One ip tool to rule them all
Core Technology

© Valentine Sinitsyn develops high-loaded services and teaches students completely unrelated subjects. He also has a KDE developer account that he's never really used.
Prise the back off Linux and find out what really makes it tick.
When it comes to network configuration, Linux has several utilities collected in net-tools. Users learn to manage addresses with ifconfig
, routes with route
, and MAC addresses and the local network segment (the neighborhood) with arp
. A single tool, ip
of the iproute2 tool collection, replaces several of the classic network tools with one utility.
Making Links
The ip
tool operates on objects, which could be links, network layer addresses, routes, rules, and a few others. I'll start with Layer 2 objects (i.e., links) and advance to upper layers.
The ip
utility should already be in your Linux system. If not, install the iproute2 package. The ip(8)
man page provides generic instructions on using the command, whereas ip-link(8) and friends provide the specifics. If you have ever used Git, you understand this split. Basically, you provide ip
an object on which to operate; a command, such as add
or del
; and some options. The command ip <object> help
lists the details in each case.
Before you can use a networking interface in Linux, you need to bring it up. The following command sets up a network interface:
# ip link set up dev eth0
This command must run as root (note the #
prompt). The link
object refers to a networking device, either physical or virtual, and the set
command sets various link options. For instance, you could enable promiscuous mode (useful for sniffers such as Wireshark) with ip set promisc on
or rename the interface with ip set <name>
. The up
option tells ip
you want to set the link active, and dev eth0
specifies the device. You can check whether the command worked as expected with ip link show
(Listing 1).
Listing 1
Check a Networking Device
In the preceding command, the show
command doesn't require root permissions. If you omit it altogether (i.e., ip link
), show
is implied; adding the -s
switch collects and shows a few statistics (Figure 1). The UP flag in angle brackets tells you the link is up, and NO-CARRIER indicates that no cable is currently plugged in to the laptop. Note that MAC address is displayed as well, which you can change with:

ip link set address
In addition to configuring existing network links, ip
can create new links – or at least a new virtual Ethernet (Veth) adapter:
# ip link add veth0 type veth peer name veth1
Veth interfaces come in pairs and are much like real network cards connected with a patch cord. Entering ip link show
displays them as veth0@veth1 and vice versa. Veth interfaces were designed to simplify network communication for namespaces, and they are often seen with containerization tools such as Docker, but you can also use a virtual interface in other situations where you just want a simple network tunnel. The command ip link add
can also create bridges (acting as a brctl
substitute), VLANs, and a variety of network tunnels, including the VXLAN and Geneve options commonly used in network virtualization. You'll hardly ever need all these link types on your machine, but if you did, ip
could manage them.
If you no longer need a link for some virtual device, use ip link del
to get rid of it, but don't expect this command to work for physical devices.
Meeting Neighbors
Up the stack, you find the Network layer (aka, Layer 3) and network addresses. IPv4 is a typical specimen. The IPv4 address is a bit of information you usually supply when you bring the interface up with ifconfig
; ip
supports both IPv4 and IPv6.
Your single entry point to all address-related operations, regardless of address type, is ip address
. Adding an address is easy:
# ip addr add 192.168.1.2/24 dev eth0
Look at how 192.168.1.2/24
specifies both the IPv4 address (192.168.1.2) and the netmask (24). This information is already enough for ip
to deduce a broadcast address, which is often set explicitly with ifconfig
.
It is also completely possible to assign an interface more than one address (Listing 2). Note that ip
reuses the same "verbs" (or commands) across different objects.
Listing 2
Assign More than One Address
Older tools (like ifconfig
) provide multiple address support via interface aliases (eth0:0
). For ip
, this is not a requirement. Yet you can achieve the same effect if you assign an address label as in Listing 3.
Listing 3
Assign an Alias
For backward compatibility, the label
string must start with the interface name followed by a colon. You may delete addresses you no longer need with ip address delete
(or just ip a d
– see the "Abbreviations and Synonyms" box), whereas ip address flush
flushes all addresses assigned to the interface.
