ip — Manage Network Interfaces, Addresses and Routes
Practical guide to ip (iproute2) — manage interfaces, addresses, routes, tunnels and namespaces on Linux, the modern replacement for ifconfig.
The ip command from the iproute2 package is the modern standard tool for Linux network management. It replaces the legacy utilities ifconfig, route and arp with a unified, consistent interface: ip link manages network interfaces, ip addr handles IPv4 and IPv6 addresses, and ip route controls the routing table. It also covers the neighbour cache, policy routing, tunnels, multicast, and network namespaces – all in one command, with JSON output for scripting.
General Syntax & Options
ip [ OPTIONS ] OBJECT { COMMAND | help } — General syntax. OBJECT can be link, addr, route, neigh, rule, tunnel, netns, etc.
ip -4 ... — Restrict output to IPv4 only.
ip -4 addr showip -6 ... — Restrict output to IPv6 only.
ip -6 addr showip -br ... — Brief output format. Compact, human-readable.
ip -br addr showip -c ... — Colorized output for better readability.
ip -c addr showip -j ... — JSON output format. Useful for scripting.
ip -j addr show | jq .ip -s ... — Show statistics (packet counts, errors, etc.).
ip -s link show eth0ip -d ... — Show detailed/extended information.
ip -d link showip -h ... — Human-readable output with unit suffixes (KB, MB, GB).
ip -h -s link showip -o ... — One-line output per record. Useful for parsing with grep/awk.
ip -o addr show | awk '{print $2, $4}'ip link — Network Interfaces
ip link show — List all network interfaces with their state and MAC addresses.
ip link showip link show dev DEVICE — Show details of a specific interface.
ip link show dev eth0ip link set dev DEVICE up — Bring an interface up (enable it).
sudo ip link set dev eth0 upip link set dev DEVICE down — Bring an interface down (disable it).
sudo ip link set dev eth0 downip link set dev DEVICE mtu MTU — Set the Maximum Transmission Unit for an interface.
sudo ip link set dev eth0 mtu 9000ip link set dev DEVICE address MAC — Change the MAC address of an interface.
sudo ip link set dev eth0 address 02:42:ac:11:00:02ip link set dev DEVICE name NEWNAME — Rename an interface (must be down first).
sudo ip link set dev eth0 name lan0ip link set dev DEVICE promisc on — Enable promiscuous mode on an interface.
sudo ip link set dev eth0 promisc onip link set dev DEVICE txqueuelen N — Set the transmit queue length.
sudo ip link set dev eth0 txqueuelen 5000ip link set dev DEVICE multicast on|off — Enable or disable multicast on an interface.
sudo ip link set dev eth0 multicast onip link — Virtual Interfaces
ip link add NAME type veth peer name PEER — Create a virtual ethernet pair. Traffic sent to one end appears on the other.
sudo ip link add veth0 type veth peer name veth1ip link add NAME type bridge — Create a network bridge.
sudo ip link add br0 type bridgeip link set dev DEVICE master BRIDGE — Add an interface to a bridge.
sudo ip link set dev eth0 master br0ip link set dev DEVICE nomaster — Remove an interface from a bridge.
sudo ip link set dev eth0 nomasterip link add NAME type dummy — Create a dummy interface (useful for testing or as a loopback).
sudo ip link add dummy0 type dummyip link add link DEVICE name NAME type vlan id VID — Create a VLAN interface on top of a physical interface.
sudo ip link add link eth0 name eth0.100 type vlan id 100ip link add NAME type macvlan mode bridge — Create a macvlan interface. Modes: bridge, vepa, private, passthru.
sudo ip link add macvlan0 link eth0 type macvlan mode bridgeip link delete NAME — Delete a virtual interface.
sudo ip link delete br0ip addr — IP Addresses
ip addr show — Show all IP addresses on all interfaces. Short form: ip a.
ip addr showip addr show dev DEVICE — Show IP addresses assigned to a specific interface.
ip addr show dev eth0ip addr show scope global — Show only global scope addresses (no link-local or loopback).
