Shulou(Shulou.com)06/01 Report--

This article mainly explains "the usage of the Linux basic command IP". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the usage of the Linux basic command IP".

Ip

Ip instructions can display or manipulate routes, network devices, and set routing policies and channels.

The scope of this command: RedHat, RHEL, Ubuntu, CentOS, SUSE, openSUSE, Fedora.

1. Grammar

Ip [options] OBJECT COMMAND [help]

OBJECT objects can be: link, network device; addr, protocol address of device; route, routing table; rule, policy; neigh,arp cache; tunnel,ip channel; maddr, multicast address; mroute, multicast routing

COMMAND is an operation command, and different objects have different command configurations.

Commands supported by link object: set, show.

Commands supported by the addr object: add, del, flush, show.

Commands supported by the route object: list, flush, get, add, del, change, append, replace, monitor.

Commands supported by the rule object: list, add, del, flush.

Commands supported by the neigh object: add, del, change, replace, show, flush.

Commands supported by the tunnel object: add, change, del, show.

Commands supported by maddr: add, del.

Command supported by mroute: show

2. List of options

Option

Description

-V |-Version

Display version information

-- help

Display help information

-s |-stats |-statistics

Display detailed information

-f |-family

Specify the protocol type

-4

Equivalent-family inet

-6

Equivalent-family inet6

-0

Equivalent-family link

-o |-oneline

Output one line per record

-r |-resove

Use the system name to resolve DNS

3. Ip link--- network equipment configuration

A link is a network device, and the corresponding commands display and change the state of the device.

1) ip link set, change the device properties

DevNAME (default), NAME specifies the network device to operate. When configuring SR-IOV virtual feature (VF) devices, this keyword should specify the associated physical function (PF) device.

Up,down, change the state of the device, on or off.

Arp on,arp off, change the NOARP flag of the device.

Multicast on,multicast off, change the MULTICAST flag of the device.

Dynamic on,dynamic off, change the DYNAMIC flag of the device.

NameNAME, change the name of the device, if the device is running or already has a configured address, then the operation is invalid.

TxqueuelenNUMBER,txqlenNUMBER, change the length of the device sending queue.

MtuNUMBER, change the device MTU.

AddressLLADDRESS, change the site address of the interface

BroadcastLLADDRESS,brdLLADDRESS,peerLLADDRESS, when the interface is POINTOPOINT, change the link layer broadcast address or peer address.

NetnsPID, moving the device to the network namespace associated with the process PID

AliasNAME, give the device a symbolic name for easy reference

VfNUM, which specifies the virtual feature device to be configured. The associated pf device must be specified using the dev parameter.

Warning: if multiple parameters are requested, the IP will be aborted immediately after any change fails. This is the only situation in which IP can move the system to an unpredictable state. The solution is to avoid using a single ip link set call to change multiple parameters.

2) ip link show, displaying device properties

DevNAME (default), NAME specifies the network device to display. If this parameter is omitted, all devices are listed.

Up, showing only the devices that are running.

4. Ip address--- protocol address management

This address is a protocol (IP or IPv 6) address attached to the network device. Each device must have at least one address to use the appropriate protocol. Several different addresses can be attached to a device. These addresses are not discriminated against, so the term alias is not suitable for them, and we have not used it in this document. The ip addr command displays the address and its properties, adds a new address, and deletes the old address.

1) ip address add, add a new protocol address

DevNAME, the name of the device to which the address is added.

LocalADDRESS (default), the address of the interface. The format of the address depends on the protocol. It is a dotted quadrilateral for IP and a series of hexadecimal halves separated by colons for IPv 6. The address can be followed by a slash and a decimal number, which encode the network prefix length.

PeerADDRESS, the address of the remote endpoint of the point-to-point interface. Similarly, the address can be followed by a slash and a decimal number that encodes the network prefix length. If a peer address is specified, the local address cannot have a prefix length. The network prefix is associated with the peer side, not with the local address.

BroadcastADDRESS, the broadcast address of the interface. The broadcast address can be replaced with special symbols "and" -. In this case, the broadcast address is exported by setting / resetting the host bits of the interface prefix.

