如今很多系统管理员依然通过组合使用诸如ifconfig、route、arp和netstat等命令行工具(统称为net-tools)来配置网络功能,解决网络故障。net-tools起源于BSD的TCP/IP工具箱,后来成为老版本Linux内核中配置网络功能的工具。但自2001年起,Linux社区已经对其停止维护。同时,一些Linux发行版比如Arch Linux和CentOS/RHEL 7则已经完全抛弃了net-tools,只支持iproute2。
作为网络配置工具的一份子,iproute2的出现旨在从功能上取代net-tools。net-tools通过procfs(/proc)和ioctl系统调用去访问和改变内核网络配置,而iproute2则通过netlink套接字接口与内核通讯。抛开性能而言,iproute2的用户接口比net-tools显得更加直观。比如,各种网络资源(如link、IP地址、路由和隧道等)均使用合适的对象抽象去定义,使得用户可使用一致的语法去管理不同的对象。更重要的是,到目前为止,iproute2仍处在持续开发中。
如果你仍在使用net-tools,而且尤其需要跟上新版Linux内核中的最新最重要的网络特性的话,那么是时候转到iproute2的阵营了。原因就在于使用iproute2可以做很多net-tools无法做到的事情。
对于那些想要转到使用iproute2的用户,有必要了解下面有关net-tools和iproute2的众多对比。
-
显示所有已连接的网络接口
下面的命令显示出所有可用网络接口的列表(无论接口是否激活)。
使用net-tools:
$ ifconfig -a使用iproute2
$ ip link show -
激活或停用网络接口
使用这些命令来激活或停用某个指定的网络接口。
使用net-tools:
$ sudo ifconfig eth1 up
$ sudo ifconfig eth1 down 使用iproute2:
$ sudo ip link set down eth1
$ sudo ip link set up eth1 -
为网络接口分配IPv4地址
使用这些命令配置网络接口的IPv4地址。
使用net-tools:
$ sudo ifconfig eth1 10.0.0.1/24使用iproute2:
$ sudo ip addr add 10.0.0.1/24 dev eth1 值得注意的是,可以使用iproute2给同一个接口分配多个IP地址,ifconfig则无法这么做。使用ifconfig的变通方案是使用IP别名。
$ sudo ip addr add 10.0.0.1/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.2/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.3/24 broadcast 10.0.0.255 dev eth1-
移除网络接口的IPv4地址
就IP地址的移除而言,除了给接口分配全0地址外,net-tools没有提供任何合适的方法来移除网络接口的IPv4地址。相反,iproute2则能很好地完全。
使用net-tools:
$ sudo ifconfig eth1 0使用iproute2:
$ sudo ip addr del 10.0.0.1/24 dev eth1 -
显示网络接口的IPv4地址
按照如下操作可查看某个指定网络接口的IPv4地址。
使用net-tools:
$ ifconfig eth1 使用iproute2:
$ ip addr show dev eth1 同样,如果接口分配了多个IP地址,iproute2会显示出所有地址,而net-tools只能显示一个IP地址。
-
为网络接口分配IPv6地址
使用这些命令为网络接口添加IPv6地址。net-tools和iproute2都允许用户为一个接口添加多个IPv6地址。
使用net-tools:
$ sudo ifconfig eth1 inet6 add 2002:0db5:0:f102::1/64
$ sudo ifconfig eth1 inet6 add 2003:0db5:0:f102::1/64使用iproute2:
$ sudo ip -6 addr add 2002:0db5:0:f102::1/64 dev eth1
$ sudo ip -6 addr add 2003:0db5:0:f102::1/64 dev eth1-
显示网络接口的IPv6地址
按照如下操作可显示某个指定网络接口的IPv6地址。net-tools和iproute2都可以显示出所有已分配的IPv6地址
使用net-tools:
$ ifconfig eth1 使用iproute2:
$ ip -6 addr show dev eth1 -
移除网络设备的IPv6地址
使用这些命令可移除接口中不必要的IPv6地址。
使用net-tools:
$ sudo ifconfig eth1 inet6 del 2002:0db5:0:f102::1/64使用iproute2:
$ sudo ip -6 addr del 2002:0db5:0:f102::1/64 dev eth1-
改变网络接口的MAC地址
使用下面的命令可篡改网络接口的MAC地址,请注意在更改MAC地址前,需要停用接口。
使用net-tools:
$ sudo ifconfig eth1 hw ether 08:00:27:75:2a:66 使用iproute2:
$ sudo ip link set dev eth1 address 08:00:27:75:2a:67-
查看IP路由表
net-tools中有两个选择来显示内核的IP路由表:route和netstat。在iproute2中,使用命令ip route。
使用net-tools:
$ route -n$ netstat -rn 使用iproute2:
$ ip route show -
添加和修改默认路由
这里的命令用来添加或修改内核IP路由表中的默认路由规则。请注意在net-tools中可通过添加新的默认路由、删除旧的默认路由来实现修改默认路由。在iproute2使用ip route命令来代替。
使用net-tools:
$ sudo route add default gw 192.168.1.2 eth0
$ sudo route del default gw 192.168.1.1 eth0 使用iproute2:
$ sudo ip route add default via 192.168.1.2 dev eth0
$ sudo ip route replace default via 192.168.1.2 dev eth0-
添加和移除静态路由
使用下面命令添加或移除一个静态路由。
使用net-tools:
$ sudo route add -net 172.16.32.0/24 gw 192.168.1.1 dev eth0
$ sudo route del -net 172.16.32.0/24使用iproute2:
$ sudo ip route add 172.16.32.0/24 via 192.168.1.1 dev eth0
$ sudo ip route del 172.16.32.0/24 -
查看套接字统计信息
这里的命令用来查看套接字统计信息(比如活跃或监听状态的TCP/UDP套接字)。
使用net-tools:
$ netstat
$ netstat -l 使用iproute2:
$ ss
$ ss -l -
查看ARP表
使用这些命令显示内核的ARP表。
使用net-tools:
$ arp -an 使用iproute2:
$ ip neigh -
添加或删除静态ARP项
按照如下操作在本地ARP表中添加或删除一个静态ARP项。
使用net-tools:
$ sudo arp -s 192.168.1.100 00:0c:29:c0:5a:ef
$ sudo arp -d 192.168.1.100 使用iproute2:
$ sudo ip neigh add 192.168.1.100 lladdr 00:0c:29:c0:5a:ef dev eth0
$ sudo ip neigh del 192.168.1.100 dev eth0 -
添加、删除或查看多播地址
使用下面的命令配置或查看网络接口上的多播地址
使用net-tools:
$ sudo ipmaddr add 33:44:00:00:00:01 dev eth0
$ sudo ipmaddr del 33:44:00:00:00:01 dev eth0
$ ipmaddr show dev eth0
$ netstat -g 使用iproute2:
$ sudo ip maddr add 33:44:00:00:00:01 dev eth0
$ sudo ip maddr del 33:44:00:00:00:01 dev eth0
$ ip maddr list dev eth0 -
IP Command Set
ip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]]OPTIONS
OPTIONS is a multivalued set of modifiers that affect the general behaviour and output of the ip utility
-
-V, -Version — print the version of the ip utility and exit.
-
-s, -stats, -statistics — output more information.
-
-f, -family {inet, inet6, link} — enforce which protocol family to use.
-
-4 — shortcut for -family inet.
-
-6 — shortcut for -family inet6.
-
-0 — shortcut for -family link.
-
-o, -oneline — format the output records as single lines by replacing any line feeds with the “” character.
OBJECT
- link — physical or logical network device.
- address — protocol (IPv4 or IPv6) address on a device.
- neighbour — ARP or NDISC cache entry.
- route — routing table entry.
- rule — rule in routing policy database.
- maddress — multicast address.
- mroute — multicast routing cache entry.
- tunnel — tunnel over IP.
COMMAND
COMMAND specifies the action to perform on the object. Typically it is possible to add, delete, and show (list) the object(s)
ip link
ip link set — change device attributes.
- dev NAME (default) — NAME specifies the network device to operate on
- up / down — change the state of the device to UP or to DOWN
- arp on / arp off — change NOARP flag status on the device
- multicast on / multicast off — change MULTICAST flag on the device.
- dynamic on / dynamic off — change DYNAMIC flag on the device.
- name NAME — change name of the device.
- txqueuelen NUMBER / txqlen NUMBER — change transmit queue length of the device
- mtu NUMBER — change MTU of the device.
- address LLADDRESS — change station address of the interface.
ip link show — look at device attributes.
- dev NAME (default) — NAME specifies network device to show.
- up — display only running interfaces.
ip address
ip address add — add new protocol address.
- dev NAME — name of the device to which we add the address
- local ADDRESS (default) — address of the interface.
- peer ADDRESS— address of remote endpoint for pointopoint interfaces.
- broadcast ADDRESS — broadcast address on the interface.
- label NAME — Each address may be tagged with a label string.
- scope SCOPE_VALUE — scope of the area within which this address is valid.
-
global — the address is globally valid.
-
site — (IPv6 only) address is site local, valid only inside this site.
-
link — the address is link local, valid only on this device.
-
host — the address is valid only inside this host.
-
ip address delete — delete protocol address.
The arguments coincide with arguments of ip addr add. The device name is a required argument, the rest are optional. If no arguments are given, the first address listed is deleted.
ip address show — look at protocol addresses.
- dev NAME (default) — name of the device.
- scope SCOPE_VAL — list only addresses with this scope.
- to PREFIX — list only addresses matching this prefix.
- label PATTERN — list only addresses with labels matching the PATTERN.
- dynamic / permanent — (IPv6 only) list only addresses installed due to stateless address configuration or list only the permanent (not dynamic) addresses.
- tentative — (IPv6 only) list only addresses, which did not pass duplicate address detection.
- deprecated — (IPv6 only) list only deprecated addresses.
- primary / secondary — list only primary (or secondary) addresses.
ip address flush — flush protocol addresses.