ip addr show scope globalip addr show dynamic — Show only dynamically assigned addresses (DHCP, SLAAC).
ip addr show dynamicip addr show permanent — Show only statically configured addresses.
ip addr show permanentip addr add ADDRESS/PREFIX dev DEVICE — Add an IP address to an interface.
sudo ip addr add 192.168.1.100/24 dev eth0ip addr add ADDRESS/PREFIX dev DEVICE label LABEL — Add an address with a label (interface alias).
sudo ip addr add 10.0.0.1/24 dev eth0 label eth0:1ip addr add ADDRESS/PREFIX broadcast BCAST dev DEVICE — Add an address with a specific broadcast address.
sudo ip addr add 192.168.1.100/24 broadcast 192.168.1.255 dev eth0ip addr del ADDRESS/PREFIX dev DEVICE — Remove an IP address from an interface.
sudo ip addr del 192.168.1.100/24 dev eth0ip addr flush dev DEVICE — Remove all addresses from an interface.
sudo ip addr flush dev eth0ip addr replace ADDRESS/PREFIX dev DEVICE — Add or update an address. If it exists, it is updated; otherwise added.
sudo ip addr replace 192.168.1.100/24 dev eth0ip route — Routing Table
ip route show — Show the main routing table. Short form: ip r.
ip route showip route show table TABLE — Show a specific routing table (main, local, default, or custom number/name).
ip route show table localip route show table all — Show routes from all routing tables.
ip route show table allip route get ADDRESS — Query the route the kernel would use to reach a specific address.
ip route get 8.8.8.8ip route get ADDRESS from SOURCE — Query the route to a destination from a specific source address.
ip route get 8.8.8.8 from 192.168.1.100ip route add NETWORK/PREFIX via GATEWAY — Add a static route through a gateway.
sudo ip route add 10.0.0.0/8 via 192.168.1.1ip route add NETWORK/PREFIX dev DEVICE — Add a route directly through an interface (no gateway).
sudo ip route add 10.0.0.0/8 dev eth0ip route add default via GATEWAY — Set the default gateway.
sudo ip route add default via 192.168.1.1ip route add default via GATEWAY dev DEVICE — Set the default gateway with a specific outgoing interface.
sudo ip route add default via 192.168.1.1 dev eth0ip route add NETWORK/PREFIX via GW metric METRIC — Add a route with a specific metric (priority). Lower metric = higher priority.
sudo ip route add 10.0.0.0/8 via 192.168.1.1 metric 100ip route change NETWORK/PREFIX via GATEWAY — Modify an existing route.
sudo ip route change default via 192.168.1.254ip route replace NETWORK/PREFIX via GATEWAY — Replace an existing route or add if it does not exist.
sudo ip route replace 10.0.0.0/8 via 192.168.1.1ip route del NETWORK/PREFIX — Delete a route.
sudo ip route del 10.0.0.0/8ip route flush table main — Remove all routes from the main routing table.
sudo ip route flush table mainip route add blackhole NETWORK/PREFIX — Add a blackhole route. Packets to this network are silently discarded.
sudo ip route add blackhole 198.51.100.0/24ip route add unreachable NETWORK/PREFIX — Add an unreachable route. Returns ICMP host unreachable.
sudo ip route add unreachable 203.0.113.0/24ip route add prohibit NETWORK/PREFIX — Add a prohibit route. Returns ICMP administratively prohibited.
sudo ip route add prohibit 192.0.2.0/24ip route — Advanced Routing
ip route add NETWORK/PREFIX nexthop via GW1 weight W1 nexthop via GW2 weight W2 — Multipath routing. Distribute traffic across multiple gateways by weight.
sudo ip route add default nexthop via 192.168.1.1 weight 1 nexthop via 192.168.2.1 weight 2ip route add NETWORK/PREFIX via GW src SOURCE — Add a route with a preferred source address.
sudo ip route add 10.0.0.0/8 via 192.168.1.1 src 192.168.1.100ip route add NETWORK/PREFIX via GW mtu MTU — Add a route with a specific path MTU.
