It came to my attention and I was rather surprised to learn a while back that the Linux ifconfig command has been deprecated for quite some time by the Linux ip command set. The ip command isn’t new to me and I’ve recognised its advantages for some time but considering its ‘elevated’ status I thought I’d better get on board and use it exclusively. The future, yeah I want to be a part of it; the past, from a technical perspective, not so much. So, here’s my ‘obstensive’ overview with many a usage example.
If your system doesn’t have the ip command installed, use your package manager of choice to install the iproute2 package. Note this package also deprecates other network commands (all still available of course) such as arp, ifup, ifdown, netstat, route and others. If you’re not interested in the full command details, skip to the examples section, it’ll be worthwhile regardless. You’ll note this is one of the few blogs written in the last decade (or two) that actually makes reference to IPX; simpler times for sure.
Just as an aside, from a performance tweaking perspective, this is one useful command. It allows you to specify host TCP related settings (such as window size, initial congestion window size etc.), on a per route basis. That’s power and utility and not something I come across often outside of the application delivery world. Equally, the options around policy based routing, multiple routing tables and the like are simply amazing. Something that’s oft missed and rarely utilised. Sure, it gets complex but hey, it’ll probably save you save big money!
Basic Command Syntax
ip [options] object command [parameters]
Please note that any ARP entries, IP addresses, routes and policy routing rules (and so on) created with this command are not persistent. If you want them to be you need to create a startup script or edit the files necessary, appropriate to your platform/OS.
Also note that you made need to prefix particular (likely dangerous or significant) commands with sudo depending on your platform and access level.
The (optional) options available should be used before the object and their validity depends on the object specified (or not). Check out the support for IPX; old school. They include;
- -s – output more statistics information, use multiple times (not -ss but -s -s) for even more
- -l ‘nn’ – the number of loops the ip addr flush command will attempt, the default is 10
- -f ‘fid’ –protocol family identifier, one of bridge, dnet, inet, inet6, ipx or link, the default is derived from other command arguments if possible, if not it is inet; link indicates no protocol
- -4 – a shortcut for –f inet
- -6 – a shortcut for –f inet6
- -B – a shortcut for –f bridge
- -0 – a shortcut for –f link (to avoid confusion, that’s a zero, not an upper-case oh, zero as in no protocol)
- -o – output each record on one line, use the character instead of line feeds
- -r – resolve addresses to DNS hostnames using the system’s name resolver
Some of the available objects include these, which I’ll focus on in this article, there are many more;
- address – layer three addressing
- link – physical interface control
- moo – an Easter egg of sorts (which I discovered using the strings /bin/ip command) – works in Ubuntu 14.04 at least
- monitor –statistics display
- neigh – link layer neighbour control, mostly ARP
- route – layer three routing
- rule – policy based routing
Object names can be abbreviated considerably, down to a single letter. Where there is ambiguity, dictionary order is used to select a command. For example, if ip a show is entered, a is interpreted as ip address show; where ip r show is entered, r is interpreted as route. Quite a nice touch I think, with a maximum of 5 characters input required and only two in many cases.
I actually prefer to think of these as sub-commands (and of ip as ‘the’ command).
The available commands, which are mostly self-explanatory, include; add, change, del or delete, flush, get, list (same as show), monitor, replace, restore, save, set, show (same as list) and update.
If no command is specified show is assumed.
Again, aggressive abbreviation is supported, with the maximum required number of input characters being three and only one or two being sufficient in most cases. Dictionary order once again, mostly anyway. Command ip a s seems to be interpreted as ip address show rather than ip address set unfortunately. Perhaps there is more of this inconsistency or perhaps there’s some other order that I can’t deduce (like likelihood of use).
These depend upon and change based on the object and command specified; mostly they can’t be abbreviated. Common parameters (which are mostly obvious) include;
- dev interface_name – a network interface (the dev keyword seems to be optional in a lot of cases)
- lladdr – a (link layer) MAC address
- initcwnd – TCP initial congestion window size
- window -TCP window size
- cwnd – TCP congestion window size
- via – a gateway to route to
- default – a default route
- blackhole – a blackhole route; drop packets and don’t send any ICMP messages to the source
- prohibit – a prohibited route; drop packets and return an ICMP prohibited message to the source
- unreachable – an unreachable route; drop packets and return an ICMP unreachable message to the source
You’ll have to forgive the number of examples here but really, this doesn’t even scratch the surface of what this command set is capable of. Roughly ordered according to the OSI model.
