http://fossforce.com/2015/07/using-new-iproute2-suite
For years, even in 2015, web tutorials, college textbooks and lab simulators have all been teaching the traditional networking utilities, such as arp, ifconfig, netstat and route. Whether you know it or not, most of these commands were deprecated years ago. They were replaced with commands from the iproute2 suite of utilities. Most Linux distros have continued to install the traditional tools, but CentOS, Arch and now openSUSE (among others), are moving to put them into deprecated status. That means we’ll need to start getting used to the new tools.
For those not familiar, the 2.2 Linux kernel revision (way back in the olden days) brought about some changes to the way the kernel handled networking. New features were introduced back then that had not been implemented anywhere else. The old tools use the /proc interface, while the newer tools use the newer kernels’ netlink interface. At least some of the older tools are no longer in active development. The bottom line is that the iproute2 suite offers some definite advantages over the old tools.
While we won’t be able to resolve the world’s networking problems all in one go here, we can at least take a look at the more common commands. Before we go too far, be sure to pay attention to the double dashes “
Wikipedia provides the nice table below, showing which commands are replaced by the newer utilities.
You’ll notice that we can get most of the information we want simply by using the
Bear in mind that we do not need the “show” or “list” keywords. If we just run
We can manage this cache using other ip neighbor commands. Thus, if
we need to add a static ARP entry, we could easily just associate the IP
address with a particular MAC address, like so:
Here are a few resources you can check out for more details:
For years, even in 2015, web tutorials, college textbooks and lab simulators have all been teaching the traditional networking utilities, such as arp, ifconfig, netstat and route. Whether you know it or not, most of these commands were deprecated years ago. They were replaced with commands from the iproute2 suite of utilities. Most Linux distros have continued to install the traditional tools, but CentOS, Arch and now openSUSE (among others), are moving to put them into deprecated status. That means we’ll need to start getting used to the new tools.
For those not familiar, the 2.2 Linux kernel revision (way back in the olden days) brought about some changes to the way the kernel handled networking. New features were introduced back then that had not been implemented anywhere else. The old tools use the /proc interface, while the newer tools use the newer kernels’ netlink interface. At least some of the older tools are no longer in active development. The bottom line is that the iproute2 suite offers some definite advantages over the old tools.
While we won’t be able to resolve the world’s networking problems all in one go here, we can at least take a look at the more common commands. Before we go too far, be sure to pay attention to the double dashes “
--“. Anything after “--” is a
comment. As with many programming languages, I include them after
commands as explanatory notes. Note also that I’ll be running as root
for my own convenience, but I normally either use sudo or su - -c "command". Wikipedia provides the nice table below, showing which commands are replaced by the newer utilities.
| Purpose | Legacy utility | iproute2 equivalent |
|---|---|---|
| Address and link configuration | ifconfig | ip addr, ip link |
| Routing tables | route | ip route |
| Neighbors | arp | ip neigh |
| VLAN | vconfig | ip link |
| Tunnels | iptunnel | ip tunnel |
| Bridges | brctl | ip link, bridge |
| Multicast | ipmaddr | ip maddr |
| Statistics | netstat | ip -s, ss |
ip command, along with the relevant object and options. For example, ip takes one of the following objects listed below, which can be shortened as shown:- address (or addr or a)
- link (or lin or l)
- neighbor (or neigh or n)
- route (or r)
- tunnel (or tunn)
For a quick overview of the commands for any of ip’s objects, we can run:ip --helporman ip
ip [object] help -- shows command syntax for a given object’s commands
For example:
ip link help
ip link (replaces ifconfig)
Now, let’s start with our devices, shall we? Network connections are considered to be links, so we useip link to show, add or delete our current network devices:ip link show (or list) --enp3s0 (eth0) is down, wlp4s0 (wlan0) is up
ip -s link show --shows the current statistics for each link
Click to enlarge.
ip [object],
you will get a listing of whatever object you wanted (links, addresses,
etc.). We can also modify a network device’s attributes. For example,
we can manually change the address, or change its state to “up” or
“down”:
ip link set [device] [action]
In truth, ip link has a great many actions, and we can
really get down to the dirty details of our devices, including adding
and deleting bridges (for you more advanced users who need this).ip address (replaces ifconfig)
Sometimes we need to manage our network (IP) addresses.ip address
allows us to set the address for a given device, and using the
appropriate protocol. To see our current address(es), we can simply do:Here’s an example of adding an IP address. Note that we use the “/24″ at the end of the address, in addition to the “brd +” to assign a standard 24-bit broadcast address to the device “enp3s0″:ip addrorip aorip address list
ip -6 address list --show IPv6 addresses
ip -6 address show dev enp3s0 --show IPv6 address for specific device (your device name may be a bit different)
ip addr add 192.168.1.15/24 brd + dev enp3s0
ip neighbor (replaces arp)
The old net-tools “arp” command lets us see and manipulate the Address Resolution Protocol information (stored in a cache). Using the new iproute2 format, we can see the list of neighboring computers (assuming they are in our arp cache), add, delete, change and replace neighbors and even flush the neighbors table. Let’s take a quick look at an example. Mind you, I pinged a few systems on my local LAN, and so have a few entries in my ARP cache.
ip neighbor show
Click to enlarge.
ip neigh add 192.168.1.25 [mac address here]
Hopefully, you are starting to see the consistency in using certain
commands (show, add, delete, set) with various objects (link, address,
neighbor, etc.). The iproute2 suite mostly avoids arcane option flags,
preferring to use something closer to “plain English” for accomplishing
tasks. Let’s take a look at the routing commands.ip route (replaces route)
You can probably guess what command we need to run if we want to see the routing table. That’s right! As I mentioned above, the show/list keywords are optional. We can really just run:
ip route -- you can add show (sh) or list (ls) for clarity
What are we going to do if we need to add a static route? Right again!
ip route add default via 192.168.1.254 -- adds a new default route (assuming we don’t already have one)
Suppose our router (or some switches) is connected to another
network, and we want to add a route to it. Simply use the network
address:
ip route add 192.168.2.0 via 192.168.1.254
To delete a route, substitute delete or del,
or even just “d”, for “add”. Naturally, there are a lot more things we
can do with route objects. The “get” command effectively finds routes
by acting as if it is sending/receiving packets. We can also add routing
rules (a routing plan, if you will), based on the various fields in a
routing packet. Since we don’t have time to dive deeper, I’ll leave you
to explore this area on your own. ss (replaces netstat)
In order to get the same information as the old netstat command (on a basic level), we’ll want to run thess
utility. The output will scroll right off the screen, so we’ll use a
pager here to make it easier to scroll through the information at our
own pace:
ss -l | less -- that’s a lower-case “L”, and gives us only the sockets listening for traffic
If we need more details, we can use the “extended” option:
ss -e -- add another “e” for even more details
If you need to work with networking — or even security — these tools
are good to know. There is, of course, much more you can do, including
managing bridges. In fact, one of my buddies really likes the bridge
capabilities of the iproute2 suite. In general, I like the relative
simplicity and consistency in using the commands across the suite. Here are a few resources you can check out for more details:
No comments:
Post a Comment