IPRoute2 is the successor to the net-tools networking utilities, including
route. Instead of having to use a separate tool for every aspect of network management, with IPRoute2, administrators now have a unified interface. Although IPRoute2 has been available for some time, the toolbox has struggled to replace the legacy tools.
IPRoute2  lets the admin manage most aspects of the network, including:
- IP configuration of interfaces
- Adding and deleting entries in the routing table
- Adjusting the ARP cache settings or NDISC (Neighbor Discovery)
- Managing network tunnels
- Displaying the link-layer information (MAC addresses, etc.)
- Configuring Quality of Service (QoS)
Management features cover both IPv4 and IPv6, and new features are implemented in a timely manner. For example, 6rd tunnel management  has already been added. IPRoute2 is now part of the basic install set for all major Linux distributions and is fundamental to many of the advanced network features. For example, IPRoute2 is required for some routing and gateway functions. Even the Gnome desktop cannot communicate on the network without IPRoute2.
IPRoute2 Programs and Files
Usually the configuration files for the individual tools are located in
/etc/iproute2 and contain some values that are required only in advanced scenarios. Most of the programs provided by IPRoute2 have a special task, and all of them play a specific role in managing network functions:
/sbin/ip– The main program, with which most network aspects of the Linux kernel can be controlled.
/sbin/cbq– Serves as a sample script for the class-based QoS (class-based queuing, CBQ).
/sbin/ifcfg– Replaces the IP address management option in ifconfig.
/sbin/rtmon– Enables monitoring of the routing table.
/sbin/tc– Used to configure advanced traffic control features.
/sbin/arpd– Collects gratuitous ARP information. These ARP messages announce a change in the IP-to-MAC address mapping.
/sbin/lnstat– Shows kernel statistics on various aspects of network communication and replaces
- Additional tools –
/sbin/rtacctare simple tools for displaying SNMP counters and network statistics.
The most important tool in IPRoute2 is
ip. It handles most of the common tasks associated with network management by specifying particular objects and providing them with the desired parameters and options that serve as the context. Important contexts include, for example:
- Link – Displays or manipulates information at the link-layer level.
- Address – Displays or manipulates IP information.
- Route – Displays or manipulates routing information.
- Tunnel – Displays or manipulates tunnel configurations.
- Xfrm – Displays or manipulates IPsec policies.
The commands do not typically need to be fully entered as rules; they can be completed just to the extent at which they become unambiguous. Thus,
ip addr, and
ip a all output the IP configuration of the interface. The complete command is actually
ip address show, and appropriate show commands are available for almost all contexts. These may also be the default values (Figure 1).
In many cases, additional options can be set for the show commands. For example, if you only want to output the IP configuration for
eth0, the short command is
ip address show eth0 or ip a s eth0
As with ifconfig, information for both IPv4 and IPv6 is output. If you prefer to restrict the output to one of the two protocol versions, you can enable the option
ip -4 or
ip -6 as a filter.
Help is available from the man pages for each tool in IPRoute2 and via the
help option, which can be specified after the respective context. For example,
ip addr help
shows context-sensitive help for the
ip addr options. Detailed information is provided by the man pages for the individual contexts. In the case of
ip addr, for example, you can call:
The specific call required for the context in question is shown in the
SEE ALSO section of the man page for
ip itself, that is,
man ip 8.
Managing IP Addresses
To assign an additional IP address of
172.16.55.1/24 to the interface
eth0, you would issue the following command:
ip address add 172.16.55.1/24 brd 172.16.55.255 dev eth0
The specification of the broadcast address (
brd) is optional, but still recommended. To remove the assignment of an IP address from an interface, you need the
del option, as the following example shows:
ip address del 172.16.55.1/24 dev eth0
flush option takes a somewhat harder line here, and it also lets you remove all the IP addresses from an interface. To remove all IP addresses from the interface
eth0, you can enter:
ip address flush dev eth0
This condition persists until the interface is reinitialized. Also, DHCP-based interfaces do not immediately pick up a new address after their previous address is removed.
The important thing is that this kind of IP address manipulation for an interface does not end up in the configuration file. After reinitializing the interface or restarting the system, the changes made by
ip are no longer available. If you want them to stick, you need to create a startup script.
Predestined for IPv6
ip command lets you view and manipulate the advanced features of IPv6. This includes, for example, the prefix policy as per RFC 3484, which defines the rules by which the various IPv6 addresses are used. This policy can be displayed by typing
ip addrlabel or
ip addrl (Figure 2). The label determines the priority of each address. The well-known IPv6 prefixes are used here.
