用途

show / manipulate routing, devices, policy routing and tunnels

用法

通用格式

ip [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }

OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }

link格式(网卡)

ip link set DEVICE { up | down | arp { on | off } |

                    promisc { on | off } |

                    allmulticast { on | off } |

                    dynamic { on | off } |

                    multicast { on | off } |

                    txqueuelen PACKETS |

                    name NEWNAME |

                    address LLADDR | broadcast LLADDR |

                    mtu MTU |

                    netns PID |

                    alias NAME |

                    vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] |

                }

ip link show [ DEVICE ]

addr格式(IP地址)

ip addr { add | del } IFADDR dev STRING

ip addr { show | flush } [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]

IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ]

SCOPE-ID := [ host | link | global | NUMBER ]

FLAG-LIST := [ FLAG-LIST ] FLAG

FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ]

addrlabel格式

ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label NUMBER ]

ip addrlabel { list | flush }

route格式

ip route { list | flush } SELECTOR

ip route get ADDRESS [ from ADDRESS iif STRING  ] [ oif STRING ] [ tos TOS ]

ip route { add | del | change | append | replace | monitor } ROUTE

SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]

ROUTE := NODE_SPEC [ INFO_SPEC ]

NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ]

INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ] ...

NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS

OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt TIME ] [ rttvar TIME ] [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ] [ ssthresh REALM ] [ realms REALM ] [ rto_min TIME ] [ initrwnd NUMBER ]

TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat ]

TABLE_ID := [ local| main | default | all | NUMBER ]

SCOPE := [ host | link | global | NUMBER ]

FLAGS := [ equalize ]

NHFLAGS := [ onlink | pervasive ]

RTPROTO := [ kernel | boot | static | NUMBER ]

rule格式

ip rule  [ list | add | del | flush ] SELECTOR ACTION

SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ dev STRING ] [ pref NUMBER ]

ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ]

TABLE_ID := [ local | main | default | NUMBER ]

neigh格式

ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable} ] | proxy ADDR } [ dev DEV ]

ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]

tunnel格式

ip tunnel { add | change | del | show | prl } [ NAME ]

               [ mode MODE ] [ remote ADDR ] [ local ADDR ]

               [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]

               [ encaplimit ELIM ] [ ttl TTL ]

               [ tos TOS ] [ flowlabel FLOWLABEL ]

               [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]

               [ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ]

MODE :=  { ipip | gre | sit | isatap | ip6ip6 | ipip6 | any }

ADDR := { IP_ADDRESS | any }

TOS := { NUMBER | inherit }

ELIM := { none | 0..255 }

TTL := { 1..255 | inherit }

KEY := { DOTTED_QUAD | NUMBER }

TIME := NUMBER[s|ms]

maddr格式

ip maddr [ add | del ] MULTIADDR dev NAME

ip maddr show [ dev NAME ]

mroute格式

ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]

monitor格式

ip monitor [ all | OBJECT-LIST ]

xfrm格式

ip xfrm XFRM_OBJECT { COMMAND }

XFRM_OBJECT := { state | policy | monitor }

ip xfrm state { add | update } ID [ XFRM_OPT ]  [ mode MODE ]

                [ reqid REQID ]  [ seq SEQ ]  [ replay-window SIZE ]

                [ flag FLAG-LIST ]  [ encap ENCAP ]  [ sel SELECTOR ]

                [ LIMIT-LIST ]

ip xfrm state allocspi ID  [ mode MODE ]  [ reqid REQID ]  [ seq SEQ ]  [ min SPI max SPI ]

ip xfrm state { delete | get } ID

ip xfrm state { deleteall | list } [ ID ]  [ mode MODE ]

                [ reqid REQID ]  [ flag FLAG_LIST ]

ip xfrm state flush [ proto XFRM_PROTO ]

ip xfrm state count

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | ro | beet ] (default=transport)

FLAG-LIST :=  [ FLAG-LIST ] FLAG

FLAG :=  [ noecn | decap-dscp | wildrecv ]

ENCAP := ENCAP-TYPE SPORT DPORT OADDR

ENCAP-TYPE := espinudp  | espinudp-nonike

ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]

ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY

ALGO_TYPE :=  [ enc | auth | comp ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN]  [ UPSPEC ]  [ dev DEV ]

UPSPEC := proto PROTO [[ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ]]

LIMIT-LIST := [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] | [ [byte-soft|byte-hard] SIZE ] | [ [packet-soft|packet-hard] COUNT ]

ip xfrm policy { add | update }  dir DIR SELECTOR [ index INDEX ]