LabelNAME, each address can be marked with a label string. To maintain compatibility with Linux2.0 network aliases, this string must coincide with the device name, or must be prefixed with the device name followed by a colon.

ScopeSCOPE_VALUE, the range of areas where the address is valid. Available scopes are listed in the file "/ etc/iproute2/rt_scopes". The predefined range values are:

Ⅰ) global, the address is valid globally.

Ⅱ) site, (IPv 6 only) this address is the site local address, that is, the address is valid within this site.

Ⅲ) link, which is a local link, that is, it is valid only on this device.

Ⅳ) host, which is valid only within this host.

2) ip address delete, delete the protocol address

Arguments: consistent with the parameters of "ip addr add". The device name is a required parameter. The rest are optional. If no argument is provided, the first address is deleted.

3) ip address show, showing the protocol address

DevNAME (default), device name

ScopeSCOPE_VAL, listing only addresses with this scope.

ToPREFIX, listing only addresses that match the PREFIX.

LabelPATTERN, which lists only the addresses of tags that match the pattern.

Dynamic,permanent, IPv 6 only) lists only addresses that are installed due to stateless address configuration, or only permanent (non-dynamic) addresses.

Tentative, (IPv 6 only) lists only addresses that are not detected by duplicate addresses.

Deprecated, (IPv 6 only) lists only obsolete addresses

Primary,secondary, which lists only the primary (or secondary) address.

4) ip address flush, refresh the protocol address

This command refreshes the protocol address selected by some conditions. This command has the same parameters as Show. The difference is that when no parameters are given, it does not run. Warning: this command (and other refresh commands described below) is very dangerous. If you make a mistake, it will not forgive it, but will brutally clear all the addresses.

Using the-statistics option, the command becomes detailed. It prints out the number of deleted addresses and the number of rounds to refresh the address list. If this option is provided twice, "ip addr flush" also dumps all deleted addresses in the format described in the previous section.

5. Ip addrlabel--- protocol address label management

The IPv 6 address label is used for the address selection described in RFC 3484. Priorities are managed by user space, and only tags are stored in the kernel.

1) ip addrlabel add, add address label

PrefixPREFIX,devDEV, output interface.

The label of labelNUMBER,prefix is retained by 0xffffffff.

2) ip addrlabel del, delete the address label

This command deletes an address label entry in the kernel. Parameters: consistent with the parameters of "ip addrlabel add", but no label is required.

3) ip addrlabel list, listing the address label

Displays the contents of the address label.

4) ip addrlabel flush, refresh the address label

Refreshes the contents of the address label and does not save the default settings.

6. Ip neighbour--- neighbor / ARP table management

The neighbor object establishes a binding between the protocol address and the link layer address for hosts that share the same link. Adjacency entries are organized into tables. Another name for the IPv 4 neighbor table is the ARP table. The corresponding command displays the neighbor binding and its properties, adds a new neighbor entry, and deletes the old entry.

1) ip neighbour add, add neighbor table

2) ip neighbour change, change the existing neighbor table

3) ip neighbour replace, add a table or modify an existing table

These commands create new neighbor records or update existing records. The above three commands are used as follows:

ToADDRESS (default), the protocol address of the neighbor. It is either an IPv4 or an IPv6 address.

DevNAME, the interface that connects to the neighbor.

LladdrLLADDRESS, the link layer address of the neighbor, can be null.

NudNUD_STATE, the status of the neighbor, can be the following values:

Ⅰ) permanent, the neighbor entry is always valid and can only be deleted by the internal administrator.

Ⅱ) noarp, the neighbor entry is valid. No attempt will be made to validate this entry, but it can be deleted when its lifetime expires.

Ⅲ) reachable, the neighbor entry is valid until the reachable timeout expires.

Ⅳ) stale, neighbor's entry is valid, but it is suspicious. If the neighbor state is valid and this command does not change the address, this option does not change the neighbor state.

