- doc
- concepts
- routing table
- network namespace
- contains multiple interfaces
- interface
- interface to the devices (hardware or software)
- device
- network devices which are backed up by hardware network adapters
- NIC: Network interface controller 网卡
- virtual network kernel interfaces
- TUN
- TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets.
- TAP
- TAP (namely network tap) simulates a link layer device and it operates with layer 2 packets like Ethernet frames.
- TUN is used with routing, while TAP is used for creating a network bridge.
- ARP table
ip
usage
# ip --help
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
man ip
# man ip | cat
IP(8) Linux IP(8)
NAME
ip - show / manipulate routing, devices, policy routing and tunnels
SYNOPSIS
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp | tcp_metrics | token | macsec }
OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | ipx | dnet | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -a[ll] |
-c[olor] }
OPTIONS
-V, -Version
Print the version of the ip utility and exit.
-h, -human, -human-readable
output statistics with human readable values followed by suffix.
-b, -batch <FILENAME>
Read commands from provided file or standard input and invoke them. First failure will cause termination of ip.
-force Don't terminate ip on errors in batch mode. If there were any errors during execution of the commands, the application return code will be non zero.
-s, -stats, -statistics
Output more information. If the option appears twice or more, the amount of information increases. As a rule, the information is statistics or some time values.
-d, -details
Output more detailed information.
-l, -loops <COUNT>
Specify maximum number of loops the 'ip address flush' logic will attempt before giving up. The default is 10. Zero (0) means loop until all addresses are removed.
-f, -family <FAMILY>
Specifies the protocol family to use. The protocol family identifier can be one of inet, inet6, bridge, ipx, dnet, mpls or link. If this option is not present, the protocol family is guessed from other arguments. If the rest of the command line does not give enough information to guess the
family, ip falls back to the default one, usually inet or any. link is a special family identifier meaning that no networking protocol is involved.
-4 shortcut for -family inet.
-6 shortcut for -family inet6.
-B shortcut for -family bridge.
-D shortcut for -family decnet.
-I shortcut for -family ipx.
-M shortcut for -family mpls.
-0 shortcut for -family link.
-o, -oneline
output each record on a single line, replacing line feeds with the '\' character. This is convenient when you want to count records with wc(1) or to grep(1) the output.
-r, -resolve
use the system's name resolver to print DNS names instead of host addresses.
-n, -netns <NETNS>
switches ip to the specified network namespace NETNS. Actually it just simplifies executing of:
ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help }
to
ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
-a, -all
executes specified command over all objects, it depends if command supports this option.
-c, -color
Use color output.
-t, -timestamp
display current time when using monitor option.
-ts, -tshort
Like -timestamp, but use shorter format.
-rc, -rcvbuf<SIZE>
Set the netlink socket receive buffer size, defaults to 1MB.
-iec print human readable rates in IEC units (e.g. 1Ki = 1024).
IP - COMMAND SYNTAX
OBJECT
address
- protocol (IP or IPv6) address on a device.
addrlabel
- label configuration for protocol address selection.
l2tp - tunnel ethernet over IP (L2TPv3).
link - network device.
maddress
- multicast address.
monitor
- watch for netlink messages.
mroute - multicast routing cache entry.
mrule - rule in multicast routing policy database.
neighbour
- manage ARP or NDISC cache entries.
netns - manage network namespaces.
ntable - manage the neighbor cache's operation.
route - routing table entry.
rule - rule in routing policy database.
tcp_metrics/tcpmetrics
- manage TCP Metrics
token - manage tokenized interface identifiers.
tunnel - tunnel over IP.
tuntap - manage TUN/TAP devices.
xfrm - manage IPSec policies.
The names of all objects may be written in full or abbreviated form, for example address can be abbreviated as addr or just a.
COMMAND
Specifies the action to perform on the object. The set of possible actions depends on the object type. As a rule, it is possible to add, delete and show (or list ) objects, but some objects do not allow all of these operations or have some additional commands. The help command is available for all
objects. It prints out a list of available commands and argument syntax conventions.
If no command is given, some default command is assumed. Usually it is list or, if the objects of this class cannot be listed, help.
EXIT STATUS
Exit status is 0 if command was successful, and 1 if there is a syntax error. If an error was reported by the kernel exit status is 2.
HISTORY
ip was written by Alexey N. Kuznetsov and added in Linux 2.2.
SEE ALSO
ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-netns(8), ip-ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-token(8), ip-tunnel(8), ip-xfrm(8)
IP Command reference ip-cref.ps
REPORTING BUGS
Report any bugs to the Network Developers mailing list <[email protected]> where the development and maintenance is primarily done. You do not have to be subscribed to the list to send a message there.
AUTHOR
Original Manpage by Michail Litvak <[email protected]>
iproute2 20 Dec 2011 IP(8)
Usage detail
- objects
- link
- virtual link
man ip-link
: network device configuration
- one device can have multiple virtual links?
- types
- bridge - Ethernet Bridge device
- bond - Bonding device can - Controller Area Network interface
- aggregating multiple network interfaces into a single logical “bonded” interface
- The behavior of the bonded interface depends on the mode; generally speaking, modes provide either hot standby or load balancing services.
