N天学习一个linux命令之ip
用途
show / manipulate routing, devices, policy routing and tunnels
用法
通用格式
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }
OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }
link格式(网卡)
ip link set DEVICE { up | down | arp { on | off } |
promisc { on | off } |
allmulticast { on | off } |
dynamic { on | off } |
multicast { on | off } |
txqueuelen PACKETS |
name NEWNAME |
address LLADDR | broadcast LLADDR |
mtu MTU |
netns PID |
alias NAME |
vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] |
}
ip link show [ DEVICE ]
addr格式(IP地址)
ip addr { add | del } IFADDR dev STRING
ip addr { show | flush } [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]
IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ]
SCOPE-ID := [ host | link | global | NUMBER ]
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ]
addrlabel格式
ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label NUMBER ]
ip addrlabel { list | flush }
route格式
ip route { list | flush } SELECTOR
ip route get ADDRESS [ from ADDRESS iif STRING ] [ oif STRING ] [ tos TOS ]
ip route { add | del | change | append | replace | monitor } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ] ...
NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt TIME ] [ rttvar TIME ] [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ] [ ssthresh REALM ] [ realms REALM ] [ rto_min TIME ] [ initrwnd NUMBER ]
TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat ]
TABLE_ID := [ local| main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
FLAGS := [ equalize ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
rule格式
ip rule [ list | add | del | flush ] SELECTOR ACTION
SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ dev STRING ] [ pref NUMBER ]
ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ]
TABLE_ID := [ local | main | default | NUMBER ]
neigh格式
ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable} ] | proxy ADDR } [ dev DEV ]
ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]
tunnel格式
ip tunnel { add | change | del | show | prl } [ NAME ]
[ mode MODE ] [ remote ADDR ] [ local ADDR ]
[ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]
[ encaplimit ELIM ] [ ttl TTL ]
[ tos TOS ] [ flowlabel FLOWLABEL ]
[ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
[ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ]
MODE := { ipip | gre | sit | isatap | ip6ip6 | ipip6 | any }
ADDR := { IP_ADDRESS | any }
TOS := { NUMBER | inherit }
ELIM := { none | 0..255 }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
TIME := NUMBER[s|ms]
maddr格式
ip maddr [ add | del ] MULTIADDR dev NAME
ip maddr show [ dev NAME ]
mroute格式
ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]
monitor格式
ip monitor [ all | OBJECT-LIST ]
xfrm格式
ip xfrm XFRM_OBJECT { COMMAND }
XFRM_OBJECT := { state | policy | monitor }
ip xfrm state { add | update } ID [ XFRM_OPT ] [ mode MODE ]
[ reqid REQID ] [ seq SEQ ] [ replay-window SIZE ]
[ flag FLAG-LIST ] [ encap ENCAP ] [ sel SELECTOR ]
[ LIMIT-LIST ]
ip xfrm state allocspi ID [ mode MODE ] [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]
ip xfrm state { delete | get } ID
ip xfrm state { deleteall | list } [ ID ] [ mode MODE ]
[ reqid REQID ] [ flag FLAG_LIST ]
ip xfrm state flush [ proto XFRM_PROTO ]
ip xfrm state count
ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM_PROTO ] [ spi SPI ]
XFRM_PROTO := [ esp | ah | comp | route2 | hao ]
MODE := [ transport | tunnel | ro | beet ] (default=transport)
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG := [ noecn | decap-dscp | wildrecv ]
ENCAP := ENCAP-TYPE SPORT DPORT OADDR
ENCAP-TYPE := espinudp | espinudp-nonike
ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]
ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY
ALGO_TYPE := [ enc | auth | comp ]
SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]
UPSPEC := proto PROTO [[ sport PORT ] [ dport PORT ] |
[ type NUMBER ] [ code NUMBER ]]
LIMIT-LIST := [ LIMIT-LIST ] | [ limit LIMIT ]
LIMIT := [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] | [ [byte-soft|byte-hard] SIZE ] | [ [packet-soft|packet-hard] COUNT ]
ip xfrm policy { add | update } dir DIR SELECTOR [ index INDEX ]
[ ptype PTYPE ] [ action ACTION ] [ priority PRIORITY ]
[ LIMIT-LIST ] [ TMPL-LIST ]
ip xfrm policy { delete | get } dir DIR [ SELECTOR | index INDEX ]
[ ptype PTYPE ]
ip xfrm policy { deleteall | list } [ dir DIR ] [ SELECTOR ]
[ index INDEX ] [ action ACTION ] [ priority PRIORITY ]
ip xfrm policy flush [ ptype PTYPE ]
ip xfrm count
PTYPE := [ main | sub ] (default=main)
DIR := [ in | out | fwd ]
SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]
UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |
[ type NUMBER ] [ code NUMBER ] ]
ACTION := [ allow | block ] (default=allow)
LIMIT-LIST := [ LIMIT-LIST ] | [ limit LIMIT ]
LIMIT := [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] | [ [byte-soft|byte-hard] SIZE ] | [packet-soft|packet-hard] NUMBER ]
TMPL-LIST := [ TMPL-LIST ] | [ tmpl TMPL ]
TMPL := ID [ mode MODE ] [ reqid REQID ] [ level LEVEL ]
ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM_PROTO ] [ spi SPI ]
XFRM_PROTO := [ esp | ah | comp | route2 | hao ]
MODE := [ transport | tunnel | beet ] (default=transport)
LEVEL := [ required | use ] (default=required)
ip xfrm monitor [ all | OBJECT-LIST ]
token格式
ip token { COMMAND | help }
ip token { set } TOKEN dev DEV
ip token { get } dev DEV
ip token { list }
常用选项
-V, -Version
打印程序版本
-s, -stats, -statistics
输出更多信息,出现多次,输出信息越多
-h, -human, -human-readable
以适合人类阅读的方式输出信息
-iec
和-h选项类似,基本单位是1024
-f, -family
指定使用的协议族,值列表:inet, inet6, ipx, dnet or link,如果没有指定会根据上下文猜测或者使用默认的协议族,一般是inet。link is a special family identifier meaning that no networking protocol is involved.
简写形式 -4 = -f inet, -6 = -f inet6, -0 = -f link
-o, -oneline
一行显示
-r, -resolve
use the system’s name resolver to print DNS names instead of host addresses.
操作对象说明
1 link
- network device.
2 address
- protocol (IP or IPv6) address on a device.
3 addrlabel
- label configuration for protocol address selection.
4 neighbour
- ARP or NDISC cache entry.
5 route
- routing table entry.
6 rule
- rule in routing policy database.
7 maddress
- multicast address.
8 mroute
- multicast routing cache entry.
9 tunnel
- tunnel over IP.
10 xfrm
- framework for IPsec protocol.
实践
操作物理网卡
1 显示网卡设备信息
[root@vm asia_ucenter]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
2188533266 2199032 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2188533266 2199032 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:40:a8:72 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
12012726 64662 0 0 0 0
TX: bytes packets errors dropped carrier collsns
35491390 77118 0 0 0 0
2 关闭或者启用eth0网卡
# 关闭
[root@vm apk]# ip link set dev eth0 down
#开启
[root@vm apk]# ip link set dev eth0 up
3 启用或者关闭arp
# 关闭
[root@vm apk]# ip link set dev eth0 arp off
#开启
[root@vm apk]# ip link set dev eth0 arp on
4 启用或者关闭组播
# 关闭
[root@vm apk]# ip link set dev eth0 multicast off
#开启
[root@vm apk]# ip link set dev eth0 multicast on
5 启用或者关闭动态获取ip(不知道是不是这个意思?>_<)
dynamic on or dynamic off
( change the DYNAMIC flag on the device. )
6 修改网卡名字
name NAME
(网卡正在运行中或者其它配置有使用到老名字,不建议更改)
7 设置发送队列长度
方式一:txqueuelen NUMBER
方式二:txqlen NUMBER
8 设置网卡设备最大传输单元
mtu NUMBER
9 设置网卡物理地址
address LLADDRESS
10 设置广播地址相关(不知道是不是这个意思?>_<)
broadcast LLADDRESS
brd LLADDRESS
peer LLADDRESS
(change the link layer broadcast address or the peer address when the interface is POINTOPOINT.)
11 设置虚拟路由转发
netns PID
(move the device to the network namespace associated with the process PID.)