4) ip neighbour delete, delete neighbor table

This command invalidates the neighbor entry. These parameters are the same as "ip neigh add", except that lladdr and nud are ignored. Warning: attempts to delete or manually change noarp entries created by the kernel may result in unpredictable behavior. In particular, even on the NOARP interface, the kernel can try to resolve the address if it is multicast or broadcast.

5) ip neighbour show, displaying the neighbor table

ToADDRESS (default), select the prefix of the neighbor to list

DevNAME, which lists only the neighbors connected to this device

Unused, which lists only the neighbors that are not currently in use

NudNUD_STATE, which lists only the adjacent items in this state. NUD_STATE accepts the values or special values listed below, all, which means all states. This option may occur more than once. If this option is not available, IP lists all entries except None and noarp.

6) ip neighbour flush, refresh neighbor table

This command refreshes adjacent tables and selects entries to refresh based on certain criteria. This command has the same parameters as show. The difference is that when no parameters are given, it does not run, and the default neighbor state to be refreshed does not include permanent and noarp.

7. Ip route- routing table management

Manipulate the route entries in the kernel routing table to save the path information of other network nodes. The route type can be:

Ⅰ) unicast, the route entry describes the actual path to the destination covered by the route prefix.

Ⅱ) unreachable, these destinations are unreachable. Discard the packet and generate an inaccessible ICMP message host. The local sender got an EHOSTUNEACH error.

Ⅲ) blackhole, these destinations are unreachable. Packets are silently discarded. The local sender got an EINVAL error

Ⅳ) prohibit, these destinations are unreachable. The packet is dropped and ICMP message communication is generated, which is administratively prohibited. The local sender got an EACCES error.

Ⅴ) local, the destination assigned to this host. The packet is looped back and transmitted locally.

Ⅵ) broadcast, the destination is the broadcast address. The packet is sent as a link broadcast.

Ⅶ) throw, a special control path used with policy rules. If you choose such a route, the lookup in this table will be terminated, pretending that the route was not found. If there is no policy route, it means that there is no route in the routing table. Drop packets and generate unreachable ICMP message networks. The local sender got an ENETUNEACH error.

Ⅷ) nat, a special NAT route. The destination covered by the prefix is considered a virtual address (or external address) and needs to be converted to a real address (or internal address) before forwarding. Select the address to translate to, with an attribute warning: routing NAT is no longer supported in Linux2.6.

Ⅸ) via,anycast, the unmet target is any broadcast address assigned to this host. They are mainly equivalent to local addresses, but there is one difference: when these addresses are used as the source address of any packet, these addresses are invalid.

Multicast, a special type of multicast routing. It does not exist in the normal routing table.

Routing table: Linux-2.x can package routes into multiple routing tables that are digitally identified from 1 to 255. or, depending on the name of the file / etc/iucte 2/rt_tables, all normal routes are inserted into the master table (ID 254) by default, which the kernel uses only when calculating routes. In fact, another table always exists, which is invisible, but more importantly. It is the local table (ID 255). This table consists of routes for local and broadcast addresses. The kernel maintains this table automatically, and administrators usually don't need to modify it or even view it. When using policy routing, multiple routing tables enter the game.

1) ip route add, add rout

2) ip route change, modify the rout

3) ip route replace, change or add routing

ToTYPEPREFIX (default), the destination prefix of the route. If the type is omitted, IP uses type unicast. Other types of values are listed above. The prefix is an IP or IPv 6 address followed by a slash and a prefix length. If the length of the prefix is lost, the IP will use the full-length host route. There is also a special prefix default value-equivalent to "IP 0max 0" or "to IPv6:: / 0".

TosTOS,dsfieldTOS, type of service (TOS) key. The key does not have an associated mask, and the longest match is understood as: first, compare the route and the TOS of the packet. If they are not equal, the packet can still match a route with zero TOS. TOS is either an 8-digit hexadecimal number or an identifier in "/ etc/iproute2/rt_dsfield".

MetricNUMBER,preferenceNUMBER, the preferred value of the route. NUMBER is any 32-digit number.

