1. 写在前面
本文主要介绍 Linux ip 命令: Linux 中的 ip 命令存在于 net-tools 中,用于执行多项网络管理任务。IP 代表互联网协议。该命令用于显示或操作路由、设备和隧道。它与 ifconfig 命令类似,但功能更强大,附带的功能和设施也更多。ifconfig 是 Linux net-tools 中已废弃的命令之一,多年来一直无人维护。
ip 命令常用于:分配网络接口地址、配置网络接口参数、配置和修改默认路由和静态路由、设置 IP 隧道、列出 IP 地址和属性信息、修改接口状态,以及分配、删除和设置 IP 地址和路由。
2. 如何使用 ip 命令?
ip 命令的语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
常用的对象(或子命令)包括:
link (l) – 用于显示和修改网络接口;
address (addr/a) – 用于显示和修改协议地址(IPv4、IPv6);
route (r) – 用于显示和更改路由表;
neigh (n) – 用于显示和操作ARP 表;
执行命令,可以使用完整或缩写形式,例如,ip link 和 ip l 的结果是一样的。当然,除了这几个常用的,还有其他对象和命令可用,可通过 ip help 查看:
root@dev:~# ip help
------------------------------------------------------------------------
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf | sr | nexthop }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec | -j[son] | -p[retty] |
-f[amily] { inet | inet6 | mpls | bridge | link } |
-4 | -6 | -I | -D | -M | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] |
-c[olor]}
注意:
-
配置网络接口时,必须以
root或具有sudo权限的用户身份运行命令; -
默认情况下,通过
ip执行命令,系统不会永久保留更改,一旦重新启动 Linux 服务器,之前修改的状态就会丢失。有两种方法可以使你的调整永久有效: -
将命令添加到启动脚本中;
-
编辑Linux 系统发行版特定的配置文件;
3. 管理和显示网络接口
查看 ip link 命令帮助信息:
root@dev:~# ip link help
------------------------------------------------------------------------
Usage: ip link add [link DEV] [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ] [index IDX ]
[ numtxqueues QUEUE_COUNT ]
[ numrxqueues QUEUE_COUNT ]
type TYPE [ ARGS ]
ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]
ip link set { DEVICE | dev DEVICE | group DEVGROUP }
[ { up | down } ]
[ type TYPE ARGS ]
[ arp { on | off } ]
[ dynamic { on | off } ]
[ multicast { on | off } ]
[ allmulticast { on | off } ]
3.1 显示网络接口信息
(1). 显示所有可用网络设备信息:
root@dev:~# ip link show
------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
3: br-3c911bd828a7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:c0:b3:e6:23 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:77:76:e5:1b brd ff:ff:ff:ff:ff:ff
(2). 显示指定网络设备:
语法:ip link show dev [device]
root@dev:~# ip link show ens3
------------------------------------------------------------------------
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
(3). 查看所有网络接口的统计数据(传输或丢弃的数据包,甚至错误等详细信息):
root@dev:~# ip -s link
------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
56978133 945113 0 0 0 0
TX: bytes packets errors dropped carrier collsns
56978133 945113 0 0 0 0
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
978151833 1664159 0 161449 0 0
TX: bytes packets errors dropped carrier collsns
1802098096 1470167 0 0 0 0
(4). 查看单个网络接口的类似信息:
语法:ip -s link ls [interface]
root@dev:~# ip -s link ls ens3
------------------------------------------------------------------------
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
978169758 1664332 0 161491 0 0
TX: bytes packets errors dropped carrier collsns
1802115398 1470270 0 0 0 0
如果需要更多细节,可在语法中再添加一个 -s:ip -s -s link ls [interface]
root@dev:~# ip -s -s link ls ens3
------------------------------------------------------------------------
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
978175811 1664398 0 161507 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1802119646 1470314 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
(5). 查看运行的网络接口
