1 .TH IP\-LINK 8 "13 Dec 2012" "iproute2" "Linux"
3 ip-link \- network device configuration
12 .RI " { " COMMAND " | "
18 \fB\-V\fR[\fIersion\fR] |
19 \fB\-h\fR[\fIuman-readable\fR] |
20 \fB\-s\fR[\fItatistics\fR] |
21 \fB\-r\fR[\fIesolve\fR] |
22 \fB\-f\fR[\fIamily\fR] {
23 .BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
24 \fB\-o\fR[\fIneline\fR] |
25 \fB\-br\fR[\fIief\fR] }
84 .BR "ip link delete " {
95 .RB "} [ { " up " | " down " } ]"
97 .RB "[ " arp " { " on " | " off " } ]"
99 .RB "[ " dynamic " { " on " | " off " } ]"
101 .RB "[ " multicast " { " on " | " off " } ]"
103 .RB "[ " allmulticast " { " on " | " off " } ]"
105 .RB "[ " promisc " { " on " | " off " } ]"
107 .RB "[ " protodown " { " on " | " off " } ]"
109 .RB "[ " trailers " { " on " | " off " } ]"
127 .IR PID " | " NETNSNAME " } ]"
129 .RB "[ " link-netnsid
155 .RB "[ " spoofchk " { " on " | " off " } ]"
157 .RB "[ " state " { " auto " | " enable " | " disable " } ]"
159 .RB "[ " trust " { " on " | " off " } ] ]"
165 .RB "[ " nomaster " ]"
167 .RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
172 .RI "[ " DEVICE " | "
186 .SS ip link add - add virtual link
190 specifies the physical device to act operate on.
193 specifies the name of the new virtual device.
196 specifies the type of the new device.
202 - Ethernet Bridge device
207 - Controller Area Network interface
210 - Dummy network interface
213 - High-availability Seamless Redundancy device
216 - Intermediate Functional Block device
219 - IP over Infiniband device
222 - Virtual interface base on link layer address (MAC)
225 - Virtual interface based on link layer address (MAC) and TAP.
228 - Virtual Controller Area Network interface
231 - Virtual ethernet interface
234 - 802.1q tagged virtual LAN interface
237 - Virtual eXtended LAN
240 - Virtual tunnel interface IPv4|IPv6 over IPv6
243 - Virtual tunnel interface IPv4 over IPv4
246 - Virtual tunnel interface IPv6 over IPv4
249 - Virtual tunnel interface GRE over IPv4
252 - Virtual L2 tunnel interface GRE over IPv4
255 - Virtual tunnel interface GRE over IPv6
258 - Virtual L2 tunnel interface GRE over IPv6
261 - Virtual tunnel interface
264 - Netlink monitoring device
267 - Interface for L3 (IPv6/IPv4) based VLANs
270 - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4 / Bluetooth
273 - GEneric NEtwork Virtualization Encapsulation
277 .BI numtxqueues " QUEUE_COUNT "
278 specifies the number of transmit queues for new device.
281 .BI numrxqueues " QUEUE_COUNT "
282 specifies the number of receive queues for new device.
286 specifies the desired index of the new virtual device. The link creation fails, if the index is busy.
292 the following additional arguments are supported:
299 .BI protocol " VLAN_PROTO "
303 .BR reorder_hdr " { " on " | " off " } "
306 .BR gvrp " { " on " | " off " } "
309 .BR mvrp " { " on " | " off " } "
312 .BR loose_binding " { " on " | " off " } "
315 .BI ingress-qos-map " QOS-MAP "
318 .BI egress-qos-map " QOS-MAP "
323 .BI protocol " VLAN_PROTO "
324 - either 802.1Q or 802.1ad.
327 - specifies the VLAN Identifer to use. Note that numbers with a leading " 0 " or " 0x " are interpreted as octal or hexadeimal, respectively.
