用途

show / manipulate routing, devices, policy routing and tunnels

用法

通用格式

ip [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }

OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }

link格式(网卡)

ip link set DEVICE { up | down | arp { on | off } |

                    promisc { on | off } |

                    allmulticast { on | off } |

                    dynamic { on | off } |

                    multicast { on | off } |

                    txqueuelen PACKETS |

                    name NEWNAME |

                    address LLADDR | broadcast LLADDR |

                    mtu MTU |

                    netns PID |

                    alias NAME |

                    vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] |

                }

ip link show [ DEVICE ]

addr格式(IP地址)

ip addr { add | del } IFADDR dev STRING

ip addr { show | flush } [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]

IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ]

SCOPE-ID := [ host | link | global | NUMBER ]

FLAG-LIST := [ FLAG-LIST ] FLAG

FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ]

addrlabel格式

ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label NUMBER ]

ip addrlabel { list | flush }

route格式

ip route { list | flush } SELECTOR

ip route get ADDRESS [ from ADDRESS iif STRING  ] [ oif STRING ] [ tos TOS ]

ip route { add | del | change | append | replace | monitor } ROUTE

SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]

ROUTE := NODE_SPEC [ INFO_SPEC ]

NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ]

INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ] ...

NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS

OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt TIME ] [ rttvar TIME ] [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ] [ ssthresh REALM ] [ realms REALM ] [ rto_min TIME ] [ initrwnd NUMBER ]

TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat ]

TABLE_ID := [ local| main | default | all | NUMBER ]

SCOPE := [ host | link | global | NUMBER ]

FLAGS := [ equalize ]

NHFLAGS := [ onlink | pervasive ]

RTPROTO := [ kernel | boot | static | NUMBER ]

rule格式

ip rule  [ list | add | del | flush ] SELECTOR ACTION

SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ dev STRING ] [ pref NUMBER ]

ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ]

TABLE_ID := [ local | main | default | NUMBER ]

neigh格式

ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable} ] | proxy ADDR } [ dev DEV ]

ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]

tunnel格式

ip tunnel { add | change | del | show | prl } [ NAME ]

               [ mode MODE ] [ remote ADDR ] [ local ADDR ]

               [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]

               [ encaplimit ELIM ] [ ttl TTL ]

               [ tos TOS ] [ flowlabel FLOWLABEL ]

               [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]

               [ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ]

MODE :=  { ipip | gre | sit | isatap | ip6ip6 | ipip6 | any }

ADDR := { IP_ADDRESS | any }

TOS := { NUMBER | inherit }

ELIM := { none | 0..255 }

TTL := { 1..255 | inherit }

KEY := { DOTTED_QUAD | NUMBER }

TIME := NUMBER[s|ms]

maddr格式

ip maddr [ add | del ] MULTIADDR dev NAME

ip maddr show [ dev NAME ]

mroute格式

ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]

monitor格式

ip monitor [ all | OBJECT-LIST ]

xfrm格式

ip xfrm XFRM_OBJECT { COMMAND }

XFRM_OBJECT := { state | policy | monitor }

ip xfrm state { add | update } ID [ XFRM_OPT ]  [ mode MODE ]

                [ reqid REQID ]  [ seq SEQ ]  [ replay-window SIZE ]

                [ flag FLAG-LIST ]  [ encap ENCAP ]  [ sel SELECTOR ]

                [ LIMIT-LIST ]

ip xfrm state allocspi ID  [ mode MODE ]  [ reqid REQID ]  [ seq SEQ ]  [ min SPI max SPI ]

ip xfrm state { delete | get } ID

ip xfrm state { deleteall | list } [ ID ]  [ mode MODE ]

                [ reqid REQID ]  [ flag FLAG_LIST ]

ip xfrm state flush [ proto XFRM_PROTO ]

ip xfrm state count

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | ro | beet ] (default=transport)

FLAG-LIST :=  [ FLAG-LIST ] FLAG

FLAG :=  [ noecn | decap-dscp | wildrecv ]

ENCAP := ENCAP-TYPE SPORT DPORT OADDR

ENCAP-TYPE := espinudp  | espinudp-nonike

ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]

ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY

ALGO_TYPE :=  [ enc | auth | comp ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN]  [ UPSPEC ]  [ dev DEV ]

UPSPEC := proto PROTO [[ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ]]

LIMIT-LIST := [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] | [ [byte-soft|byte-hard] SIZE ] | [ [packet-soft|packet-hard] COUNT ]

ip xfrm policy { add | update }  dir DIR SELECTOR [ index INDEX ]

