ip是iproute2工具包里面的一个命令行工具,用于配置网络接口以及路由表。iproute2正在逐步取代旧的net-tools (ifconfig),所以是时候学习下iproute2的使用方法啦~
使用方法
[root@gdocker ~]# man ip
IP(8) Linux IP(8)
NAME
ip - show / manipulate routing, devices, policy routing and tunnels
SYNOPSIS
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | mon‐
itor | xfrm | netns | l2tp | tcp_metrics | token | macsec }
OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 |
ipx | dnet | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] |
-rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -a[ll] | -c[olor] }
OPTIONS
-V, -Version
Print the version of the ip utility and exit.
-h, -human, -human-readable
output statistics with human readable values followed by suffix.
-b, -batch <FILENAME>
Read commands from provided file or standard input and invoke them. First failure will cause termination of ip.
-force Don't terminate ip on errors in batch mode. If there were any errors during execution of the commands, the applica‐
tion return code will be non zero.
-s, -stats, -statistics
Output more information. If the option appears twice or more, the amount of information increases. As a rule, the
information is statistics or some time values.
-d, -details
Output more detailed information.
-l, -loops <COUNT>
Specify maximum number of loops the 'ip address flush' logic will attempt before giving up. The default is 10. Zero
(0) means loop until all addresses are removed.
-f, -family <FAMILY>
Specifies the protocol family to use. The protocol family identifier can be one of inet, inet6, bridge, ipx, dnet,
mpls or link. If this option is not present, the protocol family is guessed from other arguments. If the rest of
the command line does not give enough information to guess the family, ip falls back to the default one, usually
inet or any. link is a special family identifier meaning that no networking protocol is involved.
-4 shortcut for -family inet.
-6 shortcut for -family inet6.
-B shortcut for -family bridge.
-D shortcut for -family decnet.
-I shortcut for -family ipx.
-M shortcut for -family mpls.
-0 shortcut for -family link.
-o, -oneline
output each record on a single line, replacing line feeds with the '\' character. This is convenient when you want
to count records with wc(1) or to grep(1) the output.
-r, -resolve
use the system's name resolver to print DNS names instead of host addresses.
-n, -netns <NETNS>
switches ip to the specified network namespace NETNS. Actually it just simplifies executing of:
ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help }
to
ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
-a, -all
executes specified command over all objects, it depends if command supports this option.
-c, -color
Use color output.
-t, -timestamp
display current time when using monitor option.
-ts, -tshort
Like -timestamp, but use shorter format.
-rc, -rcvbuf<SIZE>
Set the netlink socket receive buffer size, defaults to 1MB.
-iec print human readable rates in IEC units (e.g. 1Ki = 1024).
接口信息查看
查看接口状态和详细统计
(不指定接口则显示所有接口的详细统计)
ip -d -s -s link show [dev <接口名>]
例:查看ens34接口信息。
[root: ~]# ip -d -s -s link show ens34
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 88:32:9b:ca:3f:4a brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64
RX: bytes packets errors dropped overrun mcast
581645 6100 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3743584 3939 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
IP地址设置
查看接口IP地址
(不指定接口则显示所有接口的IP地址)
ip addr show [dev <接口名>]
查看接口IPv6地址
(不指定接口则显示所有接口的IPv6地址)
ip -6 addr show [dev <接口名>]
为接口添加IP地址
ip addr add <IP地址/前缀长度> [broadcast <广播地址>] dev <接口名>
为接口添加IPv6地址
ip -6 addr add <IPv6地址/前缀长度> dev <接口名>
为接口删除IP地址
ip addr del <IP地址/前缀长度> dev <接口名>
为接口删除IPv6地址
ip -6 addr del <IP地址/前缀长度> dev <接口名>
例:为ens34添加IP地址192.168.1.111/24并检查。
[root: ~]# ip addr add 192.168.1.111/24 dev ens34
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 88:32:9b:ca:3f:4a brd ff:ff:ff:ff:ff:ff
inet 10.16.1.2/24 brd 10.16.1.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.1.111/24 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::f65c:89ff:fecd:3ab5/64 scope link
valid_lft forever preferred_lft forever
接口设置
启用接口
ip link set <接口名> up
禁用接口
ip link set <接口名> down
设置接口MAC地址
(设置前请先禁用接口)
ip link set <接口名> address <值>
设置接口MTU
(设置前请先禁用接口)
ip link set <接口名> mtu <值>
例:把ens33的MTU改成9000并检查。
[root: ~]# ip link show dev ens33 #修改前
2: ens33: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether 88:32:9b:ca:3f:49 brd ff:ff:ff:ff:ff:ff
[root: ~]# ip link set ens33 mtu 9000
[root: ~]# ip link show dev ens33 #修改后
2: ens33: <BROADCAST,MULTICAST> mtu 9000 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether 88:32:9b:ca:3f:49 brd ff:ff:ff:ff:ff:ff
VLAN设置
添加802.1Q VLAN子接口
ip link add link <接口名> name <子接口名> type vlan id <VLAN_ID>
删除802.1Q VLAN子接口
ip link del <接口名>
例:为ens33添加VLAN100子接口并检查。
[root: ~]# ip link add link ens33 name ens33.100 type vlan id 100
[root: ~]# ip -d -s -s link show ens33.100
7: ens33.100@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether 88:32:9b:ca:3f:aa brd ff:ff:ff:ff:ff:ff promiscuity 0
vlan protocol 802.1Q id 100 <REORDER_HDR> addrgenmode eui64
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
738 9 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 3
路由表设置
查看路由表
(不指定接口则显示所有接口的路由表)
ip route show [dev <接口名>]
查看指定目标地址用的是哪条路由表
ip route get <目标IP>
添加路由表
ip route add <目标IP地址/前缀长度> via <下一跳> [dev <出接口>]
添加默认网关
ip route add default via <默认网关> [dev <出接口>]
删除路由表
ip route del <目标IP地址/前缀长度> via <下一跳> [dev <出接口>]
例:查看目标地址为8.8.8.8用的是哪条路由表。
[root: ~]# ip route get 8.8.8.8
8.8.8.8 via 192.168.1.1 dev ens33 src 192.168.1.143
cache
#下一跳是192.168.1.1,出接口是ens33,接口的IP是192.168.1.143。
ARP设置
查看ARP表
(不指定接口则显示所有接口的ARP表)
ip neigh show [dev <接口名>]
添加永久ARP条目
ip neigh add <IP地址> lladdr <以冒号分割的MAC地址> dev <接口名> nud permanent
把动态ARP条目转换为永久ARP条目(仅限已存在条目)
ip neigh change <IP地址> dev <接口名> nud permanent
删除ARP条目
ip neigh del <IP地址> dev <接口名>
清空ARP表(不影响永久条目)
ip neigh flush all
转载自:https://zhuanlan.zhihu.com/p/28155886