TableTABLEID, the table to add for this route. TABLEID may be a number or string in the file "/ etc/iproute2/rt_tables". If this parameter is omitted, IP assumes the primary table, except for local, broadcast, and NAT routes, which are placed in the local table by default.

DevNAME, the output device name.

ViaADDRESS, the address of the next router. In fact, the meaning of this field depends on the type of route. For a normal unicast route, it is either a true next-hop router or a direct route installed in BSD compatibility mode, which can be the local address of the interface. For NAT routes, it is the first address of the translated IP destination parcel.

SrcADDRESS, the preferred source address to send to the destination covered by the routing prefix.

RealmREALMID, which specifies the domain for this route. REALMID may be a number or string in the file "/ etc/iproute2/rt_realms".

MtuMTU,mtulockMTU, the MTU along the path to the destination. If modifier locks are not used, the kernel may update MTU due to path MTU discovery. If a modifier lock is used, path MTU discovery will not be attempted, and all packets will be sent without the DF bit in the case of IPv4, or fragmented to MTU in IPv6.

The largest window, in bytes, that windowNUMBER,TCP advertises to these destinations. It limits the most big data bursts that TCP peers are allowed to send to us.

RttTIME, the initial estimate of RTT ('round trip time'). If no suffix is specified, the unit is the original value passed directly to the routing code to maintain compatibility with previous versions. Otherwise, if you specify seconds using the s, sec, or secs suffix, use ms, msec, or msecs to specify milliseconds.

RttvarTIME (2.3.15 + only), initial RTT variance estimation. The value is the same as the value specified by RTT above.

Rto_minTIME (2.6.23 + only), the minimum TCP retransmission timeout to use when communicating with this destination. The value is the same as the value specified by RTT above.

SsthreshNUMBER (2.3.15 + only), estimation of the initial slow start threshold.

CwndNUMBER (2.3.15 + only), the clip that blocks the window. If you do not use the lock flag, ignore it

The maximum initial congestion window (CWND) size in the MSS of the initcwndNUMBER,TCP connection.

InitrwndNUMBER (2.6.33 + only), the size of the initial receive window connected to this target. The actual window size is this value multiplied by the connected MSS. The default value is zero, which means that a slow start value is used.

AdvmssNUMBER (2.3.15 + only), MSS ("maximum segment size") advertises to these destinations when establishing a TCP connection. If not given, Linux uses the default value calculated from the first hop device MTU. (if the paths to these destinations are asymmetric, this guess may be wrong.)

ReorderingNUMBER (2.3.15 + only), the maximum reorder on the path to this destination. If not given, Linux uses the value selected by the sysctl variable "net/ipv4/tcp_reordering".

NexthopNEXTHOP, the next multipath. NEXTHOP is a complex value whose syntax is similar to the top-level parameter list:

Ⅰ) viaADDRESS, the next router.

Ⅱ) devNAME, output device

Ⅲ) weightNUMBER, which is the weight of this element of multipath routing that reflects its relative bandwidth or quality.

ScopeSCOPE_VAL, the range of destinations covered by the routing prefix. SCOPE_VAL can be a number or string in the file "/ etc/iproute2/rt_scopes". If this parameter is omitted, IP assumes scope globality for all gateway unicast routes, scope links for direct unicast and broadcast routes, and range hosts for local routes.

ProtocolRTPROTO, the routing protocol identifier for this route. RTPROTO can be a number or string in the file "/ etc/iproute2/rt_protos". If the routing protocol ID is not given, IP assumes that the protocol is up (that is, it is assumed that routes are added by people who do not know what they are doing). Some protocol values have a fixed interpretation:

Ⅰ) redirect, which is installed as a result of icmp redirection.

Ⅱ) kernel, which is installed by the kernel during autoconfiguration.

Ⅲ) boot, which is installed during startup. If the routing daemon starts, it clears all of these daemons.

Ⅳ) static, which is installed by the administrator to override the dynamic route. Routing daemons will respect them and may even advertise to their peers.

Ⅴ) ra, routing is installed by Router Discovery Protocol.

