# ip — Manage Network Interfaces, Addresses and Routes

> Practical guide to ip (iproute2) — manage interfaces, addresses, routes, tunnels and namespaces on Linux, the modern replacement for ifconfig.

Source: https://www.jpkc.com/db/en/cheatsheets/networking/ip/

<!-- PROSE:intro -->
The `ip` command from the iproute2 package is the modern standard tool for Linux network management. It replaces the legacy utilities `ifconfig`, `route` and `arp` with a unified, consistent interface: `ip link` manages network interfaces, `ip addr` handles IPv4 and IPv6 addresses, and `ip route` controls the routing table. It also covers the neighbour cache, policy routing, tunnels, multicast, and network namespaces – all in one command, with JSON output for scripting.
<!-- PROSE:intro:end -->

## General Syntax & Options

`ip [ OPTIONS ] OBJECT { COMMAND | help }` — General syntax. OBJECT can be link, addr, route, neigh, rule, tunnel, netns, etc.

`ip -4 ...` — Restrict output to IPv4 only.

```bash
ip -4 addr show
```

`ip -6 ...` — Restrict output to IPv6 only.

```bash
ip -6 addr show
```

`ip -br ...` — Brief output format. Compact, human-readable.

```bash
ip -br addr show
```

`ip -c ...` — Colorized output for better readability.

```bash
ip -c addr show
```

`ip -j ...` — JSON output format. Useful for scripting.

```bash
ip -j addr show | jq .
```

`ip -s ...` — Show statistics (packet counts, errors, etc.).

```bash
ip -s link show eth0
```

`ip -d ...` — Show detailed/extended information.

```bash
ip -d link show
```

`ip -h ...` — Human-readable output with unit suffixes (KB, MB, GB).

```bash
ip -h -s link show
```

`ip -o ...` — One-line output per record. Useful for parsing with grep/awk.

```bash
ip -o addr show | awk '{print $2, $4}'
```

## ip link — Network Interfaces

`ip link show` — List all network interfaces with their state and MAC addresses.

```bash
ip link show
```

`ip link show dev DEVICE` — Show details of a specific interface.

```bash
ip link show dev eth0
```

`ip link set dev DEVICE up` — Bring an interface up (enable it).

```bash
sudo ip link set dev eth0 up
```

`ip link set dev DEVICE down` — Bring an interface down (disable it).

```bash
sudo ip link set dev eth0 down
```

`ip link set dev DEVICE mtu MTU` — Set the Maximum Transmission Unit for an interface.

```bash
sudo ip link set dev eth0 mtu 9000
```

`ip link set dev DEVICE address MAC` — Change the MAC address of an interface.

```bash
sudo ip link set dev eth0 address 02:42:ac:11:00:02
```

`ip link set dev DEVICE name NEWNAME` — Rename an interface (must be down first).

```bash
sudo ip link set dev eth0 name lan0
```

`ip link set dev DEVICE promisc on` — Enable promiscuous mode on an interface.

```bash
sudo ip link set dev eth0 promisc on
```

`ip link set dev DEVICE txqueuelen N` — Set the transmit queue length.

```bash
sudo ip link set dev eth0 txqueuelen 5000
```

`ip link set dev DEVICE multicast on|off` — Enable or disable multicast on an interface.

```bash
sudo ip link set dev eth0 multicast on
```

## ip link — Virtual Interfaces

`ip link add NAME type veth peer name PEER` — Create a virtual ethernet pair. Traffic sent to one end appears on the other.

```bash
sudo ip link add veth0 type veth peer name veth1
```

`ip link add NAME type bridge` — Create a network bridge.

```bash
sudo ip link add br0 type bridge
```

`ip link set dev DEVICE master BRIDGE` — Add an interface to a bridge.

```bash
sudo ip link set dev eth0 master br0
```

`ip link set dev DEVICE nomaster` — Remove an interface from a bridge.

```bash
sudo ip link set dev eth0 nomaster
```

