Skip to content

Latest commit

 

History

History
352 lines (276 loc) · 10.3 KB

netip.adoc

File metadata and controls

352 lines (276 loc) · 10.3 KB

Linux Network IP

Table of Contents

Route Management

route

Displaying the routing table
~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.20.2       0.0.0.0         UG    100    0        0 ens33
10.1.20.0       0.0.0.0         255.255.255.0   U     100    0        0 ens33

There are 2 records in route table, the 2nd is a a locally reachable network(10.1.20.0/24), If an address falls within the 10.1.20.0/24 range, the hosts knows it can reach the IP range directly on the wire, so any packets bound for this range will be pushed out onto the local media.

The 1st is everything else, If the packet falls in any other range, the host will consult its routing table and find no single route that matches. In this case, the default route functions as a terminal choice. If no other route matches, the packet will be forwarded to this destination address, which is usually a router to another set of networks and routers.

The Flags G for destination not locally connected to the linux machine.

Creating a static route
route add -net 10.1.10.0 netmask 255.255.255.0 gw 10.1.20.201
route add -net 10.1.10.202 netmask 255.255.255.255 gw 10.1.20.201
route add -host 10.1.10.202 gw 10.1.20.201
route add default gw 10.1.20.2
route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.20.2
Displaying the routing cache
route -Cen
Removing routes
route del -net 10.1.10.0 netmask 255.255.255.0 gw 10.1.20.201
route del -net 10.1.10.202 netmask 255.255.255.255 gw 10.1.20.201
route del -host 10.1.10.202 gw 10.1.20.201
route del default gw 10.1.20.2
route del -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.20.2

ip route

Displaying the routing table
~]# ip route show
default via 10.1.20.2 dev ens33
10.1.20.0/24 dev ens33 proto kernel scope link src 10.1.20.204 metric 100

ip route show is similar to route -n, but the ip route can run on any routing table, and route only run on main table. By default the ip route show run against main table.

Basic Commands

ifconfig

ifconfig
~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.20.203  netmask 255.255.255.0  broadcast 10.1.20.255
        inet6 fe80::d344:5bb:e74c:e7e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:12:42:30  txqueuelen 1000  (Ethernet)
        RX packets 58  bytes 7217 (7.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 79  bytes 9094 (8.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)

ifconfig can read information of IP, as per interface ens33, the active IP on this host is 10.1.20.203, this means any packet created by this host will have a source address of 10.1.20.203, Similarly any packet received by this host will have the destination address of 10.1.20.203.

ip link

ip link
~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:55:e4:52 brd ff:ff:ff:ff:ff:ff
3: ens34: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:55:e4:5c brd ff:ff:ff:ff:ff:ff

~]# ip link set ens34 up

The ip link used to control link layer, the ip link set can be used to control quite a lot of link layer layer settings, ip link help can show more details.

In the above the NIC ens33’s MAC address is 00:0c:29:55:e4:52, and ens34’s MAC address is 00:0c:29:55:e4:5c, ff:ff:ff:ff:ff:ff is broadcast address.

arping

arping used to send ARP REQUEST to a neighbour host.

arping -q -c 3 10.1.20.204

tcpdump with -e option will print Ethernet headers.

~]# tcpdump -ennqti ens33 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
00:0c:29:12:42:30 > ff:ff:ff:ff:ff:ff, ARP, length 42: Request who-has 10.1.20.204 (ff:ff:ff:ff:ff:ff) tell 10.1.20.203, length 28
00:0c:29:66:4d:60 > 00:0c:29:12:42:30, ARP, length 60: Reply 10.1.20.204 is-at 00:0c:29:66:4d:60, length 46
00:0c:29:12:42:30 > 00:0c:29:66:4d:60, ARP, length 42: Request who-has 10.1.20.204 (00:0c:29:66:4d:60) tell 10.1.20.203, length 28
00:0c:29:66:4d:60 > 00:0c:29:12:42:30, ARP, length 60: Reply 10.1.20.204 is-at 00:0c:29:66:4d:60, length 46
00:0c:29:12:42:30 > 00:0c:29:66:4d:60, ARP, length 42: Request who-has 10.1.20.204 (00:0c:29:66:4d:60) tell 10.1.20.203, length 28
00:0c:29:66:4d:60 > 00:0c:29:12:42:30, ARP, length 60: Reply 10.1.20.204 is-at 00:0c:29:66:4d:60, length 46

ip neighbor & arp

An ARP cache is a stored mapping of IP addresses with link layer addresses.

ip neighbor
~]# ip neighbor show
10.1.20.2 dev ens33 lladdr 00:50:56:e9:f1:30 REACHABLE
10.1.20.204 dev ens33 lladdr 00:0c:29:66:4d:60 STALE
10.1.10.201 dev ens33 lladdr 00:0c:29:55:e4:5c STALE
10.1.20.1 dev ens33 lladdr a6:83:e7:a8:09:67 REACHABLE
10.1.20.201 dev ens33 lladdr 00:0c:29:55:e4:5c REACHABLE
arp
~]# arp -na
? (10.1.20.2) at 00:50:56:e9:f1:30 [ether] on ens33
? (10.1.20.204) at 00:0c:29:66:4d:60 [ether] on ens33
? (10.1.10.201) at 00:0c:29:55:e4:5c [ether] on ens33
? (10.1.20.1) at a6:83:e7:a8:09:67 [ether] on ens33
? (10.1.20.201) at 00:0c:29:55:e4:5c [ether] on ens33
net.ipv4.neigh.ens33.gc_stale_time used to set the stale time
~]# sysctl net.ipv4.neigh.ens33.gc_stale_time
net.ipv4.neigh.ens33.gc_stale_time = 60

When a host is down or disconnected from the Ethernet, there is a period of time during which other hosts may have an ARP cache entry for the disconnected host.

ipcalc

ipcalc used to perform simple manipulation of IP addresses.

Find the prefix and network
~]# for i in {1..255} ; do ipcalc -n  10.1.10.$i/24 ; done | sort -u
NETWORK=10.1.10.0

~]# for i in {1..255} ; do ipcalc -n  10.1.10.$i/25 ; done | sort -u
NETWORK=10.1.10.0
NETWORK=10.1.10.128

~]# for i in {1..255} ; do ipcalc -n  10.1.10.$i/26 ; done | sort -u
NETWORK=10.1.10.0
NETWORK=10.1.10.64
NETWORK=10.1.10.128
NETWORK=10.1.10.192

~]# for i in {1..255} ; do ipcalc -n  10.1.10.$i/27 ; done | sort -u
NETWORK=10.1.10.0
NETWORK=10.1.10.32
NETWORK=10.1.10.64
NETWORK=10.1.10.96
NETWORK=10.1.10.128
NETWORK=10.1.10.160
NETWORK=10.1.10.192
NETWORK=10.1.10.224

~]# for i in {1..255} ; do ipcalc -n  10.1.10.$i/28 ; done | sort -u
NETWORK=10.1.10.0
NETWORK=10.1.10.16
NETWORK=10.1.10.32
NETWORK=10.1.10.48
NETWORK=10.1.10.64
NETWORK=10.1.10.80
NETWORK=10.1.10.96
NETWORK=10.1.10.112
NETWORK=10.1.10.128
NETWORK=10.1.10.144
NETWORK=10.1.10.160
NETWORK=10.1.10.176
NETWORK=10.1.10.192
NETWORK=10.1.10.208
NETWORK=10.1.10.224
NETWORK=10.1.10.240

Net Interface

Setting a Static IP

Update DHCP dynamic IP address assign to manual static IP address assign
nmcli connection modify ens36 ipv4.method manual ipv4.addresses 10.1.30.106/24 ipv4.gateway 10.1.30.2 ipv4.dns 10.1.30.2
nmcli connection modify ens37 ipv4.method manual ipv4.addresses 10.1.30.107/24 ipv4.gateway 10.1.30.2 ipv4.dns 10.1.30.2
nmcli connection down ens36 && nmcli connection up ens36
nmcli connection down ens37 && nmcli connection up ens37

Multiple IPs on the Same Interface

Set multiple IP addresses to same Interface
nmcli connection modify ens36 ipv4.addresses 10.1.30.101/24,10.1.30.102/24,10.1.30.103/24
nmcli connection down ens36 && nmcli connection up ens36

Bonding and Teaming

Table 1. Bonding vs Teaming
Teaming Bonding

  • Support for IPv6 link monitoring

  • Able to work with D-Bus and Unix Domain Sockets

  • Load balancing for LACP support

  • Leverages NetworkManager and associated tools

  • Doesn’t require teamd

  • Works in a virtual environment
Bonding
nmcli con add type bond con-name bond0 ifname bond0 mode active-backup ip4 10.1.30.50/24 gw4 10.1.30.2
nmcli con add type bond-slave ifname ens36 master bond0
nmcli con add type bond-slave ifname ens37 master bond0
nmcli con up bond-slave-ens36
nmcli con up bond-slave-ens37

linux netip bonding

Teaming
nmcli con delete ens36
nmcli con delete ens37
nmcli con add type team con-name team0 ifname team0 ip4 10.1.30.50/24 gw4 10.1.30.2 team.config '{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}'
nmcli con add type team-slave con-name slave1 ifname ens36 master team0
nmcli con add type team-slave con-name slave2 ifname ens37 master team0
Note
 /usr/share/doc/teamd-1.29/example_configs has configuration samples.
add back ethernet connection
nmcli connection add type ethernet con-name ens36 ifname ens36 ipv4.method manual ipv4.addresses 10.1.30.106/24 ipv4.gateway 10.1.30.2 ipv4.dns 10.1.30.2
nmcli connection add type ethernet con-name ens37 ifname ens37 ipv4.method manual ipv4.addresses 10.1.30.107/24 ipv4.gateway 10.1.30.2 ipv4.dns 10.1.30.2

Routing

prohibit

set prohibit
ip route add prohibit 10.1.30.0/24
test prohibit
~]# ping 10.1.30.2
Do you want to ping broadcast? Then -b. If not, check your local firewall rules.
flush prohibit
ip route flush 10.1.30.0/24

static gateway

add static route
ip route add 10.1.10.202 via 10.1.20.201 dev ens33
flush static route
ip route flush 10.1.10.202
add static route
ip route add 10.1.10.0/24 via 10.1.20.201 dev ens33
flush static route
ip route flush 10.1.10.0/24
**