Tutorial ip command output breakdown

[CaffeineAddict]

Linux terminal command ip is a Swiss knife command that lets you manage many aspects of your NIC's (Network Interface Card).

It's is relatively new command that deprecates the following commands:

• arp (replacement: ip n)
• ifconfig (replacement: ip)
• nameif (replacement: ip link)
• route (replacement: ip r)

ip command when run alone without any arguments (actually called objects) will print its usage.
We'll examine output of the following commands ip link, ip addr and ip route, these 3 are most common however there are many other usages and arguments:

ip link output

What does the output print and what does it mean?
Sample output:

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 6d:c1:6c:f9:f8:5d brd ff:ff:ff:ff:ff:ff
    altname enx525400630940

NIC name (link)

The network interface name as a string

LOOPBACK

The network interface is loopback interface.

NO-CARRIER

Definition: A telecommunications carrier network is the collection of devices and underlying infrastructure
used to transmit data from one location to another.

NO-CARRIER means NIC is not connected to gateway.

BROADCAST

This interface supports broadcasting

MULTICAST

This interface supports multicasting

ALLMULTI

Enabled when ip link set wlan0 allmulticast on is run.
When this option is enabled, the network interface will receive all multicast packets, not just those it is subscribed to.
This can be useful in promiscuous or monitor mode.

UP

It's operational and connected, e.g. has IP address assigned and is connected to gateway

LOWER_UP

The hardware layer of the network (layer one) is UP

PROMISC

NIC is in promiscuous mode

Promiscuous mode is a network interface controller setting that allows it to receive all traffic,
not just the frames addressed to it.
It is used for packet sniffing, network monitoring etc.

NOTRAILERS

Enabled when ip link set wlan0 trailers on is run.
The network interface avoids using trailer encapsulations, which is a method of encapsulating layer 2 network packets.

mtu

The Maximum Transfer Unit this interface supports

qdisc

Queuing discipline

It schedules the transmission of packets.
There are different queuing techniques called disciplines, we'll name 2:

• noqueue discipline means "send instantly, don't queue"
• fq_codel discipline means "Fair Queuing, Controlled Delay"

Example usage:

# Show current qdisc (2 methods)
sudo tc qdisc show dev eth0
ip link

# Change qdisc temporarily
sudo tc qdisc add dev eth0 root fq_codel

# Change qdisc in NetworkManager (replace <CONN_NAME> with connection name from output)
nmcli connection show
nmcli connection modify <CONN_NAME> tc.qdiscs 'root fq_codel'
sudo systemctl restart NetworkManager

state

Possible states are:

• UP The network interface operational and connected
• DOWN The network interface is not operational
• UNKNOWN The network interface is operational but nothing is connected

mode

Possible modes are:

• DORMANT
• DEFAULT

What does mean DORMANT mode in ip link show wlan0?

group

Interfaces can be grouped logically
The default is to place them all in a group called "default"

qlen

Queue length.
The maximum length of the transmission queue of the NIC (not kernel backlog)

Example usage:

# Get txqueuelen of NIC
ip link show dev eth0

# Set txqueuelen
sudo ip link set txqueuelen 2000 dev eth0

# Get kernel backlog queue
sudo sysctl net.core.netdev_max_backlog

# Set kernel backlog queue and load config
echo "net.core.netdev_max_backlog = 2000" > /etc/sysctl.d/10-netdev_max_backlog.conf
sudo sysctl -p /etc/sysctl.d/10-netdev_max_backlog.conf

link

link columns are:

• loopback (The NIC is loopback NIC, ether is 00:00:00:00:00:00 and brd is 00:00:00:00:00:00)
• ether (The media access control (MAC) address of the interface)
• brd (link) (Broadcast MAC address)
• permaddr

Permanent hardware address (MAC address) of a network interface.
It indicates the MAC address that is assigned to the interface and does not change, even if the interface is temporarily assigned a different address.

