iproute

Simple stuff

  • Set device up and give it an ip
ip l s <dev> up/down
ip a add <ip> <netmask> dev <dev>
ip a sh dev <dev>
  • Remove one IP
ip a del <ip> dev <dev>
  • Remove all ips
ip a flush dev eth0
  • Show routing table
ip r
  • Configure default gateway
ip route add default via 192.168.1.254
  • Arp table
ip n
  • Show interface statistics for packets and errors
ip -s l sh dev eth0

Change MAC

ip link set <dev> addr <mac>

Promisc mode

ip link set dev eth0 promisc on

Source routing

  • Different default gateway depending on source address
ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

Load balancing

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
  nexthop via $P2 dev $IF2 weight 1

Show routes of ipsec tunnel

ip xfrm policy
ip xfrm state

Create a virtual interface

ip link add type veth
ip a add 1.2.3.4/24 dev veth0

A network interface with multiple mac addresses

ip link add link eth0 dev peth0 type macvlan address aa:aa:aa:aa:aa:aa

Network namespaces

  • http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
  • With network namespaces, you can have different and separate instances of network interfaces and routing tables that operate independent of each other.
  • Only virtual network interfaces can be assigned to a network namespace and they always come in pairs connected peer-to-peer. One device for the default namespace to be connected to the physical interface by bridge and one to assign to the network namespace
ip netns add balle
ip netns list
ip link add veth0 type veth peer name veth1
ip link set veth1 netns balle
brctl addbr balle_br
brctl addif balle_br eth0 veth0
ip netns exec balle ip addr add 192.168.100.1/24 dev veth1
dhclient balle_br
  • Now you can start a process or a shell if you like to use the new network namespace
ip netns exec balle bash
  • Monitor namespaces
ip netns monitor