`ip link add NAME type dummy` — Create a dummy interface (useful for testing or as a loopback).

```bash
sudo ip link add dummy0 type dummy
```

`ip link add link DEVICE name NAME type vlan id VID` — Create a VLAN interface on top of a physical interface.

```bash
sudo ip link add link eth0 name eth0.100 type vlan id 100
```

`ip link add NAME type macvlan mode bridge` — Create a macvlan interface. Modes: bridge, vepa, private, passthru.

```bash
sudo ip link add macvlan0 link eth0 type macvlan mode bridge
```

`ip link delete NAME` — Delete a virtual interface.

```bash
sudo ip link delete br0
```

## ip addr — IP Addresses

`ip addr show` — Show all IP addresses on all interfaces. Short form: ip a.

```bash
ip addr show
```

`ip addr show dev DEVICE` — Show IP addresses assigned to a specific interface.

```bash
ip addr show dev eth0
```

`ip addr show scope global` — Show only global scope addresses (no link-local or loopback).

```bash
ip addr show scope global
```

`ip addr show dynamic` — Show only dynamically assigned addresses (DHCP, SLAAC).

```bash
ip addr show dynamic
```

`ip addr show permanent` — Show only statically configured addresses.

```bash
ip addr show permanent
```

`ip addr add ADDRESS/PREFIX dev DEVICE` — Add an IP address to an interface.

```bash
sudo ip addr add 192.168.1.100/24 dev eth0
```

`ip addr add ADDRESS/PREFIX dev DEVICE label LABEL` — Add an address with a label (interface alias).

```bash
sudo ip addr add 10.0.0.1/24 dev eth0 label eth0:1
```

`ip addr add ADDRESS/PREFIX broadcast BCAST dev DEVICE` — Add an address with a specific broadcast address.

```bash
sudo ip addr add 192.168.1.100/24 broadcast 192.168.1.255 dev eth0
```

`ip addr del ADDRESS/PREFIX dev DEVICE` — Remove an IP address from an interface.

```bash
sudo ip addr del 192.168.1.100/24 dev eth0
```

`ip addr flush dev DEVICE` — Remove all addresses from an interface.

```bash
sudo ip addr flush dev eth0
```

`ip addr replace ADDRESS/PREFIX dev DEVICE` — Add or update an address. If it exists, it is updated; otherwise added.

```bash
sudo ip addr replace 192.168.1.100/24 dev eth0
```

## ip route — Routing Table

`ip route show` — Show the main routing table. Short form: ip r.

```bash
ip route show
```

`ip route show table TABLE` — Show a specific routing table (main, local, default, or custom number/name).

```bash
ip route show table local
```

`ip route show table all` — Show routes from all routing tables.

```bash
ip route show table all
```

`ip route get ADDRESS` — Query the route the kernel would use to reach a specific address.

```bash
ip route get 8.8.8.8
```

`ip route get ADDRESS from SOURCE` — Query the route to a destination from a specific source address.

```bash
ip route get 8.8.8.8 from 192.168.1.100
```

`ip route add NETWORK/PREFIX via GATEWAY` — Add a static route through a gateway.

```bash
sudo ip route add 10.0.0.0/8 via 192.168.1.1
```

`ip route add NETWORK/PREFIX dev DEVICE` — Add a route directly through an interface (no gateway).

```bash
sudo ip route add 10.0.0.0/8 dev eth0
```

`ip route add default via GATEWAY` — Set the default gateway.

```bash
sudo ip route add default via 192.168.1.1
```

`ip route add default via GATEWAY dev DEVICE` — Set the default gateway with a specific outgoing interface.

```bash
sudo ip route add default via 192.168.1.1 dev eth0
```

`ip route add NETWORK/PREFIX via GW metric METRIC` — Add a route with a specific metric (priority). Lower metric = higher priority.

```bash
sudo ip route add 10.0.0.0/8 via 192.168.1.1 metric 100
```

`ip route change NETWORK/PREFIX via GATEWAY` — Modify an existing route.

```bash
sudo ip route change default via 192.168.1.254
```

