Core Technology

When it comes to network configuration, Linux has several utilities collected in net-tools. Users learn to manage addresses with ifconfig, routes with route, and MAC addresses and the local network segment (the neighborhood) with arp. A single tool, ip of the iproute2 tool collection, replaces several of the classic network tools with one utility.

Making Links

The ip tool operates on objects, which could be links, network layer addresses, routes, rules, and a few others. I'll start with Layer 2 objects (i.e., links) and advance to upper layers.

The ip utility should already be in your Linux system. If not, install the iproute2 package. The ip(8) man page provides generic instructions on using the command, whereas ip-link(8) and friends provide the specifics. If you have ever used Git, you understand this split. Basically, you provide ip an object on which to operate; a command, such as add or del; and some options. The command ip <object> help lists the details in each case.

Before you can use a networking interface in Linux, you need to bring it up. The following command sets up a network interface:

# ip link set up dev eth0

This command must run as root (note the # prompt). The link object refers to a networking device, either physical or virtual, and the set command sets various link options. For instance, you could enable promiscuous mode (useful for sniffers such as Wireshark) with ip set promisc on or rename the interface with ip set <name>. The up option tells ip you want to set the link active, and dev eth0 specifies the device. You can check whether the command worked as expected with ip link show (Listing 1).

In the preceding command, the show command doesn't require root permissions. If you omit it altogether (i.e., ip link), show is implied; adding the -s switch collects and shows a few statistics (Figure 1). The UP flag in angle brackets tells you the link is up, and NO-CARRIER indicates that no cable is currently plugged in to the laptop. Note that MAC address is displayed as well, which you can change with:

Figure 1: ip gathers stats and can even substitute for the venerable netstat, to some extent.

ip link set address

In addition to configuring existing network links, ip can create new links – or at least a new virtual Ethernet (Veth) adapter:

# ip link add veth0 type veth peer name veth1

Veth interfaces come in pairs and are much like real network cards connected with a patch cord. Entering ip link show displays them as veth0@veth1 and vice versa. Veth interfaces were designed to simplify network communication for namespaces, and they are often seen with containerization tools such as Docker, but you can also use a virtual interface in other situations where you just want a simple network tunnel. The command ip link add can also create bridges (acting as a brctl substitute), VLANs, and a variety of network tunnels, including the VXLAN and Geneve options commonly used in network virtualization. You'll hardly ever need all these link types on your machine, but if you did, ip could manage them.

If you no longer need a link for some virtual device, use ip link del to get rid of it, but don't expect this command to work for physical devices.

Meeting Neighbors

Up the stack, you find the Network layer (aka, Layer 3) and network addresses. IPv4 is a typical specimen. The IPv4 address is a bit of information you usually supply when you bring the interface up with ifconfig; ip supports both IPv4 and IPv6.

Your single entry point to all address-related operations, regardless of address type, is ip address. Adding an address is easy:

# ip addr add 192.168.1.2/24 dev eth0

Look at how 192.168.1.2/24 specifies both the IPv4 address (192.168.1.2) and the netmask (24). This information is already enough for ip to deduce a broadcast address, which is often set explicitly with ifconfig.

It is also completely possible to assign an interface more than one address (Listing 2). Note that ip reuses the same "verbs" (or commands) across different objects.

Older tools (like ifconfig) provide multiple address support via interface aliases (eth0:0). For ip, this is not a requirement. Yet you can achieve the same effect if you assign an address label as in Listing 3.

For backward compatibility, the label string must start with the interface name followed by a colon. You may delete addresses you no longer need with ip address delete (or just ip a d – see the "Abbreviations and Synonyms" box), whereas ip address flush flushes all addresses assigned to the interface.

Once you have assigned an interface a new IP address, how do other computers know about it? Neighborhood protocols are the answer. For IPv4, it's ARP (LV031); IPv6 calls the equivalent mechanism Neighborhood Discovery (ND), which is a part of ICMPv6. ip handles both ARP and IPv6 ND via the neighbour object. In practice, ip neigh is the prevalent command form.

The most common operation is to list ARP/ND entries. The old-school arp command lists IPv4 addresses only, yet ip happily handles both families (Listing 4).

You can instruct ip to show IPv4 or IPv6 entries only with the -4 and -6 switches. You can also add new neighbor entries and change, replace, or delete existing ones. The ip-neighbour(8) man page covers the necessary commands.

Finding Routes

Network layer protocols (IPv4 or IPv6) are all about routing. Routing is how packets reach their destinations beyond the local network segment. In the simplest case, routing information boils down to the default gateway address, which accepts all packets destined for the outside world. In a large enterprise or provider network, complex dynamic routing protocols are employed to ensure connectivity and optimize traffic flow.

Although ip doesn't do anything with dynamic routing protocols – separate daemons are in charge of this – it does provide all you might want for your static routing configuration, even in advanced scenarios. In a typical case, the route is chosen on the basis of the destination address, and that's the only use case the route command covers. Not only does ip cover this basic scenario, it provides a few additional options, as well:

# ip route add 192.168.2.0/24 via 192.168.1.1

This command adds a route to the 192.168.2.0 network via the 192.168.1.1 gateway. A special keyword, default, which is equivalent to 0.0.0.0/0, can be used to specify the default gateway. You can delete a route with ip route delete and modify existing routes with ip route modify. As usual ip route show (or list) displays the routing table:

$ ip route list
default via 192.168.101.1 dev wlan0 proto static metric 600...

For a complex routing table, it might not be evident which route will apply to which destination, especially if routes involve different metric or preference values. The ip route get comes to the rescue: It runs the virtual packet through the routing table and prints the result. No root privileges are required:

$ ip route get 8.8.8.8
8.8.8.8 via 192.168.101.1 dev wlan0 src 192.168.101.43
    cache

ip route get resolves the route you provide, creating so-called clones (think cache entries) as necessary. The word cache in the last line signifies this fact. One can see what's currently in the routing cache with ip route list cache, and flush it with ip route flush cache. However, the IPv4 routing cache was removed in Linux 3.6 for its non-deterministic performance. So, unless you use an old kernel, ip route list cache yields nothing. In a nutshell, the kernel still makes route clones but doesn't try to store them anymore.

The route type shown above is the most typical one, but it is not the only one ip understands. Iptables was the traditional way to silently discard packets going to evil networks , but the blackhole route would also work fine:

$ ip route add blackhole 8.8.8.8
# ping 8.8.8.8
connect: Invalid argument

For local sockets, the blackhole route yields the EINVAL error. Two similar route types, unreachable and prohibit, generate ICMP Host Unreachable and ICMP Communication Prohibited replies. Local senders get EHOSTUNREACH and EACCESS, respectively.

A throw route type terminates lookup in the current routing table. Is there more than one routing table in Linux, you ask? That's a good question!