Onlink, pretending that Nextthop connects directly to this link, even if it does not match any interface prefixes.

Equalize, which allows packet-by-packet randomization on multipath routing. Without this modifier, the route will be frozen to a selected next one, so that load splitting will only occur on each stream base. Equalization works only when the kernel is patched.

4) ip route delete, delete the rout

"ip route del" and "ip route add" have the same parameters, but their semantics are slightly different. The key values (to, tos, preferences, and table) select the route to delete. If there are optional attributes, IP verifies that they are consistent with the attributes of the route to be deleted. If a route with the given key and attributes is not found, "ip route del" will fail

5) ip route show, showing routes

ToSELECTOR (default), which selects routes only from a given range of destinations. SELECTOR consists of an optional modifier (root, match, exact) and a prefix. Root chooses a route with a prefix not less than PREFIX. For example, "root 0amp 0" selects the entire routing table. Match chooses a route whose prefix length does not exceed PREFIX. For example, "match 10. 0 amp 16" selects 10. 0, 10. 0, and 0. 0, but not 10. 1, 16 and 10. 0. Exact (or just a prefix) selects a route with a prefix. If neither of these options appear, then IP assumes the root 0ap0, that is, it lists the entire table.

TosTOS, only routes with a given tos are selected.

TableTABLEID, showing the alignments in this table. The default setting is to display tablemain. TABLEID can be the ID of the real table or one of the special values:

Ⅰ) all, listing all the tables.

Ⅱ) cache, backup route cache.

Cloned,cached, which lists cloned routes, that is, routes that fork dynamically from other routes due to certain route attributes (F.E). (MTU) has been updated. In fact, it is equivalent to "table cache".

FromSELECTOR, which has the same syntax as to, but binds the source address range rather than the destination. Note that the FROM option applies only to cloned routes.

ProtocolRTPROTO, which lists only the protocols for this route.

ScopeSCOPE_VAL, listing only routes with this range

TypeTYPE, which lists only this type of route.

DevNAME, which lists only routes that pass through this device

ViaPREFIX, which lists only the routes of the next router selected by the prefix

SrcPREFIX, which lists only the routes for the preferred source address selected by the prefix.

RealmREALMID,realmsFROMREALM/TOREALM, which lists only routes in these areas.

6) ip route flush, refresh the routing table

This command refreshes the route selected by some criteria, and the parameters have the same syntax and semantics as the parameters of "ip route show", but the routing table is not listed, but is cleared. The only difference is the default action: the dump of all IP primary routing tables is displayed, but the print assistant page is refreshed.

Using the "- statistics" option, the command becomes detailed. It prints the number of deleted routes and the number of rounds that refresh the routing table. If this option is given twice, the IP route refresh will also dump all deleted routes in the format described in the previous section.

) ip route get to get a separate route

This command takes a route to the destination and prints its contents as seen by the kernel.

ToADDRESS (default), destination address.

FromADDRESS, source address.

TosTOS,dsfieldTOS, service type.

IifNAME, the device expected to arrive from the packet.

OifNAME, the output device that forces this packet to be routed.

Connected, if no source address is provided (option from), re-look for the route with the source set as the preferred address received from the first lookup. If policy routing is used, it may be a different route.

Note that this operation is not the same as "ip route show". Show displays the existing route. If necessary, get solves them and creates a new clone.

8. Ip rule--- routing policy database management

Rule rules control routing algorithms in the routing policy database. The classical routing algorithm used in Internet makes routing decisions only based on the destination address of the packet (in theory, not the actual TOS field). In some cases, we want to route packets differently, depending not only on the destination address, but also on other packet fields: source address, IP protocol, transport protocol port, and even packet payload. This task is called Policy routing. To solve this problem, the traditional destination-based routing table is sorted according to the longest matching rules and replaced with a "routing policy database" (RPDB), which selects routes by executing a set of rules.

Each policy routing rule consists of a selector and an action predicate. RPDB scans in the order in which priority is increased. The selector for each rule is applied to {source address, destination address, incoming interface, tos, fwmark}, and if the selector matches the packet, the action is performed. The action predicate may return successfully. In this case, it will give an exit route or fault indication and terminate the RPDB lookup. Otherwise, the RPDB program will proceed to the next rule.