`ip route replace NETWORK/PREFIX via GATEWAY` — Replace an existing route or add if it does not exist.

```bash
sudo ip route replace 10.0.0.0/8 via 192.168.1.1
```

`ip route del NETWORK/PREFIX` — Delete a route.

```bash
sudo ip route del 10.0.0.0/8
```

`ip route flush table main` — Remove all routes from the main routing table.

```bash
sudo ip route flush table main
```

`ip route add blackhole NETWORK/PREFIX` — Add a blackhole route. Packets to this network are silently discarded.

```bash
sudo ip route add blackhole 198.51.100.0/24
```

`ip route add unreachable NETWORK/PREFIX` — Add an unreachable route. Returns ICMP host unreachable.

```bash
sudo ip route add unreachable 203.0.113.0/24
```

`ip route add prohibit NETWORK/PREFIX` — Add a prohibit route. Returns ICMP administratively prohibited.

```bash
sudo ip route add prohibit 192.0.2.0/24
```

## ip route — Advanced Routing

`ip route add NETWORK/PREFIX nexthop via GW1 weight W1 nexthop via GW2 weight W2` — Multipath routing. Distribute traffic across multiple gateways by weight.

```bash
sudo ip route add default nexthop via 192.168.1.1 weight 1 nexthop via 192.168.2.1 weight 2
```

`ip route add NETWORK/PREFIX via GW src SOURCE` — Add a route with a preferred source address.

```bash
sudo ip route add 10.0.0.0/8 via 192.168.1.1 src 192.168.1.100
```

`ip route add NETWORK/PREFIX via GW mtu MTU` — Add a route with a specific path MTU.

```bash
sudo ip route add 10.0.0.0/8 via 192.168.1.1 mtu 1400
```

`ip route add NETWORK/PREFIX via GW table TABLE` — Add a route to a custom routing table.

```bash
sudo ip route add 10.0.0.0/8 via 192.168.1.1 table 100
```

`ip route save > FILE` — Save the current routing table to a binary file.

```bash
ip route save > routes.bin
```

`ip route restore < FILE` — Restore routes from a previously saved file.

```bash
sudo ip route restore < routes.bin
```

## ip neigh — ARP / Neighbor Cache

`ip neigh show` — Show the ARP/NDP neighbor cache (MAC ↔ IP mappings). Short form: ip n.

```bash
ip neigh show
```

`ip neigh show dev DEVICE` — Show neighbors on a specific interface.

```bash
ip neigh show dev eth0
```

`ip neigh show nud STATE` — Filter neighbors by state: reachable, stale, failed, permanent, noarp, incomplete, delay, probe.

```bash
ip neigh show nud reachable
```

`ip neigh add ADDRESS lladdr MAC dev DEVICE` — Add a static ARP entry.

```bash
sudo ip neigh add 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0
```

`ip neigh change ADDRESS lladdr MAC dev DEVICE` — Modify an existing neighbor entry.

```bash
sudo ip neigh change 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0
```

`ip neigh replace ADDRESS lladdr MAC dev DEVICE nud permanent` — Add or replace a permanent (static) ARP entry.

```bash
sudo ip neigh replace 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0 nud permanent
```

`ip neigh del ADDRESS dev DEVICE` — Delete a neighbor entry.

```bash
sudo ip neigh del 192.168.1.1 dev eth0
```

`ip neigh flush dev DEVICE` — Flush the neighbor cache for an interface.

```bash
sudo ip neigh flush dev eth0
```

`ip neigh flush all` — Flush the entire neighbor cache.

```bash
sudo ip neigh flush all
```

## ip rule — Policy Routing

`ip rule show` — Show all policy routing rules.

```bash
ip rule show
```

`ip rule add from SOURCE/PREFIX table TABLE` — Route traffic from a source network through a custom routing table.

```bash
sudo ip rule add from 10.0.0.0/8 table 100
```

`ip rule add to DEST/PREFIX table TABLE` — Route traffic to a destination network through a custom routing table.

```bash
sudo ip rule add to 172.16.0.0/12 table 200
```

