ip
show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |
netns | l2tp }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-l[oops] { maximum-addr-flush-attempts } |
-o[neline] | -t[imestamp] | -b[atch] [filename] |
-rc[vbuf] [size]}
OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp }
OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }
-s
-stats
-statistics
output more information. If the option appears twice or more, the amount of information increases.
| -l
-loops
maximum number of loops the 'ip addr flush' logic will attempt before giving up. The default is 10. Zero (0)
means loop until all addresses are removed.
| -f [ inet|inet6|link]
-family |
Enforce the protocol family to use.
If the option is not
present, the protocol family is guessed from other arguments.
If the rest of the command line does not give enough information to guess the family, ip falls back to the default one, usually inet or any. link is a special family identifier
meaning that no networking protocol is involved.
| -4 aka -family inet
-6 aka -family inet6
-0 aka -family link
-o
-oneline
output each record on a single line, replacing line feeds with the '\' character. Use to
count records with wc(1) or to grep(1) the output.
| -r
-resolve use the system's name resolver to print DNS names instead of host addresses.
| -V
-Version | print the version of the ip utility and exit.
| | | | | | | | | | |
OBJECT
The example are from slammerfox 1/28/20
addressprotocol (IP or IPv6) address on a device. ip address
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 50:3e:aa:0d:46:e9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.46/24 brd 192.168.1.255 scope global dynamic enp3s0
valid_lft 2433sec preferred_lft 2433sec
inet6 fe80::523e:aaff:fe0d:46e9/64 scope link
valid_lft forever preferred_lft forever
addrlabellabel configuration for protocol address selection. ip addrlabel
prefix ::1/128 label 0
prefix ::/96 label 3
prefix ::ffff:0.0.0.0/96 label 4
prefix 2001::/32 label 6
prefix 2001:10::/28 label 7
prefix 3ffe::/16 label 12
prefix 2002::/16 label 2
prefix fec0::/10 label 11
prefix fc00::/7 label 5
prefix ::/0 label 1
l2tp | tunnel ethernet over IP (L2TPv3)
| link device. ip link
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp3s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 50:3e:aa:0d:46:e9 brd ff:ff:ff:ff:ff:ff
maddressmulticast address. 1: lo
inet 224.0.0.1
inet6 ff02::1
inet6 ff01::1
2: enp3s0
link 01:00:5e:00:00:01
link 33:33:00:00:00:01
link 33:33:ff:0d:46:e9
link 01:00:5e:00:00:fb
link 33:33:00:00:00:fb
link 01:00:5e:7f:ff:fa
inet 239.255.255.250
inet 224.0.0.251
inet 224.0.0.1
inet6 ff02::fb
inet6 ff02::1:ff0d:46e9
inet6 ff02::1
inet6 ff01::1
monitorwatch for netlink messages. 192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 STALE
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 PROBE
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf STALE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad PROBE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf STALE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad STALE
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 PROBE
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
^C
mroute | multicast routing cache entry.
ip mroute show [ [ to ] PREFIX ] [ from PREFIX ] [ iif DEVICE ] [ table local | main | default | all | NUMBER ]
| mrule rule in multicast routing policy database.
ip mrule
32767: from all lookup default
ip rule { add | del } SELECTOR ACTION
ip rule { flush | save | restore }
ip rule [ list [ SELECTOR ]]
SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]
[ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]
ACTION := [ table TABLE_ID ]
[ nat ADDRESS ]
[ realms [SRCREALM/]DSTREALM ]
[ goto NUMBER ]
SUPPRESSOR
SUPPRESSOR := [ suppress_prefixlength NUMBER ]
[ suppress_ifgroup DEVGROUP ]
TABLE_ID := [ local | main | default | NUMBER ]
neighbourmanage ARP or NDISC cache entries. ip neighbor
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad STALE
192.168.1.3 dev enp3s0 lladdr 80:7d:3a:94:7b:7c STALE
192.168.1.2 dev enp3s0 FAILED
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 STALE
netns manage network namespaces. ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns list-id
sudo ip netns monitor
ntable manage the neighbor cache's operation. reformatted Usage: ip ntable change name NAME [ dev DEV ]
[ thresh1 VAL ] [ thresh2 VAL ] [ thresh3 VAL ] [ gc_int MSEC ]
[ PARMS ]
Usage: ip ntable show [ dev DEV ] [ name NAME ]
PARMS := [ base_reachable MSEC ] [ retrans MSEC ] [ gc_stale MSEC ]
[ delay_probe MSEC ] [ queue LEN ]
[ app_probes VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]
[ anycast_delay MSEC ] [ proxy_delay MSEC ] [ proxy_queue LEN ]
[ locktime MSEC ]
ip ntable
inet arp_cache
thresh1 128 thresh2 512 thresh3 1024 gc_int 30000
refcnt 1 reachable 30516 base_reachable 30000 retrans 1000
gc_stale 60000 delay_probe 5000 queue 31 app_probes 0 ucast_probes 3 mcast_probes 3
anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 1000
inet arp_cache
dev enp3s0
refcnt 11 reachable 44588 """" locktime 1000
inet arp_cache
dev lo
refcnt 2 reachable 26848 """" locktime 1000
inet6 ndisc_cache
thresh1 128 thresh2 512 thresh3 1024 gc_int 30000
refcnt 1 reachable 26996 """" locktime 0
inet6 ndisc_cache
dev enp3s0
refcnt 6 reachable 17068 """" locktime 0
inet6 ndisc_cache
dev lo
refcnt 2 reachable 27040 """" locktime 0
route routing table entry. Usage: ip route { list | flush } selector
ip route save selector
ip route restore
ip route showdump
ip route get address [ from address iif string ] [ oif string ] [ tos TOS ] [ mark number ] [ vrf NAME ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type TYPE ] [ scope scope ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope scope ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] address ] [ dev string ] [ weight number ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu number ] [ advmss number ] [ as [ to ] address ]
[ rtt time ] [ rttvar time ] [ reordering number ] [ window number ] [ cwnd number ] [ initcwnd number ]
[ ssthresh number ] [ realms REALM ] [ src address ] [ rto_min time ] [ hoplimit number ] [ initrwnd number ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ] [ pref PREF ] [ expires time ]
TYPE := { unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | number ]
SCOPE := [ host | link | global | number ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | number ]
PREF := [ low | medium | high ]
TIME := number[s|ms]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ip route
default via 192.168.1.1 dev enp3s0 proto static metric 100
192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.46 metric 100
rule rule in routing policy database. ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
tunnel tunnel over IP.
ip tunnel { add | change | del | show | prl | 6rd } [ NAME ]
[ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ]
[ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
[ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
[ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]
[ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]
Where: NAME := STRING
ADDR := { IP_ADDRESS | any }
TOS := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
tuntap | manage TUN/TAP devices.
| xfrm | manage IPSec policies.
sudo ip xfrm state|policy|monitor { COMMAND | help }
| | | | | | | | | | | | | | | | | | | | | | | | | | | | |
Objects may be written in full or abbreviated form, example: address is abbreviated as addr or just a.
COMMAND
Action to perform on the object, depending on the object type.
add, delete and show (or list ) objects. Some objects do not allow all of these operations and some have additional
commands.
help outputs a list of available commands and argument syntax conventions.
If no command is given, some default command is assumed. U sually it is list or, if the objects of this class cannot be listed,
help.
See
ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-
netns(8), ip-ntable(8), ip-route(8), ip-rule(8), ip-tunnel(8), ip-xfrm(8)
IP Command reference ip-cref.ps
REPORTING BUGS
Report bug to the Network Developers mailing list .
iproute2 20 Dec 2011