用途

show / manipulate routing, devices, policy routing and tunnels

用法

通用格式

ip [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }

OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }

link格式(网卡)

ip link set DEVICE { up | down | arp { on | off } |

                    promisc { on | off } |

                    allmulticast { on | off } |

                    dynamic { on | off } |

                    multicast { on | off } |

                    txqueuelen PACKETS |

                    name NEWNAME |

                    address LLADDR | broadcast LLADDR |

                    mtu MTU |

                    netns PID |

                    alias NAME |

                    vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] ] [ rate TXRATE ] [ spoofchk { on | off } ] |

                }

ip link show [ DEVICE ]

addr格式(IP地址)

ip addr { add | del } IFADDR dev STRING

ip addr { show | flush } [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]

IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ]

SCOPE-ID := [ host | link | global | NUMBER ]

FLAG-LIST := [ FLAG-LIST ] FLAG

FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ]

addrlabel格式

ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label NUMBER ]

ip addrlabel { list | flush }

route格式

ip route { list | flush } SELECTOR

ip route get ADDRESS [ from ADDRESS iif STRING  ] [ oif STRING ] [ tos TOS ]

ip route { add | del | change | append | replace | monitor } ROUTE

SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]

ROUTE := NODE_SPEC [ INFO_SPEC ]

NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ]

INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ] ...

NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS

OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt TIME ] [ rttvar TIME ] [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ] [ ssthresh REALM ] [ realms REALM ] [ rto_min TIME ] [ initrwnd NUMBER ]

TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat ]

TABLE_ID := [ local| main | default | all | NUMBER ]

SCOPE := [ host | link | global | NUMBER ]

FLAGS := [ equalize ]

NHFLAGS := [ onlink | pervasive ]

RTPROTO := [ kernel | boot | static | NUMBER ]

rule格式

ip rule  [ list | add | del | flush ] SELECTOR ACTION

SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ dev STRING ] [ pref NUMBER ]

ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ]

TABLE_ID := [ local | main | default | NUMBER ]

neigh格式

ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ] [ nud { permanent | noarp | stale | reachable} ] | proxy ADDR } [ dev DEV ]

ip neigh { show | flush } [ to PREFIX ] [ dev DEV ] [ nud STATE ]

tunnel格式

ip tunnel { add | change | del | show | prl } [ NAME ]

               [ mode MODE ] [ remote ADDR ] [ local ADDR ]

               [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]

               [ encaplimit ELIM ] [ ttl TTL ]

               [ tos TOS ] [ flowlabel FLOWLABEL ]

               [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]

               [ [no]pmtudisc ] [ dev PHYS_DEV ] [ dscp inherit ]

MODE :=  { ipip | gre | sit | isatap | ip6ip6 | ipip6 | any }

ADDR := { IP_ADDRESS | any }

TOS := { NUMBER | inherit }

ELIM := { none | 0..255 }

TTL := { 1..255 | inherit }

KEY := { DOTTED_QUAD | NUMBER }

TIME := NUMBER[s|ms]

maddr格式

ip maddr [ add | del ] MULTIADDR dev NAME

ip maddr show [ dev NAME ]

mroute格式

ip mroute show [ PREFIX ] [ from PREFIX ] [ iif DEVICE ]

monitor格式

ip monitor [ all | OBJECT-LIST ]

xfrm格式

ip xfrm XFRM_OBJECT { COMMAND }

XFRM_OBJECT := { state | policy | monitor }

ip xfrm state { add | update } ID [ XFRM_OPT ]  [ mode MODE ]

                [ reqid REQID ]  [ seq SEQ ]  [ replay-window SIZE ]

                [ flag FLAG-LIST ]  [ encap ENCAP ]  [ sel SELECTOR ]

                [ LIMIT-LIST ]

ip xfrm state allocspi ID  [ mode MODE ]  [ reqid REQID ]  [ seq SEQ ]  [ min SPI max SPI ]

ip xfrm state { delete | get } ID

ip xfrm state { deleteall | list } [ ID ]  [ mode MODE ]

                [ reqid REQID ]  [ flag FLAG_LIST ]

ip xfrm state flush [ proto XFRM_PROTO ]

ip xfrm state count

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | ro | beet ] (default=transport)

FLAG-LIST :=  [ FLAG-LIST ] FLAG

FLAG :=  [ noecn | decap-dscp | wildrecv ]

ENCAP := ENCAP-TYPE SPORT DPORT OADDR

ENCAP-TYPE := espinudp  | espinudp-nonike

ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]

ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY

ALGO_TYPE :=  [ enc | auth | comp ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN]  [ UPSPEC ]  [ dev DEV ]

UPSPEC := proto PROTO [[ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ]]

