ip 功能说明: 网络配置工具
ip命令是iproute软件包中的一个强大的网络配置工具,用于显示或管理Linux系统的路由、网络设备、策略路由和隧道。
CentOS7开始推广ip命令,用于替代传统的ifconfig和route命令
语法格式:
ip [选项] [网络对象] [操作命令]
参数选项
-s 输出更详细的信息,为了显示更详细的信息,可重复使用此选项
-r 显示主机时,不使用IP地址,而是使用主机的域名
网络对象 指定要管理的网络对象,支持的网络对象如下:
link 网络设备
address 设备的协议地址(IP地址)
addrlabel 协议地基标签管理
neighbour arp或ndisc缓存表
roue 路由表
rule 策略路由表
maddress 多播地址
mroute 多播路由缓存表
tunnel IP隧道
xfrm IPsec协议框架
这里有一个有趣的用法,比如 ip address 可以简写为 ip addr 或者最简化 ip a,它们的效果是一样的,其他对象也是如此
操作命令 对指定的网络对象完成的具体操作。通常,每一个具体操作的命令后面又有一组相关的命令选项。
不同的操作对象所支持的操作命令也不同。下面按照操作的网络对象给出所支持的常见操作命令。
link 对象支持的操作命令:set(修改设备属性)、show(显示设备属性);
address 对象支持的操作命令:add(添加协议地址)、del(测除协议地址)、flush(清除协议地址)、show(查看协议地址);
addrlabel 对象支持的操作命令:add、del、list、flush;
neighbour 对象支持的操作命令:add、change、replace、delete、show、flush;
route 对象支持的操作命令:add,change、replace、delete、show、flush、get;
rule 对象支持的操作命今:add、delete、flush、show;
maddress 对象支持的操作命令:show、add、delete;
mroute 对象支持的操作命令:show;
tunnel 对象支持的操作命令:add、change、delete,prl、show;
xfrm 对象支持的操作命令:state、policy、monitor。
说明:
1)show命令用于显示指定设备的信息,加果后面不接设备名,剩会显示所有设备的信息。例如ip a和ip a show的结果是一样的。
2)操作命令也可以简写,比如ip a show 可以简写为ip a s
范例:显示网络设备属性
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip -s link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
828 12 0 0 0 0
[root@cs6 ~]# ip -s -s link show dev eth1 # 使用两个s显示更详细的属性
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
828 12 0 0 0 0
TX errors: aborted fifo window heartbeat
0 0 0 0
范例:关闭和激活设备
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip link set eth1 down
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
范例:修改MAC地址
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip link set eth1 address 0:0c:29:13:10:11 #<=修改MAC地址
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
范例:查看网卡信息
[root@cs6 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.100/24 brd 10.0.0.255 scope global eth0
inet6 fe80::20c:29ff:fe8c:6a04/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
[root@cs6 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
范例:添加或删除IP地址
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
[root@cs6 ~]# ip link set eth1 up
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1
# 可以添加多个IP地址,这种称为辅助IP,前面ifconfig 命令创建的为别名称IP.现在采用的高可用软件诶heartbeat 、keepalive都采用了辅助IP
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
inet 172.16.1.13/24 scope global secondary eth1
inet6 fe80::20c:29ff:fe13:1011/64 scope link
valid_lft forever preferred_lft forever
[root@cs6 ~]# ip a del 172.16.1.100/24 dev eth1 # 删除主IP
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe13:1011/64 scope link
valid_lft forever preferred_lft forever
#IP地址全部被删除
[root@cs6 ~]# ip a add 172.16.1.100/24 dev eth1
[root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1
[root@cs6 ~]# ip a del 172.16.1.13/24 dev eth1
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 scope global eth1
inet6 fe80::20c:29ff:fe13:1011/64 scope link
valid_lft forever preferred_lft forever
说明:
删除网卡的主IP地址,同时会删除该网卡的所有IP地址。
删除网卡的辅助IP地址,不会影响该网卡的其他IP地址。
范例:使用ip命令创建别名IP
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 scope global eth1
inet6 fe80::20c:29ff:fe13:1011/64 scope link
valid_lft forever preferred_lft forever
使用label选项创建别名IP
[root@cs6 ~]# ip a add 10.0.0.29/32 dev eth1 label eth1:1
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 scope global eth1
inet 10.0.0.29/32 scope global eth1:1
inet6 fe80::20c:29ff:fe13:1011/64 scope link
valid_lft forever preferred_lft forever
[root@cs6 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:8C:6A:04
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe8c:6a04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2876 errors:0 dropped:0 overruns:0 frame:0
TX packets:1835 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:266051 (259.8 KiB) TX bytes:198053 (193.4 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11
inet addr:172.16.1.100 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe13:1011/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:1296 (1.2 KiB)
eth1:1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11
inet addr:10.0.0.29 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
备注:使用ifconfig命令创建的别名IP,ip命令能够查询到;
相反,通过ip命今创建的辅助IP,ifconfig命令则查询不了,除非使用ip命令的label功能创建别名IP。
范例:查看路由表
[root@cs6 ~]# ip route
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.0.0.2 dev eth0
[root@cs6 ~]# ip route|column -t
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.0.0.2 dev eth0
#<==使用column命令格式化,选项-t,默认根据空格分隔判断输入行的到数来创建一个表。
[root@cs6 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
添加静态路由
[root@cs6 ~]# ip route add 10.1.0.0/24 via 10.0.0.253 dev eth0
[root@cs6 ~]# ip route |column -t
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100
10.1.0.0/24 via 10.0.0.253 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.0.0.2 dev eth0
范例:查看ARP缓存
[root@cs6 ~]# ip neighbour
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE
10.0.0.99 dev eth0 FAILED
范例:添加或删除静态ARP项
[root@cs6 ~]# ip neighbour add 192.168.1.100 lladdr 00:50:56:f4:fb:55 dev eth0
[root@cs6 ~]# ip neighbour
192.168.1.100 dev eth0 lladdr 00:50:56:f4:fb:55 PERMANENT
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.99 dev eth0 FAILED
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE
[root@cs6 ~]# ip neighbour del 192.168.1.100 dev eth0
[root@cs6 ~]# ip neighbour
192.168.1.100 dev eth0 FAILED
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.99 dev eth0 FAILED
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE
浙公网安备 33010602011771号