sudo ip route add 10.0.0.0/8 via 192.168.1.1 mtu 1400ip route add NETWORK/PREFIX via GW table TABLE — Add a route to a custom routing table.
sudo ip route add 10.0.0.0/8 via 192.168.1.1 table 100ip route save > FILE — Save the current routing table to a binary file.
ip route save > routes.binip route restore < FILE — Restore routes from a previously saved file.
sudo ip route restore < routes.binip neigh — ARP / Neighbor Cache
ip neigh show — Show the ARP/NDP neighbor cache (MAC ↔ IP mappings). Short form: ip n.
ip neigh showip neigh show dev DEVICE — Show neighbors on a specific interface.
ip neigh show dev eth0ip neigh show nud STATE — Filter neighbors by state: reachable, stale, failed, permanent, noarp, incomplete, delay, probe.
ip neigh show nud reachableip neigh add ADDRESS lladdr MAC dev DEVICE — Add a static ARP entry.
sudo ip neigh add 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0ip neigh change ADDRESS lladdr MAC dev DEVICE — Modify an existing neighbor entry.
sudo ip neigh change 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0ip neigh replace ADDRESS lladdr MAC dev DEVICE nud permanent — Add or replace a permanent (static) ARP entry.
sudo ip neigh replace 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0 nud permanentip neigh del ADDRESS dev DEVICE — Delete a neighbor entry.
sudo ip neigh del 192.168.1.1 dev eth0ip neigh flush dev DEVICE — Flush the neighbor cache for an interface.
sudo ip neigh flush dev eth0ip neigh flush all — Flush the entire neighbor cache.
sudo ip neigh flush allip rule — Policy Routing
ip rule show — Show all policy routing rules.
ip rule showip rule add from SOURCE/PREFIX table TABLE — Route traffic from a source network through a custom routing table.
sudo ip rule add from 10.0.0.0/8 table 100ip rule add to DEST/PREFIX table TABLE — Route traffic to a destination network through a custom routing table.
sudo ip rule add to 172.16.0.0/12 table 200ip rule add from SOURCE/PREFIX to DEST/PREFIX table TABLE — Match both source and destination for policy routing.
sudo ip rule add from 10.0.0.0/8 to 172.16.0.0/12 table 100ip rule add fwmark MARK table TABLE — Route packets with a specific firewall mark to a custom table.
sudo ip rule add fwmark 1 table 100ip rule add from SOURCE/PREFIX priority PRIO table TABLE — Add a rule with explicit priority. Lower number = higher priority.
sudo ip rule add from 10.0.0.0/8 priority 200 table 100ip rule del RULE — Delete a policy routing rule.
sudo ip rule del from 10.0.0.0/8 table 100ip rule flush — Remove all policy routing rules.
sudo ip rule fluship tunnel — IP Tunnels
ip tunnel show — Show all configured IP tunnels.
ip tunnel showip tunnel add NAME mode gre remote REMOTE local LOCAL — Create a GRE tunnel between two endpoints.
sudo ip tunnel add gre1 mode gre remote 203.0.113.1 local 198.51.100.1ip tunnel add NAME mode ipip remote REMOTE local LOCAL — Create an IPIP (IP-in-IP) tunnel.
sudo ip tunnel add tun0 mode ipip remote 203.0.113.1 local 198.51.100.1ip tunnel add NAME mode sit remote REMOTE local LOCAL — Create a SIT tunnel (IPv6-in-IPv4).
sudo ip tunnel add sit1 mode sit remote 203.0.113.1 local 198.51.100.1ip tunnel change NAME ... — Modify an existing tunnel configuration.
sudo ip tunnel change gre1 ttl 64ip tunnel del NAME — Delete a tunnel interface.
sudo ip tunnel del gre1ip netns — Network Namespaces
ip netns list — List all named network namespaces.
ip netns listip netns add NAME — Create a new network namespace.
sudo ip netns add mynsip netns del NAME — Delete a network namespace.
sudo ip netns del mynsip netns exec NAME COMMAND — Execute a command inside a network namespace.
