We’ve been talking for several years now about how network engineers need to become comfortable with Linux. Linux is everywhere these days (it always has been, actually), and network engineers must be able to navigate and work with a Linux-based system confidently. In this tutorial, we will dive into a specific skill that every network engineer should have—exploring the network configuration of a Linux system with the ip command.
ip commandThe ip command is the currently recommended CLI tool for investigating and manipulating the network configuration on Linux systems. I say “currently recommended” because like so many things in the world, there have been other tools used in the past—many of which still exist on Linux systems.
For example, the ifconfig command was the command to view the network configuration on a Linux server for many years. But today, it isn’t even installed by default on most Ubuntu systems.
(main) expert@expert-cws:~$ ifconfig
Command 'ifconfig' not found, but can be installed with:
apt install net-tools
Please ask your administrator.
The ip command is available.
(main) expert@expert-cws:~$ ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf | sr | nexthop }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec | -j[son] | -p[retty] |
-f[amily] { inet | inet6 | mpls | bridge | link } |
-4 | -6 | -I | -D | -M | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] |
-c[olor]}
Yikes—that looks kind of intimidating. Fear not, my friend; by the end of this tutorial, you’ll be confidently wielding this command with the power you deserve.
For our first lesson, look at the Usage: line.
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip on its own isn’t enough, which is why the help message was displayed when we ran it on its own. At a minimum, an OBJECT also must be provided. The help message lists the available objects.
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf | sr | nexthop }
That’s a long list, but if you look through it, several of them should look familiar and easily recognizable. Here are the objects we’ll be exploring in this tutorial:
link: Links represent individual network devices on a host. Most often, these would be network adapters (such as NICs), but there are other types of “links” that will also be seen on a Linux host. A special type of link called a “veth” is used to provide networking to Docker containers, for example.address: Address probably is the easiest object to understand. This object is for viewing or manipulating IPv4 and IPv6 addresses configured on a host.route: The route object allows access to the routing table for the host. Many Linux hosts will have a single “default route,” but Linux hosts can sometimes have multiple network interfaces and as complex a routing table as a dedicated router.An example of a basic use of the ip command would be:
ip address
This works because the default command for each object is show. So the above is equivalent to:
ip address show
Each object has other commands available, and they can be seen by checking the help. For example:
ip address help
OK, with that introduction out of the way, let’s start our exploration with a look at addresses.
First up in our exploration will be the ip address object. Rather than just go through the full command help or man page line (ensuring that no one ever reads another tutorial), we are going to look at some common things you might want to know about the network configuration on a host.
You are exploring on your own, so I would highly recommend trying
ip address helpas well asman ip addressfor more details. These commands are very powerful and flexible.
We’ll start by answering the question, “What is my IP address?” Run the command ip address show (or just ip address) from your terminal:
```
(main) expert@expert-cws:~$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff
inet 172.16.211.128/24 brd 172.16.211.255 scope global dynamic ens160
valid_lft 1034sec preferred_lft 1034sec
inet6 fe80::20c:29ff:fe75:9927/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:70:bb:15:d4 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:70ff:febb:15d4/64 scope link
valid_lft forever preferred_lft forever
```
This command displays the address configuration for all interfaces on the Linux workstation. My workstation has three interfaces configured—a loopback address, the Ethernet interface, and the Docker interface.
We can focus our exploration by providing a specific network device name as part of our command. Pick one of the devices and use it in the ip address show dev {DEVICE} command:
```
(main) expert@expert-cws:~$ ip address show dev ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff
inet 172.16.211.128/24 brd 172.16.211.255 scope global dynamic ens160
valid_lft 1239sec preferred_lft 1239sec
inet6 fe80::20c:29ff:fe75:9927/64 scope link
valid_lft forever preferred_lft forever
```
If you want to limit the details to just IPv4, you can add the -f inet to the command. But note that all options go between the ip and address in the command (address is the object in this command).
```
(main) expert@expert-cws:~$ ip -f inet address show dev ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 172.16.211.128/24 brd 172.16.211.255 scope global dynamic ens160
valid_lft 1138sec preferred_lft 1138sec
```
Pretty handy, right? If you check out ip address help, you’ll find examples of how you can use the command to add, change, or remove IP addresses from interfaces as well. But we’ll leave that for another tutorial. Moving on to looking at link state!
Now that we’ve gotten our feet wet, let’s circle back to the link object. Links are the network devices configured on a host, and the ip link command provides engineers options for exploring and managing these devices.
