10.6 ip:网络配置工具

ip命令是iproute软件包中的一个强大的网络配置工具,用于显示或管理Linux系统的路由、网络设备、策略路由和隧道。

 
ip [option] [object] [command]
ip [选项]  [网络对象]  [操作命令]

ip命令的参数选项及说明

-s         输出更详细的信息,为了显示更详细的信息,可重复使用此选项
-r         显示主机时,不使用IP地址,而是使用主机的域名
 
网络对象    指定要管理的网络对象
           支持的网络对象如下:
           link    网络设备
           address    设备的协议地址(IP地址)
           addrlabel    协议地基标签管理
           neighbour     arp或ndisc缓存表
           roue         路由表
           rule        策略路由表
           maddress     多播地址
           mroute        多播路由缓存表
           tunnel        IP隧道
           xfrm          IPsec协议框架
         这里有一个有趣的用法,比如ip address可以简写为ip addr 或者最简化ip a,它们的效果是一样的,其他对象也是如此
 
 
操作命令    对指定的网络对象完成的具体操作。通常,每一个具体操作的命令后面又有一组相关的命令选项。
           “不同的操作对象所支持的操作命令也不同。下面按照操作的网络对象给出所支持的常见操作命令。 
 
        link 对象支持的操作命令:set(修改设备属性)、show(显示设备属性);
        address 对象支持的操作命令:add(添加协议地址)、del(测除协议地址)、flush(清除协议地址)、show(查看协议地址);
        addrlabel 对象支持的操作命令:add、del、list、flush;
        neighbour 对象支持的操作命令:add、change、replace、delete、show、flush;
        route 对象支持的操作命令:add,change、replace、delete、show、flush、get;
        rule 对象支持的操作命今:add、delete、flush、show;
        maddress 对象支持的操作命令:show、add、delete;
        mroute 对象支持的操作命令:show;
        tunnel 对象支持的操作命令:add、change、delete,prl、show;
        xfrm 对象支持的操作命令:state、policy、monitor。
说明:
1)show命令用于显示指定设备的信息,加果后面不接设备名,剩会显示所有设备的信息。例如ip a和ip a show的结果是一样的。
2)操作命令也可以简写,比如ip a show 可以简写为ip a s

显示网络设备属性

[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff

[root@cs6 ~]# ip -s link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    828        12       0       0       0       0       
[root@cs6 ~]# ip -s -s link show dev eth1  # 使用两个s显示更详细的属性
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    RX errors: length   crc     frame   fifo    missed
               0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    828        12       0       0       0       0       
    TX errors: aborted  fifo   window heartbeat
               0        0       0       0       

 

 

关闭和激活设备

[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip link set eth1 down
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff

修改MAC地址

[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff
[root@cs6 ~]# ip link set eth1 address 0:0c:29:13:10:11  #<=修改MAC地址
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff

查看网卡信息

查看网卡信息
[root@cs6 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.100/24 brd 10.0.0.255 scope global eth0
    inet6 fe80::20c:29ff:fe8c:6a04/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
[root@cs6 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff

添加删除IP

添加或删除IP地址
[root@cs6 ~]# ip a show eth1 
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
[root@cs6 ~]# ip link set eth1 up
[root@cs6 ~]# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff

[root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1
# 可以添加多个IP地址,这种称为辅助IP,前面ifconfig 命令创建的为别名称IP.现在采用的高可用软件诶heartbeat 、keepalive都采用了辅助IP
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1
    inet 172.16.1.13/24 scope global secondary eth1
    inet6 fe80::20c:29ff:fe13:1011/64 scope link 
       valid_lft forever preferred_lft forever

[root@cs6
~]# ip a del 172.16.1.100/24 dev eth1 # 删除主IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever #IP地址全部被删除 [root@cs6 ~]# ip a add 172.16.1.100/24 dev eth1 [root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a del 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever

 小结

删除网卡的主IP地址,同时会删除该网卡的所有IP地址。
删除网卡的辅助IP地址,不会影响该网卡的其他IP地址。

使用ip命令创建别名IP

[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 scope global eth1
    inet6 fe80::20c:29ff:fe13:1011/64 scope link 
       valid_lft forever preferred_lft forever
使用label选项创建别名IP
[root@cs6 ~]# ip a add 10.0.0.29/32 dev eth1 label eth1:1
[root@cs6 ~]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 scope global eth1
    inet 10.0.0.29/32 scope global eth1:1
    inet6 fe80::20c:29ff:fe13:1011/64 scope link 
       valid_lft forever preferred_lft forever
[root@cs6 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:8C:6A:04  
          inet addr:10.0.0.100  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe8c:6a04/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2876 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1835 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:266051 (259.8 KiB)  TX bytes:198053 (193.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:13:10:11  
          inet addr:172.16.1.100  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe13:1011/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:1296 (1.2 KiB)

eth1:1    Link encap:Ethernet  HWaddr 00:0C:29:13:10:11  
          inet addr:10.0.0.29  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 备注:使用ifconfig命令创建的别名IP,ip命令能够查询到;相反,通过ip命今创建的辅助IP,ifconfig命令则查询不了,除非使用ip命令的label功能创建别名IP。

 

查看路由表

[root@cs6 ~]# ip route
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.100 
172.16.1.0/24 dev eth1  proto kernel  scope link  src 172.16.1.100 
169.254.0.0/16 dev eth0  scope link  metric 1002 
default via 10.0.0.2 dev eth0 

[root@cs6
~]# ip route|column -t 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0
#<==使用column命令格式化,选项-t,默认根据空格分隔判断输入行的到数来创建一个表。
[root@cs6
~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0

添加静态路由
[root@cs6 ~]# ip route add 10.1.0.0/24 via 10.0.0.253 dev eth0
[root@cs6 ~]# ip route |column -t
10.0.0.0/24     dev  eth0        proto  kernel  scope   link  src  10.0.0.100
172.16.1.0/24   dev  eth1        proto  kernel  scope   link  src  172.16.1.100
10.1.0.0/24     via  10.0.0.253  dev    eth0
169.254.0.0/16  dev  eth0        scope  link    metric  1002
default         via  10.0.0.2    dev    eth0 

查看ARP缓存

查看ARP缓存
[root@cs6 ~]# ip neighbour
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE
10.0.0.99 dev eth0  FAILED


添加或删除静态ARP项
[root@cs6 ~]# ip neighbour add 192.168.1.100 lladdr 00:50:56:f4:fb:55 dev eth0
[root@cs6 ~]# ip neighbour
192.168.1.100 dev eth0 lladdr 00:50:56:f4:fb:55 PERMANENT
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.99 dev eth0  FAILED
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE

[root@cs6 ~]# ip neighbour del 192.168.1.100 dev eth0
[root@cs6 ~]# ip neighbour
192.168.1.100 dev eth0  FAILED
10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE
10.0.0.99 dev eth0  FAILED
10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE

 

 

 

 

CentOS7开始推广ip命令,用于替代传统的ifconfig和route命令
posted @ 2020-01-19 15:40  元贞  阅读(282)  评论(0)    收藏  举报