                [ ptype PTYPE ]  [ action ACTION ]  [ priority PRIORITY ]

                [ LIMIT-LIST ] [ TMPL-LIST ]

ip xfrm policy { delete | get }  dir DIR [ SELECTOR | index INDEX  ]

                [ ptype PTYPE ]

ip xfrm policy { deleteall | list }  [ dir DIR ] [ SELECTOR ]

                [ index INDEX ]  [ action ACTION ]  [ priority PRIORITY ]

ip xfrm policy flush  [ ptype PTYPE ]

ip xfrm count

PTYPE :=  [ main | sub ] (default=main)

DIR :=  [ in | out | fwd ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC  ] [ dev DEV ]

UPSPEC := proto PROTO [  [ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ] ]

ACTION :=  [ allow | block ] (default=allow)

LIMIT-LIST :=  [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] |  [ [byte-soft|byte-hard] SIZE ] | [packet-soft|packet-hard] NUMBER ]

TMPL-LIST :=  [ TMPL-LIST ] |  [ tmpl TMPL ]

TMPL := ID [ mode MODE ]  [ reqid REQID ]  [ level LEVEL ]

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | beet ] (default=transport)

LEVEL :=  [ required | use ] (default=required)

ip xfrm monitor [ all | OBJECT-LIST ]

token格式

ip token { COMMAND | help }

ip token { set } TOKEN dev DEV

ip token { get } dev DEV

ip token { list }

常用选项

-V, -Version

打印程序版本

-s, -stats, -statistics

输出更多信息,出现多次,输出信息越多

-h, -human, -human-readable

以适合人类阅读的方式输出信息

-iec

和-h选项类似,基本单位是1024

-f, -family

指定使用的协议族,值列表:inet, inet6, ipx, dnet or link,如果没有指定会根据上下文猜测或者使用默认的协议族,一般是inet。link is a special family identifier meaning that no networking protocol is involved.

简写形式 -4 = -f inet, -6 = -f inet6, -0 = -f link

-o, -oneline

一行显示

-r, -resolve

use the system’s name resolver to print DNS names instead of host addresses.

操作对象说明

1 link

- network device.

2 address

- protocol (IP or IPv6) address on a device.

3 addrlabel

- label configuration for protocol address selection.

4 neighbour

- ARP or NDISC cache entry.

5 route

- routing table entry.

6 rule

- rule in routing policy database.

7 maddress

- multicast address.

8 mroute

- multicast routing cache entry.

9 tunnel

- tunnel over IP.

10 xfrm

- framework for IPsec protocol.

实践

操作物理网卡

1 显示网卡设备信息

[root@vm asia_ucenter]# ip -s link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    RX: bytes  packets  errors  dropped overrun mcast

    2188533266 2199032  0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    2188533266 2199032  0       0       0       0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 08:00:27:40:a8:72 brd ff:ff:ff:ff:ff:ff

    RX: bytes  packets  errors  dropped overrun mcast

    12012726   64662    0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    35491390   77118    0       0       0       0

2 关闭或者启用eth0网卡

# 关闭

[root@vm apk]# ip link set dev eth0 down

#开启

[root@vm apk]# ip link set dev eth0 up

3 启用或者关闭arp

# 关闭

[root@vm apk]# ip link set dev eth0 arp off

#开启

[root@vm apk]# ip link set dev eth0 arp on

4 启用或者关闭组播

# 关闭

[root@vm apk]# ip link set dev eth0 multicast off

#开启

[root@vm apk]# ip link set dev eth0 multicast on

5 启用或者关闭动态获取ip(不知道是不是这个意思?>_<)

dynamic on or dynamic off

( change the DYNAMIC flag on the device. )

6 修改网卡名字

name NAME

(网卡正在运行中或者其它配置有使用到老名字,不建议更改)

7 设置发送队列长度

方式一:txqueuelen NUMBER

方式二:txqlen NUMBER

8 设置网卡设备最大传输单元

mtu NUMBER

9 设置网卡物理地址

address LLADDRESS

10 设置广播地址相关(不知道是不是这个意思?>_<)

broadcast LLADDRESS

brd LLADDRESS

peer LLADDRESS

(change the link layer broadcast address or the peer address when the interface is POINTOPOINT.)

11 设置虚拟路由转发

netns PID

(move the device to the network namespace associated with the process PID.)