LIMIT-LIST := [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] | [ [byte-soft|byte-hard] SIZE ] | [ [packet-soft|packet-hard] COUNT ]

ip xfrm policy { add | update }  dir DIR SELECTOR [ index INDEX ]

                [ ptype PTYPE ]  [ action ACTION ]  [ priority PRIORITY ]

                [ LIMIT-LIST ] [ TMPL-LIST ]

ip xfrm policy { delete | get }  dir DIR [ SELECTOR | index INDEX  ]

                [ ptype PTYPE ]

ip xfrm policy { deleteall | list }  [ dir DIR ] [ SELECTOR ]

                [ index INDEX ]  [ action ACTION ]  [ priority PRIORITY ]

ip xfrm policy flush  [ ptype PTYPE ]

ip xfrm count

PTYPE :=  [ main | sub ] (default=main)

DIR :=  [ in | out | fwd ]

SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC  ] [ dev DEV ]

UPSPEC := proto PROTO [  [ sport PORT ]  [ dport PORT ] |

                [ type NUMBER ]  [ code NUMBER ] ]

ACTION :=  [ allow | block ] (default=allow)

LIMIT-LIST :=  [ LIMIT-LIST ] |  [ limit LIMIT ]

LIMIT :=  [ [time-soft|time-hard|time-use-soft|time-use-hard] SECONDS ] |  [ [byte-soft|byte-hard] SIZE ] | [packet-soft|packet-hard] NUMBER ]

TMPL-LIST :=  [ TMPL-LIST ] |  [ tmpl TMPL ]

TMPL := ID [ mode MODE ]  [ reqid REQID ]  [ level LEVEL ]

ID :=  [ src ADDR ]  [ dst ADDR ]  [ proto XFRM_PROTO ]  [ spi SPI ]

XFRM_PROTO :=  [ esp | ah | comp | route2 | hao ]

MODE :=  [ transport | tunnel | beet ] (default=transport)

LEVEL :=  [ required | use ] (default=required)

ip xfrm monitor [ all | OBJECT-LIST ]

token格式

ip token { COMMAND | help }

ip token { set } TOKEN dev DEV

ip token { get } dev DEV

ip token { list }

常用选项

-V, -Version

打印程序版本

-s, -stats, -statistics

输出更多信息,出现多次,输出信息越多

-h, -human, -human-readable

以适合人类阅读的方式输出信息

-iec

和-h选项类似,基本单位是1024

-f, -family

指定使用的协议族,值列表:inet, inet6, ipx, dnet or link,如果没有指定会根据上下文猜测或者使用默认的协议族,一般是inet。link is a special family identifier meaning that no networking protocol is involved.

简写形式 -4 = -f inet, -6 = -f inet6, -0 = -f link

-o, -oneline

一行显示

-r, -resolve

use the system’s name resolver to print DNS names instead of host addresses.

操作对象说明

1 link

- network device.

2 address

- protocol (IP or IPv6) address on a device.

3 addrlabel

- label configuration for protocol address selection.

4 neighbour

- ARP or NDISC cache entry.

5 route

- routing table entry.

6 rule

- rule in routing policy database.

7 maddress

- multicast address.

8 mroute

- multicast routing cache entry.

9 tunnel

- tunnel over IP.

10 xfrm

- framework for IPsec protocol.

实践

操作物理网卡

1 显示网卡设备信息

[root@vm asia_ucenter]# ip -s link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    RX: bytes  packets  errors  dropped overrun mcast

    2188533266 2199032  0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    2188533266 2199032  0       0       0       0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 08:00:27:40:a8:72 brd ff:ff:ff:ff:ff:ff

    RX: bytes  packets  errors  dropped overrun mcast

    12012726   64662    0       0       0       0

    TX: bytes  packets  errors  dropped carrier collsns

    35491390   77118    0       0       0       0

2 关闭或者启用eth0网卡

# 关闭

[root@vm apk]# ip link set dev eth0 down

#开启

[root@vm apk]# ip link set dev eth0 up

3 启用或者关闭arp

# 关闭

[root@vm apk]# ip link set dev eth0 arp off

#开启

[root@vm apk]# ip link set dev eth0 arp on

4 启用或者关闭组播

# 关闭

[root@vm apk]# ip link set dev eth0 multicast off

#开启

[root@vm apk]# ip link set dev eth0 multicast on

5 启用或者关闭动态获取ip(不知道是不是这个意思?>_<)

dynamic on or dynamic off

( change the DYNAMIC flag on the device. )

6 修改网卡名字

name NAME

(网卡正在运行中或者其它配置有使用到老名字,不建议更改)

7 设置发送队列长度

方式一:txqueuelen NUMBER

方式二:txqlen NUMBER

8 设置网卡设备最大传输单元

mtu NUMBER

9 设置网卡物理地址

address LLADDRESS

10 设置广播地址相关(不知道是不是这个意思?>_<)

broadcast LLADDRESS

brd LLADDRESS

peer LLADDRESS

(change the link layer broadcast address or the peer address when the interface is POINTOPOINT.)