Abbreviations and Synonyms
Two things to note: First, ip
supports abbreviations. There is no minimum length, as long as the shortcut remains unambiguous. Entering ip addr
is the same as entering ip a
. Second, commands may also have synonyms: list
and lst
are the same as show
.
Once you have assigned an interface a new IP address, how do other computers know about it? Neighborhood protocols are the answer. For IPv4, it's ARP (LV031); IPv6 calls the equivalent mechanism Neighborhood Discovery (ND), which is a part of ICMPv6. ip
handles both ARP and IPv6 ND via the neighbour
object. In practice, ip neigh
is the prevalent command form.
The most common operation is to list ARP/ND entries. The old-school arp
command lists IPv4 addresses only, yet ip
happily handles both families (Listing 4).
Listing 4
List ARP/NC Entries
You can instruct ip
to show IPv4 or IPv6 entries only with the -4
and -6
switches. You can also add new neighbor entries and change, replace, or delete existing ones. The ip-neighbour(8)
man page covers the necessary commands.
Finding Routes
Network layer protocols (IPv4 or IPv6) are all about routing. Routing is how packets reach their destinations beyond the local network segment. In the simplest case, routing information boils down to the default gateway address, which accepts all packets destined for the outside world. In a large enterprise or provider network, complex dynamic routing protocols are employed to ensure connectivity and optimize traffic flow.
Although ip
doesn't do anything with dynamic routing protocols – separate daemons are in charge of this – it does provide all you might want for your static routing configuration, even in advanced scenarios. In a typical case, the route is chosen on the basis of the destination address, and that's the only use case the route
command covers. Not only does ip
cover this basic scenario, it provides a few additional options, as well:
# ip route add 192.168.2.0/24 via 192.168.1.1
This command adds a route to the 192.168.2.0
network via the 192.168.1.1
gateway. A special keyword, default
, which is equivalent to 0.0.0.0/0
, can be used to specify the default gateway. You can delete a route with ip route delete
and modify existing routes with ip route modify
. As usual ip route show
(or list
) displays the routing table:
$ ip route list default via 192.168.101.1 dev wlan0 proto static metric 600...
For a complex routing table, it might not be evident which route will apply to which destination, especially if routes involve different metric
or preference
values. The ip route get
comes to the rescue: It runs the virtual packet through the routing table and prints the result. No root privileges are required:
$ ip route get 8.8.8.8 8.8.8.8 via 192.168.101.1 dev wlan0 src 192.168.101.43 cache
ip route get
resolves the route you provide, creating so-called clones (think cache entries) as necessary. The word cache
in the last line signifies this fact. One can see what's currently in the routing cache with ip route list cache
, and flush it with ip route flush cache
. However, the IPv4 routing cache was removed in Linux 3.6 for its non-deterministic performance. So, unless you use an old kernel, ip route list cache
yields nothing. In a nutshell, the kernel still makes route clones but doesn't try to store them anymore.
The route type shown above is the most typical one, but it is not the only one ip
understands. Iptables was the traditional way to silently discard packets going to evil networks , but the blackhole
route would also work fine:
$ ip route add blackhole 8.8.8.8 # ping 8.8.8.8 connect: Invalid argument
For local sockets, the blackhole
route yields the EINVAL
error. Two similar route types, unreachable
and prohibit
, generate ICMP Host Unreachable and ICMP Communication Prohibited replies. Local senders get EHOSTUNREACH and EACCESS, respectively.
A throw
route type terminates lookup in the current routing table. Is there more than one routing table in Linux, you ask? That's a good question!
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
The GNU Project Celebrates Its 40th Birthday
September 27 marks the 40th anniversary of the GNU Project, and it was celebrated with a hacker meeting in Biel/Bienne, Switzerland.
-
Linux Kernel Reducing Long-Term Support
LTS support for the Linux kernel is about to undergo some serious changes that will have a considerable impact on the future.
-
Fedora 39 Beta Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.