Please note that I’ve only done rudimentary testing with these commands, mostly on a test Ubuntu server and a non-production F5. Do not consider any of these commands (other than list or show) to be non-disruptive or make assumptions about their operation, order of operation, scope and so on without doing your own testing. Equally, using these commands in relation to bridge, bonded and redundant interfaces may be extremely dangerous.
- ip link show – display the status of all network interfaces
- ip l sh – as above
- ip l l – as above
- ip l – as above
- p link show eth0 – display only the status of interface eth0
- ip link list up – display only the status of interfaces that are up
- ip link set eth1 up – bring interface eth1 up
- ip link set eth1 down – bring interface eth1 down – dangerous!
- ip neigh show – show all ARP entries
- ip n sh – as above
- ip n l – as above
- ip n – as above
- p neigh show dev eth0 –show all ARP entries learnt or statically configured on interface eth0
- ip neigh flush – flush (delete) all dynamic ARP entries – potentially dangerous!
- ip ne fl dev eth0 – flush (delete) all dynamic ARP entries learnt on interface eth0 – potentially dangerous!
- ip nei add 188.8.131.52 lladdr AA:BB:CC:DD:EE:FF dev eth0 – add a static ARP entry for the specified IP and MAC address combination, available via eth0 – potentially dangerous!
- ip n del 184.108.40.206 – delete the static or dynamic ARP entry for the specified IP address – potentially dangerous!
Note secondary addresses are not used as source addresses for outgoing packets. It would seem although you can show primary and secondary addresses, you cannot specify an address as one or the other, it simply comes down to which address(es) are added first and next etc.
- ip address show – display all IP addresses and related interfaces
- ip a sh – as above
- ip a list – as above
- ip a – as above
- ip a l permanent – display only static, permanent IP addresses
- ip a l dynamic – display only dynamically acquired IP addresses
- ip addr add 220.127.116.11/24 dev eth0 – add the specified IP address to interface eth0 (added as a secondary if the interface already has a primary address, added as the primary address if none exists)
- ip add add 18.104.22.168/24 dev eth0 – add the specified IP address as a secondary address to interface eth0
- ip addr del 22.214.171.124/24 dev eth0 – delete the specified IP address from interface eth0 (whether primary or secondary or whatever) (if you delete the primary and a secondary is configured, it will become the primary, if using a kernel at v2.6.16 or above)
- ip add flush dev eth0 – flush (delete) all IP addresses from interface eth0 – dangerous!
Standard route tables on Linux are 254 (main) which is what you’ll mostly deal with, 255 which generally shouldn’t be touched and also 253 which relates to the default route in some way. I need to do more research on 253 but assume it shouldn’t be touched.
- ip r sh – display all routes in all route tables
- ip r – as above
- ip route show table nnn – display all routes in route table 255
- ip ro sh cache – show the route cache (removed from Linux v3.6 onwards)
- ip route get 10.10.20.0/24 – display the route to this network
- ip route get 10.10.20.0/24 from 192.168.12.9 – display the route to this network from/for source 192.168.12.9
- ip route add 10.10.20.0/24 via 192.168.50.100 – create a route
- ip route delete 10.10.20.0/24 – delete a route
- ip route del 10.10.20.0/24 via 192.168.50.100 – delete a route
- ip route add default via 192.168.50.100 – create a default route
- ip route add 10.10.20.0/24 dev eth0 – create a route to this network via eth0
- ip route add table nnn 10.10.20.0/24 dev eth0 – create a route in a specific routing table
- ip route add blackhole 10.10.20.0/24 dev eth0 – create a blackhole route; drop packets to this network and don’t send any ICMP messages to the source
- ip route add unreachable 10.10.20.0/24 dev eth0 – create an unreachable route; drop packets to this network and send an ICMP unreachable messages to the source
I hope to add a few more objects, commands and examples as time allows. Comments, corrections and suggestions are always welcome, for the benefit of all.
This was useful, especially if you want to know what to do to make things permanent.
You’ll find a pretty comprehensive iproute2 cheatsheet here.
iproute2 was originally written by Alex Kuznetsov and now maintained by Stephen Hemminger.