                [ ptype PTYPE ]  [ action ACTION ]  [ priority PRIORITY ]

                [ LIMIT-LIST ] [ TMPL-LIST ]

ip xfrm policy { delete | get }  dir DIR [ SELECTOR | index INDEX  ]

                [ ptype PTYPE ]

ip xfrm policy { deleteall | list }  [ dir DIR ] [ SELECTOR ]

                [ index INDEX ]  [ action ACTION ]  [ priority PRIORITY ]

ip xfrm policy flush  [ ptype PTYPE ]

ip xfrm count

PTYPE :=  [ main | sub ] (default=main)

DIR :=  [ in | out | fwd ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC  ] [ dev DEV ]

UPSPEC := proto PROTO [  [ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ] ]

ACTION :=  [ allow | block ] (default=allow)

LIMIT-LIST :=  [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] |  [ [byte-soft|byte-hard] SIZE ] | [packet-soft|packet-hard] NUMBER ]

TMPL-LIST :=  [ TMPL-LIST ] |  [ tmpl TMPL ]

TMPL := ID [ mode MODE ]  [ reqid REQID ]  [ level LEVEL ]

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | beet ] (default=transport)

LEVEL :=  [ required | use ] (default=required)

ip xfrm monitor [ all | OBJECT-LIST ]

token格式

ip token { COMMAND | help }

ip token { set } TOKEN dev DEV

ip token { get } dev DEV

ip token { list }

常用选项

-V, -Version

打印程序版本

-s, -stats, -statistics

输出更多信息,出现多次,输出信息越多

-h, -human, -human-readable

以适合人类阅读的方式输出信息

-iec

和-h选项类似,基本单位是1024

-f, -family

指定使用的协议族,值列表:inet, inet6, ipx, dnet or link,如果没有指定会根据上下文猜测或者使用默认的协议族,一般是inet。link is a special family identifier meaning that no networking protocol is involved.

简写形式 -4 = -f inet, -6 = -f inet6, -0 = -f link

-o, -oneline

一行显示

-r, -resolve

use the system’s name resolver to print DNS names instead of host addresses.

操作对象说明

1 link

- network device.

2 address

- protocol (IP or IPv6) address on a device.

3 addrlabel

- label configuration for protocol address selection.

4 neighbour

- ARP or NDISC cache entry.

5 route

- routing table entry.

6 rule

- rule in routing policy database.

7 maddress

- multicast address.

8 mroute

- multicast routing cache entry.

9 tunnel

- tunnel over IP.

10 xfrm

- framework for IPsec protocol.

实践

操作物理网卡

1 显示网卡设备信息

[root@vm asia_ucenter]# ip -s link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    RX: bytes  packets  errors  dropped overrun mcast

    2188533266 2199032  0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    2188533266 2199032  0       0       0       0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 08:00:27:40:a8:72 brd ff:ff:ff:ff:ff:ff

    RX: bytes  packets  errors  dropped overrun mcast

    12012726   64662    0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    35491390   77118    0       0       0       0

2 关闭或者启用eth0网卡

# 关闭

[root@vm apk]# ip link set dev eth0 down

#开启

[root@vm apk]# ip link set dev eth0 up

3 启用或者关闭arp

# 关闭

[root@vm apk]# ip link set dev eth0 arp off

#开启

[root@vm apk]# ip link set dev eth0 arp on

4 启用或者关闭组播

# 关闭

[root@vm apk]# ip link set dev eth0 multicast off

#开启

[root@vm apk]# ip link set dev eth0 multicast on

5 启用或者关闭动态获取ip(不知道是不是这个意思?>_<)

dynamic on or dynamic off

( change the DYNAMIC flag on the device. )

6 修改网卡名字

name NAME

(网卡正在运行中或者其它配置有使用到老名字,不建议更改)

7 设置发送队列长度

方式一:txqueuelen NUMBER

方式二:txqlen NUMBER

8 设置网卡设备最大传输单元

mtu NUMBER

9 设置网卡物理地址

address LLADDRESS

10 设置广播地址相关(不知道是不是这个意思?>_<)

broadcast LLADDRESS

brd LLADDRESS

peer LLADDRESS

(change the link layer broadcast address or the peer address when the interface is POINTOPOINT.)

11 设置虚拟路由转发

netns PID

(move the device to the network namespace associated with the process PID.)

