View the IP address structure of the Linux Nic from the difference between ip addr add and ifconfig

Today, a foreigner asked a question in the mail list, that is, the difference between ip addr add and ifconfig. I gave him a question, maybe because the English language is not good, and the answer is very simple, therefore, I want to explain it in detail here. In fact, there is no difference between them, but the expressions are different. If you understand the principles of the network protocol and the layered architecture of the network, I think you will not have this problem. In fact, every Nic device has a MAC address, however, it can have multiple network-layer addresses, such as IP addresses. However, this fact is not as good as the user provides an operation interface, so the IP alias (IP aliases) is introduced) and secondary IP addresses. In fact, it is easy to understand this fact. According to the stratified thinking, the lower layer always serves the upper layer, that is, providing a stage for the upper layer, and the upper layer uses the lower layer services, the lower layer does not need to know its own situation. If a NIC with a reasonable MAC address is not configured with a network address (such as an IP address, it is reasonable to configure multiple IP addresses for this device, just as one IP Address can correspond to multiple application layer ports. That is to say, the relationship between the lower layer and the upper layer is always one-to-many, this relationship is reasonable in a layered architecture. Next, let's take a look at the IP address structure of the Linux Nic. In Linux, a network card can have multiple IP addresses. What is the relationship between these IP addresses? In fact, these IP addresses constitute a chain structure. The so-called chain structure is that some nodes are linked into a chain, and each node carries its own chain, as shown in:

Each node identifies a CIDR block. the IP address of the node is the primary address of the CIDR block. The IP address contained in the CIDR block is the secondary address of the CIDR block, that is to say, a network adapter can carry the total length of the linked list of each node, and these IP addresses are not linear, but the above-mentioned link structure. Let's take a look at the benefits of doing so. Friends who have played Cisco routers may know that there is a secondary IP concept. This feature can be used to create logical subnets. That is to say, two subnets can be connected on a physical network port. This seems incredible, in fact, it is very simple. For example, if the network port is connected to a vswitch and the network port is not configured with a secondary IP address, then the vswitch can only connect to a host in a CIDR Block, such as 192.168.1.1/24. However, if secondary IP is configured, you can connect hosts with two network segments, such as 192.168.1.1/24 and 10.0.0.1/24. This is simple but useful, this mechanism can be used by the routing summary policy. Note that the secondary IP address in the preceding example is not the secondary address of Linux. in Linux, the opposite is true. If the IP address configured on a NIC is not a network segment, it is a primary IP address, it is the IP address in the main chain in the chain structure. The secondary address in Linux is the IP address in the sub-chain node of the main chain node. The concept of secondary address cannot be confused. What we mentioned above is only the function of the main chain in the chain. What about the sub-chain? In fact, it is quite easy to imagine. For example, if a server runs a proxy server or Server Load balancer service, the proxy server or Server Load balancer service and the master server need to listen to the same port, you can use secondary address to solve this problem. As long as you need to listen to applications on the same port in the same network segment, it is the cause of the existence of the link neutron chain. Therefore, we can say that, the main chain virtualizes multiple NICs on the external or the following link layer, while the sub-chain virtualizes multiple machines on the upper layer. If the Linux host with the link structure configured has only one Nic, therefore, the outside will think that it has multiple NICs. For the inside, the application layer will think that they are on different hosts, which is the effect.
In addition to the general introduction above, there are still many details. The chain does not have primary or secondary nodes in the main chain. The sub-chain is parallel except the first node and other nodes, however, the first node in the sub-chain is always linked to the main chain, and the address they carry is the primary address. The address carried by the sub-chain under them is the secondary address of the primary address, in this case, if a node on the main chain is deleted, its sub-chains will no longer exist. But this kind of strategy is always not so beautiful, because the father makes mistakes and the son is also tired. This has been done from time to time in the current generation of society, so we need to change the mechanism, therefore, a special option in Linux is that when a primary address is deleted, if it has a secondary address, then its first secondary address (eldest son) it is reasonable to inherit the location of the deleted primary address to become the primary address. Otherwise, if a program uses the secondary address When deleting the primary address, the deletion may be delayed, if the program crashes and the automatic upgrade policy is adopted, no problems will occur.
As for IP aliases, it was in the previous version and is an implementation problem. The problem solved is the same as the current secondary IP mechanism, it adds a suffix to the name of a physical Nic to form a virtual network interface. Essentially, it is no different from the secondary IP mechanism. The difference is that IP aliases is not so intuitive, the secondary IP address allows the application to see multiple addresses of a network card. For example, if you use the IP address aliases, sometimes you always ask what eth0: 0 is? I tried to find the registration code for the eth0: 0 network device in the kernel, and I couldn't find it even if I was crazy, but I did stupid things because of that damn name.
Next we can look at the implementation code of the Linux kernel. First we can understand some data structures. The most important thing is net_device, followed by in_device, and then in_ifaddr. We can understand these three data structures, everything is clear. This is true.
Struct net_device
{
...
Void * ip_ptr; // point to an in_device structure. The separation of this field from net_device indicates that a NIC can support multiple network layer protocols.
...
}
Struct in_device
{
Struct net_device * dev; // point to the net_device to which it belongs, that is, the NIC
Atomic_t refcnt; // reference count
Int dead;
Struct in_ifaddr * ifa_list; // list of all IP addresses
...
};
Struct in_ifaddr // represents an IP address
{
Struct in_ifaddr * ifa_next; // The ifa_list field in in_device above is linked by this field.
Struct in_device * ifa_dev; // indicates the in_device structure.
Struct rcu_head;
U32 ifa_local; // ip address
U32 ifa_address;
U32 ifa_mask; // mask
U32 ifa_broadcast; // broadcast address
U32 ifa_anycast;
Unsigned char ifa_scope;
Unsigned char ifa_flags; // only the ifa_f_secondary flag, because this is the primary address.
Unsigned char ifa_prefixlen;
Char ifa_label [ifnamsiz]; // name. In the IP aliases era, it may be in the form of ethx: Y. In the secondary IP era, it is unified as ethx.
};
Note that the above structure does not represent the IP address structure of the Linux network card as a chain structure. The so-called chain structure is only logical, in the data structure, all IP addresses of a network adapter are linked to a linear linked list in ifa_list. The ifa_flags field of in_ifaddr is displayed when the primary address or secondary address is used. When a new address is set, inet_insert_ifa is always called. Why does Linux not represent an IP address as a link structure in code? I don't know. I personally feel that a net_device has a primary IP linked list, and each primary IP node has a secondary IP linked list. This is even better. I think the inet_insert_ifa implementation is very poor. You can use two user space programs to add addresses. One is ifconfig, the other is ip addr add, and the ifconfig is based on IOCTL, the IP program adds an IP address based on Netlink. No matter which method can be used, you can see another problem: why can't I see the IP address added with IP ADDR add in ifconfig, but the IP address ADDR show set in ifconfig can be seen. This problem can be understood at a Glance by looking at the code. When ifconfig obtains the IP address, the Code:
For (IFAP = & in_dev-> ifa_list; (IFA = * IFAP )! = NULL; IFAP = & IFA-> ifa_next)
{
If (! Strcmp (IFR. ifr_name, IFA-> ifa_label) & sin_orig.sin_addr.s_addr = IFA-> ifa_address)
{
Break;
}
}
This is the IP address of the discovered IFA. As we know, all the IFA links form a linear linked list, if we find the first one, we will not go back, therefore, only one result can be obtained, that is, the first one in the chain table, and the IP add show function is different. This function is implemented in the inet_dump_ifaddr function and traverses all the IFA functions, and upload it to the user space buffer. Here we can do an experiment: First add several primary IP addresses not in the same CIDR Block with ip addr add, and then add an IP address that is not in the same CIDR block with the previous IP address ifconfig, you can use ifconfig to check whether the IP address is added by using the ip addr add instead of the IP address configured by ifconfig, this indicates that ifconfig will always be the one at the top of the IFA linked list. Note that if you add a lot of secondary IP addresses with ip addr add, then, if you use the IP address set in ifconfig and those secondary IP addresses in the same network segment, all secondary IP addresses will be deleted, which are determined by the sencondary IP specification, it is also reflected in the Code. Note that table items in the route table are based on the primary IP address, because all operations are based on the primary IP address. For example, when adding a route:
Void maid (struct in_ifaddr * IFA)
{
Struct in_device * in_dev = IFA-> ifa_dev;
Struct net_device * Dev = in_dev-> dev;
Struct in_ifaddr * prim = IFA;
...
If (IFA-> ifa_flags & ifa_f_secondary) {// If IFA is a sencondary address, find the primary address to which it belongs, and set it based on this primary.
Prim = inet_ifa_byprefix (in_dev, prefix, mask );
If (prim = NULL ){
Printk (kern_debug "Maid: Bug: prim = NULL/N ");
Return;
}
}
Fiber _ magic (rtm_newroute, rtn_local, ADDR, 32, Prim); // Add to the route table
...
}
So far, we know a lot of things. The most important thing is the structure of the network adapter IP address in Linux and the benefits of this design. In addition, the IP address setting methods include IOCTL and netlink. In fact, when a network card has multiple IP addresses, there is no conflict between the IP addresses and the network card. The only relationship between the IP addresses and the network card is the network layer model, the details are linked by routes. For example, when I add a route entry, I specify a destination address, a next-hop IP address, and a NIC egress, then, the kernel inserts the route into the proper location based on the provided destination address, and then sets the NH network device as the NIC egress for your provision, when data is transmitted, you can find the route and find the egress. You can set the route manually. Even if the kernel is completely wrong, it will be added to the route table, another route is automatically generated by the kernel, that is, when the network adapter is just up, find its in_device through the net_device of the network adapter and then find its IP address. Such a route is called a link route.
Through the secondary IP mechanism, you can think that your machine has many NICs. Applications that listen to the same port will think that they are on different machines in the LAN, you can use these IP addresses at will without any confusion. The routing and the underlying ARP will handle all this well, on the premise that you set the route to correct.
Appendix: Does the user space have IFUP/ifdown,/sbin/IP, ifconfig, and netplugd daemon? The intermediate IP program is the most basic and has no policy. The policy is to specify the parameter or call it by another program. netplugd is a monitoring daemon and monitors the NIC status through Netlink, call/etc/netplug based on different monitoring results. d/netplug script, which in turn may call the IFUP/ifdown script, and the latter is the script, which will call the IFUP-eth script, finally sort out the parameters and call the IP Program (typically: IP link set eth0 up/down), of course, the IP program can be called by itself, such as ip addr add and IP Route Add. ifconfig is not so round-robin and is set through IOCTL, it can be observed through strace. This is a big secret. To put it bluntly, policies and mechanisms are separated. In addition, many functions in Linux are combined by very small programs.

The Linux IP address chain structure and IP address addressing characteristics (For details, refer to "questions about intercommunication between IP network segments-routing is fundamental") fully demonstrate how perfect the Linux protocol stack is, fully compliant with the layer and encapsulation model, the lower layer logic is completely decoupled from the upper layer logic, that is, the IP layer is completely independent of the physical layout of the link layer and the physical layer, for example, addressing routes at the IP layer are only implemented by the IP layer, and all the routes found at the link layer are completely for convenience.