Humans are creatures of habit: We like to perform sequences of tasks in a familiar order with familiar tools. Given the human desire to stick with what is known, it is little wonder that outdated commands continue in common usage. For instance, many users still rely on the ifconfig, route, and arp network utilities from the net-tools package, even through a capable successor existing in the form of the ip command, which is part of the iproute2 package [1]. The ip command was introduced in 1999, along with the .NET4.0 framework, which included support for the IPv6 network protocol in Kernel 2.2.

Current distributions like Ubuntu 18.04 no longer install net-tools [2] by default. If necessary, you could set up the familiar net-tools collection with sudo apt install net-tools on a Debian-based system. But before you do, consider whether this might be the perfect time to get some experience with ip instead. The old tools use the same libraries that ip uses, but they will not see any new features. The future belongs to ip.

Getting an Overview

The ip command has the following syntax:

ip [Option (s)] Object Command [Argument(s)]]

The following command:

ip link show

or ip link for short (or even shorter ip l) – without admin privileges – outputs a list of all available network cards (Listing 1). In this case, link acts as object and show as command. If a command is missing, ip assumes that you mean show. The command also allows abbreviations and synonyms, such as ip link ls.

The output in Listing 1 shows that the cards enp4s0 and wlp2s0 are inactive. The UP flag is missing. The vboxnet0 card represents a virtual network interface used by VirtualBox. To additionally display the network addresses, you just need to enter addr as the object or simply a instead of link (Figure 1). The first example in Figure 1 restricts the output to the enp0s31f6 device.

Figure 1: The addr object displays IP addresses associated with the interface.

The output from the first command ip addr show shows both the IPv4 address (inet) and the IPv6 address (inet6). The Ethernet address (link/ether) also appears with ip link.

ip can display statistical information that helps with troubleshooting if you pass in the -s option (see the second command in Figure 1). If you are interested in the routes or the contents of the ARP cache, use ip route show or ip neighbour show (Figure 2).

Figure 2: The ip route show command returns the routes created in the system. ip neigh show displays the contents of the ARP cache. The term neigh serves as a convenient abbreviation for neighbour.

All examples shown so far work without root privileges. You can also use ip to change the network configuration, but you'll need administrative privileges. To create a virtual network card named dummy0, type the command ip link add dummy0 type dummy.

Then activate the virtual device with the ip link set dummy0 up command. When executing these commands, the system should automatically load the kernel module required for this function. If this does not work, you can load it manually with modprobe dummy (Figure 3).

Figure 3: The command ip link activates network cards – the virtual dummy0 interface in this case. The other commands assign the interface primary and secondary IP addresses, as well as a label.

If you assign several IP addresses to a network card, the classic ifconfig command generates network devices with names of the type Device:0, Device:1, and so on. The ip command is similar but uses the label parameter to assign the alias names (Listing 2).

You can use this name later in iptables scripts, for example, which greatly simplifies the task of creating firewall rules. When choosing the label, you do not necessarily have to follow the form Device:Number. The identifier only has to start with the name of the network card and can end with any character string. The list is colon-separated.

Under Pseudonym

Before you change network card names with ip, you should first deactivate the device to avoid side effects. To rename the dummy device dummy0 to test0, type the lines from Listing 3.

If you want to delete IP addresses, you can use the commands ip addr del IP_address dev device_name or ip addr flush dev device_name. The first command removes a single address; the second command removes all addresses of a network card.

Be careful – if you delete the primary IP address of a network card, you automatically remove all the secondary addresses. Figure 4 shows a secondary IP address labeled dummy0:test. It appears in the output of ip addr show dummy0 as secondary dummy0:test.

Figure 4: Policy routing rules determine which routing tables the system uses for which packets. The digit at the beginning of the output of ip rule show determines the priority of the rule.

Routing by Rules

Setting up routes to other networks is somewhat different in ip than with the legacy route tool. You can activate the default route with the following command:

ip route add default via 192.168.178.1

The via switch defines the router to use to reach the destination (in this example the default path). To specifically set up a host or network route, replace default and specify the appropriate information; for example the following command:

ip route add 10.0.0.0/24 via 192.168.178.1

for a path to the network 10.0.0.0/24.

A classic router analyzes the path to the destination IP address using its routing table. Advanced routing or policy routing, on the other hand, allows a wide range of adaptations. The Linux kernel manages up to 256 different routing tables. Rules defined by the admin stipulate for which packets the system consults which routing table.

You can display the current rules with the ip rule show command (Figure 4). In the example, the machine forwards packets from 10.0.0.7 via NAT (map-to). Packets tagged 0x5 by the iptables firewall are processed via Table number 6; packets from sender address 10.0.0.5 are processed via Table 5.

The number in the first column specifies the order in which the system processes the rules. If a package matches a rule, the packet is forwarded using the route associated with the rule. If the table contains a valid route for the package (such as the default route), the system terminates the comparison and sends the package along that route. Otherwise it continues with the remaining routes.

You can also identify tables using names. The name main represents the main routing table that the route command outputs. You can name other tables using the /etc/iproute2/rt_tables file (Listing 4). The routing tables with the numbers 0, 254, and 255 are reserved for the system (lines 1 to 5). The corresponding names also appear in the display of ip rule show.

A naming system makes it easier to use the routing tables. Just specify the table when creating a route:

ip route add default via 192.168.0.5 table internal

Clever policy routing helps to solve seemingly unsolvable problems. For example, companies often work with two network connections: a leased line with a fixed IP address and a DSL connection. Each port uses its own router. One goal of the configuration could be to handle all Internet browsing traffic via DSL and to reserve the leased line for VPN and email (Figure 5). This configuration works perfectly with ip.

Figure 5: A popular network configuration: Web traffic uses the cheaper DSL line, whereas email and VPN, which need static IP addresses, are therefore routed via the dedicated line.

First, iptables tags all browsing traffic on the firewall connected to the two routers (Listing 5, first line). An ip command then ensures that the system processes all selected packages using its own table. In this table, you then enter the DSL router (192.168.0.254 in the example) as the default gateway.

The firewall now flags each connection to ports 80 (HTTP) or 443 (HTTPS) using the 0x80 flag. Because of this rule, the computer processes the packet in the routing table with the name web and sends it to the default gateway 192.168.0.254 (the DSL router).