Use
Show/manipulate routing, devices, policy Routing and tunnels
Usage General format
ip [ OPTIONS ] OBJECT { COMMAND | help }OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }
Link format (NIC)
ip link set DEVICE { up | down | arp { on | off } | promisc { on | off } | allmulticast { on | off } | dynamic { on | off } | multicast { on | off } | txqueuelen PACKETS | name NEWNAME | address LLADDR | broadcast LLADDR | mtu MTU | netns PID | alias NAME | vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] | }ip link show [ DEVICE ]
Addr Format (IP address)
ip addr { add | del } IFADDR dev STRINGip addr { show | flush } [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ]SCOPE-ID := [ host | link | global | NUMBER ]FLAG-LIST := [ FLAG-LIST ] FLAGFLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ]
Addrlabel format
ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label NUMBER ]ip addrlabel { list | flush }
Route format
IP route {list | flush} selectorip route get ADDRESS [from ADDRESS iif STRING] [oif string] [tos tos]IP Route {A DD | del | Change | Append | Replace | Monitor} Routeselector: = [root PREFIX] [match PREFIX] [exact PREFIX] [table table_id] [proto Rtproto] [type T YPE] [scope scope]route: = Node_spec [info_spec]node_spec: = [TYPE] PREFIX [TOS TOS] [table table_id] [Proto R Tproto] [scope scope] [metric metric]info_spec: = NH OPTIONS FLAGS [nexthop NH] ... NH: = [via ADDRESS] [dev STRING] [weight number] Nhflagsoptions: = FLAGS [MTU number] [ADVMSS number] [RTT time ] [Rttvar time] [window number] [CWnd number] [Initcwnd number] [Ssthresh realm] [Realms realm] [Rto_min TIM E] [initrwnd number]type: = [Unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | na T]table_id: = [local| main | default | all | Number]scope: = [Host | link | global | Number]flags: = [equalize]nhflags: = [Onlink | Pervasive]rtproto: = [kernel | boot | static | Number]
Rule format
ip rule [ list | add | del | flush ] SELECTOR ACTIONSELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ dev STRING ] [ pref NUMBER ]ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ]TABLE_ID := [ local | main | default | NUMBER ]
Neigh format
ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable} ] | proxy ADDR } [ dev DEV ]ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]
Tunnel format
ip tunnel { add | change | del | show | prl } [ NAME ] [ mode MODE ] [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ] [ encaplimit ELIM ] [ ttl TTL ] [ tos TOS ] [ flowlabel FLOWLABEL ] [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ] [ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ]MODE := { ipip | gre | sit | isatap | ip6ip6 | ipip6 | any }ADDR := { IP_ADDRESS | any }TOS := { NUMBER | inherit }ELIM := { none | 0..255 }TTL := { 1..255 | inherit }KEY := { DOTTED_QUAD | NUMBER }TIME := NUMBER[s|ms]
MADDR format
ip maddr [ add | del ] MULTIADDR dev NAMEip maddr show [ dev NAME ]
Mroute format
ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]
Monitor format
ip monitor [ all | OBJECT-LIST ]
XFRM format
IP xfrm xfrm_object {COMMAND}xfrm_object: = {state | policy | Monitor}IP xfrm State {add | update} ID [xfrm_opt] [Mode mode] [Reqid Reqid] [Seq seq] [Replay-window SIZE] [Flag Flag-list] [EnCap EnCap] [Sel SELECTOR] [Limit-list]ip xfrm State ALLOCSPI ID [mode mode] [reqid reqid] [seq seq] [min SPI Max SPI]ip xfrm State {D elete | Get} Idip xfrm State {deleteall | list} [ID] [mode mode] [reqid reqid] [flag flag_list]ip Xfrm State flush [Proto Xfrm_proto]ip XFRM state countid: = [src ADDR] [dst ADDR] [proto Xfrm_proto] [SPI SPI]XF Rm_proto: = [ESP | ah | comp | route2 | Hao]mode: = [Transport | tunnel | ro | beet] (default=transport) Flag-list: = [Flag-list] Flagflag: = [NOECN | decap-dscp | wildrecv]encap: = Encap-type SPORT dport oaddrencap-type: = ESPINUDP | Espinudp-nonikealgo-list: = [Algo-list] | [ALGO] ALGO: = Algo_type algo_name algo_keyalgO_type: = [Enc | auth | comp]selector: = src Addr[/plen] DST Addr[/plen] [upspec] [Dev dev]upspec: = Proto Proto [Sport Port] [dport Port] | [Type number] [Code number]] Limit-list: = [Limit-list] | [Limit limit] LIMIT: = [[[Time-soft|time-hard|time-use-soft|time-use-hard] SECONDS] | [[Byte-soft|byte-hard] SIZE] | [[Packet-soft|packet-hard] COUNT]ip