Semantically, the natural action is to select the next and output device. At startup, the kernel configures a default rpdb consisting of three rules:

Ⅰ) Priority: 0. Selector: matches anything, Action: looks up the local routing table (ID 255). The local table is a special routing table that contains high-priority control routes for local and broadcast addresses.

Ⅱ) Priority: 32766. Selector: match anything, Action: find the routing table master (ID 254). The master table is a normal routing table that contains all non-policy routes. Administrators can delete and / or rewrite this rule with other rules.

Ⅲ) Priority: 32767. Selector: matches anything, Action: looks up routing table defaults (ID 253). The default table is empty. If there is no previous default rule to select a packet, it is reserved for some post-processing. This rule can also be deleted.

RPDB may contain the following types of rules:

Ⅰ) unicast, which specifies that the route found in the routing table referenced by the rule is returned.

Ⅱ) blackhole, this rule requires packets to be dropped quietly.

Ⅲ) unreachable, which specifies that a "network unreachable" error is generated.

Ⅳ) prohibit, which provides for an "administrative prohibition of communication" error.

Ⅴ) nat, which specifies that the source address of the ip packet is translated to a different value.

1) ip rule add, add rules.

2) ip rule delete, delete the rule.

TypeTYPE (default), the type of this rule

FromPREFIX, select the source prefix to match

ToPREFIX, select the target prefix to match

IifNAME, select the incoming device to match. If the interface is loopback, the rule matches only packets from this host. This means that you can create separate routing tables for forwarded and local packets, thus completely isolating them.

TosTOS,dsfieldTOS, select the TOS value to match.

FwmarkMARK, select the fwmark value to match.

PriorityPREFERENCE, the priority of this rule. Each rule should have a unique priority value explicitly set. Options, preferences, and order are synonyms for priority.

TableTABLEID, if the rule selector matches, looks for the routing table identifier. You can also use lookups instead of tables.

RealmsFROM/TO, the area to be selected when rule matching and routing table lookup are successful. The realm to be used is used only if the route does not select any realm.

NatADDRESS, the base of the IP address block to be translated (for the source address). The address can be the beginning of the NAT address block (selected by the NAT route) or the local host address (or even zero). In the last case, the router does not translate the packets, but disguises them as this address. Using map-to instead of nat means the same thing.

3) ip rule flush, refresh rules, and dump all deleted rules.

There are no parameters.

4) ip rule show, display rules

There are no parameters.

9. Ip maddress--- Multicast address Management

1) ip maddress show, which displays the multicast address

DevNAME (default), device name

2) ip maddress add, add multicast address

3) ip maddress delete, delete the multicast address

These commands attach / detach a static link layer multicast address to listen on the interface. Note that it is not possible to join a protocol multicast group statically. This command only manages link layer addresses

AddressLLADDRESS (default), link layer multicast address.

DevNAME, devices that add / delete multicast addresses

10. Ip mroute--- Multicast routing Cache Management

The mroute object is a multicast routing cache entry created by the user-level mrouting daemon. Due to the limitation of the current interface of the multicast routing engine, it is impossible to make administrative changes to the multicast routing object, so it can only display the object.

Ip mroute show, listing mroute cache entries

ToPREFIX (default), select the prefix of the destination multicast address to list.

IifNAME, the interface that receives multicast packets.

FromPREFIX, select the prefix of the IP source address of the multicast route

11. Ip tunnel--- tunnel configuration

The tunnel object is a tunnel that encapsulates packets in IP packets and sends them over the IP infrastructure. The encrypted (or external) address family is specified by the "- f" option. The default is ipv4.

1) ip tunnel add, add a new tunnel

2) ip tunnel change, modify an existing tunnel

3) ip tunnel delete, delete the tunnel

NameNAME (default), name of the tunnel device.