12 设置设备别名

alias NAME

ip地址操作

1 eth0设备增加本地ip:10.0.2.5,标签名为eth0:0,广播地址一样

[root@vm apk]# ip addr add dev eth0:0 local 10.0.2.5/24 brd + label eth0:0

2 删除之前添加的ip,参数需要跟之前一样

[root@vm apk]# ip addr delete dev eth0:0 local 10.0.2.5/24 brd - label eth0:0

3 显示ip地址信息

ip address show - look at protocol addresses

       dev NAME (default)

              name of device.

       scope SCOPE_VAL

              only list addresses with this scope.

       to PREFIX

              only list addresses matching this prefix.

       label PATTERN

              only list addresses with labels matching the PATTERN.  PATTERN is a usual shell style pattern.

       primary and secondary

              only list primary (or secondary) addresses.

4 删除ip地址,过滤条件跟显示一样,谨慎操作

ip addr flush arg1 arg2

邻居(neighbour)/arp表管理

1 添加一个邻居节点信息

[root@vm apk]# ip neighbour add to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

# 邻居节点状态说明

permanent

    - the neighbour entry is valid forever and can be only be removed administratively.

noarp

    - the neighbour entry is valid. No attempts to validate this entry will be made but  it  can be removed when its lifetime expires.

reachable

    - the neighbour entry is valid until the reachability timeout expires.

stale

    - the neighbour entry is valid but suspicious.  This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.

2 邻居节点失效:ip为10.0.2.6,设备名为eth0的节点

[root@vm apk]# ip neighbour delete to 10.0.2.6 dev eth0

3 显示邻居节点列表,过滤参数和添加一样

[root@vm apk]# ip neighbour list

10.0.2.6 dev eth0  FAILED

10.0.2.1 dev eth0 lladdr 52:54:00:12:35:00 STALE

10.0.2.3 dev eth0 lladdr 08:00:27:4e:35:c1 STALE

10.0.2.2 dev eth0 lladdr 52:54:00:12:35:00 REACHABLE

4 删除邻居节点,过滤参数和add一样,没有过滤参数,不做处理

备注:a 失效状态不能删除 b 执行了这个操作后,还是能看到(不知道是什么原因?>_<)

[root@vm apk]# ip -s neighbour flush to 10.0.2.6 dev eth0

*** Round 1, deleting 1 entries ***

*** Flush is complete after 1 round ***

5 更改已存在的邻居节点ip:10.0.2.6,物理网卡地址为:22:33:aa:33:44:dd,设备名为:eth0的状态为stale

[root@vm apk]# ip -s neighbour change to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

路由表管理

1 说明

路由类型

unicast

    - the route entry describes real paths to the destinations covered by the route prefix.

unreachable

    -  these  destinations  are  unreachable.  Packets  are  discarded and the ICMP message host unreachable is generated.  The local senders get an EHOSTUNREACH error.

blackhole

    - these destinations are unreachable. Packets are discarded silently.  The local senders get an EINVAL error.

prohibit

    -  these destinations are unreachable. Packets are discarded and the ICMP message communication administratively prohibited is generated. The local senders get an EACCES error.

local

    - the destinations are assigned to this host. The packets are looped back and delivered locally.

broadcast

    - the destinations are broadcast addresses. The packets are sent as link broadcasts.

throw

    - a special control route used together with policy rules. If such a route is selected,  lookup  in this  table  is terminated pretending that no route was found. Without policy routing it is equivalent to the absence of the route in the routing table. The packets are dropped and the ICMP message net  unreachable is generated. The local senders get an ENETUNREACH error.

nat

    -  a  special NAT route. Destinations covered by the prefix are considered to be dummy (or external)addresses which require translation to real (or internal) ones before forwarding. The addresses to translate to are selected with the attribute via.  Warning: Route NAT is no longer supported in Linux 2.6.

anycast

    -  not implemented the destinations are anycast addresses assigned to this host. They are mainly equivalent to local with one difference: such addresses are invalid when used as the  source  address  of any packet.

multicast

    - a special type used for multicast routing. It is not present in normal routing tables.

2 其它,这里偷个懒,参数列表实在太多了,相关说明直接看命令帮助文档吧

N天学习一个linux命令之ip的更多相关文章

  1. N天学习一个Linux命令之帮助命令:man

    前言 工作中每天都在使用常用的命令和非常用的命令,忘记了用法或者参数,都会bing一下,然后如此循环.一直没有真正的系统的深入的去了解命令的用法,我决定打破它.以前看到有人,每天学习一个linux命令 ...

