ip

show / manipulate routing, devices, policy routing and tunnels

ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename

OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp }

OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -t[imestamp] | -b[atch] [filename] | -rc[vbuf] [size]}

OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp }

OPTIONS := { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] }

-s
-stats
-statistics
output more information. If the option appears twice or more, the amount of information increases.
-l
-loops
maximum number of loops the 'ip addr flush' logic will attempt before giving up. The default is 10. Zero (0) means loop until all addresses are removed.
-f [ inet|inet6|link]
-family
Enforce the protocol family to use.
If the option is not present, the protocol family is guessed from other arguments.
If the rest of the command line does not give enough information to guess the family, ip falls back to the default one, usually inet or any. link is a special family identifier meaning that no networking protocol is involved.
-4 aka -family inet
-6 aka -family inet6
-0 aka -family link
-o
-oneline
output each record on a single line, replacing line feeds with the '\' character. Use to count records with wc(1) or to grep(1) the output.
-r
-resolve
use the system's name resolver to print DNS names instead of host addresses.
-V
-Version
print the version of the ip utility and exit.

OBJECT

The example are from slammerfox 1/28/20

addressprotocol (IP or IPv6) address on a device.
 ip address
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 50:3e:aa:0d:46:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.46/24 brd 192.168.1.255 scope global dynamic enp3s0
       valid_lft 2433sec preferred_lft 2433sec
    inet6 fe80::523e:aaff:fe0d:46e9/64 scope link 
       valid_lft forever preferred_lft forever 
       
addrlabellabel configuration for protocol address selection.
 ip addrlabel
prefix ::1/128 label 0 
prefix ::/96 label 3 
prefix ::ffff:0.0.0.0/96 label 4 
prefix 2001::/32 label 6 
prefix 2001:10::/28 label 7 
prefix 3ffe::/16 label 12 
prefix 2002::/16 label 2 
prefix fec0::/10 label 11 
prefix fc00::/7 label 5 
prefix ::/0 label 1 
       
l2tp tunnel ethernet over IP (L2TPv3)
link device.
ip link
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp3s0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 50:3e:aa:0d:46:e9 brd ff:ff:ff:ff:ff:ff 
       
maddressmulticast address.
1:    lo
    inet  224.0.0.1
    inet6 ff02::1
    inet6 ff01::1
2:  enp3s0
    link  01:00:5e:00:00:01
    link  33:33:00:00:00:01
    link  33:33:ff:0d:46:e9
    link  01:00:5e:00:00:fb
    link  33:33:00:00:00:fb
    link  01:00:5e:7f:ff:fa
    inet  239.255.255.250
    inet  224.0.0.251
    inet  224.0.0.1
    inet6 ff02::fb
    inet6 ff02::1:ff0d:46e9
    inet6 ff02::1
    inet6 ff01::1 
       
monitorwatch for netlink messages.
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 STALE
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 PROBE
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf STALE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad PROBE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf STALE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad STALE
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 PROBE
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf PROBE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
^C 
       
mroute multicast routing cache entry.

ip mroute show [ [ to ] PREFIX ] [ from PREFIX ] [ iif DEVICE ] [ table local | main | default | all | NUMBER ]

mrule rule in multicast routing policy database.
ip mrule
32767:  from all lookup default 


ip rule { add | del } SELECTOR ACTION
ip rule { flush | save | restore }
ip rule [ list [ SELECTOR ]]
SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]
            [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]
ACTION := [ table TABLE_ID ]
          [ nat ADDRESS ]
          [ realms [SRCREALM/]DSTREALM ]
          [ goto NUMBER ]
          SUPPRESSOR
SUPPRESSOR := [ suppress_prefixlength NUMBER ]
              [ suppress_ifgroup DEVGROUP ]
TABLE_ID := [ local | main | default | NUMBER ]

       
neighbourmanage ARP or NDISC cache entries.
ip neighbor
192.168.1.1 dev enp3s0 lladdr 20:c0:47:c2:a8:a3 REACHABLE
192.168.1.20 dev enp3s0 lladdr 70:85:c2:63:1f:bf REACHABLE
192.168.1.23 dev enp3s0 lladdr 4c:32:75:97:3b:ad STALE
192.168.1.3 dev enp3s0 lladdr 80:7d:3a:94:7b:7c STALE
192.168.1.2 dev enp3s0  FAILED
192.168.1.28 dev enp3s0 lladdr f0:23:b9:eb:2b:88 STALE 
       
