Notes on Linux ip Command


Notes on Linux ip Command

iproute2

http://en.wikipedia.org/wiki/Iproute2

iproute2 is a collection of utilities for controlling TCP and UDP IP networking and traffic control in Linux. It is intended to replace an entire suite of legacy Unix networking tools (often called “net-tools”)

Tools replaced by iproute2 are:

* Address and link configuration: ifconfig → ip addr, ip link

* Routing tables: route → ip route

* Neighbors: arp → ip neigh

* Tunnels: iptunnel → ip tunnel

* Multicast: ipmaddr → ip maddr

* netstat → ss

Network Confguration: "ip" Tool

The ip tool provides most of the networking confguration a Linux box needs. You can confgure interfaces, ARP, policy routing, tunnels, etc.


Exploring your current configuration

ip help

ip route add help

ip shows us our links

ip link list

Usage: ip link set DEVICE { up | down | arp { on | off } |

dynamic { on | off } | multicast { on | off } | txqueuelen PACKETS |

name NEWNAME | address LLADDR | broadcast LLADDR | mtu MTU }

ip link show [ DEVICE ]

ip shows us our IP addresses

ip address show

Usage: ip addr {add|del} IFADDR dev STRING

ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ]

[ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]

IFADDR := PREFIX | ADDR peer PREFIX

[ broadcast ADDR ] [ anycast ADDR ]

[ label STRING ] [ scope SCOPE-ID ]

SCOPE-ID := [ host | link | global | NUMBER ]

FLAG-LIST := [ FLAG-LIST ] FLAG

FLAG := [ permanent | dynamic | secondary | primary |

tentative | deprecated ]

With the -statistics option, ip also prints interface statistics: ip -s link ls eth0

If the -s option is entered twice or more, ip prints more detailed statistics on receiver and transmitter errors: ip -s -s link ls eth0

ip shows us our routes

ip route show

Usage: ip route { list | flush } SELECTOR

ip route get ADDRESS [ from ADDRESS iif STRING ]

[ oif STRING ] [ tos TOS ]

ip route { add | del | replace | change | append | replace | monitor } ROUTE

SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]

[ table TABLE_ID ] [ proto RTPROTO ]

[ type TYPE ] [ scope SCOPE ]

ROUTE := NODE_SPEC [ INFO_SPEC ]

NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]

[ table TABLE_ID ] [ proto RTPROTO ]

[ scope SCOPE ] [ metric METRIC ]

INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...

NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS

OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]

[ rtt NUMBER ] [ rttvar NUMBER ]

[ window NUMBER] [ cwnd NUMBER ] [ ssthresh REALM ]

[ realms REALM ]

TYPE := [ unicast | local | broadcast | multicast | throw |

unreachable | prohibit | blackhole | nat ]

TABLE_ID := [ local | main | default | all | NUMBER ]

SCOPE := [ host | link | global | NUMBER ]

FLAGS := [ equalize ]

NHFLAGS := [ onlink | pervasive ]

RTPROTO := [ kernel | boot | static | NUMBER ]

ip route add 192.168.55.0/24 via 192.168.1.254 dev eth1

Alternatively, you can use old good route command:

route add -net 192.168.55.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth1

ip route add default via 192.168.1.254

ip route delete 192.168.1.0/24 dev eth0

Route all traffic via 192.168.1.254 gateway connected via eth0 network interface:

ip route add default gw 192.168.1.254 eth0

Linux Persistence Routes

under Red Hat/Fedora Linux you can add static router for eth0 network interface by editing /etc/sysconfig/network-scripts/route-eth0 file. Under Debian Linux add static route by editing /etc/network/interface file.

ARP

ip neigh show

Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]

[ nud { permanent | noarp | stale | reachable } ]

| proxy ADDR } [ dev DEV ]

ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]

ip neigh delete 9.3.76.43 dev eth0

ip monitor and rtmon - state monitoring

Usage: ip monitor [ all | LISTofOBJECTS ]

LISTofOBJECTS may contain link, address and route.

Multicast routing

Add the Multicast virtual network:

ip route add 224.0.0.0/4 dev eth0

Now, tell Linux to forward packets...

echo 1 > /proc/sys/net/ipv4/ip_forward

To test our connection, we ping the default group, 224.0.0.1, to see if anyone is alive. All machines on your LAN with multicasting enabled should respond, but nothing else.


Resources:

http://lartc.org/howto/ \

http://en.wikipedia.org/wiki/Iproute2

http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html

Designing and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Posted by at
Labels: ,

Labels

adsense (5) Algorithm (69) Algorithm Series (35) Android (7) ANT (6) bat (8) Big Data (7) Blogger (14) Bugs (6) Cache (5) Chrome (19) Code Example (29) Code Quality (7) Coding Skills (5) Database (7) Debug (16) Design (5) Dev Tips (63) Eclipse (32) Git (5) Google (33) Guava (7) How to (9) Http Client (8) IDE (7) Interview (88) J2EE (13) J2SE (49) Java (186) JavaScript (27) JSON (7) Learning code (9) Lesson Learned (6) Linux (26) Lucene-Solr (112) Mac (10) Maven (8) Network (9) Nutch2 (18) Performance (9) PowerShell (11) Problem Solving (11) Programmer Skills (6) regex (5) Scala (6) Security (9) Soft Skills (38) Spring (22) System Design (11) Testing (7) Text Mining (14) Tips (17) Tools (24) Troubleshooting (29) UIMA (9) Web Development (19) Windows (21) xml (5)