ModeMODE, set the tunnel mode. The available modes depend on the encapsulated address family. IPv 4 encapsulates available modes: ipip, SIT, isatap, and grep;IPv6 encapsulated modes: ip6ip6, ipip6, and any.

RemoteADDRESS, which sets the remote endpoint of the tunnel

LocalADDRESS, which sets the fixed local address of the tunnel packet. It must be an address on another interface on this host.

TtlN, setting a fixed TTL N on the tunneled packet. N is a number in the range 1-255. 0 is a special value, which means that the packet inherits the TTL value. The default value for IPv 4 tunnels is: Inherence. The default value for IPv6 tunnels is: 64.

TosT,dsfieldT,tclassT, which sets a fixed TOS (or traffic class in IPv 6) T on the tunnel packet. The default value is inherit.

DevNAME, which binds the tunnel to the device name so that tunnel packets can only be routed through this device and cannot escape to another device if the route to the endpoint changes.

Nopmtudisc, disable path MTU discovery on this tunnel. It is enabled by default. Note that fixed ttl is not compatible with this option: tunneling with fixed ttl always causes pmtu to discover.

KeyK,ikey KMagneokey K, (only GRE tunnels) uses keying GRE with the key K Magi K to be either a number or a dotted quadrilateral similar to an IP address. The key parameter sets the key used in both directions. The ikey and okey parameters set different keys for input and output.

Csum, icsum, ocsum, (GRE tunnels only) generate / require a checksum of tunnel packets. The ocsum flag calculates the checksum of outgoing packets. The icsum flag requires that all input packets have the correct checksum. The csum flag is equivalent to the combined icsum ocsum.

Seq, iseq, oseq, (only GRE tunnels) serialize packets. The oseq flag allows sorting of outgoing packets. The iseq flag requires that all input packets be serialized. The seq flag is equivalent to the iseq oseq combination. It's not a job. Don't use it.

Dscpinherit, (only IPv 6 tunnels) inherits DS fields between internal and external headers

EncaplimELIM, which sets a fixed encapsulation limit. The default value is 4

FlowlabelFLOWLABEL, (only IPv 6 tunnels) set a fixed flow label.

4) ip tunnel prl, list of potential routers (ISATAP only)

DevNAME

Prl-defaultADDR

Prl-nodefaultADDR

Prl-deleteADDR

Add or remove addr as a potential router or default router

5) ip tunnel show, list the tunnels

No parameters

12. Ip monitor and rtmon--- status monitoring

The IP utility can continuously monitor the status of devices, addresses, and routes. The format of this option is slightly different. That is, the monitor command is the first command on the command line, and the list of objects is as follows:

Ip monitor [all | LISTofOBJECTS]

OBJECT-LIST is a list of object types that we want to monitor. It may contain links, addresses, and routes. If no file parameter is provided, IP opens the RTNETLINK, listens for the parameter, and dumps the state changes in the format described in the previous section.

Given a file name, instead of listening on the RTNETLINK, the file containing the RTNETLINK message saved in binary format is opened and dumped. You can use the rtmon utility to generate such a history file. This utility has command-line syntax similar to that of the IP monitor. Ideally, you should start rtmon before issuing the first network configuration command. For example, if you insert in a startup script:

Rtmon file / var/log/rtmon.log

You will be able to view the complete history later. Of course, you can start rtmon at any time. It precedes the history with a status snapshot that is dumped at startup.

13. Ip xfrm--- sets xfrm

Xfrm is an IP framework that converts the format of datagrams, that is, encrypting packets with some algorithm. The xfrm policy and the xfrm status are associated through the template tmpl_list. The framework is used as part of the IPsec protocol.

1) ip xfrm state add, add new status

2) ip xfrm state update, update the existing status

3) ip xfrm state allocspi, assign SPI value

MODE, set to the default transport, but can be set to tunnel,ro or beet.

FLAG-LIST, containing one or more flags.

FLAG, which can be set to noecn, decap-dscp, wildrecv

ENCAP, encapsulation is set to encapsulation type ENCAP-TYPE, source port SPORT, destination port DPORT, and OADDR.

