ip command

The ip command is the replacement of the venerable ifconfig. Using ifconfig is discouraged as ip has the same functionality plus it can show & manipulate routes, devices, tunnels and routing policies.

The syntax of ip is as follows:

# ip <options> <object> <command>

The options are:

-b, -batch <batchfile> reads and executes the commands in the file and terminates immediately if it encounters and error

-force used with -batch to force continuation of the batchfile execution on error

-s, -stats can be used once or more within same command to increase verbosity

-l, -loops <count> specifies max number of attempts to run “ip addr flush” before giving up

-f, -family <family> can be inet, inet6, bridge, decnet, ipx & link

-r, -resolve resolve IP addresses onto DNS names

The objects are:

- address         IPv4 or IPv6 address on a device
- addrlabel       label configuration for protocol address selection
- l2tp                tunnel ethernet over IP
- link                network device
- maddress      multicast address
- monitor          watch for netlink messages
- mroute           multicast routing cache entry
- mrule             rule in multicasting routing policy database
- neighbour      manage ARP or NDISC cache entries
- netns             manage network namespaces
- ntable            manage the neighbour cache's operation
- route             routing table entry
- rule               manage routing policy database
- tcpmetrics     manage tcp metrics
- tunnel           tunnel over IP
- tuntap           manage TUN/TAP devices
- xfrm              manage IPSec policies

In this section we will focus on the 3 objects in bold: address, link route. In a future revision of this section, we might cover some more...

There are 3 basic commands that can be used with the objects above: add, delete show.

The most commonly used ip command does the same as ifconfig:

[root@rhce7]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
.   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
.   inet 127.0.0.1/8 scope host lo
.      valid_lft forever preferred_lft forever
.   inet6 ::1/128 scope host
.      valid_lft forever preferred_lft forever
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
.   link/ether 00:50:56:87:bd:92 brd ff:ff:ff:ff:ff:ff
.   inet 192.168.0.190/24 brd 192.168.0.255 scope global eno16780032
.     valid_lft forever preferred_lft forever
.   inet6 fe80::250:56ff:fe87:bd92/64 scope link
.      valid_lft forever preferred_lft forever
3: virbr0: <NO­CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
.   link/ether 52:54:00:dd:40:33 brd ff:ff:ff:ff:ff:ff
.   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
.      valid_lft forever preferred_lft forever
4: virbr0­nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
.   link/ether 52:54:00:dd:40:33 brd ff:ff:ff:ff:ff:ff

To show the settings just for one interface:

[root@rhce7]# ip address show eno16780032
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
.   link/ether 00:50:56:87:bd:92 brd ff:ff:ff:ff:ff:ff
.   inet 192.168.0.190/24 brd 192.168.0.255 scope global eno16780032
.     valid_lft forever preferred_lft forever
.   inet6 fe80::250:56ff:fe87:bd92/64 scope link
.      valid_lft forever preferred_lft forever

To show the settings only for IPv4 or IPv6:

[root@rhce7]# ip -­4 address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
.   inet 127.0.0.1/8 scope host lo
.      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
.   inet 192.168.122.194/24 brd 192.168.122.255 scope global dynamic eth0
.      valid_lft 3526sec preferred_lft 3526sec
.
[root@rhce7]# ip -­6 address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
.   inet6 ::1/128 scope host
.      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
.   inet6 fe80::5054:ff:fe49:72fc/64 scope link
.      valid_lft forever preferred_lft forever

To show the addresses configured in the local NICs we use the command above. But to show just the links ignoring the IP data:

[root@rhce7]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
.   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16780: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
.   link/ether 00:50:56:87:bd:92 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO­CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
.   link/ether 52:54:00:dd:40:33 brd ff:ff:ff:ff:ff:ff
4: virbr0­nic: <BROADCAST,MULTICAST> mtu 1500 qdisc master virbr0 state DOWN mode DEFAULT qlen 500
.   link/ether 52:54:00:dd:40:33 brd ff:ff:ff:ff:ff:ff

The command above shows us all the NICs available. If we want to configure a NIC (or link) that is down, first we will have to bring the link up:

[root@rhce7] # ip link set eth1 up

And then we can add the IP we had in mind:

[root@rhce7] # ip address add 192.168.0.199/24 broadcast 192.168.0.255 dev eth1
[root@rhce7] # ip address show dev eth1
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
.   link/ether 00:50:56:87:bd:92 brd ff:ff:ff:ff:ff:ff
.   inet 192.168.0.199/24 brd 192.168.0.255 scope global eth1
.      valid_lft forever preferred_lft forever

We can delete a given IP address easily with:

[root@rhce7] # ip address delete 192.168.0.199/24 dev eth1

If we want to delete all the addresses of a given interface (rather than one by one with the command above), we can do so with the command:

[root@rhce7] # ip address flush dev eth1

It is very important to always specify the device when using flush as not doing so (i.e. ip addr flush)
will wipe out ALL IP addresses and will cut-off connectivity to the server unless we happen to be in the physical console.