Sample usage of the ip link command:

# Bring interface down (prior NIC configuration)
sudo ip link set eth0 down

# Bring interface up (after NIC configuration)
ip link set eth0 up

# Show details about interface
ip -details link show dev eth0

# Show details about interface in JSON and formatted output
ip -details -json -pretty link show dev ovsbr0

The next command output we examine is ip addr, here's what the output means:

Sample output:

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 6d:c1:6c:f9:f8:5d brd ff:ff:ff:ff:ff:ff
    altname enx525400630940
    inet 172.31.44.100/24 brd 172.31.44.255 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe63:940/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

inet

The IPv4 address and prefix length representing the subnet mask

brd (inet)

The broadcast address for this subnet

scope (inet)

The IP address scopes are

• host The IP address is only valid inside the computer (the "host")
• link The IP address is limited to the network to which this computer is directly connected
• global The IP address is valid everywhere on this network

proto

The routing protocol identifier, possible values are:

• dhcp Means the routes will be determined dynamically (by DHCP)
• static Means the routes will be determined statically (by Administrator)
• kernel The route created by the kernel during auto-configuration
• kernel_ll Link-local addresses have this protocol value

dynamic

The IP address is lost when the interface goes down

noprefixroute

Do not create a route in the route table when this IP address is added.
Someone has to add a route manually if they want to use one with this IP address.
Likewise, if this IP address is deleted, don't look for a route to delete.

NIC name (inet)

The interface with which this IP address is associated

valid_lft

Valid lifetime.

For an IP address allocated by DHCP, this is the length of time the IP address is considered valid
and able to make and accept connection requests

Possible value is:
- forever

preferred_lft

Preferred lifetime

For an IP address allocated by DHCP, this is the amount of time the IP address can be used with no restrictions.
This should never be larger than the valid_lft value.

Possible value is:
- forever

altname

Alternative name for a network interface, allowing the interface to have multiple names simultaneously.
This feature helps overcome naming limitations and can be used as a handle for commands.

inet6

The IPv6 address, scope , valid_lft, and preferred_lft

ip addr sample usage:

# Delete single IP from interface
sudo ip addr del 10.10.10.20/24 dev eth0

# Delete all IP's from interface
sudo ip addr flush dev eth0

# Assign IP to interface
sudo ip addr add 10.10.10.1/24 brd 10.10.10.10 dev eth0

# Show IP configuration of a NIC
ip link addr show dev eth0
ip link addr show eth0

The next command output we examine is ip route, here's what the output means:

Sample output:

ip route
default via 172.41.33.1 dev enp1s0 onlink
172.41.33.0/24 dev enp1s0 proto kernel scope link src 172.41.33.22

default

The default route

This route is used if none of the other rules match what's being sent

via

Routes the packets via the device at x.x.x.x

This is the IP address of the default router on this network

dev

Use this network interface to send the packets to the router.

proto

The routing protocol identifier, possible values are:

• dhcp Means the routes will be determined dynamically (by DHCP)
• static Means the routes will be determined statically (by Administrator)
• kernel The route created by the kernel during auto-configuration
• kernel_ll Link-local addresses have this protocol value

scope (route)

One of the scopes are:

link The scope is limited to the immediate network to which this computer is connected

src

The IP address from which packets sent by this route originate

metric

An indication of the preference of the route compared to others.

Routes with lower metrics are preferentially used over those with higher metrics.
You can use this to give preference to a wired network interface over a Wi-Fi one.

onlink

Sample usage explains including the onlink usage is better than words:

# Show routing tables
ip route show
ip route
ip r

# Add route
ip route add {NETWORK/MASK} via {GATEWAYIP}
ip route add {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} dev {DEVICE}
ip route add default {NETWORK/MASK} via {GATEWAYIP}

# When adding route for disconnected but configured interface
ip route add default via {GATEWAYIP} dev {DEVICENAME} onlink
ip route add default via {GATEWAYIP} dev {DEVICENAME} proto dhcp src {DEVICEIP} metric {METRIC} onlink

# Flush routing table
ip route flush table main