Linux Certifications are important to grow the career in the Linux world. Get a RedHat Linux certification will help to boost your career in IT engineers.
The ip command can display or manipulate routes, network devices, and set routing policies and channels.
The scope of this command: RedHat, RHEL, Ubuntu, CentOS, SUSE, openSUSE, Fedora.
Ip [options] OBJECT COMMAND [help]
The OBJECT object can be: link, network device; addr, protocol address of the device; route, routing table; rule, policy; neigh, arp cache; tunnel, ip channel; maddr, multicast address; mroute, multicast routing
COMMAND is an operation command, and different objects have different command configurations.
Commands supported by the link object: set, show.
The commands supported by the addr object: add, del, flush, show.
Commands supported by the route object: list, flush, get, add, del, change, append, replace, monitor.
Commands supported by the rule object: list, add, del, flush.
The commands supported by the neigh object: add, del, change, replace, show, flush.
Commands supported by the tunnel object: add, change, del, show.
Commands supported by maddr: add, del.
Mroute supported commands: show
2, the list of options
3, ip link---network device configuration
A link is a type of network device with corresponding commands that display and change the state of the device.
1) ip link set, change device properties
devNAME(default), NAME specifies the network device to operate on. When configuring an SR-IOV Virtual Function (VF) device, this keyword should specify the associated physical function (PF) device.
Up, down, change the state of the device, turn it on or off.
Arp on, arp off, change the NOARP flag of the device.
Multicast on, multicast off, change the device's MULTICAST flag.
Dynamic on, dynamic off, change the DYNAMIC flag of the device.
nameNAME, change the name of the device, if the device is running or has a configured address, the operation is invalid.
TxqueuelenNUMBER, txqlenNUMBER, changes the length of the device send queue.
mtuNUMBER, change the device MTU.
addressLLADDRESS, change the site address of the interface
broadcastLLADDRESS, brdLLADDRESS, peerLLADDRESS, when the interface is POINTOPOINT, change the link layer broadcast address or peer address.
netnsPID, moves the device to the network namespace associated with the process PID
aliasNAME, give the device a symbolic name for easy reference
vfNUM, specifies the virtual function device to configure. The associated pf device must be specified with the dev parameter.
Warning: If you request to change more than one parameter, the IP is aborted as soon as any changes fail. This is the only case where IP can move the system to an unpredictable state. The solution is to avoid using an ip link set call to change multiple parameters.
2) ip link show, display device properties
devNAME(default), NAME specifies the network device to display. If this parameter is omitted, all devices are listed.
Up, only shows the running device.
4, ip address---protocol address management
This address is the protocol (IP or IPv6) address attached to the network device. Each device must have at least one address to use the appropriate protocol. Several different addresses can be attached to a single device. These addresses are not discriminated against, so the term alias is not suitable for them, and we have not used it in this document. The ip addr command displays the address and its attributes, adds a new address, and deletes the old address.
1) ip address add, add a new protocol address
devNAME, the name of the device to which you want to add an address.
localADDRESS(default), the address of the interface. The format of the address depends on the protocol. It is a dotted quadrilateral for IP and a series of hexadecimal halfwords separated by a colon for IPv6. The address can be followed by a slash and a decimal number, which encode the network prefix length.
peerADDRESS, the address of the remote endpoint of the peer-to-peer interface. Similarly, the address can be followed by a slash and a decimal number, encoding the network prefix length. If a peer address is specified, the local address cannot have a prefix length. The network prefix is associated with the peer, not with the local address.
broadcastADDRESS, the broadcast address of the interface. The special symbol "and" - " can be used instead of the broadcast address. In this case, the broadcast address is derived by setting/resetting the host bit of the interface prefix.
labelNAME, each address can be marked with a tag string. In order to maintain compatibility with Linux 2.0 network aliases, this string must coincide with the device name or must be prefixed with a device name followed by a colon.
scopeSCOPE_VALUE, the range of areas where the address is valid. The available scopes are listed in the file "/etc/iproute2/rt_scopes". The predefined range values are:
I) global, the address is globally valid.
II) site, (IPv6 only) The address is a site-local address, ie the address is valid within this site.
III) link, the address is a local link, ie it is only valid on this device.
IV) host, this address is valid only in this host.
2) ip address delete, delete the protocol address
Arguments: Consistent with the parameters of "ip addr add". The device name is a required parameter. The rest are optional. If no parameter is supplied, the first address is deleted.
3) ip address show, showing the protocol address
DevNAME(default), device name
scopeSCOPE_VAL, only addresses with this scope are listed.
toPREFIX, only lists addresses that match PREFIX.
labelPATTERN, which only lists the addresses of the tags that match the pattern.
Dynamic, permanent, IPv6 only) Lists only addresses that were installed due to stateless address configuration, or only permanent (non-dynamic) addresses.
Tentative, (IPv6 only) lists only addresses that have not passed duplicate address detection.
Deprecated, (IPv6 only) lists only obsolete addresses
Primary, secondary, only lists the primary (or secondary) address.