11 设置虚拟路由转发

netns PID

(move the device to the network namespace associated with the process PID.)

12 设置设备别名

alias NAME

ip地址操作

1 eth0设备增加本地ip:10.0.2.5,标签名为eth0:0,广播地址一样

[root@vm apk]# ip addr add dev eth0:0 local 10.0.2.5/24 brd + label eth0:0

2 删除之前添加的ip,参数需要跟之前一样

[root@vm apk]# ip addr delete dev eth0:0 local 10.0.2.5/24 brd - label eth0:0

3 显示ip地址信息

ip address show - look at protocol addresses

       dev NAME (default)

              name of device.

       scope SCOPE_VAL

              only list addresses with this scope.

       to PREFIX

              only list addresses matching this prefix.

       label PATTERN

              only list addresses with labels matching the PATTERN.  PATTERN is a usual shell style pattern.

       primary and secondary

              only list primary (or secondary) addresses.

4 删除ip地址,过滤条件跟显示一样,谨慎操作

ip addr flush arg1 arg2

邻居(neighbour)/arp表管理

1 添加一个邻居节点信息

[root@vm apk]# ip neighbour add to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

# 邻居节点状态说明

permanent

    - the neighbour entry is valid forever and can be only be removed administratively.

noarp

    - the neighbour entry is valid. No attempts to validate this entry will be made but  it  can be removed when its lifetime expires.

reachable

    - the neighbour entry is valid until the reachability timeout expires.

stale

    - the neighbour entry is valid but suspicious.  This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.

2 邻居节点失效:ip为10.0.2.6,设备名为eth0的节点

[root@vm apk]# ip neighbour delete to 10.0.2.6 dev eth0

3 显示邻居节点列表,过滤参数和添加一样

[root@vm apk]# ip neighbour list

10.0.2.6 dev eth0  FAILED

10.0.2.1 dev eth0 lladdr 52:54:00:12:35:00 STALE

10.0.2.3 dev eth0 lladdr 08:00:27:4e:35:c1 STALE

10.0.2.2 dev eth0 lladdr 52:54:00:12:35:00 REACHABLE

4 删除邻居节点,过滤参数和add一样,没有过滤参数,不做处理

备注:a 失效状态不能删除 b 执行了这个操作后,还是能看到(不知道是什么原因?>_<)

[root@vm apk]# ip -s neighbour flush to 10.0.2.6 dev eth0

*** Round 1, deleting 1 entries ***

*** Flush is complete after 1 round ***

5 更改已存在的邻居节点ip:10.0.2.6,物理网卡地址为:22:33:aa:33:44:dd,设备名为:eth0的状态为stale

[root@vm apk]# ip -s neighbour change to 10.0.2.6 dev eth0 lladdr 22:33:aa:33:44:dd nud stale

路由表管理

1 说明

路由类型

unicast

    - the route entry describes real paths to the destinations covered by the route prefix.

unreachable

    -  these  destinations  are  unreachable.  Packets  are  discarded and the ICMP message host unreachable is generated.  The local senders get an EHOSTUNREACH error.

blackhole

    - these destinations are unreachable. Packets are discarded silently.  The local senders get an EINVAL error.

prohibit

    -  these destinations are unreachable. Packets are discarded and the ICMP message communication administratively prohibited is generated. The local senders get an EACCES error.

local

    - the destinations are assigned to this host. The packets are looped back and delivered locally.

broadcast

    - the destinations are broadcast addresses. The packets are sent as link broadcasts.

throw

    - a special control route used together with policy rules. If such a route is selected,  lookup  in this  table  is terminated pretending that no route was found. Without policy routing it is equivalent to the absence of the route in the routing table. The packets are dropped and the ICMP message net  unreachable is generated. The local senders get an ENETUNREACH error.

nat

    -  a  special NAT route. Destinations covered by the prefix are considered to be dummy (or external)addresses which require translation to real (or internal) ones before forwarding. The addresses to translate to are selected with the attribute via.  Warning: Route NAT is no longer supported in Linux 2.6.

anycast

    -  not implemented the destinations are anycast addresses assigned to this host. They are mainly equivalent to local with one difference: such addresses are invalid when used as the  source  address  of any packet.

multicast

    - a special type used for multicast routing. It is not present in normal routing tables.