12 设置设备别名

alias NAME

ip地址操作

1 eth0设备增加本地ip:10.0.2.5,标签名为eth0:0,广播地址一样

[root@vm apk]# ip addr add dev eth0:0 local 10.0.2.5/24 brd + label eth0:0

2 删除之前添加的ip,参数需要跟之前一样

[root@vm apk]# ip addr delete dev eth0:0 local 10.0.2.5/24 brd - label eth0:0

3 显示ip地址信息

ip address show - look at protocol addresses

       dev NAME (default)

              name of device.

       scope SCOPE_VAL

              only list addresses with this scope.

       to PREFIX

              only list addresses matching this prefix.

       label PATTERN

              only list addresses with labels matching the PATTERN.  PATTERN is a usual shell style pattern.

       primary and secondary

              only list primary (or secondary) addresses.

4 删除ip地址,过滤条件跟显示一样,谨慎操作

ip addr flush arg1 arg2

邻居(neighbour)/arp表管理

1 添加一个邻居节点信息

[root@vm apk]# ip neighbour add to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

# 邻居节点状态说明

permanent

    - the neighbour entry is valid forever and can be only be removed administratively.

noarp

    - the neighbour entry is valid. No attempts to validate this entry will be made but  it  can be removed when its lifetime expires.

reachable

    - the neighbour entry is valid until the reachability timeout expires.

stale

    - the neighbour entry is valid but suspicious.  This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.

2 邻居节点失效:ip为10.0.2.6,设备名为eth0的节点

[root@vm apk]# ip neighbour delete to 10.0.2.6 dev eth0

3 显示邻居节点列表,过滤参数和添加一样

[root@vm apk]# ip neighbour list

10.0.2.6 dev eth0  FAILED

10.0.2.1 dev eth0 lladdr 52:54:00:12:35:00 STALE

10.0.2.3 dev eth0 lladdr 08:00:27:4e:35:c1 STALE

10.0.2.2 dev eth0 lladdr 52:54:00:12:35:00 REACHABLE

4 删除邻居节点,过滤参数和add一样,没有过滤参数,不做处理

备注:a 失效状态不能删除 b 执行了这个操作后,还是能看到(不知道是什么原因?>_<)

[root@vm apk]# ip -s neighbour flush to 10.0.2.6 dev eth0

*** Round 1, deleting 1 entries ***

*** Flush is complete after 1 round ***

5 更改已存在的邻居节点ip:10.0.2.6,物理网卡地址为:22:33:aa:33:44:dd,设备名为:eth0的状态为stale

[root@vm apk]# ip -s neighbour change to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

路由表管理

1 说明

路由类型

unicast

    - the route entry describes real paths to the destinations covered by the route prefix.

unreachable

    -  these  destinations  are  unreachable.  Packets  are  discarded and the ICMP message host unreachable is generated.  The local senders get an EHOSTUNREACH error.

blackhole

    - these destinations are unreachable. Packets are discarded silently.  The local senders get an EINVAL error.

prohibit

    -  these destinations are unreachable. Packets are discarded and the ICMP message communication administratively prohibited is generated. The local senders get an EACCES error.

local

    - the destinations are assigned to this host. The packets are looped back and delivered locally.

broadcast

    - the destinations are broadcast addresses. The packets are sent as link broadcasts.

throw

    - a special control route used together with policy rules. If such a route is selected,  lookup  in this  table  is terminated pretending that no route was found. Without policy routing it is equivalent to the absence of the route in the routing table. The packets are dropped and the ICMP message net  unreachable is generated. The local senders get an ENETUNREACH error.

nat

    -  a  special NAT route. Destinations covered by the prefix are considered to be dummy (or external)addresses which require translation to real (or internal) ones before forwarding. The addresses to translate to are selected with the attribute via.  Warning: Route NAT is no longer supported in Linux 2.6.

anycast

    -  not implemented the destinations are anycast addresses assigned to this host. They are mainly equivalent to local with one difference: such addresses are invalid when used as the  source  address  of any packet.

multicast

    - a special type used for multicast routing. It is not present in normal routing tables.

2 其它,这里偷个懒,参数列表实在太多了,相关说明直接看命令帮助文档吧

N天学习一个linux命令之ip的更多相关文章

  1. N天学习一个Linux命令之帮助命令:man

    前言 工作中每天都在使用常用的命令和非常用的命令,忘记了用法或者参数,都会bing一下,然后如此循环.一直没有真正的系统的深入的去了解命令的用法,我决定打破它.以前看到有人,每天学习一个linux命令 ...