xfrm Policy {add | update} dir dir SELECTOR [index index] [Ptyp e PTYPE] [action action] [priority priority] [limit-list] [tmpl-list]ip xfrm policy {Delete | g et} dir dir [SELECTOR | index index] [ptype ptype]ip xfrm policy {deleteall | list} [dir dir] [ SELECTOR] [index index] [action action] [priority priority]IP XFRM policy flush [ptype ptype]i P xfrm Countptype: = [Main | sub] (default=main) DIR: = [in | out | fwd]selector: = src Addr[/plen] DST Addr[/plen] [ Upspec] [Dev dev]upspec: =Proto Proto [[Sport port] [dport Port] | [Type number] [Code number]] ACTION: = [Allow | block] (default=allow) Limit-list: = [Limit-list] | [Limit limit] LIMIT: = [[[Time-soft|time-hard|time-use-soft|time-use-hard] SECONDS] | [[Byte-soft|byte-hard] SIZE] | [Packet-soft|packet-hard] Number]tmpl-list: = [Tmpl-list] | [Tmpl Tmpl] TMPL: = ID [mode mode] [reqid reqid] [level level]id: = [src ADDR] [dst ADDR] [proto Xfrm_proto] [SPI S PI]xfrm_proto: = [ESP | ah | comp | route2 | Hao]mode: = [Transport | tunnel | beet] (default=transport) Level: = [ Required | Use] (default=required) IP xfrm monitor [all | Object-list]
Token format
ip token { COMMAND | help }ip token { set } TOKEN dev DEVip token { get } dev DEVip token { list }
Common options
-V,-version
Print Program version
-S,-stats,-statistics
Output more information, multiple occurrences, more output information
-H,-human,-human-readable
Output information in a way that is suitable for human reading
-iec
Similar to the-H option, the base unit is 1024
-F,-family
Specifies the protocol family used, the value list: inet, Inet6, IPX, dnet, or link, if not specified will be guessed based on the context or use the default protocol family, generally inet. Link is a special family identifier meaning this no networking protocol is involved.
Shorthand form -4 =-F inet, 6 =-F Inet6,-0 =-F link
-O,-oneline
Line display
-R,-resolve
Use the system's name resolver to print DNS names instead of host addresses.
Action Object Description
1 link
-Network device.
2 Address
-Protocol (IP or IPV6) address on a device.
3 Addrlabel
-Label configuration for protocol address selection.
4 neighbour
-ARP or Ndisc cache entry.
5 route
-routing table entry.
6 rule
-rule in Routing policy database.
7 maddress
-Multicast address.
8 Mroute
-Multicast routing cache entry.
9 Tunnel
-Tunnel over IP.
Ten Xfrm
-Framework for IPSEC protocol.
Practice operating the physical NIC
1 displaying network card device information
[[email protected] asia_ucenter]# ip -s link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 2188533266 2199032 0 0 0 0 TX: bytes packets errors dropped carrier collsns 2188533266 2199032 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:40:a8:72 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 12012726 64662 0 0 0 0 TX: bytes packets errors dropped carrier collsns 35491390 77118 0 0 0 0
2 Turn off or enable the eth0 NIC
# 关闭[[email protected] apk]# ip link set dev eth0 down#开启[[email protected] apk]# ip link set dev eth0 up
3 Enable or disable ARP
# 关闭[[email protected] apk]# ip link set dev eth0 arp off#开启[[email protected] apk]# ip link set dev eth0 arp on
4 Enable or disable multicast
# 关闭[[email protected] apk]# ip link set dev eth0 multicast off#开启[[email protected] apk]# ip link set dev eth0 multicast on
5 Enable or disable the dynamic acquisition of IP (do not know this means?) >_<)
Dynamic on or dynamic off
(Change the DYNAMIC flag on the device.)
6 Modifying the NIC name
Name Name
(The network card is running or other configuration is used to the old name, not recommended changes)
7 Set the Send Queue Length
Mode One: Txqueuelen number
Mode two: Txqlen number
8 Setting the network card device Maximum transmission unit
MTU Number
9 Setting the network card physical address
Address lladdress
10 Set broadcast address related (do not know is this mean?) >_<)
Broadcast Lladdress
BRD lladdress
Peer Lladdress
(Change the link layer broadcast address or the peer address when the interface is pointopoint.)
11 Setting up Virtual route forwarding
Netns PID
(Move the device to the network namespace associated with the process PID.)
