Date created: Monday, July 1, 2013 4:57:54 PM. Last modified: Friday, June 28, 2024 2:03:48 PM

'iproute2' - IP addressing, routing, routing tables, and namespaces

Delete All IPs

$ sudo ip addr flush dev eth0

 

Set MAC Address

$ sudo ip link set dev eth0 address 00:00:00:00:00:01

 

ARP and NDP Entries

Show ARP entries:

$ arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.0.2 ether 00:1e:06:42:03:e0 C wlp0s20f3
192.168.0.1 ether 7c:ad:74:b0:31:d6 C wlp0s20f3

 

Show all NDP entries:

$ ip -6 nei
1234:1234::1234 dev wlp0s20f3 lladdr 00:1e:06:42:03:e0 router STALE
fe80::21e:6ff:fe42:3e0 dev wlp0s20f3 lladdr 00:1e:06:42:03:e0 router STALE
fe80::7ead:74ff:feb0:31d6 dev wlp0s20f3 lladdr 7c:ad:74:b0:31:d6 router REACHABLE

 

Show a specific NDP entry:

$ ip -6 neigh get 1234:1234::1234 dev wlp0s20f3
1234:1234::1234 dev wlp0s20f3 lladdr 00:1e:06:42:03:e0 router STALE

 

Set a static NDP entry:

$ ip -6 nei add fd::1 lladdr 00:00:00:00:00:01 dev l3_0

 

Set a static ARP entry:

$ sudo arp -i eth0 -s 10.0.0.4 00:00:00:00:00:04

 

Clear a dynamic ARP Entry:

$ sudo ip neighbor del 10.0.0.4 dev eth0

 

Set Promiscuous Mode

$ sudo ip link set dev eth0 promisc on

 

Showing Statistics

$ ip -s -h l show dev eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
    RX:  bytes packets errors dropped  missed   mcast           
          757M    846k      0     943       0       0 
    TX:  bytes packets errors dropped carrier collsns           
          110M    471k      0       0       0       0 

 

Showing Routes

$ ip route
$ ip route get 8.8.8.8 # Get the route to a single IP (this performs a kernel IP routing lookup)
$ ip route list 10.0.0.6/31 # Show the matching routing entry (if there is one)
$ ip -6 route
$ ip -r route get ::1
$ ip -6 route show fd::/64

 

Monitor

# man ip-monitor
# -t - show timestamps
# -ts - show short timestamps
# monitor - monitor netlink messages
# monitor [ optional object type ] - link, address, route, mroute, prefix, neigh, netconf, rule, nsid and nexthop

$ ip -ts monitor
[2023-11-15T14:57:42.616056] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router PROBE
[2023-11-15T14:57:42.617337] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router REACHABLE
[2023-11-15T14:57:47.735765] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router PROBE
[2023-11-15T14:57:47.736710] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router REACHABLE
[2023-11-15T14:58:08.215771] fd:0:0:1::2 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router STALE
[2023-11-15T14:58:12.311945] fe80::21e:6ff:fe42:3e0 dev enx00e04c36114d lladdr 00:1e:06:42:03:e0 router STALE
[2023-11-15T14:58:16.169458] 4: enx00e04c36114d inet 192.168.58.8/26 brd 192.168.58.63 scope global dynamic noprefixroute enx00e04c36114d
valid_lft 65757sec preferred_lft 65757sec
[2023-11-15T14:58:16.169532] 4: enx00e04c36114d inet6 fe80::e972:def3:6ea9:dbe8/64 scope link noprefixroute
valid_lft forever preferred_lft forever

 

Route Types

$ ip route add help 2>&1 | grep -A 1 unicast
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }

Blackhole routes silently drop packets:

$ sudo ip -6 route add blackhole 2001:41c0::/32
$ sudo ip -6 route add blackhole 2001:41c1::/32

$ ip -6 r | grep black
blackhole 2001:41c0::/32 dev lo metric 1024 pref medium
blackhole 2001:41c1::/32 dev lo metric 1024 pref medium

Unreachable routes drop traffic and generate an ICMP unreachable message.

Prohibit routes drop traffic but send an ICMP communication administratively prohibited message.

 

Network Name Spaces

Two sub-interfaces in different Network Namespaces (on Linux each NetNS is a full IP stack so these are implicitly separate routing tables):

sudo ip netns list
sudo ip link add link ens2f0 name ens2f0.10 type vlan id 10
sudo ip link set up dev ens2f0.10
sudo ip a a 10.0.1.2/30 dev ens2f0.10
sudo ip r a 10.0.2.0/30 via 10.0.1.1
ip r

sudo ip netns add qos
sudo ip link add link ens2f0 name ens2f0.20 type vlan id 20
sudo ip link set ens2f0.20 netns qos
sudo ip netns exec qos ip link set up dev ens2f0.20
sudo ip netns exec qos ip link show
sudo ip netns exec qos ip a a 10.0.2.2/30 dev ens2f0.20
sudo ip netns exec qos ip r a 10.0.1.0/30 via 10.0.2.1
sudo ip netns exec qos ip r

# Move an interface back into the root namespace
# sudo ip netns exec qos ip link set ens2f0.20 netns 1

 

Adding  a custom routing table which also has a default route, to be used for example with an OOB connection;

Show currenet routing tables;

cat /etc/iproute2/rt_tables

Add new routing table, ID 20 called "OOB";

echo "20 OOB" >> /etc/iproute2/rt_tables

Add the rest to /etc/rc.local or similar start up script:

# Bring up our secondary interface which is connected to the OOB network
/sbin/ip link set dev eth1 up
# Add the IP address to this interface /sbin/ip addr add 192.0.2.10/24 dev eth1
# Add a default route on this interface in this custom IP routing table /sbin/ip route add 0/0 via 192.0.2.254 table OOB
ip route show table OOB
# Add a rule to route any traffic that comes from our OOB IP to be routed according # to the routes in the OOB routing table (which simply contains a default route, out via # the same OOB network) /sbin/ip rule add from 192.0.2.10 table OOB

Previous page: 'iptables' - Notes
Next page: IPv6 Addressing on Linux