Network Basics – The ip Command
Network Basics – The ip Command
Network commands like ifconfig and route are still popular with users even though they are far past their prime. Their successor, ip, provides the capabilities of several legacy tools with a single, unified syntax.
Humans are creatures of habit: We like to perform sequences of tasks in a familiar order with familiar tools. Given the human desire to stick with what is known, it is little wonder that outdated commands continue in common usage. For instance, many users still rely on the ifconfig
, route
, and arp
network utilities from the net-tools package, even through a capable successor existing in the form of the ip
command, which is part of the iproute2 package [1]. The ip
command was introduced in 1999, along with the .NET4.0 framework, which included support for the IPv6 network protocol in Kernel 2.2.
Current distributions like Ubuntu 18.04 no longer install net-tools [2] by default. If necessary, you could set up the familiar net-tools collection with sudo apt install net-tools
on a Debian-based system. But before you do, consider whether this might be the perfect time to get some experience with ip
instead. The old tools use the same libraries that ip
uses, but they will not see any new features. The future belongs to ip
.
Getting an Overview
The ip
command has the following syntax:
ip [Option (s)] Object Command [Argument(s)]]
The following command:
ip link show
or ip link
for short (or even shorter ip l
) – without admin privileges – outputs a list of all available network cards (Listing 1). In this case, link
acts as object and show
as command. If a command is missing, ip
assumes that you mean show
. The command also allows abbreviations and synonyms, such as ip link ls
.
Listing 1
Outputting Network Cards
The output in Listing 1 shows that the cards enp4s0
and wlp2s0
are inactive. The UP
flag is missing. The vboxnet0
card represents a virtual network interface used by VirtualBox. To additionally display the network addresses, you just need to enter addr
as the object or simply a
instead of link
(Figure 1). The first example in Figure 1 restricts the output to the enp0s31f6
device.
The output from the first command ip addr show
shows both the IPv4 address (inet
) and the IPv6 address (inet6
). The Ethernet address (link/ether
) also appears with ip link
.
ip
can display statistical information that helps with troubleshooting if you pass in the -s
option (see the second command in Figure 1). If you are interested in the routes or the contents of the ARP cache, use ip route show
or ip neighbour show
(Figure 2).
All examples shown so far work without root privileges. You can also use ip
to change the network configuration, but you'll need administrative privileges. To create a virtual network card named dummy0
, type the command ip link add dummy0 type dummy
.
Then activate the virtual device with the ip link set dummy0 up
command. When executing these commands, the system should automatically load the kernel module required for this function. If this does not work, you can load it manually with modprobe dummy
(Figure 3).
If you assign several IP addresses to a network card, the classic ifconfig
command generates network devices with names of the type Device:0
, Device:1
, and so on. The ip
command is similar but uses the label
parameter to assign the alias names (Listing 2).
Listing 2
Assigning an Alias
You can use this name later in iptables scripts, for example, which greatly simplifies the task of creating firewall rules. When choosing the label, you do not necessarily have to follow the form Device:Number
. The identifier only has to start with the name of the network card and can end with any character string. The list is colon-separated.
Under Pseudonym
Before you change network card names with ip
, you should first deactivate the device to avoid side effects. To rename the dummy device dummy0
to test0
, type the lines from Listing 3.
Listing 3
Renaming the Dummy Device
If you want to delete IP addresses, you can use the commands ip addr del IP_address dev device_name
or ip addr flush dev device_name
. The first command removes a single address; the second command removes all addresses of a network card.
Be careful – if you delete the primary IP address of a network card, you automatically remove all the secondary addresses. Figure 4 shows a secondary IP address labeled dummy0:test
. It appears in the output of ip addr show dummy0
as secondary dummy0:test
.
Routing by Rules
Setting up routes to other networks is somewhat different in ip
than with the legacy route
tool. You can activate the default route with the following command:
ip route add default via 192.168.178.1
The via
switch defines the router to use to reach the destination (in this example the default path). To specifically set up a host or network route, replace default
and specify the appropriate information; for example the following command:
ip route add 10.0.0.0/24 via 192.168.178.1
for a path to the network 10.0.0.0/24
.
A classic router analyzes the path to the destination IP address using its routing table. Advanced routing or policy routing, on the other hand, allows a wide range of adaptations. The Linux kernel manages up to 256 different routing tables. Rules defined by the admin stipulate for which packets the system consults which routing table.
You can display the current rules with the ip rule show
command (Figure 4). In the example, the machine forwards packets from 10.0.0.7 via NAT (map-to
). Packets tagged 0x5
by the iptables firewall are processed via Table number 6; packets from sender address 10.0.0.5 are processed via Table 5.
The number in the first column specifies the order in which the system processes the rules. If a package matches a rule, the packet is forwarded using the route associated with the rule. If the table contains a valid route for the package (such as the default route), the system terminates the comparison and sends the package along that route. Otherwise it continues with the remaining routes.
You can also identify tables using names. The name main
represents the main routing table that the route
command outputs. You can name other tables using the /etc/iproute2/rt_tables
file (Listing 4). The routing tables with the numbers 0, 254, and 255 are reserved for the system (lines 1 to 5). The corresponding names also appear in the display of ip rule show
.
Listing 4
rt_tables
A naming system makes it easier to use the routing tables. Just specify the table when creating a route:
ip route add default via 192.168.0.5 table internal
Clever policy routing helps to solve seemingly unsolvable problems. For example, companies often work with two network connections: a leased line with a fixed IP address and a DSL connection. Each port uses its own router. One goal of the configuration could be to handle all Internet browsing traffic via DSL and to reserve the leased line for VPN and email (Figure 5). This configuration works perfectly with ip
.
First, iptables tags all browsing traffic on the firewall connected to the two routers (Listing 5, first line). An ip
command then ensures that the system processes all selected packages using its own table. In this table, you then enter the DSL router (192.168.0.254 in the example) as the default gateway.
Listing 5
Setting Up the Firewall
The firewall now flags each connection to ports 80 (HTTP) or 443 (HTTPS) using the 0x80
flag. Because of this rule, the computer processes the packet in the routing table with the name web
and sends it to the default gateway 192.168.0.254 (the DSL router).
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.