How to check gateway reachability in Linux

The default gateway is the first hop for traffic leaving the local subnet, so reachability problems there can make most external services appear down even when the host has a valid IP configuration.

Linux selects the gateway using routing and policy rules, then resolves the gateway IP to a MAC address using ARP (or NDP for IPv6). A short ping test confirms Layer 3 reachability and latency, while the neighbor cache in ip neigh confirms whether link-layer resolution to the gateway is working.

Some gateways rate-limit or filter ICMP echo requests, and VPN clients can change the effective first hop, so results are most reliable when a route lookup, ping, and neighbor state are checked together. Keep probes short on constrained links and treat persistent FAILED neighbor state as a stronger signal than a single missed ping reply.

Steps to check gateway reachability with ip and ping in Linux:

Identify the gateway address from the default route.
```
$ ip route show default
default via 192.0.2.1 dev eth0 proto dhcp src 192.0.2.40 metric 100 
```
Related: How to check the default route in Linux
Confirm the gateway is selected for an off-subnet destination.
```
$ ip route get 203.0.113.50
203.0.113.50 via 192.0.2.1 dev eth0 src 192.0.2.40 uid 0 
    cache 
```
The via address is the first hop and dev is the interface used to reach it.

Ping the gateway to measure reachability and packet loss.

$ ping -c 4 192.0.2.1
PING 192.0.2.1 (192.0.2.1) 56(84) bytes of data.
64 bytes from 192.0.2.1: icmp_seq=1 ttl=128 time=0.218 ms
64 bytes from 192.0.2.1: icmp_seq=2 ttl=128 time=0.280 ms
64 bytes from 192.0.2.1: icmp_seq=3 ttl=128 time=0.636 ms
64 bytes from 192.0.2.1: icmp_seq=4 ttl=128 time=1.31 ms

--- 192.0.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3090ms
rtt min/avg/max/mdev = 0.218/0.610/1.307/0.432 ms

Use -c to keep the test bounded and add -n to skip name resolution during troubleshooting.

Check the neighbor table for a resolved MAC entry and state.
```
$ ip neigh show 192.0.2.1
192.0.2.1 dev eth0 lladdr 02:00:00:00:00:01 REACHABLE 
```
REACHABLE, STALE, or DELAY indicates successful Layer 2 resolution, while INCOMPLETE or FAILED indicates unresolved gateway MAC and a likely link, VLAN, or switch-port issue.

Inspect interface counters for errors or drops on the gateway interface.

$ ip -s link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:00:00:00:10 brd ff:ff:ff:ff:ff:ff
    RX:  bytes packets errors dropped  missed   mcast           
      40419857  115529      0       0       0       0 
    TX:  bytes packets errors dropped carrier collsns           
        641101    9829      0       0       0       0

Rising errors, dropped, or carrier counts often point to cabling, Wi-Fi quality, or switch-port problems affecting gateway reachability.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.