We will rarely have to use the ip link add/delete commands unless we intend to create VLANs, bridges, bonded devices or some other esoteric link types. We shall cover those more advanced features in the future. For the time being, we will just see ip link show (shown above) and ip link set, which is used to change settings for the physical or virtual link:

[root@rhce7] # ip link set eth3 promisc off multicast off arp on mtu 1500 broadcast 192.168.0.255

The parameters that can be changed will obviously depend on the type of link we are dealing with. But apart from the common ones shown in the example above, we can also change the link name (not a good idea if in use!)...

[root@rhce7] # ip link set eth3 name eth4

... or change the transmission queue size ...

[root@rhce7] # ip link set eth4 txqlen 2000

... or give it an alias ...

[root@rhce7] # ip link set eth4 alias backup-line

Now that we know how to bring links up, configure IP addresses and change properties... the next step is to configure routes. To see the current routes in use we use either of these 2 commands:

[root@rhce7] # ip route show
[root@rhce7] # route ­-n

We can add the default route for all links in the instance with:

[root@rhce7] # ip route add default via 192.168.0.1/24

And we can add specific routes for specific networks and links:

[root@rhce7] # ip route add 10.0.0.0/8 via 192.168.1.1/24 dev eth3

We can change default routes as many times as necessary:

[root@rhce7] # ip route change default via 192.168.0.2/24

And we can delete routes:

[root@rhce7] # ip route delete 10.0.0.0/8 via 192.168.1.1/24 dev eth3

Many of the commands shown above can be abbreviated. For instance the following sets of commands yield exactly the same result:

[root@rhce7] # ip address show
[root@rhce7] # ip addr show
[root@rhce7] # ip addr s
[root@rhce7] # ip a s
[root@rhce7] # ip a
.
[root@rhce7] # ip address add 192.168.122.163/24 broadcast 192.168.122.255 dev eth4
[root@rhce7] # ip addr add 192.168.122.163/24 broadcast 192.168.122.255 dev eth4
[root@rhce7] # ip a add 192.168.122.163/24 broadcast 192.168.122.255 dev eth4
[root@rhce7] # ip a a 192.168.122.163/24 broadcast 192.168.122.255 dev eth4
.
[root@rhce7] # ip address delete 192.168.122.163/24 dev eth4
[root@rhce7] # ip addr delete 192.168.122.163/24 dev eth4
[root@rhce7] # ip addr del 192.168.122.163/24 dev eth4
[root@rhce7] # ip addr d 192.168.122.163/24 dev eth4
[root@rhce7] # ip a d 192.168.122.163/24 dev eth4
.
[root@rhce7] # ip address show dev eth4
[root@rhce7] # ip a s dev eth4
.
[root@rhce7] # ip route show
[root@rhce7] # ip r s

If we do not like the output format of ip link we can also use networkctl:

root:~> networkctl list
IDX LINK        TYPE       OPERATIONAL   SETUP
. 1 lo          loopback   n/a           n/a
. 2 eno1        ether      n/a           n/a
. 3 wlo1        wlan       n/a           n/a
. 4 virbr0      ether      n/a           n/a
. 5 virbr0­nic   ether      n/a           n/a
. 6 vnet0       ether      n/a           n/a
. 7 vnet1       ether      n/a           n/a
. 8 vnet2       ether      n/a           n/a
.
8 links listed.
.
root:~> networkctl status ­­--all
● 1: lo
.  Link File: /usr/lib/systemd/network/99­default.link
Network File: n/a
.       Type: loopback
.      State: n/a (n/a)
.        MTU: 65536
.    Address: 127.0.0.1
.             ::1
.
● 2: eno1
.  Link File: /usr/lib/systemd/network/99­default.link
Network File: n/a
.       Type: ether
.      State: n/a (n/a)
.       Path: pci­0000:0f:00.0
.     Driver: r8169
.     Vendor: Realtek Semiconductor Co., Ltd.
.      Model: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
. HW Address: f0:92:1c:4f:10:09
.        MTU: 1500
.
● 3: wlo1
.  Link File: /usr/lib/systemd/network/99­default.link
Network File: n/a
.       Type: wlan
.      State: n/a (n/a)
.       Path: pci­0000:08:00.0
.     Driver: iwlwifi
.     Vendor: Intel Corporation

 

<< time, chrony & ntp                    netstat command >>