

The following example hosts definition from /etc/nsswitch.conf indicates that the system first attempts to resolve host names and IP addresses by querying files (that is, /etc/hosts) and, if that fails, next by querying a DNS server, and last of all, by querying NIS+ (NIS version 3) : 

hosts:      files dns nisplus

For more information, see the nsswitch.conf(5) manual page.

About the /etc/resolv.conf File

The /etc/resolv.conf file defines how the system uses DNS to resolve host names and IP addresses. This file usually contains a line specifying the search domains and up to three lines that specify the IP addresses of DNS server. The following entries from /etc/resolv.conf configure two search domains and three DNS servers: 

search us.mydomain.com mydomain.com
nameserver 192.168.154.3
nameserver 192.168.154.4
nameserver 10.216.106.3

If your system obtains its IP address from a DHCP server, it is usual for the system to configure the contents of this file with information also obtained using DHCP.

For more information, see the resolv.conf(5) manual page.

About the /etc/sysconfig/network File

The /etc/sysconfig/network file specifies additional information that is valid to all network interfaces on the system. The following entries from /etc/sysconfig/network define that IPv4 networking is enabled, IPv6 networking is not enabled, the host name of the system, and the IP address of the default network gateway: 

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=host20.mydomain.com
GATEWAY=192.168.1.1

Note:

In previous releases of Oracle Linux, the host name of the system was defined in /etc/sysconfig/network. The host name is now defined in /etc/hostname and can be changed by using the hostnamectl command. The host name must be a fully qualified domain name (FQDN), for example, host20.mydomain.com, instead of a simple short name.

Additionally, system-wide default localization settings such as the default language, keyboard, and console font were defined in /etc/sysconfig/i18n. These settings are now defined in /etc/locale.conf and /etc/vconsole.conf.

For more information, see the hostname(5), hostnamectl(1), locale.conf(5), and vconsole.conf(5) manual pages.

Command-Line Network Configuration Interfaces

If the NetworkManager service is running, you can use the nmcli command to display the state of the system's physical network interfaces, for example: 

sudo nmcli device status
DEVICE  TYPE      STATE       
em1     ethernet  connected   
em2     ethernet  connected   
lo      loopback  unmanaged

You can use the ip command to display the status of an interface, for debugging, or for system tuning. For example, to display the status of all active interfaces: 

sudo ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:16:c3:33 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global em1
    inet6 fe80::a00:27ff:fe16:c333/64 scope link 
       valid_lft forever preferred_lft forever

For each network interface, the output shows the current IP address, and the status of the interface. To display the status of a single interface such as em1, specify its name as shown here: 

sudo ip addr show dev em1
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:16:c3:33 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global em1
    inet6 fe80::a00:27ff:fe16:c333/64 scope link 
       valid_lft forever preferred_lft forever

You can also use ip to set properties and activate a network interface. The following example sets the IP address of the em2 interface and activates it: 

sudo ip addr add 10.1.1.1/24 dev em2
sudo ip link set em2 up

Note:

You might be used to using the ifconfig command to perform these operations. However, ifconfig is considered obsolete and will eventually be replaced altogether by the ip command.

Any settings that you configure for network interfaces using ip do not persist across system reboots. To make the changes permanent, set the properties in the /etc/sysconfig/network-scripts/ifcfg-interface file.

Any changes that you make to an interface file in /etc/sysconfig/network-scripts do not take effect until you restart the network service or bring the interface down and back up again. For example, to restart the network service: 

sudo systemctl restart network

To restart an individual interface, you can use the ifup or ifdown commands, which invoke the script in /etc/sysconfig/network-scripts that corresponds to the interface type, for example: 

sudo ifdown em1
sudo ifup em1
Connection successfully activated 
(D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

Alternatively, you can use the ip command to stop and start network activity on an interface without completely tearing down and rebuilding its configuration: 

sudo ip link set em1 down
sudo ip link set em1 up

The ethtool utility is useful for diagnosing potentially mismatched settings that affect performance, and allows you to query and set the low-level properties of a network device. Any changes that you make using ethtool do not persist across a reboot. To make the changes permanent, modify the settings in the device's ifcfg-interface file in /etc/sysconfig/network-scripts.

For more information, see the ethtool(8), ifup(8), ip(8), and nmcli(1) manual pages.

Configuring Network Interfaces Using Graphical Interfaces

Note:

The NetworkManager service and the nmcli command are included in the NetworkManager package. The Network Connections editor is included in the nm-connection-editor package.

The NetworkManager service dynamically detects and configures network connections. You can click on the network icon in the GNOME notification area to obtain information about the status of the network interfaces and to manage network connections:

  • To enable or disable a network interface from the pull-down menu, use the On/Off toggle.

  • To display the Settings window, select Network Settings from the drop-down menu.

Figure 1-2 shows the Network Settings editor.

Figure 1-1 Network Settings Editor


The figure shows the Network Settings editor.

To edit an existing interface, select it from the list and click the gear icon. You can add a profile to any interface to provide alternate configurations that you can use at any point in time. You can equally use this window to configure a network proxy or add an enable a Virtual Private Network (VPN) connection.

To perform more complex configuration and to add additional connection types, use the Network Connections editor. This tool allows you to configure wired, wireless, mobile broadband, VPN, Digital Subscriber Link (DSL), and virtual (bond, bridge, team, and VLAN) interfaces. You can open this window by using the nm-connection-editor command. Figure 1-2 shows the Network Connections editor.

Figure 1-2 Network Connections Editor


The figure shows the Network Connections editor.

To create a new network interface, click the + icon, select the type of interface (hardware, virtual, or VPN) and click Create. To edit an existing interface, select it from the list and click the gear icon. To remove a selected interface, click the - icon.

You can also use the nmcli command to manage network connections through NetworkManager. For more information, see the nmcli(1) manual page.

About Network Interface Bonding

Network interface bonding combines multiple network connections into a single logical interface. A bonded network interface can increase data throughput by load balancing or can provide redundancy by allowing failover from one component device to another. By default, a bonded interface appears like a normal network device to the kernel, but it sends out network packets over the available secondary devices by using a simple round-robin scheduler. You can configure bonding module parameters in the bonded interface's configuration file to alter the behavior of load-balancing and device failover.

Basic load-balancing modes (balance-rr and balance-xor) work with any switch that supports EtherChannel or trunking. Advanced load-balancing modes (balance-tlb and balance-alb) do not impose requirements on the switching hardware, but do require that the device driver for each component interfaces implement certain specific features such as support for ethtool or the ability to modify the hardware address while the device is active. For more information see /usr/share/doc/iputils-*/README.bonding.

Configuring Network Interface Bonding

The bonding driver that is provided with the Oracle Linux kernel allows you to aggregate multiple network interfaces, such as em1 and em2, into a single logical interface such as bond0. You can use the Network Settings editor to create the bond and then add network interfaces to this bond. Alternatively, you can use the nmcli command to create and configure the bond.

To create and configure a bonded interface from the command line:

  1. Create the bond: 

    sudo nmcli con add type bond con-name bond0 ifname bond0 mode balance-rr

    This example sets the name of the bond to bond0 and its mode to balance-rr. For more information about the available options for load balancing or ARP link monitoring, see /usr/share/doc/iputils-*/README.bonding and the nmcli(1) manual page.

  2. Add each interface to the bond: 

    sudo nmcli con add type bond-slave ifname em1 master bond0
sudo nmcli con add type bond-slave ifname em2 master bond0

    These commands add the em1 and em2 interfaces to bond0.

  3. Restart the NetworkManager service: 

    sudo systemctl restart NetworkManager

    After restarting the service, the bonded interface is available for use.

About Network Interface Teaming

Note:

Network interface teaming requires Unbreakable Enterprise Kernel Release 3 (UEK R3) Quarterly Update 7 or later.

Network interface teaming is similar to network interface bonding and provides a way of implementing link aggregation that is relatively maintenance-free, as well as being simpler to modify, expand, and debug as compared with bonding.

A lightweight kernel driver implements teaming and the teamd daemon implements load-balancing and failover schemes termed runners. The following standard runners are defined:

activebackup

Monitors the link for changes and selects the active port that is used to send packets.

broadcast

Sends packets on all member ports.

lacp

Provides load balancing by implementing the Link Aggregation Control Protocol 802.3ad on the member ports.

loadbalance

In passive mode, uses the BPF hash function to select the port that is used to send packets.

In active mode, uses a balancing algorithm to distribute outgoing packets over the available ports.

random

Selects a port at random to send each outgoing packet.

Note:

UEK R3 does not currently support this runner mode.

roundrobin

Transmits packets over the available ports in a round-robin fashion.

For specialized applications, you can create customized runners that teamd can interpret. The teamdctl command allows you to control the operation of teamd.

For more information, see the teamd.conf(5) manual page.