netns manage network namespaces.
ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns list-id

sudo ip netns monitor

       
ntable manage the neighbor cache's operation. reformatted
Usage: ip ntable change name NAME [ dev DEV ]
          [ thresh1 VAL ] [ thresh2 VAL ] [ thresh3 VAL ] [ gc_int MSEC ]
          [ PARMS ]
Usage: ip ntable show [ dev DEV ] [ name NAME ]
PARMS := [ base_reachable MSEC ] [ retrans MSEC ] [ gc_stale MSEC ]
         [ delay_probe MSEC ] [ queue LEN ]
         [ app_probes VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]
         [ anycast_delay MSEC ] [ proxy_delay MSEC ] [ proxy_queue LEN ]
         [ locktime MSEC ]

ip ntable

inet arp_cache 
    thresh1 128 thresh2 512 thresh3 1024 gc_int 30000 
    refcnt 1 reachable 30516 base_reachable 30000 retrans 1000 
    gc_stale 60000 delay_probe 5000 queue 31 app_probes 0 ucast_probes 3 mcast_probes 3 
    anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 1000 

inet arp_cache 
    dev enp3s0 
    refcnt 11 reachable 44588 """" locktime 1000 

inet arp_cache 
    dev lo 
    refcnt 2 reachable 26848 """" locktime 1000 

inet6 ndisc_cache 
    thresh1 128 thresh2 512 thresh3 1024 gc_int 30000 
    refcnt 1 reachable 26996 """" locktime 0 

inet6 ndisc_cache 
    dev enp3s0 
    refcnt 6 reachable 17068 """" locktime 0 

inet6 ndisc_cache 
    dev lo 
    refcnt 2 reachable 27040 """" locktime 0 

       
route routing table entry.
Usage: ip route { list | flush } selector
       ip route save selector
       ip route restore
       ip route showdump
       ip route get address [ from address iif string ] [ oif string ] [ tos TOS ] [ mark number ] [ vrf NAME ]
       ip route { add | del | change | append | replace } ROUTE 
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
            [ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ] [ type TYPE ] [ scope scope ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope scope ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] address ] [ dev string ] [ weight number ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu number ] [ advmss number ] [ as [ to ] address ]
           [ rtt time ] [ rttvar time ] [ reordering number ] [ window number ] [ cwnd number ] [ initcwnd number ]
           [ ssthresh number ] [ realms REALM ] [ src address ] [ rto_min time ] [ hoplimit number ] [ initrwnd number ]
           [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ] [ pref PREF ] [ expires time ]

TYPE := { unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | number ]
SCOPE := [ host | link | global | number ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | number ]
PREF := [ low | medium | high ]
TIME := number[s|ms]

FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]

ip route default via 192.168.1.1 dev enp3s0 proto static metric 100 192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.46 metric 100
rule rule in routing policy database.
ip rule
0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

       
tunnel tunnel over IP.
ip tunnel { add | change | del | show | prl | 6rd } [ NAME ]
          [ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ]
          [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
          [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
          [ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]
          [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]

Where: NAME := STRING
       ADDR := { IP_ADDRESS | any }
       TOS  := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }
       TTL  := { 1..255 | inherit }
       KEY  := { DOTTED_QUAD | NUMBER }

       
tuntap manage TUN/TAP devices.
xfrm manage IPSec policies.

sudo ip xfrm state|policy|monitor { COMMAND | help }

Objects may be written in full or abbreviated form, example: address is abbreviated as addr or just a.

COMMAND

Action to perform on the object, depending on the object type.

add, delete and show (or list ) objects. Some objects do not allow all of these operations and some have additional commands.

help outputs a list of available commands and argument syntax conventions. If no command is given, some default command is assumed. U sually it is list or, if the objects of this class cannot be listed, help.

See

ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip- netns(8), ip-ntable(8), ip-route(8), ip-rule(8), ip-tunnel(8), ip-xfrm(8) IP Command reference ip-cref.ps REPORTING BUGS Report bug to the Network Developers mailing list . iproute2 20 Dec 2011