iproute2 (ip)

iproute2 suite — address, link, route, and neighbor table management.

Interface Addressing

Show all addresses in brief format — one line per interface, fastest triage view

ip -br addr

Show full address details on a specific interface — includes scope, valid lifetime, preferred lifetime

ip addr show dev eth0

Add an IPv4 address to an interface — CIDR notation required, does not replace existing addresses

ip addr add 10.50.1.100/24 dev eth0

Delete an address from an interface — must match exactly including prefix length

ip addr del 10.50.1.100/24 dev eth0

Flush all addresses from an interface — nuclear option, drops every address including link-local

ip addr flush dev eth0

Bring an interface up — equivalent to ifconfig eth0 up but works with all link types

ip link set dev eth0 up

Bring an interface down — traffic stops immediately, no graceful drain

ip link set dev eth0 down

Set MTU on an interface — 9000 for jumbo frames on storage networks, verify end-to-end first

ip link set dev eth0 mtu 9000

Show interface statistics — TX/RX bytes, packets, errors, dropped, overruns

ip -s link show dev eth0

Show all interfaces with color and stats — quick health check across all NICs

ip -s -c link

Create a VLAN subinterface — tagged traffic on VLAN 10, parent must be up

ip link add link eth0 name eth0.10 type vlan id 10

Show the main routing table — default route, connected networks, static routes

ip route show

Show which route a specific destination would use — includes gateway, interface, source IP

ip route get 8.8.8.8

Add a static route — packets to 192.168.100.0/24 via gateway 10.50.1.1

ip route add 192.168.100.0/24 via 10.50.1.1 dev eth0

Replace a route if it exists, add if it does not — idempotent, safe for scripts

ip route replace 192.168.100.0/24 via 10.50.1.254 dev eth0

Delete a specific route — match the prefix exactly

ip route del 192.168.100.0/24

Add a default gateway — only one default route should exist unless using metrics

ip route add default via 10.50.1.1 dev eth0

Add a route with a specific metric — lower metric wins when multiple defaults exist

ip route add default via 10.50.1.1 dev eth0 metric 100

Show the ARP/neighbor table — MAC-to-IP mappings the kernel has learned

ip neigh show

Show neighbors on a specific interface — filter noise from other segments

ip neigh show dev eth0

Add a static ARP entry — prevents ARP spoofing for critical infrastructure like the gateway

ip neigh add 10.50.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0 nud permanent

Delete an ARP entry — force re-resolution on next packet

ip neigh del 10.50.1.1 dev eth0

Flush the entire neighbor table on an interface — forces fresh ARP for all hosts

ip neigh flush dev eth0

List all network namespaces — each namespace has its own routing table, interfaces, firewall

ip netns list

Create a new network namespace — isolated network stack for testing or containment

ip netns add lab

Run a command inside a namespace — everything sees that namespace’s interfaces and routes

ip netns exec lab ip addr show

Delete a namespace — removes all interfaces and routes inside it

ip netns del lab

Show all routing policy rules — processed top-down, first match wins

ip rule show

Route traffic from a specific source through a different table — used for multi-homed hosts

ip rule add from 10.50.2.0/24 table 200

Add a route to a custom table — table 200 has its own default gateway

ip route add default via 10.50.2.1 dev eth1 table 200

Mark-based routing — combine with iptables/nftables MARK target for application-specific routing

ip rule add fwmark 0x1 table 200

Create a VRF device — separate routing domain, used for network segmentation on Linux routers

ip link add vrf-mgmt type vrf table 100

Bring the VRF up and enslave an interface — eth1 now uses table 100 exclusively

ip link set dev vrf-mgmt up
ip link set dev eth1 master vrf-mgmt

Run a command in a VRF context — ping uses the VRF’s routing table, not the global table

ip vrf exec vrf-mgmt ping 10.50.1.1