This commands flushes protocol addresses selected by some criteria.
ip neighbour
ip neighbour add — add new neighbour entry
ip neighbour change — change existing entry
ip neighbour replace — add new or change existing entry
- to ADDRESS (default) — protocol address of the neighbour. It is either an IPv4 or IPv6 address.
- dev NAME — the interface to which this neighbour is attached
- lladdr LLADDRESS — link layer address of the neighbour. LLADDRESS can be null.
- nud NUD_STATE — state of the neighbour entry. nud is an abbreviation for “Neighbour Unreachability Detection”. This state can take one of the following values:
- permanent — the neighbour entry is valid forever and can be removed only administratively.
- noarp — the neighbour entry is valid, no attempts to validate this entry will be made but it can be removed when its lifetime expires.
- reachable — the neighbour entry is valid until reachability timeout expires.
- stale — the neighbour entry is valid, but suspicious. This option to ip neighbour does not change the neighbour state if the entry was valid and the address has not been changed by this command.
ip neighbour delete — delete neighbour entry.
The arguments are the same as with ip neigh add, only lladdr and nud are ignored.
ip neighbour show — list neighbour entries.
- to ADDRESS (default) — prefix selecting neighbours to list.
- dev NAME — list only neighbours attached to this device.
- unused — list only neighbours, which are not in use now.
- nud NUD_STATE — list only neighbour entries in this state. NUD_STATE takes values listed below after the example or the special value all, which means all the states.
ip neighbour flush — flush neighbour entries.
This commands flushes the neighbour tables
ip route
ip route add — add new route
ip route change — change route
ip route replace — change route or add new one.
- to PREFIX or to TYPE PREFIX (default) — destination prefix of the route. If TYPE is omitted, ip assumes type unicast.
- tos TOS or dsfield TOS — Type Of Service (TOS) key.
- metric NUMBER or preference NUMBER — preference value of the route. NUMBER is an arbitrary 32bit number.
- table TABLEID — table to add this route. TABLEID may be a number or a string from the file /etc/iproute2/rt_tables. If this parameter is omitted, ip assumes table main, with exception of local, broadcast and nat routes, which are put to table local by default.
- dev NAME — the output device name.
- via ADDRESS — the address of nexthop router.
- src ADDRESS — the source address to prefer using when sending to the destinations covered by route prefix.
- realm REALMID — the realm which this route is assigned to.
- mtu MTU or mtu lock MTU — the MTU along the path to destination.
- window NUMBER — the maximal advertised window for TCP to these destinations measured in bytes.
- rtt NUMBER — the initial RTT (``Round Trip Time) estimate.
- nexthop NEXTHOP — nexthop of multipath route.
- scope SCOPE_VAL — scope of the destinations covered by the route prefix.
- protocol RTPROTO — routing protocol identifier of this route. RTPROTO may be a number or a string from the file /etc/iproute2/rt_protos.ation.
- redirect — route was installed due to ICMP redirect.
- kernel — route was installed by the kernel during autoconfiguration.
- boot — route was installed during bootup sequence. If a routing daemon will start, it will purge all of them. This is the value assigned to manually inserted routes that do not have a protocol specified.
- static — route was installed by administrator to override dynamic routing. Routing daemon(s) will respect them and advertise them if it is so configured.
- ra — route was installed by Router Discovery protocol.
- onlink — pretend that the nexthop is directly attached to this link, even if it does match any interface prefix.
- equalize — allow packet by packet randomization on multipath routes.
ip route delete
ip route del has the same arguments as ip route add but their semantics are a bit different.
ip route flush - allows group deletion of routes
This command allows flushing routes as selected by some criteria.
ip rule
ip rule add — insert new rule
- type TYPE (default) — type of this rule. The list of valid types was given in the previous subsection.
- from PREFIX — select source prefix to match.
- to PREFIX — select destination prefix to match.
- iif NAME — select incoming device to match.
- tos TOS or dsfield TOS — select TOS value to match.
- fwmark MARK — select value of fwmark to match.
- priority PREFERENCE — priority of this rule. Each rule should have an explicitly set unique priority value. Priority is an unsigned 32 bit number thus we have 4294967296 possible rules.
- table TABLEID — routing table identifier to lookup if the rule selector matches.
- nat ADDRESS — The base of IP address block to translate source address.
ip rule show - list policy rules
this is the only command which has no arguments.
ip tunnel
ip tunnel add - creating tunnels
- name NAME (default) — select tunnel device name.
- mode MODE — set tunnel mode. Three modes are available: ipip, sit, gre
- remote ADDRESS — set remote endpoint of the tunnel.
- local ADDRESS — set fixed local address for tunneled packets. It must be an address on another interface of this host.
- dev NAME — bind tunnel to device NAME, so that tunneled packets will be routed only via this device and will not able to escape to another device, when route to endpoint changes.
ip tunnel show - list tunnel attributes
The line starts with the tunnel device name terminated by a colon then the tunnel mode follows. The parameters of the tunnel are listed with the same keywords which were used at tunnel creation.
1185
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