`ip rule add from SOURCE/PREFIX to DEST/PREFIX table TABLE` — Match both source and destination for policy routing.

```bash
sudo ip rule add from 10.0.0.0/8 to 172.16.0.0/12 table 100
```

`ip rule add fwmark MARK table TABLE` — Route packets with a specific firewall mark to a custom table.

```bash
sudo ip rule add fwmark 1 table 100
```

`ip rule add from SOURCE/PREFIX priority PRIO table TABLE` — Add a rule with explicit priority. Lower number = higher priority.

```bash
sudo ip rule add from 10.0.0.0/8 priority 200 table 100
```

`ip rule del RULE` — Delete a policy routing rule.

```bash
sudo ip rule del from 10.0.0.0/8 table 100
```

`ip rule flush` — Remove all policy routing rules.

```bash
sudo ip rule flush
```

## ip tunnel — IP Tunnels

`ip tunnel show` — Show all configured IP tunnels.

```bash
ip tunnel show
```

`ip tunnel add NAME mode gre remote REMOTE local LOCAL` — Create a GRE tunnel between two endpoints.

```bash
sudo ip tunnel add gre1 mode gre remote 203.0.113.1 local 198.51.100.1
```

`ip tunnel add NAME mode ipip remote REMOTE local LOCAL` — Create an IPIP (IP-in-IP) tunnel.

```bash
sudo ip tunnel add tun0 mode ipip remote 203.0.113.1 local 198.51.100.1
```

`ip tunnel add NAME mode sit remote REMOTE local LOCAL` — Create a SIT tunnel (IPv6-in-IPv4).

```bash
sudo ip tunnel add sit1 mode sit remote 203.0.113.1 local 198.51.100.1
```

`ip tunnel change NAME ...` — Modify an existing tunnel configuration.

```bash
sudo ip tunnel change gre1 ttl 64
```

`ip tunnel del NAME` — Delete a tunnel interface.

```bash
sudo ip tunnel del gre1
```

## ip netns — Network Namespaces

`ip netns list` — List all named network namespaces.

```bash
ip netns list
```

`ip netns add NAME` — Create a new network namespace.

```bash
sudo ip netns add myns
```

`ip netns del NAME` — Delete a network namespace.

```bash
sudo ip netns del myns
```

`ip netns exec NAME COMMAND` — Execute a command inside a network namespace.

```bash
sudo ip netns exec myns ip addr show
```

`ip netns exec NAME bash` — Open a shell inside a network namespace.

```bash
sudo ip netns exec myns bash
```

`ip link set dev DEVICE netns NAME` — Move an interface into a network namespace.

```bash
sudo ip link set dev veth1 netns myns
```

`ip netns identify PID` — Identify which network namespace a process belongs to.

```bash
ip netns identify 1234
```

`ip netns pids NAME` — List PIDs running in a network namespace.

```bash
ip netns pids myns
```

`ip -n NAME addr show` — Shorthand for ip netns exec. Run any ip subcommand in a namespace.

```bash
ip -n myns addr show
```

## ip monitor — Real-Time Events

`ip monitor` — Watch all network events in real time (addresses, routes, links, neighbors).

```bash
ip monitor
```

`ip monitor link` — Watch only link/interface state changes.

```bash
ip monitor link
```

`ip monitor address` — Watch only address changes.

```bash
ip monitor address
```

`ip monitor route` — Watch only routing table changes.

```bash
ip monitor route
```

`ip monitor neigh` — Watch only neighbor (ARP/NDP) cache changes.

```bash
ip monitor neigh
```

`ip monitor all` — Watch events from all subsystems.

```bash
ip monitor all
```

## ip maddr & ip mroute — Multicast

`ip maddr show` — Show multicast addresses joined on all interfaces.

```bash
ip maddr show
```

`ip maddr show dev DEVICE` — Show multicast addresses on a specific interface.

```bash
ip maddr show dev eth0
```

