iproute2 Study Notes linux linux networking

iproute2

iproute2 is the core networking toolkit in Linux. It is not a single command, but a package of utilities used to configure and inspect the kernel’s networking stack.

iproute2 is included by default in almost all mainstream Linux distributions today. Because modern Linux networking is built around it. Without it, basic networking configuration becomes very difficult.

Historically, Linux used older tools like:

  • ifconfig
  • route
  • arp
  • netstat

iproute2 replaced them with a single unified system that talks directly to the Linux kernel networking subsystem.

ip

ip link controls network interfaces at Layer 2

That means it deals with the network card itself (Wi-Fi / Ethernet) and whether the device is enabled or disabled

It does NOT deal with IP addresses or internet routing.

list interfaces. Example:

sakujo@debian:/$ ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:a1:ba:51:4c:11 brd ff:ff:ff:ff:ff:ff
    altname enx902e1627dfb6
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether 00:a1:ba:51:4c:11 brd ff:ff:ff:ff:ff:ff
  • lo loopback (internal system network, used for localhost like 127.0.0.1)
  • wlan0 Wi-Fi interface (wireless network card, legacy naming)
  • wlp2s0 Wi-Fi interface (modern predictable naming based on hardware location)
  • eth0 Ethernet interface (old naming) enp7s0 (modern naming: en = ethernet, p7 = PCI bus 7)
  • enx<mac> USB Ethernet / USB tethering interface (name derived from MAC address)
  • usb0 USB network interface (phone tethering or USB networking device)
  • docker0 Docker virtual bridge (container networking)
  • tun0 VPN tunnel interface (user-space routed tunnel)
  • wg0 WireGuard VPN interface (modern encrypted tunnel)
  • bnep0 Bluetooth network interface (Bluetooth tethering)

enable or disable interface:

ip link set wlan0 up

up

  • turns the network device ON at kernel level
  • allows it to send/receive data

down

  • disables the interface completely
  • no traffic can pass through it

Rename interface. Changes the interface name inside the kernel.

ip link set wlan0 name wifi0

ip addr

ip addr manages IP addresses assigned to network interfaces.

ip addr show and ip addr and ip a

list interfaces with IP addresses.

ip addr add

assign IP address:

ip addr add 192.168.1.10/24 dev wlan0

ip addr del

remove IP address:

ip addr del 192.168.1.10/24 dev wlan0

Every interface can have:

  • multiple IP addresses
  • IPv4 + IPv6 at same time
  • temporary or permanent addresses

ip route

manages the routing table.

When this machine sends data, where should it go?

ip route show or ip route

view routes. Example output:

default via 192.168.100.1 dev wlan0 proto dhcp src 192.168.100.83 metric 3003
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.83 metric 3003

These are two routing entries:

1) Default route (internet traffic)

default via 192.168.100.1 dev wlan0 proto dhcp src 192.168.100.83 metric 3003
  • default used for all internet / unknown destinations
  • via 192.168.100.1 gateway (your router)
  • dev wlan0 use Wi-Fi interface
  • proto dhcp automatically assigned by DHCP
  • src 192.168.100.83 your device’s IP address
  • metric 3003 priority (lower = preferred)

2) Local network route

192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.83 metric 3003
  • 192.168.100.0/24 local network range (all devices in your Wi-Fi LAN)
  • dev wlan0 reachable directly via Wi-Fi
  • proto kernel automatically created by Linux when IP was assigned
  • scope link only valid on local network (no router needed)
  • src 192.168.100.83 your device IP used for local traffic
  • metric 3003 route priority

ip route add

add route:

ip route add default via 192.168.1.1

this means create a path for internet traffic, send everything unknown to this gatway.

specific network route:

ip route add 10.0.0.0/24 via 192.168.1.1

this means only traffic to 10.0.0.x goes through that router

10.0.0.0/24 = 10.0.0.1 -> 10.0.0.254

ip route del

remove route:

ip route del default

system loses internet path, only local network may still work

ip neigh

It manages the neighbor table. That table stores which IP address belongs to which MAC (hardware) address

ip neigh show or ip neigh or ip n

view mappings

192.168.100.1 dev wlan0 lladdr aa:bb:cc:dd:ee:ff REACHABLE
192.168.100.50 dev wlan0 FAILED

Meaning:

  • 192.168.100.1 IP address (router or device)
  • dev wlan0 interface used
  • lladdr aa:bb:cc:dd:ee:ff MAC address
  • REACHABLE known and working connection
  • FAILED cannot reach device

ip neigh add

manually add mapping:

ip neigh add 192.168.100.50 lladdr aa:bb:cc:dd:ee:ff dev wlan0

This IP belongs to this MAC address

ip neigh del

remove mapping:

ip neigh del 192.168.100.50 dev wlan0

ip rule

Advanced routing logic (VPNs, multi-NIC systems).

Common actions:

  • show
  • add
  • del

ip tunnel

ip maddr

Used for multicast networking (streaming, some services)

ip monitor

Shows real-time kernel network changes

tc (Traffic control)

ss

bridge