ENCAP-TYPE, which can be espinudp or espinudp-nonike.

ALGO-LIST, which contains one or more algorithm Algo, which depends on the type of algorithm set by Algo_type. It can use these algorithms enc, auth, comp.

4) ip xfrm policy add, add new strategy

5) ip xfrm policy update to update existing policies

6) ip xfrm policy delete, delete the existing policy

7) ip xfrm policy get, the strategy that existed in the past

8) ip xfrm policy deleteall, delete all xfrm policies

9) ip xfrm policy list, print policy list

10) ip xfrm policy flush, comfort strategy

DirDIR, the directory can be inp, out, fwd

SELECTOR, select the address where the policy will be set. The selector is defined by the source and destination addresses.

UPSPEC, defined by source port sport, destination port dport, type, and code.

DevDEV, which specifies the network device.

IndexINDEX, number of indexing policies.

PtypePTYPE, which defaults to main, can be switched to sub.

ActionACTION, which defaults to allow, can be switched to block.

PriorityPRIORITY, the level is a number, and the default is 0.

LIMIT-LIST, which is set in seconds, bytes, or the number of packets.

TMPL-LIST, the list of templates is based on ID, mode, reqid, level.

ID, specified by the values of the source address, destination address, proto, and spi.

XFRM_PROTO, the values can be esp, ah, comp, route2, hao.

MODE, the default transport, can also be tunnel,beet.

LEVEL, the default required, can also be use.

UPSPEC, specified by sport, dport, type, code.

11) ip xfrm monitor, which lists all objects or groups of defined objects.

Xfrm monitor can monitor the policies of all objects or groups defined in them.

14 、 ip token

IPv 6 tokenized interface identification supports the assignment of well-known host partial addresses to nodes while still obtaining global network prefixes from router advertisements. The primary target of token identifiers is the server platform, where addresses are usually manually configured rather than using DHCPv 6 or SLAAC. By using tokenized identifiers, hosts can still use SLAAC to determine their network prefixes, but it is easier to automatically renumber [1] if their network prefixes change.

1) ip token set, set the interface token

TOKEN, interface identifier token address

DevDEV, network interface

2) ip token get to obtain the interface token from the kernel

Displays the token interface identifier for a specific network device. Parameter: consistent with the parameter of "ip token set", but the token must be omitted.

3) ip token list, listing all interface tokens

Lists all tokenized interface identifiers for network interfaces in the kernel

15. Examples

1) display the various protocol addresses of the device

[root@localhost ~] # ip addr show / / displays the address of the protocol supported by the device

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

Link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Inet 127.0.0.1/8 scope host lo

Inet6:: 1/128 scope host

Valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000

Link/ether 08:00:27:14:33:57 brd ff:ff:ff:ff:ff:ff

Inet 192.168.1.9/24 brd 192.168.1.255 scope global eth0

Inet6 fe80::a00:27ff:fe14:3357/64 scope link

Valid_lft forever preferred_lft forever

2) add an address for the target device

[root@localhost ~] # ip addr help / / View help documentation

Usage: ip addr {add | change | replace} IFADDR dev STRING [LIFETIME]

[CONFFLAG-LIST]

Ip addr del IFADDR dev STRING

Ip addr {show | flush} [dev STRING] [scope SCOPE-ID]

[to PREFIX] [FLAG-LIST] [label PATTERN]

[root@localhost ~] # ip addr add 192.168.1.110 dev eth0 / / add a new ip to eth0

[root@localhost ~] # ip addr show dev eth0 / / View the address information of eth0 and add an ip

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000

Link/ether 08:00:27:14:33:57 brd ff:ff:ff:ff:ff:ff

Inet 192.168.1.9/24 brd 192.168.1.255 scope global eth0

Inet 192.168.1.110/32 scope global eth0

Inet6 fe80::a00:27ff:fe14:3357/64 scope link

Valid_lft forever preferred_lft forever

Thank you for your reading, the above is the content of "the usage of the Linux basic command IP". After the study of this article, I believe you have a deeper understanding of the usage of the Linux basic command IP, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.