January 27, 2022
How to user ip command line on Linux

How to Use ip Command Line on Linux

On this tutorial, we will learn how to use ip command line on Linux environment, This tutorial also comes with an example of using the ip command line. The ip command line is used to show/manipulate routing, network devices, interfaces and tunnels. It is related to the networking configuration.

Introduction

If we work as a sysadmin who takes care of the server, of course we will often deal with network work. How do we set up the network on a servers, do troubleshooting, add or update the network management and configuration. in this tutorial, we will try to discuss about the ip command line which is commonly used as a tool for setting up network on servers, especially those with Linux operating systems. The ip command line is used to show / manipulate routing, network devices, interfaces and tunnels.

ip Command line Usage

ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename

ip Options

SyntaxMeaningDescription
-V -VersionPrint the version of the ip utility and exit.
-h -human,  -human-readableoutput statistics with human readable values followed by suffix.
-b -batch <FILENAME>Read commands from provided file or standard input and invoke them.  First failure will cause termination of ip.
-force  Don’t terminate ip on errors in batch mode.  If there were any errors during execution of the commands the application return code will be non zero.
 -s -stats, -statisticsOutput more information. If the option appears twice or more  the amount of information increases.  As a rule  the information is statistics or some time values.
-d -detailsOutput more detailed information.
 -l -loops <COUNT>Specify maximum number of loops the ‘ip address flush’ logic will attempt before giving up. The default is 10.  Zero (0) means loop until all addresses are removed.
-f -family <FAMILY>Specifies the protocol family to use. The protocol family identifier can be one of inet family identifier meaning that no networking protocol is involved.
-4 shortcut for -family inet.
-6 shortcut for -family inet6.
-B   shortcut for -family bridge.
-M      shortcut for -family mpls.
0 shortcut for -family link.
-o -onelineoutput each record on a single line replacing line feeds with the ‘\’ character. This is convenient when you want to count records with wc(1) or to grep(1) the output.
-r -resolveuse the system’s name resolver to print DNS names instead of host addresses.
-n -netns <NETNS> switches ip to the specified network namespace NETNS.  Actually it just simplifies executing of: 
              ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help } to  ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
 -N -NumericPrint the number of protocol, scope, dsfield, etc directly instead of converting it to human readable name.
-a -allexecutes specified command over all objects it depends if command supports this option.
-c[color][={always|auto|never}Configure color output. If parameter is omitted or always, color output is enabled regardless of stdout state. If parameter is auto, stdout is checked to be a terminal before enabling color output. If parameter is never, color output is disabled. If specified multiple times, the last one takes precedence. This flag is ignored if -json is also given.
  Used color palette can be influenced by COLORFGBG environment variable (see ENVIRONMENT).
-t -timestampdisplay current time when using monitor option.
-ts -tshort Like -timestamp  but use shorter format.
-rc -rcvbuf<SIZE>Set the netlink socket receive buffer size, defaults to 1MB.
-br -briefPrint only basic information in a tabular format for better readability. This option is currently only supported by ip addr show and ip link show commands.
-j -jsonOutput results in JavaScript Object Notation (JSON).
-p -prettyThe default JSON format is compact and more efficient to parse but hard for most users to read.  This flag adds indentation for readability.
Options on ip Command line

Objects of ip Command line

Object on ip command line are can be any one of the following and may be written in full or abbreviation.

   OBJECTAbbreviationDescription
addressa, addrprotocol (IP or IPv6) address on a device.
addrlabeladdrllabel configuration for protocol address selection.
l2tp   tunnel ethernet over IP (L2TPv3).
link  lnetwork device.
maddressm, maddrmulticast address.
monitor watch for netlink messages.
mroutemrmulticast routing cache entry
mrule rule in multicast routing policy database.
neighbourn, neighmanage ARP or NDISC cache entries.
netns manage network namespaces.
ntable  manage the neighbor cache’s operation.
routerrouting table entry.
rulerurule in routing policy database.
tcp_metrics/tcpmetrics manage TCP Metrics
token manage tokenized interface identifiers.
tunnelttunnel over IP.
tuntap manage TUN/TAP devices.
xfrmx manage IPSec policies.
Objects of ip Command line

ip Command Line Examples

In this section, we will show an example of using the ip command line.

1. Displays Network Interfaces

The ip command line can be used to display all network interfaces attached to the system. We will use the ip command line with options a or addr. The option of ip a and ip addr will show the sam result, as shown below.

worker2@worker2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:d9:e7:fc brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.19.140/24 brd 192.168.19.255 scope global dynamic noprefixroute ens33
       valid_lft 1435sec preferred_lft 1435sec
    inet6 fe80::42a8:cbc9:fcb4:3699/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
worker2@worker2:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:d9:e7:fc brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.19.140/24 brd 192.168.19.255 scope global dynamic noprefixroute ens33
       valid_lft 1435sec preferred_lft 1435sec
    inet6 fe80::42a8:cbc9:fcb4:3699/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
Executing ip a and ip addr
Executing ip a and ip addr

