One ip tool to rule them all
Core Technology
Prise the back off Linux and find out what really makes it tick.
When it comes to network configuration, Linux has several utilities collected in net-tools. Users learn to manage addresses with ifconfig
, routes with route
, and MAC addresses and the local network segment (the neighborhood) with arp
. A single tool, ip
of the iproute2 tool collection, replaces several of the classic network tools with one utility.
Making Links
The ip
tool operates on objects, which could be links, network layer addresses, routes, rules, and a few others. I'll start with Layer 2 objects (i.e., links) and advance to upper layers.
The ip
utility should already be in your Linux system. If not, install the iproute2 package. The ip(8)
man page provides generic instructions on using the command, whereas ip-link(8) and friends provide the specifics. If you have ever used Git, you understand this split. Basically, you provide ip
an object on which to operate; a command, such as add
or del
; and some options. The command ip <object> help
lists the details in each case.
Before you can use a networking interface in Linux, you need to bring it up. The following command sets up a network interface:
# ip link set up dev eth0
This command must run as root (note the #
prompt). The link
object refers to a networking device, either physical or virtual, and the set
command sets various link options. For instance, you could enable promiscuous mode (useful for sniffers such as Wireshark) with ip set promisc on
or rename the interface with ip set <name>
. The up
option tells ip
you want to set the link active, and dev eth0
specifies the device. You can check whether the command worked as expected with ip link show
(Listing 1).
Listing 1
Check a Networking Device
In the preceding command, the show
command doesn't require root permissions. If you omit it altogether (i.e., ip link
), show
is implied; adding the -s
switch collects and shows a few statistics (Figure 1). The UP flag in angle brackets tells you the link is up, and NO-CARRIER indicates that no cable is currently plugged in to the laptop. Note that MAC address is displayed as well, which you can change with:
ip link set address
In addition to configuring existing network links, ip
can create new links – or at least a new virtual Ethernet (Veth) adapter:
# ip link add veth0 type veth peer name veth1
Veth interfaces come in pairs and are much like real network cards connected with a patch cord. Entering ip link show
displays them as veth0@veth1 and vice versa. Veth interfaces were designed to simplify network communication for namespaces, and they are often seen with containerization tools such as Docker, but you can also use a virtual interface in other situations where you just want a simple network tunnel. The command ip link add
can also create bridges (acting as a brctl
substitute), VLANs, and a variety of network tunnels, including the VXLAN and Geneve options commonly used in network virtualization. You'll hardly ever need all these link types on your machine, but if you did, ip
could manage them.
If you no longer need a link for some virtual device, use ip link del
to get rid of it, but don't expect this command to work for physical devices.
Meeting Neighbors
Up the stack, you find the Network layer (aka, Layer 3) and network addresses. IPv4 is a typical specimen. The IPv4 address is a bit of information you usually supply when you bring the interface up with ifconfig
; ip
supports both IPv4 and IPv6.
Your single entry point to all address-related operations, regardless of address type, is ip address
. Adding an address is easy:
# ip addr add 192.168.1.2/24 dev eth0
Look at how 192.168.1.2/24
specifies both the IPv4 address (192.168.1.2) and the netmask (24). This information is already enough for ip
to deduce a broadcast address, which is often set explicitly with ifconfig
.
It is also completely possible to assign an interface more than one address (Listing 2). Note that ip
reuses the same "verbs" (or commands) across different objects.
Listing 2
Assign More than One Address
Older tools (like ifconfig
) provide multiple address support via interface aliases (eth0:0
). For ip
, this is not a requirement. Yet you can achieve the same effect if you assign an address label as in Listing 3.
Listing 3
Assign an Alias
For backward compatibility, the label
string must start with the interface name followed by a colon. You may delete addresses you no longer need with ip address delete
(or just ip a d
– see the "Abbreviations and Synonyms" box), whereas ip address flush
flushes all addresses assigned to the interface.
Abbreviations and Synonyms
Two things to note: First, ip
supports abbreviations. There is no minimum length, as long as the shortcut remains unambiguous. Entering ip addr
is the same as entering ip a
. Second, commands may also have synonyms: list
and lst
are the same as show
.
Once you have assigned an interface a new IP address, how do other computers know about it? Neighborhood protocols are the answer. For IPv4, it's ARP (LV031); IPv6 calls the equivalent mechanism Neighborhood Discovery (ND), which is a part of ICMPv6. ip
handles both ARP and IPv6 ND via the neighbour
object. In practice, ip neigh
is the prevalent command form.
The most common operation is to list ARP/ND entries. The old-school arp
command lists IPv4 addresses only, yet ip
happily handles both families (Listing 4).
Listing 4
List ARP/NC Entries
You can instruct ip
to show IPv4 or IPv6 entries only with the -4
and -6
switches. You can also add new neighbor entries and change, replace, or delete existing ones. The ip-neighbour(8)
man page covers the necessary commands.
Finding Routes
Network layer protocols (IPv4 or IPv6) are all about routing. Routing is how packets reach their destinations beyond the local network segment. In the simplest case, routing information boils down to the default gateway address, which accepts all packets destined for the outside world. In a large enterprise or provider network, complex dynamic routing protocols are employed to ensure connectivity and optimize traffic flow.
Although ip
doesn't do anything with dynamic routing protocols – separate daemons are in charge of this – it does provide all you might want for your static routing configuration, even in advanced scenarios. In a typical case, the route is chosen on the basis of the destination address, and that's the only use case the route
command covers. Not only does ip
cover this basic scenario, it provides a few additional options, as well:
# ip route add 192.168.2.0/24 via 192.168.1.1
This command adds a route to the 192.168.2.0
network via the 192.168.1.1
gateway. A special keyword, default
, which is equivalent to 0.0.0.0/0
, can be used to specify the default gateway. You can delete a route with ip route delete
and modify existing routes with ip route modify
. As usual ip route show
(or list
) displays the routing table:
$ ip route list default via 192.168.101.1 dev wlan0 proto static metric 600...
For a complex routing table, it might not be evident which route will apply to which destination, especially if routes involve different metric
or preference
values. The ip route get
comes to the rescue: It runs the virtual packet through the routing table and prints the result. No root privileges are required:
$ ip route get 8.8.8.8 8.8.8.8 via 192.168.101.1 dev wlan0 src 192.168.101.43 cache
ip route get
resolves the route you provide, creating so-called clones (think cache entries) as necessary. The word cache
in the last line signifies this fact. One can see what's currently in the routing cache with ip route list cache
, and flush it with ip route flush cache
. However, the IPv4 routing cache was removed in Linux 3.6 for its non-deterministic performance. So, unless you use an old kernel, ip route list cache
yields nothing. In a nutshell, the kernel still makes route clones but doesn't try to store them anymore.
The route type shown above is the most typical one, but it is not the only one ip
understands. Iptables was the traditional way to silently discard packets going to evil networks , but the blackhole
route would also work fine:
$ ip route add blackhole 8.8.8.8 # ping 8.8.8.8 connect: Invalid argument
For local sockets, the blackhole
route yields the EINVAL
error. Two similar route types, unreachable
and prohibit
, generate ICMP Host Unreachable and ICMP Communication Prohibited replies. Local senders get EHOSTUNREACH and EACCESS, respectively.
A throw
route type terminates lookup in the current routing table. Is there more than one routing table in Linux, you ask? That's a good question!
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.