4) ip address flush, refresh protocol address
This command refreshes the protocol address selected by certain conditions. This command has the same parameters as Show. The difference is that it does not run when no arguments are given. Warning: This command (and other refresh commands described below) is very dangerous. If you make a mistake, it won't forgive it, but will cruelly clear all addresses.
With the -statistics option, the command becomes detailed. It prints out the number of deleted addresses and the number of rounds taken to refresh the address list. If this option is provided twice, "ip addr flush" will also dump all deleted addresses in the format described in the previous section.
5, ip addrlabel---protocol address label management
The IPv6 address tag is used for address selection as described in RFC 3484. Priority is managed by user space, and only tags are stored in the kernel.
1) ip addrlabel add, add address label
prefixPREFIX, devDEV, output interface.
LabelNUMBER, prefix tag, 0xffffffff reserved.
2) ip addrlabel del, delete the address label
This command deletes an address tag entry in the kernel. Parameters: Same as the parameter "ip addrlabel add", but no tags are required.
3) ip addrlabel list, listing address labels
Display the contents of the address label.
4) ip addrlabel flush, refresh the address label
Refresh the contents of the address tag without saving the default settings.
6, ip neighbour---neighbor/ARP table management
The neighbor object establishes a binding between the protocol address and the link layer address for the hosts sharing the same link. Adjacent entries are organized into tables. Another name for the IPv4 neighbor table is the ARP table. The corresponding command displays the neighbor binding and its attributes, adds a new neighbor entry, and deletes the old entry.
1) ip neighbour add, add neighbor table
2) ip neighbour change, change the existing neighbor table
3) ip neighborhood replace, add a table or modify an existing table
These commands create new neighbor records or update existing records. The above three commands are used as follows:
toADDRESS(default), the protocol address of the neighbor. It is either IPv4 or an IPv6 address.
devNAME, the interface that connects to the neighbor.
lladdrLLADDRESS, the link-layer address of the neighbor, which can be null.
nudNUD_STATE, the state of the neighbor, can be the following value:
I) permanent, the neighbor item is always valid and can only be deleted by the internal administrator.
II) noarp, the neighbor item is valid. This entry will not be attempted to be validated, but it can be deleted when its lifetime expires.
III) reachable, the neighbor entry is valid until the reachable timeout expires.
IV) stale, the entry of the neighbor is valid, but it is suspicious. This option does not change the neighbor status if the neighbor status is valid and the command does not change the address.
4) ip neighbour delete, delete the neighbor table
This command invalidates the neighbor item. These parameters are the same as "ip neigh add" except that lladdr and nud are ignored. Warning: Attempting to delete or manually change the noarp entry created by the kernel may result in unpredictable behavior. In particular, even on the NOARP interface, if the address is multicast or broadcast, the kernel can attempt to resolve this address.
5) ip neighbor show, display neighbor table
toADDRESS(default), select the prefix of the neighbor to be listed
devNAME, only lists the neighbors connected to this device
Unused, only lists neighbors that are not currently in use
nudNUD_STATE, which only lists the neighbors in this state. NUD_STATE accepts the values listed below or the special value all, which means all states. This option may occur more than once. Without this option, the IP lists all entries except None and noarp.
6) ip neighbor flush, refresh the neighbor table
This command refreshes the neighbor table and selects the entry to refresh based on certain criteria. This command has the same parameters as show. The difference is that when no argument is given, it will not run, and the default neighbor state to be refreshed does not include permanent and noarp.
7, ip route - routing table management
Manipulate routing entries in the kernel routing table to store path information for other network nodes. The route type can be:
I) unicast, the route entry describes the actual path to the destination covered by the route prefix.
II) Unreachable, these destinations are unreachable. Drop the packet and generate an inaccessible ICMP message host. The local sender got an EHOSTUNEACH error.
III) blackhole, these destinations are unreachable. The packet is silently discarded. Local sender gets an EINVAL error
IV) prohibit, these destinations are unreachable. The packet is dropped and an ICMP message communication is generated, which is administratively prohibited. The local sender got an EACCES error.
V) local, the destination is assigned to this host. The packet is looped back and transmitted locally.
VI) broadcast, the destination is the broadcast address. The packet is sent as a link broadcast.
VII) throw, a special control path used with policy rules. If such a route is selected, the lookup in this table will be terminated, pretending that no route is found. If there is no policy route, there is no route in the routing table. Drop packets and generate an unreachable ICMP message network. The local sender gets an ENETUNEACH error.
VIII) Nat, a special NAT route. The destination covered by the prefix is considered to be a virtual address (or external address) and needs to be converted to a real address (or internal address) before forwarding. Select the address you want to convert to with an attribute warning: Routing NAT is no longer supported in Linux 2.6.
IX) via, anycast, unrealized target is any broadcast address assigned to this host. They are mainly equivalent to local addresses, but with one difference: when these addresses are used as the source address for any packet, these addresses are invalid.