root@dev:~# ip link ls up
------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
3: br-3c911bd828a7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:c0:b3:e6:23 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:77:76:e5:1b brd ff:ff:ff:ff:ff:ff
3.2 修改网络接口状态
备注: 以下命令尽量在开发环境尝试,避免主机失联;
(1). 启动网络接口
语法:ip link set [interface] up
(2). 关闭网络接口
语法:ip link set [interface] down
(3). 修改网络接口传输队列
使用 ip link 命令可以修改传输队列,加快或减慢接口速度。
语法:ip link set txqueuelen [number] dev [interface]
(4). 设置 MTU(最大传输单位)以提高网络性能
语法:ip link set mtu [number] dev [interface]
4. 监控和管理 IP 地址
查看 ip address (addr/a) 帮助信息;
root@dev:~# ip addr help
------------------------------------------------------------------------
Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ]
[ CONFFLAG-LIST ]
ip address del IFADDR dev IFNAME [mngtmpaddr]
ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]
[ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up]
ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ]
[ type TYPE ] [ to PREFIX ] [ FLAG-LIST ]
[ label LABEL ] [up] [ vrf NAME ] ]
ip address {showdump|restore}
IFADDR := PREFIX | ADDR peer PREFIX
[ broadcast ADDR ] [ anycast ADDR ]
[ label IFNAME ] [ scope SCOPE-ID ] [ metric METRIC ]
SCOPE-ID := [ host | link | global | NUMBER ]
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG := [ permanent | dynamic | secondary | primary |
[-]tentative | [-]deprecated | [-]dadfailed | temporary |
CONFFLAG-LIST ]
4.1 监控 IP 地址
(1). 显示所有设备:
root@dev:~# ip addr
------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
inet 10.100.0.111/23 brd 10.100.1.255 scope global dynamic ens3
valid_lft 69124sec preferred_lft 69124sec
inet6 fe80::f816:3eff:fe96:388e/64 scope link
valid_lft forever preferred_lft forever
(2). 列出所有网络接口和相关 IP 地址
root@dev:~# ip addr show
--------------------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
inet 10.100.0.111/23 brd 10.100.1.255 scope global dynamic ens3
valid_lft 68984sec preferred_lft 68984sec
inet6 fe80::f816:3eff:fe96:388e/64 scope link
valid_lft forever preferred_lft forever
(3). 查看单个网络信息
语法:ip addr show dev [interface]
root@dev:~# ip addr show ens3
--------------------------------------------------------------------------------------
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:96:38:8e brd ff:ff:ff:ff:ff:ff
inet 10.100.0.111/23 brd 10.100.1.255 scope global dynamic ens3
valid_lft 68868sec preferred_lft 68868sec
inet6 fe80::f816:3eff:fe96:388e/64 scope link
valid_lft forever preferred_lft forever
(4). 列出 IPv4 地址
root@dev:~# ip -4 addr
-------------------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 10.100.0.111/23 brd 10.100.1.255 scope global dynamic ens3
valid_lft 68161sec preferred_lft 68161sec
(5). 列出 IPv6 地址
root@dev:~# ip -6 addr
-------------------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::f816:3eff:fe96:388e/64 scope link
valid_lft forever preferred_lft forever
4.2 如何在 Linux 中添加 IP 地址
添加 IP 地址语法:ip addr add [ip_address] dev [interface]
注意: 如果指定的接口不存在,输出将显示 “Cannot find device [interface]”信息。
(1). 接口添加广播地址
语法:ip addr add brd [ip_address] dev [interface]
(2). 接口删除 IP 地址
语法:ip addr del [ip_address] dev [interface]
5. 管理和显示 IP 路由表
查看 ip route 命令帮助信息:
root@dev:~# ip route help