  2. N天学习一个Linux命令之free

    用途 查看系统内存(物理/虚拟/缓存/共享)使用情况 用法 free [-b | -k | -m | -g | -h] [-o] [-s delay ] [-c count ] [-a] [-t] [ ...

  3. N天学习一个linux命令之ping

    用途 检测主机是否可到达,也就是说,目标主机是否可以联网,还可以用于检测网速.通过发送ICMP ECHO_REQUEST数据包检测. 用法 ping [options] destination 常用选 ...

  4. N天学习一个linux命令之kill

    用途 用于终止进程 用法 kill [-s signal|-p] [--] pid... kill -l [signal] 说明 1.默认发送信号15(请求终止进程,程序可以捕获,操作系统会杀死没有对 ...

  5. N天学习一个linux命令之du

    用途 统计文件或者目录占用硬盘空间大小 用法 du [OPTION] [FILE]du [OPTION] --files0-from=F 常用参数 -a, --all统计所有文件,不仅仅是目录 -b, ...

  6. N天学习一个linux命令之scp

    用途 通过ssh通道,不同主机之间复制文件 用法 scp [options] [user@host:]file1 [user2@host2:]file2 常用参数 -1使用 ssh 1协议 -2使用s ...

  7. 每天学习一个Linux命令-目录

    在工作中总会零零散散使用到各种Linux命令,从今天开始详细的学习一下linux常用命令,坚持每天一个命令,学习的主要参考资料为: 1.竹子-博客(https://www.cnblogs.com/pe ...

  8. N天学习一个linux命令之umask

    前言 umask不是linux命令,而是shell内置的指令,俗称用户权限掩码,用于对用户创建的文件和目录设置默认权限.默认的权限掩码是0022,也就是说新创建的文件权限是0644,新创建的目录权限是 ...

  9. N天学习一个linux命令之yum

    yum命令 用途 yum(Yellowdog Updater Modified),RedHat系Linux操作系统包管理器,基于rpm,从源远程仓库下载rpm包安装,同时解决依赖关系,使用Python ...

随机推荐

  1. 【题解】晋升者计数 Promotion Counting [USACO 17 JAN] [P3605]

    [题解]晋升者计数 Promotion Counting [USACO 17 JAN] [P3605] 奶牛们又一次试图创建一家创业公司,还是没有从过去的经验中吸取教训.!牛是可怕的管理者! [题目描 ...

  2. 判断IOS静态库(.a文件)是否支持模拟器和真机运行

    判断IOS静态库(.a文件)是否支持模拟器和真机运行 在mac终端下,进入到.a文件目录下,然后输入: lipo -info libMyAlertView.a Architectures in the ...

  3. UNIX环境高级编程--7

    进程环境main函数:    C程序总是从main函数开始执行.main函数原型是:    int main(int argc, char *argv[]);    当内核执行C程序时(使用一个exe ...

  4. Google广告屏蔽插件adBlock

    今天在博客园写博客的时候发现莫名其妙的在右侧被植入了广告,询问了管理员得知存在以下几种可能: 1.电信网络供应商劫持网页,植入广告 2.ADSafe(是一款去除广告的软件,效果很不错) 但经过最终排除 ...

  5. kubernetes installing and using 单机版

    centos安装docker uname -r yum remove docker \ docker-client \ docker-client-latest \ docker-common \ d ...

  6. CF830A/831D Office Keys

    思路: 问题的关键在于对钥匙按照位置排序之后,最终选择的n个钥匙一定是其中的一个连续的区间. 实现: #include <iostream> #include <cstdio> ...

  7. 关于编辑器对<input>标签报错提示“表单输入没有相关label”的问题

    相信很多朋友在制作表单的时候,我们的编辑器会有下图的相关提示吧 我们发现虽然这样并不影响我们的正常使用,但是看着这样的报错提示总是很让人心烦,那么这到底是为什么呢? 其实,这是因为编辑器建议我们在使用 ...

  8. SQL练习题_用户购买收藏记录合并(拼多多)

    目录 拼多多笔试题0805_统计用户数据 笔试题描述 表格构建 数据观察 题目分析 一.合并表格 二.CASE表示(0,1) 三.同理复制FORK表 题目解答 拼多多笔试题0805_统计用户数据 笔试 ...

  9. js获取某年某月一共多少天

    const getDaysInMonth = (year, month) => { let date = new Date(year, month, 1); return new Date(da ...

  10. CSS——background

    背景经常用到以下属性: background-color: aliceblue; background-image: url('2017102601.png'); background-positio ...