`ip maddr add MCAST_ADDR dev DEVICE` — Join a multicast group on an interface.

```bash
sudo ip maddr add 239.0.0.1 dev eth0
```

`ip maddr del MCAST_ADDR dev DEVICE` — Leave a multicast group.

```bash
sudo ip maddr del 239.0.0.1 dev eth0
```

`ip mroute show` — Show the multicast routing cache.

```bash
ip mroute show
```

## Common Combinations & Patterns

`ip -br -c addr show` — Compact, colorized overview of all interfaces and their addresses.

```bash
ip -br -c addr show
```

`ip -4 -br addr show | grep -v DOWN` — Show only active IPv4 interfaces with their addresses.

```bash
ip -4 -br addr show | grep -v DOWN
```

`ip -j route show | jq '.[] | select(.dst=="default") | .gateway'` — Extract the default gateway using JSON output and jq.

```bash
ip -j route show | jq '.[] | select(.dst=="default") | .gateway'
```

`ip -o addr show | awk '/inet / {print $2, $4}'` — List all interface names with their IPv4 addresses.

```bash
ip -o addr show | awk '/inet / {print $2, $4}'
```

`ip -s -h link show dev DEVICE` — Show interface statistics with human-readable byte counts.

```bash
ip -s -h link show dev eth0
```

`watch -n 1 ip -s link show dev DEVICE` — Continuously monitor interface traffic statistics.

```bash
watch -n 1 ip -s link show dev eth0
```

`ip addr show dev DEVICE | grep 'inet '` — Quick way to get only the IPv4 address of an interface.

```bash
ip addr show dev eth0 | grep 'inet '
```

`ip route get 1.1.1.1 | awk '{print $7}'` — Get the local IP address used to reach the internet.

```bash
ip route get 1.1.1.1 | awk '{print $7}'
```

## Legacy Command Equivalents

`ip addr show` — Replaces: ifconfig (show all interfaces and addresses).

```bash
# Legacy: ifconfig
ip addr show
```

`ip link set dev DEVICE up/down` — Replaces: ifconfig DEVICE up/down.

```bash
# Legacy: ifconfig eth0 up
sudo ip link set dev eth0 up
```

`ip route show` — Replaces: route -n (show routing table).

```bash
# Legacy: route -n
ip route show
```

`ip route add default via GATEWAY` — Replaces: route add default gw GATEWAY.

```bash
# Legacy: route add default gw 192.168.1.1
sudo ip route add default via 192.168.1.1
```

`ip neigh show` — Replaces: arp -a (show ARP cache).

```bash
# Legacy: arp -a
ip neigh show
```

`ip -s link show` — Replaces: netstat -i (interface statistics).

```bash
# Legacy: netstat -i
ip -s link show
```

`ip tunnel show` — Replaces: iptunnel show.

```bash
# Legacy: iptunnel show
ip tunnel show
```

<!-- PROSE:outro -->
## Conclusion

The `ip` command is the first port of call for any network diagnosis and configuration on Linux. Mastering the `link`, `addr`, `route`, and `neigh` subcommands covers the vast majority of daily tasks. Combined with the `-j` flag and `jq`, `ip` also becomes a powerful building block for automation scripts.

## Further Reading

- [ip(8) – manual page](https://man7.org/linux/man-pages/man8/ip.8.html) – every option at a glance
- [iproute2 – Wikipedia](https://en.wikipedia.org/wiki/Iproute2) – background and history
- [iproute2 – project page](https://wiki.linuxfoundation.org/networking/iproute2) – source and release notes
<!-- PROSE:outro:end -->

## Related Commands

- [ss](https://www.jpkc.com/db/en/cheatsheets/networking/ss/) – list open sockets and connections; modern replacement for netstat
- [netstat](https://www.jpkc.com/db/en/cheatsheets/networking/netstat/) – classic network statistics (legacy but widely available)
- [ethtool](https://www.jpkc.com/db/en/cheatsheets/networking/ethtool/) – query and control network interface hardware settings and drivers