Because the various IPv6 addresses assigned to an IPv6-enabled interface have a different scope, the labels ensure that an IPv6 packet uses a sender address that matches the destination address.
To do this, the label of a source address in an incoming packet is used to find a suitable local address that has the same scope.
For example, to add another entry for the prefix
2002::2/64 with a label of
99 to this prefix policy, you can use the following:
ip addrlabel add prefix 2002::2/64 label 99
Accordingly, you can do:
ip addrlabel del prefix 2002::2/64 label 99
to remove prefixes with their labels again.
One Level Down
Link-layer information, that is, MAC addresses and the like, is handled by the
link option. For example, using
ip link or
ip link show shows you the low-level information about the interfaces (Figure 3) in a similar way to
ip address. Using
ip -s link show
gives you a statistical overview of the available interfaces, which can be limited by adding the interface again:
ip -s link show eth0
In a way that is almost typical of Linux, you can extend the output by adding another
-s. For example:
ip -s -s link show eth0
However, the combination of both
-ss is not possible.
ip link set lets you set various hardware parameters for the interfaces. For example, you can shut down the eth0 interface with
ip link set eth0 down
and fire it up again with:
ip link set eth0 up
Additionally, you can manipulate the maximum transmission unit (MTU), the MAC address, promiscuous mode, and many other parameters.
Another useful option is
neighbor. It lets admins display and manipulate the IPv4 ARP cache and the IPv6 NDISC cache . NDISC replaces the ARP mechanism in IPv6. The command
ip neighbor show
returns all cached mappings between MAC addresses and logical addresses for both IPv4 and IPv6. To restrict your results to one protocol, add
-4 ip neighbor show).
In some situations, static addressing assignments are useful (e.g., to make address spoofing more difficult). Additionally, selectively preventing access to hosts with an intentionally incorrect link-layer address means a host cannot be addressed. If you want to assign the IP address 10.1.1.1 to a fixed MAC address of 00:d0:a7:b1:c7:de on eth1, the following command will do the trick:
ip neigh add 10.1.1.1 lladdr 00:d0:a7:b1:c7:de dev eth1 nud perm
nud stands for Neighbor Unreachability Detection, a mechanism that was introduced in IPv6 but that can also set the status of an entry in IPv4. Conversely, an entry can also be removed using:
ip neigh del 10.1.1.1 dev eth1
The IPRoute2 toolbox is extremely comprehensive;
ip alone contains a seemingly endless number of possibilities and options.
More Options for ip
ip route command lets you view and manipulate the kernel routing table. For example,
ip route show displays the IPv4 routing table, and
ip -6 route show generates the same output for IPv6. A static route, say, for the prefix 188.8.131.52/24 via the next hop at 10.1.1.254, can be created with the command:
ip route add 184.108.40.206/24 via 10.1.1.254
Similarly, you can delete or modify routes or even configure forbidden paths. This approach applies equally to IPv4 and IPv6, of course.
ip, you also can adjust the multicast properties, configure different types of tunnels, and manipulate the Routing Policy Database (RPDB) , which determines the routing table used to forward a packet.
ip, IPRoute2 offers several other ways of manipulating network traffic – in particular, the
tc (Traffic Control) tool. With
tc, you can manage QoS and traffic shaping, which is based on queuing mechanisms, wherein individual queues (interface queues) are assigned to certain traffic. On the basis of the IP QoS mechanisms, which set an appropriate value in the Type of Service (ToS) byte in the IP header, each packet can be assigned to a particular queue, which, in turn, is associated with a predetermined processing priority.
In this way, the Linux kernel can ensure that a certain amount of bandwidth is reserved for important traffic flows, and that less important traffic is limited at the same time. The concept of traffic shaping relies on various mechanisms, including CBQ , wherein the traffic is divided into different classes that are then prioritized.
IPRoute2 is a comprehensive toolbox with capabilities that are not immediately apparent. Although IPRoute2 is already used in many scenarios behind the scenes, its use at the command line has not quite taken root in the minds of many administrators. However, the learning curve is not as long and arduous as many admins might fear.
Of course, you cannot intuitively grasp all the options and features of IPRoute2, but working with tools such as
tc quickly provides new opportunities that may be of inestimable value for analysis and troubleshooting. Additionally, you have to consider that the upcoming IPv6 can no longer be managed in any other way than with the new