2 其它,这里偷个懒,参数列表实在太多了,相关说明直接看命令帮助文档吧

N天学习一个linux命令之ip的更多相关文章

  1. N天学习一个Linux命令之帮助命令:man

    前言 工作中每天都在使用常用的命令和非常用的命令,忘记了用法或者参数,都会bing一下,然后如此循环.一直没有真正的系统的深入的去了解命令的用法,我决定打破它.以前看到有人,每天学习一个linux命令 ...

  2. N天学习一个Linux命令之free

    用途 查看系统内存(物理/虚拟/缓存/共享)使用情况 用法 free [-b | -k | -m | -g | -h] [-o] [-s delay ] [-c count ] [-a] [-t] [ ...

  3. N天学习一个linux命令之ping

    用途 检测主机是否可到达,也就是说,目标主机是否可以联网,还可以用于检测网速.通过发送ICMP ECHO_REQUEST数据包检测. 用法 ping [options] destination 常用选 ...

  4. N天学习一个linux命令之kill

    用途 用于终止进程 用法 kill [-s signal|-p] [--] pid... kill -l [signal] 说明 1.默认发送信号15(请求终止进程,程序可以捕获,操作系统会杀死没有对 ...

  5. N天学习一个linux命令之du

    用途 统计文件或者目录占用硬盘空间大小 用法 du [OPTION] [FILE]du [OPTION] --files0-from=F 常用参数 -a, --all统计所有文件,不仅仅是目录 -b, ...

  6. N天学习一个linux命令之scp

    用途 通过ssh通道,不同主机之间复制文件 用法 scp [options] [user@host:]file1 [user2@host2:]file2 常用参数 -1使用 ssh 1协议 -2使用s ...

  7. 每天学习一个Linux命令-目录

    在工作中总会零零散散使用到各种Linux命令,从今天开始详细的学习一下linux常用命令,坚持每天一个命令,学习的主要参考资料为: 1.竹子-博客(https://www.cnblogs.com/pe ...

  8. N天学习一个linux命令之umask

    前言 umask不是linux命令,而是shell内置的指令,俗称用户权限掩码,用于对用户创建的文件和目录设置默认权限.默认的权限掩码是0022,也就是说新创建的文件权限是0644,新创建的目录权限是 ...

  9. N天学习一个linux命令之yum

    yum命令 用途 yum(Yellowdog Updater Modified),RedHat系Linux操作系统包管理器,基于rpm,从源远程仓库下载rpm包安装,同时解决依赖关系,使用Python ...

随机推荐

  1. 洛谷P1478 陶陶摘苹果(升级版)

    题目数据范围小,开两个数组手写冒泡应该也能过,不过和之前在牛客上的一题类似用结构体数组就好了,主要是注意用结构体数组的排序 题目 题目描述 又是一年秋季时,陶陶家的苹果树结了n个果子.陶陶又跑去摘苹果 ...

  2. 分享一些对IT人员非常好用的资源

    前言 分享一下本人工作至今整理的一些好用的资源,这些资源主要是一些工作和生活中用到的文档.软件和网站. 文档主要是面试相关的文档和技术文档,其中面试文档主要是Java这块的,技术文档就有很多,除了Ja ...

  3. ORA-01075: you are currently logged on

    [root@hear01 ~]# su - oracle[oracle@hear01 ~]$ sqlplus "/as sysdba" SQL*Plus: Release 11.2 ...

  4. android 二维码 扫描,生成,竖屏

    最近公司有用到二维码,生成,扫描,所以学习了一下,和大家分享: demo 见下面链接,已经改成竖屏: http://download.csdn.net/detail/q610098308/868101 ...

  5. Linux-fork()函数详解,附代码注释

    // // main.c // Project_C // // Created by LiJinxu on 16/8/13. // Copyright © 2016年 LiJinxu-NEU. All ...

  6. Android RecyclerView遇到notifyDataSetChanged无效时的解决方案

    一.简述 不管AbsListView(ListView.GridView)或是新出的RecyclerView,在使用notifyDataSetChanged方法更新列表数据时,一定要保证数据为同个对象 ...

  7. cordova科大讯飞语音识别

    cordova-plugin-IFlyspeech 科大讯飞的语音听说读写的cordova插件 Supported Platforms iOS android Installation 插件安装命令: ...

  8. sql 分析 依赖beanutils

    你还在为sql语句的拼接而烦恼吗? sql语句支持表达式了! package com.newland.bi.webservice.common.manage; import java.util.Arr ...

  9. Memcached 之PHP实现服务器集群一致性hash算法

    /** * memcached 一致性hash,分布式算法 * Class MemcacheCluster */ class MemcacheCluster { protected $nodes = ...

  10. 微信小程序video监测播放进度

    video组件提供的进度相关的监测只有 bindtimeupdate ,官方说明这个函数250ms触发一次,在开发者工具上基本符合,但在真机上每隔1秒触发一次.达不到我们要求的精度.对比下音频,wx. ...