  2. N天学习一个Linux命令之free

    用途 查看系统内存(物理/虚拟/缓存/共享)使用情况 用法 free [-b | -k | -m | -g | -h] [-o] [-s delay ] [-c count ] [-a] [-t] [ ...

  3. N天学习一个linux命令之ping

    用途 检测主机是否可到达,也就是说,目标主机是否可以联网,还可以用于检测网速.通过发送ICMP ECHO_REQUEST数据包检测. 用法 ping [options] destination 常用选 ...

  4. N天学习一个linux命令之kill

    用途 用于终止进程 用法 kill [-s signal|-p] [--] pid... kill -l [signal] 说明 1.默认发送信号15(请求终止进程,程序可以捕获,操作系统会杀死没有对 ...

  5. N天学习一个linux命令之du

    用途 统计文件或者目录占用硬盘空间大小 用法 du [OPTION] [FILE]du [OPTION] --files0-from=F 常用参数 -a, --all统计所有文件,不仅仅是目录 -b, ...

  6. N天学习一个linux命令之scp

    用途 通过ssh通道,不同主机之间复制文件 用法 scp [options] [user@host:]file1 [user2@host2:]file2 常用参数 -1使用 ssh 1协议 -2使用s ...

  7. 每天学习一个Linux命令-目录

    在工作中总会零零散散使用到各种Linux命令,从今天开始详细的学习一下linux常用命令,坚持每天一个命令,学习的主要参考资料为: 1.竹子-博客(https://www.cnblogs.com/pe ...

  8. N天学习一个linux命令之umask

    前言 umask不是linux命令,而是shell内置的指令,俗称用户权限掩码,用于对用户创建的文件和目录设置默认权限.默认的权限掩码是0022,也就是说新创建的文件权限是0644,新创建的目录权限是 ...

  9. N天学习一个linux命令之yum

    yum命令 用途 yum(Yellowdog Updater Modified),RedHat系Linux操作系统包管理器,基于rpm,从源远程仓库下载rpm包安装,同时解决依赖关系,使用Python ...

随机推荐

  1. $P5017 摆渡车$

    problem 毒瘤\(DP\) #ifdef Dubug #endif #include <bits/stdc++.h> using namespace std; typedef lon ...

  2. MySQL的DML和DQL 增删改查

    DML和DQL   增删改查 SELECT * FROM grade --新增 insert -- 向年级表中新增3条数据INSERT INTO grade(gradeID,gradeName) VA ...

  3. Ambari是啥?主要是干啥的?

    简单来说,Ambari是一个拥有集群自动化安装.中心化管理.集群监控.报警功能的一个工具(软件),使得安装集群从几天的时间缩短在几个小时内,运维人员从数十人降低到几人以内,极大的提高集群管理的效率. ...

  4. input获得焦点和失去焦点

    总结:placeholder因为在IE7 8 9 浏览器不支持所以没用它效果:当input获取光标的时候如果是默认提示则input内容为空.如果不是则为输入内容           当失去光标的时候, ...

  5. CSS3利用box-shadow实现相框效果

    CSS3利用box-shadow实现相框效果 <style> html { overflow: hidden; background-color: #653845; background- ...

  6. ICMP,ARP协议

    ICMP ICMP是(Internet Control Message Protocol)Internet控制报文协议.它是TCP/IP协议族的一个子协议,用于在IP主机.路由器之间传递控制消息.控制 ...

  7. IDEA 基本配置

    idea使用基本配置 1配置JDK开发环境 File->project structure: 2取消自动更新 file->setting:Appearance &Behavior下 ...

  8. 环形缓冲区: ringbuf.c

    #cat aa.c /*ringbuf .c*/ #include<stdio.h> #include<ctype.h> #define NMAX 8 int iput = 0 ...

  9. 【原创】基于NodeJS Express框架开发的一个VIP视频网站项目及源码分享

    项目名称:视频网站项目 开发语言:HTML,CSS(前端),JavaScript,NODEJS(expres)(后台) 数据库:MySQL 开发环境:Win7,Webstorm 上线部署环境:Linu ...

  10. 从0开始复习JS---1、函数复习

    1. 写一个函数,实现对数字数组的排序. function get_order(array){ for(var i = 0; i <array.length-1; i++){ for(var j ...