2. Assigning the IP address to the interface

We also can assign the IP Address to the network interface, by typing command line :

ip a add {ip_addr/mask} dev {interface}

On this example we will assign a new IP Address 192.168.19.150 to ens33 :

worker2@worker2:~$ sudo ip a add 192.168.19.150/255.255.255.0 dev ens33

Then we will check it by using ip addr command line, as shown below :

worker2@worker2:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:d9:e7:fc brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.19.140/24 brd 192.168.19.255 scope global dynamic noprefixroute ens33
       valid_lft 1758sec preferred_lft 1758sec
    inet 192.168.19.150/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::42a8:cbc9:fcb4:3699/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
Assingning IP Address to a network interface
Assigning IP Address to a network interface

3. Remove/Delete IP Address from Interface

We also can remove/delete an existing IP Address from the Interface. We will use the following command line :

ip a del {ip_addr/mask} dev {interface}

On this example, we will delete IP Address 192.168.19.150 from ens33 network interface.

worker2@worker2:~$ sudo ip a del 192.168.19.150/255.255.255.0 dev ens33

4. Displaying IPv 4 or IPv6

We can display a spesified IP Adrress where is IPv4 or IPv6, by typing command line :

## dislplaying IPv 4
$ ip -4 a

## displaying IPv6
$ ip -6 a
worker2@worker2:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    altname enp2s1
    inet 192.168.19.140/24 brd 192.168.19.255 scope global dynamic noprefixroute ens33
       valid_lft 1253sec preferred_lft 1253sec
worker2@worker2:~$ ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::42a8:cbc9:fcb4:3699/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

5. Displaying neighbour/arp Cache

We can display neighbour/arp cache by using ip command line, with the syntax below :

ip n show
ip neigh show
worker2@worker2:~$ ip n show
192.168.19.254 dev ens33 lladdr 00:50:56:e5:55:c5 STALE
192.168.19.2 dev ens33 lladdr 00:50:56:ed:91:cd REACHABLE
worker2@worker2:~$ ip neigh show
192.168.19.254 dev ens33 lladdr 00:50:56:e5:55:c5 STALE
192.168.19.2 dev ens33 lladdr 00:50:56:ed:91:cd REACHABLE

The last column show us the status of neighbour machine. There are three types of the state, namely :

STALE – The neighbour is valid, but is probably already unreachable, so the kernel will try to check it at the first transmission.
DELAY – A packet has been sent to the stale neighbour and the kernel is waiting for confirmation.
REACHABLE – The neighbour is valid and apparently reachable.

6. Adding a New ARP Entry

For adding ne ARP entry, we will use the syntax:

ip neigh add {IP-HERE} lladdr {MAC/LLADDRESS} dev {DEVICE} nud {STATE}

For our example, we will add a permanent ARP entry for the neighbour 192.168.18.240 on the device ens33 :

worker2@worker2:~$ sudo ip neigh add 192.168.18.240 lladdr 00:1a:30:38:a8:00 dev ens33 nud perm
worker2@worker2:~$ ip neigh show
192.168.19.254 dev ens33 lladdr 00:50:56:e5:55:c5 STALE
192.168.19.2 dev ens33 lladdr 00:50:56:ed:91:cd REACHABLE
192.168.18.240 dev ens33 lladdr 00:1a:30:38:a8:00 PERMANENT
Adding new ARP to an interface
Adding new ARP to an interface

7. Deleting a ARP Entry

We Also can delete/remove a ARP Entry by using ip command line. The syntax is as showing below :

ip neigh del {IPAddress} dev {DEVICE}

We will delete a ARP 192.168.18.240 on the device ens33 :

worker2@worker2:~$ sudo ip neigh del 192.168.18.240 dev ens33
worker2@worker2:~$ ip neigh show
192.168.19.254 dev ens33 lladdr 00:50:56:e5:55:c5 STALE
192.168.19.2 dev ens33 lladdr 00:50:56:ed:91:cd REACHABLE

8. Showing IP Routing Table

To display the contents of the routing tables on our system, we have any optiong of the following command lines:

ip r
ip r list
ip route list
ip r list [options] ip route

The sample output are showing below :

worker2@worker2:~$ ip r
default via 192.168.19.2 dev ens33 proto dhcp metric 100 
169.254.0.0/16 dev ens33 scope link metric 1000 
192.168.19.0/24 dev ens33 proto kernel scope link src 192.168.19.140 metric 100 
worker2@worker2:~$ ip r list
default via 192.168.19.2 dev ens33 proto dhcp metric 100 
169.254.0.0/16 dev ens33 scope link metric 1000 
192.168.19.0/24 dev ens33 proto kernel scope link src 192.168.19.140 metric 100 
worker2@worker2:~$ ip route list
default via 192.168.19.2 dev ens33 proto dhcp metric 100 
169.254.0.0/16 dev ens33 scope link metric 1000 
192.168.19.0/24 dev ens33 proto kernel scope link src 192.168.19.140 metric 100 
Showing IP Routing table
Showing IP Routing table

9. Configuring Color Output

We also have an options to display the output of ip command line to be more intuitve. The syntax is as shown below.

 ip -c [OBJECTS]

The sampke usage is as follow :

ip command line in colorful display
ip command line in colorful display

Conclusion

The ip command line is a powerful tools for managing network on a system. There are many functions of the ip command line which are very useful for network management on a server.There are lots of examples of using the ip command line on linux out there.

Share this article via :

Leave a Reply

Your email address will not be published. Required fields are marked *