sudo ip netns exec myns ip addr showip netns exec NAME bash — Open a shell inside a network namespace.
sudo ip netns exec myns baship link set dev DEVICE netns NAME — Move an interface into a network namespace.
sudo ip link set dev veth1 netns mynsip netns identify PID — Identify which network namespace a process belongs to.
ip netns identify 1234ip netns pids NAME — List PIDs running in a network namespace.
ip netns pids mynsip -n NAME addr show — Shorthand for ip netns exec. Run any ip subcommand in a namespace.
ip -n myns addr showip monitor — Real-Time Events
ip monitor — Watch all network events in real time (addresses, routes, links, neighbors).
ip monitorip monitor link — Watch only link/interface state changes.
ip monitor linkip monitor address — Watch only address changes.
ip monitor addressip monitor route — Watch only routing table changes.
ip monitor routeip monitor neigh — Watch only neighbor (ARP/NDP) cache changes.
ip monitor neighip monitor all — Watch events from all subsystems.
ip monitor allip maddr & ip mroute — Multicast
ip maddr show — Show multicast addresses joined on all interfaces.
ip maddr showip maddr show dev DEVICE — Show multicast addresses on a specific interface.
ip maddr show dev eth0ip maddr add MCAST_ADDR dev DEVICE — Join a multicast group on an interface.
sudo ip maddr add 239.0.0.1 dev eth0ip maddr del MCAST_ADDR dev DEVICE — Leave a multicast group.
sudo ip maddr del 239.0.0.1 dev eth0ip mroute show — Show the multicast routing cache.
ip mroute showCommon Combinations & Patterns
ip -br -c addr show — Compact, colorized overview of all interfaces and their addresses.
ip -br -c addr showip -4 -br addr show | grep -v DOWN — Show only active IPv4 interfaces with their addresses.
ip -4 -br addr show | grep -v DOWNip -j route show | jq '.[] | select(.dst=="default") | .gateway' — Extract the default gateway using JSON output and jq.
ip -j route show | jq '.[] | select(.dst=="default") | .gateway'ip -o addr show | awk '/inet / {print $2, $4}' — List all interface names with their IPv4 addresses.
ip -o addr show | awk '/inet / {print $2, $4}'ip -s -h link show dev DEVICE — Show interface statistics with human-readable byte counts.
ip -s -h link show dev eth0watch -n 1 ip -s link show dev DEVICE — Continuously monitor interface traffic statistics.
watch -n 1 ip -s link show dev eth0ip addr show dev DEVICE | grep 'inet ' — Quick way to get only the IPv4 address of an interface.
ip addr show dev eth0 | grep 'inet 'ip route get 1.1.1.1 | awk '{print $7}' — Get the local IP address used to reach the internet.
ip route get 1.1.1.1 | awk '{print $7}'Legacy Command Equivalents
ip addr show — Replaces: ifconfig (show all interfaces and addresses).
# Legacy: ifconfig
ip addr showip link set dev DEVICE up/down — Replaces: ifconfig DEVICE up/down.
# Legacy: ifconfig eth0 up
sudo ip link set dev eth0 upip route show — Replaces: route -n (show routing table).
# Legacy: route -n
ip route showip route add default via GATEWAY — Replaces: route add default gw GATEWAY.
# Legacy: route add default gw 192.168.1.1
sudo ip route add default via 192.168.1.1ip neigh show — Replaces: arp -a (show ARP cache).
# Legacy: arp -a
ip neigh showip -s link show — Replaces: netstat -i (interface statistics).
# Legacy: netstat -i
ip -s link showip tunnel show — Replaces: iptunnel show.
# Legacy: iptunnel show
ip tunnel showConclusion
The ip command is the first port of call for any network diagnosis and configuration on Linux. Mastering the link, addr, route, and neigh subcommands covers the vast majority of daily tasks. Combined with the -j flag and jq, ip also becomes a powerful building block for automation scripts.
Further Reading
- ip(8) – manual page – every option at a glance
- iproute2 – Wikipedia – background and history
- iproute2 – project page – source and release notes