12 设置设备别名
alias NAME
ip地址操作
1 eth0设备增加本地ip:10.0.2.5,标签名为eth0:0,广播地址一样
[root@vm apk]# ip addr add dev eth0:0 local 10.0.2.5/24 brd + label eth0:0
2 删除之前添加的ip,参数需要跟之前一样
[root@vm apk]# ip addr delete dev eth0:0 local 10.0.2.5/24 brd - label eth0:0
3 显示ip地址信息
ip address show - look at protocol addresses
dev NAME (default)
name of device.
scope SCOPE_VAL
only list addresses with this scope.
to PREFIX
only list addresses matching this prefix.
label PATTERN
only list addresses with labels matching the PATTERN. PATTERN is a usual shell style pattern.
primary and secondary
only list primary (or secondary) addresses.
4 删除ip地址,过滤条件跟显示一样,谨慎操作
ip addr flush arg1 arg2
邻居(neighbour)/arp表管理
1 添加一个邻居节点信息
[root@vm apk]# ip neighbour add to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale
# 邻居节点状态说明
permanent
- the neighbour entry is valid forever and can be only be removed administratively.
noarp
- the neighbour entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.
reachable
- the neighbour entry is valid until the reachability timeout expires.
stale
- the neighbour entry is valid but suspicious. This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.
2 邻居节点失效:ip为10.0.2.6,设备名为eth0的节点
[root@vm apk]# ip neighbour delete to 10.0.2.6 dev eth0
3 显示邻居节点列表,过滤参数和添加一样
[root@vm apk]# ip neighbour list
10.0.2.6 dev eth0 FAILED
10.0.2.1 dev eth0 lladdr 52:54:00:12:35:00 STALE
10.0.2.3 dev eth0 lladdr 08:00:27:4e:35:c1 STALE
10.0.2.2 dev eth0 lladdr 52:54:00:12:35:00 REACHABLE
4 删除邻居节点,过滤参数和add一样,没有过滤参数,不做处理
备注:a 失效状态不能删除 b 执行了这个操作后,还是能看到(不知道是什么原因?>_<)
[root@vm apk]# ip -s neighbour flush to 10.0.2.6 dev eth0
*** Round 1, deleting 1 entries ***
*** Flush is complete after 1 round ***
5 更改已存在的邻居节点ip:10.0.2.6,物理网卡地址为:22:33:aa:33:44:dd,设备名为:eth0的状态为stale
[root@vm apk]# ip -s neighbour change to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale
路由表管理
1 说明
路由类型
unicast
- the route entry describes real paths to the destinations covered by the route prefix.
unreachable
- these destinations are unreachable. Packets are discarded and the ICMP message host unreachable is generated. The local senders get an EHOSTUNREACH error.
blackhole
- these destinations are unreachable. Packets are discarded silently. The local senders get an EINVAL error.
prohibit
- these destinations are unreachable. Packets are discarded and the ICMP message communication administratively prohibited is generated. The local senders get an EACCES error.
local
- the destinations are assigned to this host. The packets are looped back and delivered locally.
broadcast
- the destinations are broadcast addresses. The packets are sent as link broadcasts.
throw
- a special control route used together with policy rules. If such a route is selected, lookup in this table is terminated pretending that no route was found. Without policy routing it is equivalent to the absence of the route in the routing table. The packets are dropped and the ICMP message net unreachable is generated. The local senders get an ENETUNREACH error.
nat
- a special NAT route. Destinations covered by the prefix are considered to be dummy (or external)addresses which require translation to real (or internal) ones before forwarding. The addresses to translate to are selected with the attribute via. Warning: Route NAT is no longer supported in Linux 2.6.
anycast
- not implemented the destinations are anycast addresses assigned to this host. They are mainly equivalent to local with one difference: such addresses are invalid when used as the source address of any packet.
multicast
- a special type used for multicast routing. It is not present in normal routing tables.
2 其它,这里偷个懒,参数列表实在太多了,相关说明直接看命令帮助文档吧
N天学习一个linux命令之ip的更多相关文章
- N天学习一个Linux命令之帮助命令:man
前言 工作中每天都在使用常用的命令和非常用的命令,忘记了用法或者参数,都会bing一下,然后如此循环.一直没有真正的系统的深入的去了解命令的用法,我决定打破它.以前看到有人,每天学习一个linux命令 ...