Configuring Network Interface Teaming

You can configure a teamed interface by creating JSON-format definitions that specify the properties of the team and each of its component interfaces. The teamd daemon then interprets these definitions. You can use the JSON-format definitions to create a team interface by starting the teamd daemon manually, by editing interface definition files in /etc/sysconfig/network-scripts, by using the nmcli command, or by using the Network Configuration editor (nm-connection-editor). This section describes the first of these methods.

To create a teamed interface by starting teamd manually:

  1. Create a JSON-format definition file for the team and its component ports. For sample configurations, see the files under /usr/share/doc/teamd-*/example_configs/.

    The following example, which is based on the contents of the file activebackup_ethtool_1.conf, defines an active-backup configuration where em4 is configured as the primary port and em3 as the backup port and these ports are monitored by ethtool. 

    {
        "device":       "team0",
        "runner":       {"name": "activebackup"},
        "link_watch":   {"name": "ethtool"},
        "ports":        {
                "em3": {
                        "prio": -10,
                        "sticky": true
                },
                "em4": {
                        "prio": 100
                }
        }
}

  2. Use the ip command to bring down the component ports: 

    sudo ip link set em3 down
sudo ip link set em4 down

    Active interfaces cannot be added to a team.

  3. Start an instance of the teamd daemon and have it create the teamed interface by reading the configuration file (in this example, /root/team_config/team0.conf): 

    sudo teamd -g -f /root/team_config/team0.conf -d
    Using team device "team0".
Using PID file "/var/run/teamd/team0.pid"
Using config file "/root/team_config/team0.conf"

    The -g option displays debugging messages and can be omitted.

  4. Use the ip command to set the IP address and network mask prefix length of the teamed interface: 

    sudo ip addr add 10.0.0.5/24 dev team0

For more information, see the teamd(8) manual page.

Adding Ports to and Removing Ports from a Team

To add a port to a team, use the teamdctl command, for example: 

sudo teamdctl team0 port add em5

To remove a port from a team: 

sudo teamdctl team0 port remove em5

For more information, see the teamdctl(8) manual page.

Changing the Configuration of a Port in a Team

You can use the teamdctl command to update the configuration of a constituent port of a team, for example: 

sudo teamdctl team0 port config update em3 '{"prio": -10, "sticky": false}'

Enclose the JSON-format definition in single quotes and do not split it over multiple lines.

For more information, see the teamdctl(8) manual page.

Removing a Team

To remove a team, use the following command to kill the teamd daemon: 

# teamd -t team0 -k

For more information, see the teamd(8) manual page.

Displaying Information About Teams

To display the network state of the teamed interface, use the ip command: 

sudo ip addr show dev team0
7: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 08:00:27:15:7a:f1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.5/24 scope global team0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe15:7af1/64 scope link 
       valid_lft forever preferred_lft forever

You can use the teamnl command to display information about the component ports of the team: 

sudo teamnl team0 ports
 5: em4: up 1000Mbit FD 
 4: em3: up 1000Mbit FD

To display the current state of the team, use the teamdctl command, for example: 

sudo teamdctl team0 state
setup:
  runner: activebackup
ports:
  em3
    link watches:
      link summary: down
      instance[link_watch_0]:
        name: ethtool
        link: down
  em4
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
runner:
  active port: em4

You can also use teamdctl to display the JSON configuration of the team and each of its constituent ports: 

sudo teamdctl team0 config dump
{
    "device": "team0",
    "link_watch": {
        "name": "ethtool"
    },
    "mcast_rejoin": {
        "count": 1
    },
    "notify_peers": {
        "count": 1
    },
    "ports": {
        "em3": {
            "prio": -10,
            "sticky": true
        },
        "em4": {
            "prio": 100
        }
    },
    "runner": {
        "name": "activebackup"
    }
}

For more information, see the teamdctl(8) and teamnl(8) manual pages.

Configuring VLANs with Untagged Data Frames

A virtual local area network (VLAN) consists of a group of machines that can communicate as if they were attached to the same physical network. A VLAN allows you to group systems regardless of their actual physical location on a LAN. In a VLAN that uses untagged data frames, you create the broadcast domain by assigning the ports of network switches to the same permanent VLAN ID or PVID (other than 1, which is the default VLAN). All ports that you assign with this PVID are in a single broadcast domain. Broadcasts between devices in the same VLAN are not visible to other ports with a different VLAN, even if they exist on the same switch.

You can use the Network Settings editor or the nmcli command to create a VLAN device for an Ethernet interface.

To create a VLAN device from the command line, enter: 

sudo nmcli con add type vlan con-name bond0-pvid10 ifname bond0-pvid10 dev bond0 id 10

This example sets up the VLAN device bond0-pvid10 with a PVID of 10 for the bonded interface bond0. In addition to the regular interface, bond0, which uses the physical LAN, you now have a VLAN device, bond0-pvid10, which can use untagged frames to access the virtual LAN.