Let us answer the question, “Which networking interfaces are configured on my host?” Run the ip link show command:
```
(main) expert@expert-cws:~$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:75:99:27 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:70:bb:15:d4 brd ff:ff:ff:ff:ff:ff
```
After exploring the output of ip address show, it shouldn’t come as a surprise that there are three network interfaces/devices configured on my host. A quick look will show the output from this command is all included in the output for ip address show. For this reason, I almost always just use ip address show when looking to explore the network state of a host.
Look at the output. What is the MAC address for your primary network adapter? In my example output, it is 00:0c:29:75:99:27.
There is a lot of other information available in this output as well as the output from the address command. Here’s a bit of a secret decoder ring for the physical interface details, using my ens160 interface as an example.
ens160: The name of the interface from the operating system’s perspective. This depends a lot on the specific distribution of Linux you are running, whether it is a virtual or physical machine, and the type of interface. If you’re more used to seeing “eth0” interface names (like I was), it is time to become comfortable with the new interface naming scheme.<BROADCAST,MULTICAST,UP,LOWER_UP>: Between the angle brackets are a series of flags that provide details about the interface state. This shows that my interface is both broadcast and multicast capable and that the interface is enabled (UP) and the physical layer is connected (LOWER_UP).mtu 1500: The maximum transmission unit (MTU) for the interface. This interface is configured for the default 1500 bytes.qdisc mq: This indicates the queueing approach being used by the interface. Things to look for here are values of noqueue (send immediately) or noop (drop all). There are several other options for queuing that a system might be running.state UP: Another indication of the operational state of an interface. UP and DOWN are pretty clear, but you might also see UNKNOWN like in the loopback interface above. UNKNOWN indicates that the interface is up and operational, but nothing is connected—which is pretty valid for a loopback address.group default: Interfaces can be grouped together on Linux to allow common attributes or commands. Having all interfaces connected to group default is the most common setup, but there are some handy things you can do if you group interfaces together. For example, imagine a VM host system with two interfaces for management and eight for data traffic. You could group them into “mgmt” and “data” groups and then control all interfaces of a type together.qlen 1000: The interface has a 1000-packet queue. The 1001st packet would be dropped.Like the ip address object, the ip link object can also be manipulated with other commands. For example, if you needed to change the MTU on a link to support jumbo frames, the command would be ip link set ens160 mtu 9000. That would require admin or root privileges on the host, however. But enough of that; let’s check out the routing table!
Most of the traffic from a host is destined somewhere on another Layer 3 network, and the host needs to know how to “route” that traffic correctly. After looking at the IP address(es) configured on a host, I will often take a look at the routing table to see if it looks like I’d expect. For that, the ip route command is the first place I look.
Run ip route on your host. The full command ip route show would also work, of course, but let’s be efficient.
```
(main) expert@expert-cws:~$ ip route
default via 172.16.211.2 dev ens160 proto dhcp src 172.16.211.128 metric 100
172.16.211.0/24 dev ens160 proto kernel scope link src 172.16.211.128
172.16.211.2 dev ens160 proto dhcp scope link src 172.16.211.128 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
```
If you are more familiar with show ip route output on a router, this might look a little different. But this command output is still very readable, and there is a lot of good info to be found.
Review your output and find your default gateway. In the example output, the default gateway is 172.16.211.2 through the “ens160” device. This route was learned from DHCP and will use the IP address configured on my “ens160” interface as the source address.
The ip route command can also be used to add or delete routes from the table, but with the same requirement for root privileges as when we used ip link to change the MTU of an interface. Also, any changes made with the ip command aren’t maintained after a reboot of the system. In order to make changes persistent, look at the details for network configuration for your Linux distribution.
Great work! You have reached the end of this tutorial. With your newfound knowledge of the ip command, you are better prepared to explore and understand the networking state of a Linux system. If you’d like to learn a bit more about Linux networking, see the handy references below.
If you’re looking for a Linux VM to start with your exploration of any Linux topic, check out the candidate workstation published for the DevNet Expert lab exam. It’s an Ubuntu-based VM that has been set up to be ready to go for network programmability topics. Even if you aren’t studying for the Expert exam, it’s a great ready-to-use Linux VM.
Here are manual page links for the commands we looked at today:
Red Hat has a really handy ip Command Cheat Sheet.
Here are two Cisco Certification tracks that use skills similar to those we went through today: