\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{TME520 (TME520)} \pdfinfo{ /Title (iproute2.pdf) /Creator (Cheatography) /Author (TME520 (TME520)) /Subject (iproute2 Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{3CA334} \definecolor{LightBackground}{HTML}{F2F9F2} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{iproute2 Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{TME520 (TME520)} via \textcolor{DarkBackground}{\uline{cheatography.com/20978/cs/4067/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}TME520 (TME520) \\ \uline{cheatography.com/tme520} \\ \uline{\seqsplit{tme520}.com} \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 10th May, 2015.\\ Updated 7th May, 2016.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-cogs\}\} Address management}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{In this section \$\{address\} value should be a host address in dotted decimal format, and \$\{mask\} can be either a dotted decimal subnet mask or a prefix length. That is, both 192.0.2.10/24 and 192.0.2.10/255.255.255.0 are equally acceptable.} \tn % Row Count 5 (+ 5) % Row 1 \SetRowColor{white} {\bf{Show all addresses}} & {\emph{ip address show}} & All "show" commands can be used with "-4" or "-6" options to show only IPv4 or IPv6 \seqsplit{addresses.} & \tn % Row Count 15 (+ 10) % Row 2 \SetRowColor{LightBackground} {\bf{Show addresses for a single interface}} & {\emph{ip address show \$\{interface name\}}} & {\emph{ip address show eth0}} & \tn % Row Count 20 (+ 5) % Row 3 \SetRowColor{white} {\bf{Show addresses only for running interfaces}} & {\emph{ip address show up}} & & \tn % Row Count 25 (+ 5) % Row 4 \SetRowColor{LightBackground} {\bf{Show only \seqsplit{statically} \seqsplit{configured} addresses}} & {\emph{ip address show {[}dev \$\{interface\}{]} permanent}} & & \tn % Row Count 30 (+ 5) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-cogs\}\} Address management (cont)}} \tn % Row 5 \SetRowColor{LightBackground} {\bf{Show only addresses learnt via autoconfiguration}} & {\emph{ip address show {[}dev \$\{interface\}{]} dynamic}} & & \tn % Row Count 6 (+ 6) % Row 6 \SetRowColor{white} {\bf{Add an address to an interface}} & {\emph{ip address add \$\{address\}/\$\{mask\} dev \$\{interface name\}}} & {\emph{ip address add \seqsplit{192.0.2.10/27} dev eth0}} & {\emph{ip address add \seqsplit{2001:db8:1::/48} dev tun10}} \tn % Row Count 12 (+ 6) % Row 7 \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{You can add as many addresses as you want. The first address will be primary and will be used as source address by default.} \tn % Row Count 15 (+ 3) % Row 8 \SetRowColor{white} {\bf{Add an address with \seqsplit{human-readable} description}} & {\emph{ip address add \$\{address\}/\$\{mask\} dev \$\{interface name\} label \$\{interface name\}:\$\{description\}}} & {\emph{ip address add \seqsplit{192.0.2.1/24} dev eth0 label eth0:my\_wan\_address}} & Interface name with a colon before label is required, some backwards \seqsplit{compatibility} issue. \tn % Row Count 25 (+ 10) % Row 9 \SetRowColor{LightBackground} {\bf{Delete an address}} & {\emph{ip address delete \$\{address\}/\$\{prefix\} dev \$\{interface name\}}} & {\emph{ip address delete \seqsplit{192.0.2.1/24} dev eth0}} & Interface name argument is required. Linux does allow to use the same address on multiple \seqsplit{interfaces} and it has valid use cases. \tn % Row Count 38 (+ 13) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-cogs\}\} Address management (cont)}} \tn % Row 10 \SetRowColor{LightBackground} {\bf{Remove all addresses from an interface}} & {\emph{ip address flush dev \$\{interface name\}}} & {\emph{ip address flush dev eth1}} & \tn % Row Count 5 (+ 5) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Metasyntactic variables are written in shell-style syntax, \$\{something\}. Optional command parts are in square brackets. Note that there is no way to rearrange addresses and replace the primary address. Make sure you set the primary address first.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-share-alt\}\} Route management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{View all routes}} & {\emph{ip route}} & {\emph{ip route show}} & \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} {\bf{View IPv6 routes}} & {\emph{ip -6 route}} & & \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} {\bf{View routes to a network and all its subnets}} & {\emph{ip route show to root \$\{address\}/\$\{mask\}}} & {\emph{ip route show to root 192.168.0.0/24}} & \tn % Row Count 9 (+ 5) % Row 3 \SetRowColor{white} {\bf{View routes to a network and all supernets}} & {\emph{ip route show to match \$\{address\}/\$\{mask\}}} & {\emph{ip route show to match 192.168.0.0/24}} & \tn % Row Count 14 (+ 5) % Row 4 \SetRowColor{LightBackground} {\bf{View routes to exact subnet}} & {\emph{ip route show to exact \$\{address\}/\$\{mask\}}} & {\emph{ip route show to exact 192.168.0.0/24}} & \tn % Row Count 19 (+ 5) % Row 5 \SetRowColor{white} {\bf{View only the route actually used by the kernel}} & {\emph{ip route get \$\{address\}/\$\{mask\}}} & {\emph{ip route get 192.168.0.0/24}} & Note that in complex routing scenarios like multipath routing, the result may be "correct but not complete", as it always shows one route that will be used first. \tn % Row Count 36 (+ 17) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-share-alt\}\} Route management (cont)}} \tn % Row 6 \SetRowColor{LightBackground} {\bf{View route cache (pre 3.6 kernels only)}} & {\emph{ip route show cached}} & Until the version 3.6, Linux used route caching. In older kernels, this command displays the contents of the route cache. It can be used with modifiers described above. In newer kernels it does nothing. & \tn % Row Count 21 (+ 21) % Row 7 \SetRowColor{white} {\bf{Add a route via gateway}} & {\emph{ip route add \$\{address\}/\$\{mask\} via \$\{next hop\}}} & {\emph{ip route add \seqsplit{192.0.2.128/25} via 192.0.2.1}} & {\emph{ip route add \seqsplit{2001:db8:1::/48} via 2001:db8:1::1}} \tn % Row Count 26 (+ 5) % Row 8 \SetRowColor{LightBackground} {\bf{Add a route via interface}} & {\emph{ip route add \$\{address\}/\$\{mask\} dev \$\{interface name\}}} & {\emph{ip route add \seqsplit{192.0.2.0/25} dev ppp0}} & Interface routes are commonly used with \seqsplit{point-to-point} \seqsplit{interfaces} like PPP tunnels where next hop address is not required. \tn % Row Count 39 (+ 13) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-share-alt\}\} Route management (cont)}} \tn % Row 9 \SetRowColor{LightBackground} {\bf{Change or replace a route}} & {\emph{ip route change \seqsplit{192.168.2.0/24} via 10.0.0.1}} & {\emph{ip route replace \seqsplit{192.0.2.1/27} dev tun0}} & \tn % Row Count 5 (+ 5) % Row 10 \SetRowColor{white} {\bf{Delete a route}} & {\emph{ip route delete \$\{rest of the route statement\}}} & {\emph{ip route delete \seqsplit{10.0.1.0/25} via 10.0.0.1}} & {\emph{ip route delete default dev ppp0}} \tn % Row Count 10 (+ 5) % Row 11 \SetRowColor{LightBackground} {\bf{Default route}} & {\emph{ip route add default via \$\{address\}/\$\{mask\}}} & {\emph{ip route add default dev \$\{interface name\}}} & {\emph{ip -6 route add default via 2001:db8::1}} \tn % Row Count 15 (+ 5) % Row 12 \SetRowColor{white} {\bf{Blackhole routes}} & {\emph{ip route add blackhole \$\{address\}/\$\{mask\}}} & {\emph{ip route add blackhole 192.0.2.1/32}} & Traffic to \seqsplit{destinations} that match a blackhole route is silently \seqsplit{discarded.} \tn % Row Count 23 (+ 8) % Row 13 \SetRowColor{LightBackground} {\bf{Other special routes : unreachable}} & {\emph{ip route add \seqsplit{unreachable} \$\{address\}/\$\{mask\}}} & & Sends ICMP "host \seqsplit{unreachable"}. These routes make the system discard packets and reply with an ICMP error message to the sender. \tn % Row Count 36 (+ 13) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-share-alt\}\} Route management (cont)}} \tn % Row 14 \SetRowColor{LightBackground} {\bf{Other special routes : prohibit}} & {\emph{ip route add prohibit \$\{address\}/\$\{mask\}}} & & Sends ICMP \seqsplit{"administratively} \seqsplit{prohibited".} \tn % Row Count 5 (+ 5) % Row 15 \SetRowColor{white} {\bf{Other special routes : throw}} & {\emph{ip route add throw \$\{address\}/\$\{mask\}}} & & Sends "net \seqsplit{unreachable"}. \tn % Row Count 9 (+ 4) % Row 16 \SetRowColor{LightBackground} {\bf{Routes with different metric}} & {\emph{ip route add \$\{address\}/\$\{mask\} via \$\{gateway\} metric \$\{number\}}} & {\emph{ip route add \seqsplit{192.168.2.0/24} via 10.0.1.1 metric 5}} & {\emph{ip route add \seqsplit{192.168.2.0} dev ppp0 metric 10}} \tn % Row Count 16 (+ 7) % Row 17 \SetRowColor{white} {\bf{Multipath routing}} & {\emph{ip route add \$\{addresss\}/\$\{mask\} nexthop via \$\{gateway 1\} weight \$\{number\} nexthop via \$\{gateway 2\} weight \$\{number\}}} & {\emph{ip route add default nexthop via \seqsplit{192.168.1.1} weight 1 nexthop dev ppp0 weight 10}} & \tn % Row Count 28 (+ 12) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{As per the section below, if you set up a static route, and it becomes useless because the interface goes down, it will be removed and never get back on its own. You may not have noticed this behaviour because in many cases additional software (e.g. NetworkManager or rp-pppoe) takes care of restoring routes associated with interfaces.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-link\}\} Link management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Show \seqsplit{information} about all links}} & {\emph{ip link show}} & {\emph{ip link list}} & \tn % Row Count 4 (+ 4) % Row 1 \SetRowColor{white} {\bf{Show \seqsplit{information} about specific link}} & {\emph{ip link show dev \$\{interface name\}}} & {\emph{ip link show dev eth0}} & {\emph{ip link show dev tun10}} \tn % Row Count 8 (+ 4) % Row 2 \SetRowColor{LightBackground} {\bf{Bring a link up or down}} & {\emph{ip link set dev \$\{interface name\} {[}up | down{]}}} & {\emph{ip link set dev eth0 down}} & {\emph{ip link set dev br0 up}} \tn % Row Count 13 (+ 5) % Row 3 \SetRowColor{white} {\bf{Set \seqsplit{human-readable} link description}} & {\emph{ip link set dev \$\{interface name\} alias "\$\{description\}"}} & {\emph{ip link set dev eth0 alias "LAN interface"}} & \tn % Row Count 19 (+ 6) % Row 4 \SetRowColor{LightBackground} {\bf{Rename an interface}} & {\emph{ip link set dev \$\{old interface name\} name \$\{new interface name\}}} & {\emph{ip link set dev eth0 name lan}} & Note that you can't rename an active \seqsplit{interface.} You need to bring it down before doing it. \tn % Row Count 28 (+ 9) % Row 5 \SetRowColor{white} {\bf{Change link layer address (usually MAC address)}} & {\emph{ip link set dev \$\{interface name\} address \$\{address\}}} & {\emph{ip link set dev eth0 address 22:ce:e0:99:63:6f}} & \tn % Row Count 34 (+ 6) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-link\}\} Link management (cont)}} \tn % Row 6 \SetRowColor{LightBackground} {\bf{Change link MTU}} & {\emph{ip link set dev \$\{interface name\} mtu \$\{MTU value\}}} & {\emph{ip link set dev tun0 mtu 1480}} & \tn % Row Count 6 (+ 6) % Row 7 \SetRowColor{white} {\bf{Delete a link}} & {\emph{ip link delete dev \$\{interface name\}}} & & \tn % Row Count 10 (+ 4) % Row 8 \SetRowColor{LightBackground} {\bf{Enable or disable multicast on an interface}} & {\emph{ip link set \$\{interface name\} multicast on}} & {\emph{ip link set \$\{interface name\} multicast off}} & \tn % Row Count 15 (+ 5) % Row 9 \SetRowColor{white} {\bf{Enable or disable ARP on an interface}} & {\emph{ip link set \$\{interface name\} arp on}} & {\emph{ip link set \$\{interface name\} arp off}} & \tn % Row Count 20 (+ 5) % Row 10 \SetRowColor{LightBackground} {\bf{Create a VLAN interface}} & {\emph{ip link add name \$\{VLAN interface name\} link \$\{parent interface name\} type vlan id \$\{tag\}}} & {\emph{ip link add name eth0.110 link eth0 type vlan id 110}} & The only type of VLAN supported in Linux is IEEE 802.1q VLAN, legacy \seqsplit{implementations} like ISL are not \seqsplit{supported.} \tn % Row Count 32 (+ 12) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-link\}\} Link management (cont)}} \tn % Row 11 \SetRowColor{LightBackground} {\bf{Create a QinQ interface (VLAN stacking)}} & {\emph{ip link add name \$\{service interface\} link \$\{physical interface\} type vlan proto 802.1ad id \$\{service tag\}}} & & \tn % Row Count 11 (+ 11) % Row 12 \SetRowColor{white} & {\emph{ip link add name \$\{client interface\} link \$\{service interface\} type vlan proto 802.1q id \$\{client tag\}}} & & \tn % Row Count 22 (+ 11) % Row 13 \SetRowColor{LightBackground} & {\emph{ip link add name eth0.100 link eth0 type vlan proto 802.1ad id 100}} & & Create service tag interface \tn % Row Count 29 (+ 7) % Row 14 \SetRowColor{white} & {\emph{ip link add name \seqsplit{eth0.100.200} link eth0.100 type vlan proto 802.1q id 200}} & & Create client tag interface \tn % Row Count 37 (+ 8) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-link\}\} Link management (cont)}} \tn % Row 15 \SetRowColor{LightBackground} {\bf{Create \seqsplit{pseudo-ethernet} (aka macvlan) interface}} & {\emph{ip link add name \$\{macvlan interface name\} link \$\{parent interface\} type macvlan}} & {\emph{ip link add name peth0 link eth0 type macvlan}} & \tn % Row Count 9 (+ 9) % Row 16 \SetRowColor{white} {\bf{Create a dummy interface}} & {\emph{ip link add name \$\{dummy interface name\} type dummy}} & {\emph{ip link add name dummy0 type dummy}} & \tn % Row Count 15 (+ 6) % Row 17 \SetRowColor{LightBackground} {\bf{Create a bridge interface}} & {\emph{ip link add name \$\{bridge name\} type bridge}} & {\emph{ip link add name br0 type bridge}} & \tn % Row Count 20 (+ 5) % Row 18 \SetRowColor{white} {\bf{Add an interface to bridge}} & {\emph{ip link set dev \$\{interface name\} master \$\{bridge name\}}} & {\emph{ip link set dev eth0 master br0}} & \tn % Row Count 26 (+ 6) % Row 19 \SetRowColor{LightBackground} {\bf{Remove interface from bridge}} & {\emph{ip link set dev \$\{interface name\} nomaster}} & {\emph{ip link set dev eth0 nomaster}} & \tn % Row Count 31 (+ 5) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-link\}\} Link management (cont)}} \tn % Row 20 \SetRowColor{LightBackground} {\bf{Create a bonding interface}} & {\emph{ip link add name \$\{name\} type bond}} & {\emph{ip link add name bond1 type bond}} & This is not enough to configure bonding (link \seqsplit{aggregation)} in any \seqsplit{meaningful} way. You need to set up bonding \seqsplit{parameters} according to your \seqsplit{situation.} \tn % Row Count 15 (+ 15) % Row 21 \SetRowColor{white} {\bf{Create an \seqsplit{intermediate} \seqsplit{functional} block interface}} & {\emph{ip link add \$\{interface name\} type ifb}} & {\emph{ip link add ifb10 type ifb}} & \seqsplit{Intermediate} \seqsplit{functional} block devices are used for traffic \seqsplit{redirection} and mirroring in \seqsplit{conjunction} with tc. \tn % Row Count 26 (+ 11) % Row 22 \SetRowColor{LightBackground} {\bf{Create a pair of virtual ethernet devices}} & {\emph{ip link add name \$\{first device name\} type veth peer name \$\{second device name\}}} & {\emph{ip link add name veth-host type veth peer name veth-guest}} & Virtual ethernet devices are created in UP state, no need to bring them up manually after creation. \tn % Row Count 36 (+ 10) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Note that interface name you set with "name \$\{name\}" parameter of "ip link add" and "ip link set" commands may be arbitrary, and even contain unicode characters. It's better however to stick with ASCII because other programs may not handle unicode correctly. Also it's better to use a consistent convention for link names, and use link aliases to provide human descriptions.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-cubes\}\} Link group management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Add an interface to a group}} & {\emph{ip link set dev \$\{interface name\} group \$\{group number\}}} & {\emph{ip link set dev eth0 group 42}} & {\emph{ip link set dev eth1 group 42}} \tn % Row Count 6 (+ 6) % Row 1 \SetRowColor{white} {\bf{Remove an interface from a group}} & {\emph{ip link set dev \$\{interface name\} group 0}} & {\emph{ip link set dev \$\{interface\} group default}} & {\emph{ip link set dev tun10 group 0}} \tn % Row Count 11 (+ 5) % Row 2 \SetRowColor{LightBackground} {\bf{Assign a symbolic name to a group}} & {\emph{echo "10 \seqsplit{customer-vlans"} \textgreater{}\textgreater{} /etc/iproute2/group}} & Once you \seqsplit{configured} a group name, number and name can be used \seqsplit{interchangeably} in ip commands. & {\emph{ip link set dev eth0.100 group customer-vlans}} \tn % Row Count 21 (+ 10) % Row 3 \SetRowColor{white} {\bf{Perform an operation on a group}} & {\emph{ip link set group \$\{group number\} \$\{operation and arguments\}}} & {\emph{ip link set group 42 down}} & {\emph{ip link set group uplinks mtu 1200}} \tn % Row Count 28 (+ 7) % Row 4 \SetRowColor{LightBackground} {\bf{View \seqsplit{information} about links from specific group}} & {\emph{ip link list group 42}} & {\emph{ip address show group customers}} & \tn % Row Count 34 (+ 6) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Link groups are similar to port ranges found in managed switches. You can add network interfaces to a numbered group and perform operations on all the interfaces from that group at once. \newline \newline Links not assigned to any group belong to group 0 aka "default".} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Tun and Tap devices}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Add an tun/tap device useable by root}} & {\emph{ip tuntap add dev \$\{interface name\} mode \$\{mode\}}} & {\emph{ip tuntap add dev tun0 mode tun}} & {\emph{ip tuntap add dev tap9 mode tap}} \tn % Row Count 5 (+ 5) % Row 1 \SetRowColor{white} Tap sends and receives raw Ethernet frames. & & Tun sends and receives raw IP packets. & \tn % Row Count 10 (+ 5) % Row 2 \SetRowColor{LightBackground} {\bf{Add an tun/tap device usable by an ordinary user}} & {\emph{ip tuntap add dev \$\{interface name\} mode \$\{mode\} user \$\{user\} group \$\{group\}}} & {\emph{ip tuntap add dev tun1 mode tun user me group mygroup}} & {\emph{ip tuntap add dev tun2 mode tun user 1000 group 1001}} \tn % Row Count 18 (+ 8) % Row 3 \SetRowColor{white} {\bf{Add an tun/tap device using an alternate packet format}} & {\emph{ip tuntap add dev \$\{interface name\} mode \$\{mode\} pi}} & {\emph{ip tuntap add dev tun1 mode tun pi}} & \tn % Row Count 24 (+ 6) % Row 4 \SetRowColor{LightBackground} {\bf{Add an tun/tap ignoring flow control}} & {\emph{ip tuntap add dev \$\{interface name\} mode \$\{mode\} one\_queue}} & {\emph{ip tuntap add dev tun1 mode tun one\_queue}} & \tn % Row Count 30 (+ 6) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Tun and Tap devices (cont)}} \tn % Row 5 \SetRowColor{LightBackground} {\bf{Delete tun/tap device}} & {\emph{ip tuntap del dev \$\{interface name\}}} & {\emph{ip tuntap del dev tun0 name\}}} & \tn % Row Count 4 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Tun and tap devices allow userspace programs to emulate a network device. When the userspace program opens them they get a file descriptor. Packets routed by the kernel networking stack to the device are read from the file descriptor, data the userspace program writes to the file descriptor are injected as local outgoing packets into the networking stack.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{5.4351 cm} x{3.7881 cm} x{5.5998 cm} p{1.647 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Neighbor (ARP and NDP) tables management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{View neighbor tables}} & {\emph{ip neighbor show}} & & \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} {\bf{View neighbors for single interface}} & {\emph{ip neighbor show dev \$\{interface name\}}} & {\emph{ip neighbor show dev eth0}} & \tn % Row Count 7 (+ 5) % Row 2 \SetRowColor{LightBackground} {\bf{Flush table for an interface}} & {\emph{ip neighbor flush dev \$\{interface name\}}} & {\emph{ip neighbor flush dev eth1}} & \tn % Row Count 12 (+ 5) % Row 3 \SetRowColor{white} {\bf{Add a neighbor table entry}} & {\emph{ip neighbor add \$\{network address\} lladdr \$\{link layer address\} dev \$\{interface name\}}} & {\emph{ip neighbor add 192.0.2.1 lladdr \seqsplit{22:ce:e0:99:63:6f} dev eth0}} & \tn % Row Count 22 (+ 10) % Row 4 \SetRowColor{LightBackground} {\bf{Delete a neighbor table entry}} & {\emph{ip neighbor delete \$\{network address\} lladdr \$\{link layer address\} dev \$\{interface name\}}} & {\emph{ip neighbor delete 192.0.2.1 lladdr \seqsplit{22:ce:e0:99:63:6f} dev eth0}} & \tn % Row Count 32 (+ 10) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{For ladies and gentlemen who prefer UK spelling, this command family supports "neighbour" spelling too.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.2822 cm} x{4.2822 cm} x{4.2822 cm} x{3.6234 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-arrows-h\}\} Tunnel management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Create an IPIP tunnel}} & {\emph{ip tunnel add \$\{interface name\} mode ipip local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 11 (+ 11) % Row 1 \SetRowColor{white} {\bf{Create a SIT tunnel}} & {\emph{sudo ip tunnel add \$\{interface name\} mode sit local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 23 (+ 12) % Row 2 \SetRowColor{LightBackground} {\bf{Create an IPIP6 tunnel}} & {\emph{ip -6 tunnel add \$\{interface name\} mode ipip6 local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 35 (+ 12) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.2822 cm} x{4.2822 cm} x{4.2822 cm} x{3.6234 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-arrows-h\}\} Tunnel management (cont)}} \tn % Row 3 \SetRowColor{LightBackground} {\bf{Create an IP6IP6 tunnel}} & {\emph{ip -6 tunnel add \$\{interface name\} mode ip6ip6 local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 12 (+ 12) % Row 4 \SetRowColor{white} {\bf{Create a gretap (ethernet over GRE) device}} & {\emph{ip link add \$\{interface name\} type gretap local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 23 (+ 11) % Row 5 \SetRowColor{LightBackground} {\bf{Create a GRE tunnel}} & {\emph{ip tunnel add \$\{interface name\} mode gre local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 34 (+ 11) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.2822 cm} x{4.2822 cm} x{4.2822 cm} x{3.6234 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-arrows-h\}\} Tunnel management (cont)}} \tn % Row 6 \SetRowColor{LightBackground} {\bf{Create multiple GRE tunnels to the same endpoint}} & {\emph{ip tunnel add \$\{interface name\} mode gre local \$\{local endpoint address\} remote \$\{remote endpoint address\} key \$\{key value\}}} & & \tn % Row Count 13 (+ 13) % Row 7 \SetRowColor{white} {\bf{Create a \seqsplit{point-to-multipoint} GRE tunnel}} & {\emph{ip tunnel add \$\{interface name\} mode gre local \$\{local endpoint address\} key \$\{key value\}}} & & \tn % Row Count 23 (+ 10) % Row 8 \SetRowColor{LightBackground} {\bf{Create a GRE tunnel over IPv6}} & {\emph{ip -6 tunnel add name \$\{interface name\} mode ip6gre local \$\{local endpoint\} remote \$\{remote endpoint\}}} & & \tn % Row Count 34 (+ 11) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.2822 cm} x{4.2822 cm} x{4.2822 cm} x{3.6234 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-arrows-h\}\} Tunnel management (cont)}} \tn % Row 9 \SetRowColor{LightBackground} {\bf{Delete a tunnel}} & {\emph{ip tunnel del \$\{interface name\}}} & {\emph{ip tunnel del gre1}} & \tn % Row Count 4 (+ 4) % Row 10 \SetRowColor{white} {\bf{Modify a tunnel}} & {\emph{ip tunnel change \$\{interface name\} \$\{options\}}} & {\emph{ip tunnel change tun0 remote 203.0.113.89}} & {\emph{ip tunnel change tun10 key 23456}} \tn % Row Count 9 (+ 5) % Row 11 \SetRowColor{LightBackground} {\bf{View tunnel information}} & {\emph{ip tunnel show}} & {\emph{ip tunnel show \$\{interface name\}}} & {\emph{ip tun show tun99}} \tn % Row Count 13 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Linux currently supports IPIP (IPv4 in IPv4), SIT (IPv6 in IPv4), IP6IP6 (IPv6 in IPv6), IPIP6 (IPv4 in IPv6), GRE (virtually anything in anything), and, in very recent versions, VTI (IPv4 in IPsec). \newline \newline Note that tunnels are created in DOWN state, you need to bring them up. \newline \newline In this section \$\{local endpoint address\} and \$\{remote endpoint address\} refer to addresses assigned to physical interfaces of endpoint. \$\{address\} refers to the address assigned to tunnel interface.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.7881 cm} x{4.1175 cm} x{4.2822 cm} x{4.2822 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{L2TPv3 pseudowire management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Create an L2TPv3 tunnel over UDP}} & {\emph{ip l2tp add tunnel \seqsplit{tunnel\_id} \$\{local tunnel numeric identifier\} \seqsplit{peer\_tunnel\_id} \$\{remote tunnel numeric identifier\} \seqsplit{udp\_sport} \$\{source port\} \seqsplit{udp\_dport} \$\{destination port\} encap udp local \$\{local endpoint address\} remote \$\{remote endpoint address\}}} & & \tn % Row Count 25 (+ 25) % Row 1 \SetRowColor{white} & {\emph{ip l2tp add tunnel \seqsplit{tunnel\_id} 1 \seqsplit{peer\_tunnel\_id} 1 \seqsplit{udp\_sport} 5000 \seqsplit{udp\_dport} 5000 encap udp local 192.0.2.1 remote 203.0.113.2}} & & \tn % Row Count 38 (+ 13) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.7881 cm} x{4.1175 cm} x{4.2822 cm} x{4.2822 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{L2TPv3 pseudowire management (cont)}} \tn % Row 2 \SetRowColor{LightBackground} {\bf{Create an L2TPv3 tunnel over IP}} & {\emph{ip l2tp add tunnel \seqsplit{tunnel\_id} \$\{local tunnel numeric identifier\} \seqsplit{peer\_tunnel\_id} \{remote tunnel numeric \seqsplit{identifier} \} encap ip local 192.0.2.1 remote 203.0.113.2}} & & \tn % Row Count 16 (+ 16) % Row 3 \SetRowColor{white} {\bf{Create an L2TPv3 session}} & {\emph{ip l2tp add session \seqsplit{tunnel\_id} \$\{local tunnel identifier\} \seqsplit{session\_id} \$\{local session numeric identifier\} \seqsplit{peer\_session\_id} \$\{remote session numeric identifier\}}} & {\emph{ip l2tp add session \seqsplit{tunnel\_id} 1 \seqsplit{session\_id} 10 \seqsplit{peer\_session\_id} 10}} & \tn % Row Count 32 (+ 16) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.7881 cm} x{4.1175 cm} x{4.2822 cm} x{4.2822 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{L2TPv3 pseudowire management (cont)}} \tn % Row 4 \SetRowColor{LightBackground} {\bf{Delete an L2TPv3 session}} & {\emph{ip l2tp del session \seqsplit{tunnel\_id} \$\{tunnel identifier\} \seqsplit{session\_id} \$\{session identifier\}}} & {\emph{ip l2tp del session \seqsplit{tunnel\_id} 1 \seqsplit{session\_id} 1}} & \tn % Row Count 9 (+ 9) % Row 5 \SetRowColor{white} {\bf{Delete an L2TPv3 tunnel}} & {\emph{ip l2tp del tunnel \seqsplit{tunnel\_id} \$\{tunnel identifier\}}} & {\emph{ip l2tp del tunnel \seqsplit{tunnel\_id} 1}} & \tn % Row Count 15 (+ 6) % Row 6 \SetRowColor{LightBackground} {\bf{View L2TPv3 tunnel information}} & {\emph{ip l2tp show tunnel}} & {\emph{ip l2tp show tunnel \seqsplit{tunnel\_id} \$\{tunnel identifier\}}} & {\emph{ip l2tp show tunnel \seqsplit{tunnel\_id} 12}} \tn % Row Count 21 (+ 6) % Row 7 \SetRowColor{white} {\bf{View L2TPv3 session information}} & {\emph{ip l2tp show session}} & {\emph{ip l2tp show session \seqsplit{session\_id} \$\{session identifier\} \seqsplit{tunnel\_id} \$\{tunnel identifier\}}} & {\emph{ip l2tp show session \seqsplit{session\_id} 1 \seqsplit{tunnel\_id} 12}} \tn % Row Count 30 (+ 9) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Compared to other tunneling protocol implementations in Linux, L2TPv3 terminology is somewhat reversed. You create a tunnel, and then bind sessions to it. You can bind multiple sessions with different identifiers to the same tunnel. Virtual network interfaces (by default named l2tpethX) are associated with sessions.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-code\}\} Policy-based routing}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Create a policy route}} & {\emph{ip route add \$\{route options\} table \$\{table id or name\}}} & {\emph{ip route add \seqsplit{192.0.2.0/27} via \seqsplit{203.0.113.1} table 10}} & {\emph{ip route add \seqsplit{2001:db8::/48} dev eth1 table 100}} \tn % Row Count 6 (+ 6) % Row 1 \SetRowColor{white} {\bf{View policy routes}} & {\emph{ip route show table \$\{table id or name\}}} & {\emph{ip route show table 100}} & {\emph{ip route show table test}} \tn % Row Count 11 (+ 5) % Row 2 \SetRowColor{LightBackground} {\bf{General rule syntax}} & {\emph{ip rule add \$\{options\} \textless{}lookup \$\{table id or name\}|blackhole|prohibit|unreachable\textgreater{}}} & & \tn % Row Count 20 (+ 9) % Row 3 \SetRowColor{white} {\bf{Create a rule to match a source network}} & {\emph{ip rule add from \$\{source network\} \$\{action\}}} & {\emph{ip rule add from \seqsplit{192.0.2.0/24} lookup 10}} & {\emph{ip -6 rule add from \seqsplit{2001:db8::/32} prohibit}} \tn % Row Count 25 (+ 5) % Row 4 \SetRowColor{LightBackground} {\bf{Create a rule to match a \seqsplit{destination} network}} & {\emph{ip rule add to \$\{destination network\} \$\{action\}}} & {\emph{ip rule add to \seqsplit{192.0.2.0/24} blackhole}} & {\emph{ip -6 rule add to \seqsplit{2001:db8::/32} lookup 100}} \tn % Row Count 30 (+ 5) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-code\}\} Policy-based routing (cont)}} \tn % Row 5 \SetRowColor{LightBackground} {\bf{Create a rule to match a ToS field value}} & {\emph{ip rule add tos \$\{ToS value\} \$\{action\}}} & {\emph{ip rule add tos 0x10 lookup 110}} & \tn % Row Count 5 (+ 5) % Row 6 \SetRowColor{white} {\bf{Create a rule to match a firewall mark value}} & {\emph{ip rule add fwmark \$\{mark\} \$\{action\}}} & {\emph{ip rule add fwmark 0x11 lookup 100}} & \tn % Row Count 10 (+ 5) % Row 7 \SetRowColor{LightBackground} {\bf{Create a rule to match inbound interface}} & {\emph{ip rule add iif \$\{interface name\} \$\{action\}}} & {\emph{ip rule add iif eth0 lookup 10}} & {\emph{ip rule add iif lo lookup 20}} \tn % Row Count 15 (+ 5) % Row 8 \SetRowColor{white} {\bf{Create a rule to match outbound interface}} & {\emph{ip rule add oif \$\{interface name\} \$\{action\}}} & {\emph{ip rule add oif eth0 lookup 10}} & \tn % Row Count 20 (+ 5) % Row 9 \SetRowColor{LightBackground} {\bf{Set rule priority}} & {\emph{ip rule add \$\{options\} \$\{action\} priority \$\{value\}}} & {\emph{ip rule add from \seqsplit{192.0.2.0/25} lookup 10 priority 10}} & {\emph{ip rule add from \seqsplit{192.0.2.0/24} lookup 20 priority 20}} \tn % Row Count 26 (+ 6) % Row 10 \SetRowColor{white} {\bf{Show all rules}} & {\emph{ip rule show}} & {\emph{ip -6 rule show}} & \tn % Row Count 28 (+ 2) % Row 11 \SetRowColor{LightBackground} {\bf{Delete a rule}} & {\emph{ip rule del \$\{options\} \$\{action\}}} & {\emph{ip rule del \seqsplit{192.0.2.0/24} lookup 10}} & \tn % Row Count 32 (+ 4) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-code\}\} Policy-based routing (cont)}} \tn % Row 12 \SetRowColor{LightBackground} {\bf{Delete all rules}} & {\emph{ip rule flush}} & {\emph{ip -6 rule flush}} & \tn % Row Count 2 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Policy-based routing (PBR) in Linux is designed the following way: first you create custom routing tables, then you create rules to tell the kernel it should use those tables instead of the default table for specific traffic. \newline \newline Some tables are predefined: local (table 255), main (table 254), default (table 253).} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{6.748 cm} x{5.7358 cm} x{4.3862 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{netconf (sysctl configuration viewing)}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{View sysctl configuration for all interfaces}} & {\emph{ip netconf show}} & \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} {\bf{View sysctl configuration for specific interface}} & {\emph{ip netconf show dev \$\{interface\}}} & {\emph{ip netconf show dev eth0}} \tn % Row Count 7 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.2822 cm} x{4.2822 cm} x{3.7881 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-list\}\} Network namespace management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Create a namespace}} & {\emph{ip netns add \$\{namespace name\}}} & {\emph{ip netns add foo}} & \tn % Row Count 4 (+ 4) % Row 1 \SetRowColor{white} {\bf{List existing namespaces}} & {\emph{ip netns list}} & & \tn % Row Count 7 (+ 3) % Row 2 \SetRowColor{LightBackground} {\bf{Delete a namespace}} & {\emph{ip netns delete \$\{namespace name\}}} & {\emph{ip netns delete foo}} & \tn % Row Count 11 (+ 4) % Row 3 \SetRowColor{white} {\bf{Run a process inside a namespace}} & {\emph{ip netns exec \$\{namespace name\} \$\{command\}}} & {\emph{ip netns exec foo /bin/sh}} & \tn % Row Count 16 (+ 5) % Row 4 \SetRowColor{LightBackground} {\bf{List all processes assigned to a namespace}} & {\emph{ip netns pids \$\{namespace name\}}} & & The output will be a list of PIDs. \tn % Row Count 21 (+ 5) % Row 5 \SetRowColor{white} {\bf{Identify process' primary namespace}} & {\emph{ip netns identify \$\{pid\}}} & {\emph{ip netns identify 9000}} & \tn % Row Count 25 (+ 4) % Row 6 \SetRowColor{LightBackground} {\bf{Assign network interface to a namespace}} & {\emph{ip link set dev \$\{interface name\} netns \$\{namespace name\}}} & {\emph{ip link set dev \$\{interface name\} netns \$\{pid\}}} & {\emph{ip link set dev eth0.100 netns foo}} \tn % Row Count 31 (+ 6) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.2822 cm} x{4.2822 cm} x{3.7881 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-list\}\} Network namespace management (cont)}} \tn % Row 7 \SetRowColor{LightBackground} {\bf{Connect one namespace to another}} & Create a pair of veth devices: & {\emph{ip link add name veth1 type veth peer name veth2}} & \tn % Row Count 5 (+ 5) % Row 8 \SetRowColor{white} & Move veth2 to namespace foo: & {\emph{ip link set dev veth2 netns foo}} & \tn % Row Count 9 (+ 4) % Row 9 \SetRowColor{LightBackground} & Bring veth2 and add an address in "foo" \seqsplit{namespace:} & {\emph{ip netns exec foo ip link set dev veth2 up}} & \tn % Row Count 14 (+ 5) % Row 10 \SetRowColor{white} & & {\emph{ip netns exec foo ip address add \seqsplit{10.1.1.1/24} dev veth2}} & \tn % Row Count 20 (+ 6) % Row 11 \SetRowColor{LightBackground} & Add an address to veth1, which stays in the default \seqsplit{namespace:} & {\emph{ip address add \seqsplit{10.1.1.2/24} dev veth1}} & \tn % Row Count 27 (+ 7) % Row 12 \SetRowColor{white} {\bf{Monitor network namespace subsystem events}} & {\emph{ip netns monitor}} & & \tn % Row Count 32 (+ 5) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Network namespaces are isolated network stack instances within a single machine. They can be used for security domain separation, managing traffic flows between virtual machines and so on. \newline \newline Every namespace is a complete copy of the networking stack with its own interfaces, addresses, routes etc. You can run processes inside a namespace and bridge namespaces to physical interfaces.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.7114 cm} x{6.5793 cm} x{6.5793 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{VXLAN management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Create a VXLAN link}} & {\emph{ip link add name \$\{interface name\} type vxlan id \textless{}0-16777215\textgreater{} dev \$\{source interface\} group \$\{multicast address }} & {\emph{ip link add name vxlan0 type vxlan id 42 dev eth0 group 239.0.0.1}} \tn % Row Count 8 (+ 8) \hhline{>{\arrayrulecolor{DarkBackground}}---} \SetRowColor{LightBackground} \mymulticolumn{3}{x{17.67cm}}{VXLAN is a layer 2 tunneling protocol that is commonly used in conjunction with virtualization systems such as KVM to connect virtual machines running on different hypervisor nodes to each other and to outside world. The underlying encapsulation protocol for VXLAN is UDP.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.9528 cm} x{4.2822 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-arrows-alt\}\} Multicast management}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{View \seqsplit{multicast} groups}} & {\emph{ip maddress show}} & {\emph{ip maddress show \$\{interface name\}}} & {\emph{ip maddress show dev lo}} \tn % Row Count 4 (+ 4) % Row 1 \SetRowColor{white} {\bf{Add a \seqsplit{link-layer} \seqsplit{multicast} address}} & {\emph{ip maddress add \$\{MAC address\} dev \$\{interface name\}}} & {\emph{ip maddress add \seqsplit{01:00:5e:00:00:ab} dev eth0}} & \tn % Row Count 10 (+ 6) % Row 2 \SetRowColor{LightBackground} {\bf{View \seqsplit{multicast} routes}} & {\emph{ip mroute show}} & Multicast routes cannot be added manually, so this command can only show multicast routes installed by a routing daemon. & It supports the same modifiers to unicast route viewing commands (iif, table, from etc.). \tn % Row Count 22 (+ 12) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{Multicast is mostly handled by applications and routing daemons, so there is not much you can and should do manually here. Multicast-related ip commands are mostly useful for debug.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.9528 cm} x{4.2822 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-eye\}\} Network event monitoring}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Monitor all events}} & {\emph{ip monitor}} & & \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} {\bf{Monitor specific events}} & {\emph{ip monitor \$\{event type\}}} & Event type can be: link, address, route, mroute, neigh. & \tn % Row Count 9 (+ 6) % Row 2 \SetRowColor{LightBackground} {\bf{Read a log file produced by rtmon}} & {\emph{ip monitor \$\{event type\} file \$\{path to the log file\}}} & & iproute2 includes a program called "rtmon" that serves \seqsplit{essentially} the same purpose, but writes events to a binary log file instead of \seqsplit{displaying} them. "ip monitor" command allows you to read files created by the program". \tn % Row Count 32 (+ 23) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.9528 cm} x{4.2822 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{\{\{fa-eye\}\} Network event monitoring (cont)}} \tn % Row 3 \SetRowColor{LightBackground} & {\emph{rtmon {[}-family \textless{}inet|inet6\textgreater{}{]} {[}\textless{}route|link|address|all\textgreater{}{]} file \$\{log file path\}}} & & rtmon syntax is similar to that of "ip monitor", except event type is limited to link, address, route, and all; and address family is specified in "-family" option. \tn % Row Count 17 (+ 17) \hhline{>{\arrayrulecolor{DarkBackground}}----} \SetRowColor{LightBackground} \mymulticolumn{4}{x{17.67cm}}{You can monitor certain network events with iproute2, such as changes in network configuration, routing tables, and ARP/NDP tables.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \end{document}