Note:

You do not need to create virtual interfaces for the component interfaces of a bonded interface. However, you must set the PVID on each switch port to which they connect.

You can also use the command to set up a VLAN device for a non-bonded interface, for example: 

sudo nmcli con add type vlan con-name em1-pvid5 ifname em1-pvid5 dev em1 id 5

To obtain information about the configured VLAN interfaces, view the files in the /proc/net/vlan directory.

Using the ip Command to Create VLAN Devices

The ip command provides an alternate method of creating VLAN devices. However, such devices do not persist across system reboots.

To create a VLAN interface em1.5 for em1 with a PVID of 5: 

sudo ip link add link em1 name em1.5 type vlan id 5

For more information, see the ip(8) manual page.

Configuring Network Routing

A system uses its routing table to determine which network interface to use when sending packets to remote systems. If a system has only a single interface, it is sufficient to configure the IP address of a gateway system on the local network that routes packets to other networks.

To create a default route for IPv4 network packets, include an entry for GATEWAY in the /etc/sysconfig/network file. For example, the following entry configures the IP address of the gateway system: 

GATEWAY=192.0.2.1

If your system has more than one network interface, you can specify which interface should be used: 

GATEWAY=192.0.2.1
GATEWAYDEV=em1

A single statement is usually sufficient to define the gateway for IPv6 packets, for example: 

IPV6_DEFAULTGW="2001:db8:1e10:115b::2%em1"

Any changes that you make to /etc/sysconfig/network do not take effect until you restart the network service: 

sudo systemctl restart network

To display the routing table, use the ip route show command, for example: 

sudo ip route show
10.0.2.0/24 dev em1  proto kernel  scope link  src 10.0.2.15 
default via 10.0.2.2 dev em1  proto static

This example shows that packets destined for the local network (10.0.2.0/24) do not use the gateway. The default entry means that any packets destined for addresses outside the local network are routed via the gateway 10.0.2.2.

Note:

You might be used to using the route command to configure routing. However, route is considered obsolete and will eventually be replaced altogether by the ip command.

You can also use the netstat -rn command to display this information: 

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 em1
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 em1

To add or delete a route from the table, use the ip route add or ip route del commands. For example, to replace the entry for the static default route: 

sudo ip route del default
sudo ip route show
10.0.2.0/24 dev em1  proto kernel  scope link  src 10.0.2.15
sudo ip ro add default via 10.0.2.1 dev em1 proto static
sudo ip route show
10.0.2.0/24 dev em1  proto kernel  scope link  src 10.0.2.15  
default via 10.0.2.1 dev em1  proto static

To add a route to the network 10.0.3.0/24 via 10.0.3.1 over interface em2, and then delete that route: 

sudo ip route add 10.0.4.0/24 via 10.0.2.1 dev em2
sudo ip route show
10.0.2.0/24 dev em1  proto kernel  scope link  src 10.0.2.15 
10.0.3.0/24 via 10.0.3.1 dev em2
default via 10.0.2.2 dev em1  proto static
sudo ip route del 10.0.3.0/24
sudo ip route show
10.0.2.0/24 dev em1  proto kernel  scope link  src 10.0.2.15 
default via 10.0.2.2 dev em1  proto static

The ip route get command is a useful feature that allows you to query the route on which the system will send packets to reach a specified IP address, for example: 

sudo ip route get 23.6.118.140
23.6.118.140 via 10.0.2.2 dev em1  src 10.0.2.15 
    cache  mtu 1500 advmss 1460 hoplimit 64

In this example, packets to 23.6.118.140 are sent out of the em1 interface via the gateway 10.0.2.2.

Any changes that you make to the routing table using ip route do not persist across system reboots. To permanently configure static routes, you can configure them by creating a route-interface file in/etc/sysconfig/network-scripts for the interface. For example, you would configure a static route for the em1 interface in a file named route-em1. An entry in these files can take the same format as the arguments to the ip route add command.

For example, to define a default gateway entry for em1, create an entry such as the following in route-em1: 

default via 10.0.2.1 dev em1

The following entry in route-em2 would define a route to 10.0.3.0/24 via 10.0.3.1 over em2: 

10.0.3.0/24 via 10.0.3.1 dev em2

Any changes that you make to a route-interface file do not take effect until you restart either the network service or the interface.

For more information, see the ip(8) and netstat(8) manual pages.