- N天学习一个Linux命令之free
用途 查看系统内存(物理/虚拟/缓存/共享)使用情况 用法 free [-b | -k | -m | -g | -h] [-o] [-s delay ] [-c count ] [-a] [-t] [ ...
- N天学习一个linux命令之ping
用途 检测主机是否可到达,也就是说,目标主机是否可以联网,还可以用于检测网速.通过发送ICMP ECHO_REQUEST数据包检测. 用法 ping [options] destination 常用选 ...
- N天学习一个linux命令之kill
用途 用于终止进程 用法 kill [-s signal|-p] [--] pid... kill -l [signal] 说明 1.默认发送信号15(请求终止进程,程序可以捕获,操作系统会杀死没有对 ...
- N天学习一个linux命令之du
用途 统计文件或者目录占用硬盘空间大小 用法 du [OPTION] [FILE]du [OPTION] --files0-from=F 常用参数 -a, --all统计所有文件,不仅仅是目录 -b, ...
- N天学习一个linux命令之scp
用途 通过ssh通道,不同主机之间复制文件 用法 scp [options] [user@host:]file1 [user2@host2:]file2 常用参数 -1使用 ssh 1协议 -2使用s ...
- 每天学习一个Linux命令-目录
在工作中总会零零散散使用到各种Linux命令,从今天开始详细的学习一下linux常用命令,坚持每天一个命令,学习的主要参考资料为: 1.竹子-博客(https://www.cnblogs.com/pe ...
- N天学习一个linux命令之umask
前言 umask不是linux命令,而是shell内置的指令,俗称用户权限掩码,用于对用户创建的文件和目录设置默认权限.默认的权限掩码是0022,也就是说新创建的文件权限是0644,新创建的目录权限是 ...
- N天学习一个linux命令之yum
yum命令 用途 yum(Yellowdog Updater Modified),RedHat系Linux操作系统包管理器,基于rpm,从源远程仓库下载rpm包安装,同时解决依赖关系,使用Python ...
随机推荐
- $P5017 摆渡车$
problem 毒瘤\(DP\) #ifdef Dubug #endif #include <bits/stdc++.h> using namespace std; typedef lon ...
- MySQL的DML和DQL 增删改查
DML和DQL 增删改查 SELECT * FROM grade --新增 insert -- 向年级表中新增3条数据INSERT INTO grade(gradeID,gradeName) VA ...
- Ambari是啥?主要是干啥的?
简单来说,Ambari是一个拥有集群自动化安装.中心化管理.集群监控.报警功能的一个工具(软件),使得安装集群从几天的时间缩短在几个小时内,运维人员从数十人降低到几人以内,极大的提高集群管理的效率. ...
- input获得焦点和失去焦点
总结:placeholder因为在IE7 8 9 浏览器不支持所以没用它效果:当input获取光标的时候如果是默认提示则input内容为空.如果不是则为输入内容 当失去光标的时候, ...
- CSS3利用box-shadow实现相框效果
CSS3利用box-shadow实现相框效果 <style> html { overflow: hidden; background-color: #653845; background- ...
- ICMP,ARP协议
ICMP ICMP是(Internet Control Message Protocol)Internet控制报文协议.它是TCP/IP协议族的一个子协议,用于在IP主机.路由器之间传递控制消息.控制 ...
- IDEA 基本配置
idea使用基本配置 1配置JDK开发环境 File->project structure: 2取消自动更新 file->setting:Appearance &Behavior下 ...
- 环形缓冲区: ringbuf.c
#cat aa.c /*ringbuf .c*/ #include<stdio.h> #include<ctype.h> #define NMAX 8 int iput = 0 ...
- 【原创】基于NodeJS Express框架开发的一个VIP视频网站项目及源码分享
项目名称:视频网站项目 开发语言:HTML,CSS(前端),JavaScript,NODEJS(expres)(后台) 数据库:MySQL 开发环境:Win7,Webstorm 上线部署环境:Linu ...
- 从0开始复习JS---1、函数复习
1. 写一个函数,实现对数字数组的排序. function get_order(array){ for(var i = 0; i <array.length-1; i++){ for(var j ...