- Similar a bonded interface, the purpose of a team device is to provide a mechanism to group multiple NICs (ports) into one logical one (teamdev) at the L2 layer.
- dummy - Dummy network interface
- A dummy interface is entirely virtual like, for example, the loopback interface. The purpose of a dummy interface is to provide a device to route packets through without actually transmitting them.
- hsr - High-availability Seamless Redundancy device
- ifb - Intermediate Functional Block device
- The IFB (Intermediate Functional Block) driver supplies a device that allows the concentration of traffic from several sources and the shaping incoming traffic instead of dropping it.
- Use an IFB interface when you want to queue and shape incoming traffic.
- ipoib - IP over Infiniband device
- An IPOIB device supports the IP-over-InfiniBand protocol. This transports IP packets over InfiniBand (IB) so you can use your IB device as a fast NIC.
- The IPoIB driver supports two modes of operation
datagram
- the IB UD (Unreliable Datagram) transport is used
connected
- the IB RC (Reliable Connected) transport is used
- the connected mode takes advantage of the connected nature of the IB transport and allows an MTU up to the maximal IP packet size of 64K.
- macvlan - Virtual interface base on link layer address (MAC)
- With VLAN, you can create multiple interfaces on top of a single one and filter packages based on a VLAN tag. With MACVLAN, you can create multiple interfaces with different Layer 2 (that is, Ethernet MAC) addresses on top of a single one.
- There are five MACVLAN types:
- Private
- VEPA
- Bridge
- Passthru
- macvtap - Virtual interface based on link layer address (MAC) and TAP.
- MACVTAP/IPVTAP is a new device driver meant to simplify virtualized bridged networking. When a MACVTAP/IPVTAP instance is created on top of a physical interface, the kernel also creates a character device/dev/tapX to be used just like a TUN/TAP device, which can be directly used by KVM/QEMU.
- vcan - Virtual Controller Area Network interface
- Similar to the network loopback devices, the VCAN (virtual CAN) driver offers a virtual local CAN (Controller Area Network) interface, so users can send/receive CAN messages via a VCAN interface. CAN is mostly used in the automotive field nowadays.
- VXCAN
- Similar to the VETH driver, a VXCAN (Virtual CAN tunnel) implements a local CAN traffic tunnel between two VCAN network devices. When you create a VXCAN instance, two VXCAN devices are created as a pair.
- veth - Virtual ethernet interface
- The VETH (virtual Ethernet) device is a local Ethernet tunnel. Devices are created in pairs, as shown in the diagram below.
- Packets transmitted on one device in the pair are immediately received on the other device.
- When either device is down, the link state of the pair is down.
- vlan - 802.1q tagged virtual LAN interface
- A VLAN, aka virtual LAN, separates broadcast domains by adding tags to network packets.
- VLANs allow network administrators to group hosts under the same switch or between different switches.
- vxlan - Virtual eXtended LAN
- a tunneling protocol designed to solve the problem of limited VLAN IDs (4,096) in IEEE 802.1q. It is described by IETF RFC 7348.
- VXLAN allows up to 2^24 (16,777,216) virtual LANs, which is 4,096 times the VLAN capacity.
- ip6tnl - Virtual tunnel interface IPv4|IPv6 over IPv6
- ipip - Virtual tunnel interface IPv4 over IPv4
- sit - Virtual tunnel interface IPv6 over IPv4
- gre - Virtual tunnel interface GRE over IPv4
- gretap - Virtual L2 tunnel interface GRE over IPv4
- ip6gre - Virtual tunnel interface GRE over IPv6
- ip6gretap - Virtual L2 tunnel interface GRE over IPv6
- vti - Virtual tunnel interface
- nlmon - Netlink monitoring device
- Use an NLMON device when you want to monitor system Netlink messages.
- ipvlan - Interface for L3 (IPv6/IPv4) based VLANs
- IPVLAN is similar to MACVLAN with the difference being that the endpoints have the same MAC address.
- IPVLAN supports L2 and L3 mode
- IPVLAN L2 mode acts like a MACVLAN in bridge mode. The parent interface looks like a bridge or switch
- In IPVLAN L3 mode, the parent interface acts like a router and packets are routed between endpoints, which gives better scalability.
- lowpan - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4 / Bluetooth
- geneve - GEneric NEtwork Virtualization Encapsulation
- macsec - Interface for IEEE 802.1AE MAC Security (MACsec)
- MACsec (Media Access Control Security) is an IEEE standard for security in wired Ethernet LANs. Similar to IPsec, as a layer 2 specification, MACsec can protect not only IP traffic but also ARP, neighbor discovery, and DHCP.
- vrf - Interface for L3 VRF domains
- address
man ip-address
- Each device must have at least one address to use the corresponding protocol. It is possible to have several different addresses attached to one device.
- addrlabel
- route
- rule
- neigh
- ntable
- tunnel
- tuntap
- maddress
- mroute
- mrule
- monitor
- xfrm
- netns
- l2tp
- fou
- macsec
- tcp_metrics
- token
- ntconf
- ila
References