-------------------------------------------------------------------------------------
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get [ ROUTE_GET_FLAGS ] ADDRESS
[ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ] [ ipproto PROTOCOL ]
[ sport NUMBER ] [ dport NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
[ ttl-propagate { enabled | disabled } ]
5.1 显示 IP 路由表
(1). 列出所有路由条目
root@dev:~# ip route
-------------------------------------------------------------------------------------
default via 10.100.0.1 dev ens3 proto dhcp src 10.100.0.111 metric 100
10.100.0.0/23 dev ens3 proto kernel scope link src 10.100.0.111
169.254.169.254 via 10.100.0.11 dev ens3 proto dhcp src 10.100.0.111 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.21.0.0/16 dev br-3c911bd828a7 proto kernel scope link src 172.21.0.1 linkdown
172.28.0.0/16 dev br-b8042d89218b proto kernel scope link src 172.28.0.1
或者:ip route list
使用上述命令,输出结果将显示内核中的所有路由条目。如果需要缩小搜索范围,添加 SELECTOR 对象:
ip route list SELECTOR
注意: SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ]
(2). 查看不同网络路由
语法:ip route list [ip_address]
5.2 修改 IP 路由表
(1). 在路由表中添加新条目
语法:ip route add [ip_address] dev [interface]
通过网关添加新条目:
语法:ip route add [ip_address] via [gatewayIP]
通过添加默认选项,该命令还可以为本地网关的所有地址添加路由:
语法:* ip route add default [ip_address] dev [device]* ip route add default [network/mask] via [gatewayIP]
(2). 删除路由表中的现有条目
语法:
-
ip route del [ip_address] -
ip route del default -
ip route del [ip_address] dev [interface]
6. 显示和修改 IP 邻居(Neighbor)条目
邻居条目将协议地址和链路层地址绑定在同一链路下。它们被组织成 IPv4 表,也称为 ARP(地址解析协议)表。
通过 ip neigh help 查看所有 neigh 命令选项。
root@dev:~# ip neigh help
-------------------------------------------------------------------------------------
Usage: ip neigh { add | del | change | replace }
{ ADDR [ lladdr LLADDR ] [ nud STATE ] | proxy ADDR } [ dev DEV ]
[ router ] [ extern_learn ] [ protocol PROTO ]
ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]
[ vrf NAME ]
ip neigh get { ADDR | proxy ADDR } dev DEV
STATE := { permanent | noarp | stale | reachable | none |
incomplete | delay | probe | failed }
6.1 显示 IP 邻居条目
root@dev:~# ip neigh show
-------------------------------------------------------------------------------------
10.100.0.62 dev ens3 lladdr fa:16:3e:c7:ea:d9 STALE
172.28.0.3 dev br-b8042d89218b lladdr 02:42:ac:1c:00:03 STALE
172.28.0.2 dev br-b8042d89218b lladdr 02:42:ac:1c:00:02 REACHABLE
172.28.0.6 dev br-b8042d89218b lladdr 02:42:ac:1c:00:06 REACHABLE
10.100.0.11 dev ens3 lladdr fa:16:3e:4a:e1:14 STALE
172.28.0.12 dev br-b8042d89218b lladdr 02:42:ac:1c:00:0c REACHABLE
172.28.0.15 dev br-b8042d89218b lladdr 02:42:ac:1c:00:0f STALE
172.28.0.14 dev br-b8042d89218b lladdr 02:42:ac:1c:00:0e STALE
172.28.0.16 dev br-b8042d89218b lladdr 02:42:ac:1c:00:10 REACHABLE
10.100.0.1 dev ens3 lladdr 08:4f:a9:7c:5d:51 REACHABLE
输出结果显示系统中设备的 MAC 地址及其状态。设备的状态可以是:
-
REACHABLE – 表示在超时之前,该入口是有效的、可到达的;
-
PERMANENT – 表示只有管理员才能删除的永久条目;
-
STALE – 表示一个有效但无法到达的条目;为了检查其状态,内核会在第一次传输时检查它;
-
DELAY – 表示内核仍在等待过期条目的验证;
6.2 修改 IP 邻居条目
(1). 添加一个新的条目
语法:ip neigh add [ip_address] dev [interface]
(2). 删除现有 ARP 条目
语法:ip neigh del [ip_address] dev [interface]
感谢您花时间阅读文章!
收藏本站不迷路!
原文始发于微信公众号(滑翔的纸飞机):Linux 命令:ip
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/260917.html
