ip命令是iproute软件包中的一个强大的网络配置工具,用于显示或管理Linux系统的路由、网络设备、策略路由和隧道。
ip [option] [object] [command]
ip [选项] [网络对象] [操作命令]
ip命令的参数选项及说明
-s 输出更详细的信息,为了显示更详细的信息,可重复使用此选项
-r 显示主机时,不使用IP地址,而是使用主机的域名
网络对象 指定要管理的网络对象
支持的网络对象如下:
link 网络设备
address 设备的协议地址(IP地址)
addrlabel 协议地基标签管理
neighbour arp或ndisc缓存表
roue 路由表
rule 策略路由表
maddress 多播地址
mroute 多播路由缓存表
tunnel IP隧道
xfrm IPsec协议框架
这里有一个有趣的用法,比如ip address可以简写为ip addr 或者最简化ip a,它们的效果是一样的,其他对象也是如此
操作命令 对指定的网络对象完成的具体操作。通常,每一个具体操作的命令后面又有一组相关的命令选项。
“不同的操作对象所支持的操作命令也不同。下面按照操作的网络对象给出所支持的常见操作命令。
link 对象支持的操作命令:set(修改设备属性)、show(显示设备属性);
address 对象支持的操作命令:add(添加协议地址)、del(测除协议地址)、flush(清除协议地址)、show(查看协议地址);
addrlabel 对象支持的操作命令:add、del、list、flush;
neighbour 对象支持的操作命令:add、change、replace、delete、show、flush;
route 对象支持的操作命令:add,change、replace、delete、show、flush、get;
rule 对象支持的操作命今:add、delete、flush、show;
maddress 对象支持的操作命令:show、add、delete;
mroute 对象支持的操作命令:show;
tunnel 对象支持的操作命令:add、change、delete,prl、show;
xfrm 对象支持的操作命令:state、policy、monitor。
说明:
1)show命令用于显示指定设备的信息,加果后面不接设备名,剩会显示所有设备的信息。例如ip a和ip a show的结果是一样的。
2)操作命令也可以简写,比如ip a show 可以简写为ip a s
显示网络设备属性
[root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip -s link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 828 12 0 0 0 0 [root@cs6 ~]# ip -s -s link show dev eth1 # 使用两个s显示更详细的属性 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 RX errors: length crc frame fifo missed 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 828 12 0 0 0 0 TX errors: aborted fifo window heartbeat 0 0 0 0
关闭和激活设备
[root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip link set eth1 down [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
修改MAC地址
[root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip link set eth1 address 0:0c:29:13:10:11 #<=修改MAC地址 [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
查看网卡信息
查看网卡信息 [root@cs6 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff inet 10.0.0.100/24 brd 10.0.0.255 scope global eth0 inet6 fe80::20c:29ff:fe8c:6a04/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 [root@cs6 ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
添加删除IP
添加或删除IP地址 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 [root@cs6 ~]# ip link set eth1 up [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1 # 可以添加多个IP地址,这种称为辅助IP,前面ifconfig 命令创建的为别名称IP.现在采用的高可用软件诶heartbeat 、keepalive都采用了辅助IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 inet 172.16.1.13/24 scope global secondary eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever
[root@cs6 ~]# ip a del 172.16.1.100/24 dev eth1 # 删除主IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever #IP地址全部被删除 [root@cs6 ~]# ip a add 172.16.1.100/24 dev eth1 [root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a del 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever
小结
删除网卡的主IP地址,同时会删除该网卡的所有IP地址。
删除网卡的辅助IP地址,不会影响该网卡的其他IP地址。
使用ip命令创建别名IP
[root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever
使用label选项创建别名IP
[root@cs6 ~]# ip a add 10.0.0.29/32 dev eth1 label eth1:1 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet 10.0.0.29/32 scope global eth1:1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever [root@cs6 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:8C:6A:04 inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe8c:6a04/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2876 errors:0 dropped:0 overruns:0 frame:0 TX packets:1835 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:266051 (259.8 KiB) TX bytes:198053 (193.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11 inet addr:172.16.1.100 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe13:1011/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:1296 (1.2 KiB) eth1:1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11 inet addr:10.0.0.29 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
备注:使用ifconfig命令创建的别名IP,ip命令能够查询到;相反,通过ip命今创建的辅助IP,ifconfig命令则查询不了,除非使用ip命令的label功能创建别名IP。
查看路由表
[root@cs6 ~]# ip route 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0
[root@cs6 ~]# ip route|column -t 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0
#<==使用column命令格式化,选项-t,默认根据空格分隔判断输入行的到数来创建一个表。
[root@cs6 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
添加静态路由[root@cs6 ~]# ip route add 10.1.0.0/24 via 10.0.0.253 dev eth0 [root@cs6 ~]# ip route |column -t 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 10.1.0.0/24 via 10.0.0.253 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0
查看ARP缓存
查看ARP缓存 [root@cs6 ~]# ip neighbour 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE 10.0.0.99 dev eth0 FAILED 添加或删除静态ARP项 [root@cs6 ~]# ip neighbour add 192.168.1.100 lladdr 00:50:56:f4:fb:55 dev eth0 [root@cs6 ~]# ip neighbour 192.168.1.100 dev eth0 lladdr 00:50:56:f4:fb:55 PERMANENT 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.99 dev eth0 FAILED 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE [root@cs6 ~]# ip neighbour del 192.168.1.100 dev eth0 [root@cs6 ~]# ip neighbour 192.168.1.100 dev eth0 FAILED 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.99 dev eth0 FAILED 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE
CentOS7开始推广ip命令,用于替代传统的ifconfig和route命令