12 Setting device aliases
Alias NAME
IP address operation
1 eth0 Device add local ip:10.0.2.5, label name ETH0:0, broadcast address
[[email protected] apk]# ip addr add dev eth0:0 local 10.0.2.5/24 brd + label eth0:0
2 Remove the previously added IP, the parameters need to be the same as before
[[email protected] apk]# ip addr delete dev eth0:0 local 10.0.2.5/24 brd - label eth0:0
3 Displaying IP address information
ip address show - look at protocol addresses dev NAME (default) name of device. scope SCOPE_VAL only list addresses with this scope. to PREFIX only list addresses matching this prefix. label PATTERN only list addresses with labels matching the PATTERN. PATTERN is a usual shell style pattern. primary and secondary only list primary (or secondary) addresses.
4 Delete the IP address, the filter condition is the same as the display, cautious operation
ip addr flush arg1 arg2
Neighbor (neighbour)/arp table management
1 Adding a Neighbor node information
[[email protected] apk]# ip neighbour add to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale# 邻居节点状态说明permanent - the neighbour entry is valid forever and can be only be removed administratively.noarp - the neighbour entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.reachable - the neighbour entry is valid until the reachability timeout expires.stale - the neighbour entry is valid but suspicious. This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.
2 Neighbor node failure: IP 10.0.2.6, node with device name eth0
[[email protected] apk]# ip neighbour delete to 10.0.2.6 dev eth0
3 Show Neighbor Node list, filter parameters and add the same
[[email protected] apk]# ip neighbour list10.0.2.6 dev eth0 FAILED10.0.2.1 dev eth0 lladdr 52:54:00:12:35:00 STALE10.0.2.3 dev eth0 lladdr 08:00:27:4e:35:c1 STALE10.0.2.2 dev eth0 lladdr 52:54:00:12:35:00 REACHABLE
4 Delete Neighbor nodes, filter parameters and add, no filtering parameters, do not do processing
Note: A failure status cannot be removed B after performing this operation, still can see (do not know what is the reason?). >_<)
[[email protected] apk]# ip -s neighbour flush to 10.0.2.6 dev eth0*** Round 1, deleting 1 entries ****** Flush is complete after 1 round ***
5 Change the existing neighbor node ip:10.0.2.6, the physical network card address is: 22:33:AA:33:44:DD, the device name is: eth0 status is stale
[[email protected] apk]# ip -s neighbour change to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale
Routing Table Management
1 description
Route type
Unicast-the route entry describes real paths to the destinations covered by the route prefix.unreachable-the SE Destinations is unreachable. Packets is discarded and the ICMP message host unreachable is generated. The local senders get an Ehostunreach Error.blackhole-these destinations is unreachable. Packets is discarded silently. The local senders get an EINVAL Error.prohibit-these destinations is unreachable. Packets is discarded and the ICMP message communication administratively prohibited is generated. The local senders get an eacces error.local-the destinations is assigned to this host. The packets is looped back and delivered locally.broadcast-the destinations is broadcast addresses. The packets is sent as Link Broadcasts.throw-a Special control route used together with policy rules. If such a route is selected, the lookup in this table is terminated pretending the no route was found. Without Policy Routing it is EQuivalent to the absence of the route in the routing table. The packets is dropped and the ICMP message net unreachable is generated. The local senders get an Enetunreach error.nat-a special NAT route. Destinations covered by the prefix is considered to being dummy (or external) addresses which require translation to real (or Internal) ones before forwarding. The addresses to translate to is selected with the attribute via. Warning:route NAT is no longer supported in Linux 2.6.anycast-not implemented the destinations is anycast addres Ses assigned to this host. They is mainly equivalent to local with one Difference:such addresses is invalid when used as the source address of Any PACKET.MULTICAST-A special type used for multicast routing. It is not a present in normal routing tables.
2 other, here to steal a lazy, the parameter list is too many, the instructions directly see the command help document it:)
Other types of management
Routing policy, xfrm network security framework, token, monitoring object status, etc.
Resources
"0" Man IP
"1" Linux Network namespace Learning
1190000004059167
"2" Linux IP command use example (GO)
Http://www.cnblogs.com/bamboo-talking/archive/2013/01/10/2855306.html
Simple analysis of "3" Linux xfrm overall framework
6978229
"4" One NIC binds multiple IPs and multiple NICs with one IP setting
Http://www.cnblogs.com/dkblog/archive/2011/07/26/2117383.html
"5" Neighbor table (neighbour table) issues
Https://wenku.baidu.com/view/39fc2d0c581b6bd97f19ea19.html
"6" A router routing table filling exercises, the answer can not understand
https://segmentfault.com/q/1010000002234926
"7" Windows routing table detailed
Https://www.cnblogs.com/croso/p/5309553.html
N days to learn the IP of a linux command