329 .BR reorder_hdr " { " on " | " off " } "
330 - specifies whether ethernet headers are reordered or not (default is
335 .BR reorder_hdr " is " on
336 then VLAN header will be not inserted immediately but only before passing to the
337 physical device (if this device does not support VLAN offloading), the similar
338 on the RX direction - by default the packet will be untagged before being
339 received by VLAN device. Reordering allows to accelerate tagging on egress and
340 to hide VLAN header on ingress so the packet looks like regular Ethernet packet,
341 at the same time it might be confusing for packet capture as the VLAN header
342 does not exist within the packet.
344 VLAN offloading can be checked by
350 .RB grep " tx-vlan-offload"
353 where <phy_dev> is the physical device to which VLAN device is bound.
356 .BR gvrp " { " on " | " off " } "
357 - specifies whether this VLAN should be registered using GARP VLAN Registration Protocol.
359 .BR mvrp " { " on " | " off " } "
360 - specifies whether this VLAN should be registered using Multiple VLAN Registration Protocol.
362 .BR loose_binding " { " on " | " off " } "
363 - specifies whether the VLAN device state is bound to the physical device state.
365 .BI ingress-qos-map " QOS-MAP "
366 - defines a mapping of VLAN header prio field to the Linux internal packet
367 priority on incoming frames. The format is FROM:TO with multiple mappings
370 .BI egress-qos-map " QOS-MAP "
371 - defines a mapping of Linux internal packet priority to VLAN header prio field
372 but for outgoing frames. The format is the same as for ingress-qos-map.
375 Linux packet priority can be set by
380 -t mangle -A POSTROUTING [...] -j CLASSIFY --set-class 0:4
383 and this "4" priority can be used in the egress qos mapping to set VLAN prio "5":
387 link set veth0.10 type vlan egress 4:5
396 the following additional arguments are supported:
398 .BI "ip link add " DEVICE
399 .BI type " vxlan " id " ID"
402 .RB " ] [ { " group " | " remote " } "
406 .RI "{ "IPADDR " | "any " } "
414 .BI srcport " MIN MAX "
428 .I "[no]udp6zerocsumtx "
430 .I "[no]udp6zerocsumrx "
432 .BI ageing " SECONDS "
434 .BI maxaddress " NUMBER "
442 - specifies the VXLAN Network Identifer (or VXLAN Segment
446 - specifies the physical device to use for tunnel endpoint communication.
450 - specifies the multicast IP address to join.
451 This parameter cannot be specified with the
457 - specifies the unicast destination IP address to use in outgoing packets
458 when the destination link layer address is not known in the VXLAN device
459 forwarding database. This parameter cannot be specified with the
465 - specifies the source IP address to use in outgoing packets.
469 - specifies the TTL value to use in outgoing packets.
473 - specifies the TOS value to use in outgoing packets.
477 - specifies the UDP destination port to communicate to the remote VXLAN tunnel endpoint.
480 .BI srcport " MIN MAX"
481 - specifies the range of port numbers to use as UDP
482 source ports to communicate to the remote VXLAN tunnel endpoint.
486 - specifies if unknown source link layer addresses and IP addresses
487 are entered into the VXLAN device forwarding database.
491 - specifies if route short circuit is turned on.
495 - specifies ARP proxy is turned on.
499 - specifies if netlink LLADDR miss notifications are generated.
503 - specifies if netlink IP ADDR miss notifications are generated.
507 - specifies if UDP checksum is filled in
510 .I [no]udp6zerocsumtx
511 - specifies if UDP checksum is filled in
514 .I [no]udp6zerocsumrx
515 - specifies if UDP checksum is received
518 .BI ageing " SECONDS"
519 - specifies the lifetime in seconds of FDB entries learnt by the kernel.
522 .BI maxaddress " NUMBER"
523 - specifies the maximum number of FDB entries.
527 - enables the Group Policy extension (VXLAN-GBP).
530 Allows to transport group policy context across VXLAN network peers.
531 If enabled, includes the mark of a packet in the VXLAN header for outgoing
532 packets and fills the packet mark based on the information found in the
533 VXLAN header for incomming packets.
535 Format of upper 16 bits of packet mark (flags);
538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
540 |-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
545 Don't Learn bit. When set, this bit indicates that the egress
546 VTEP MUST NOT learn the source address of the encapsulated frame.
549 Indicates that the group policy has already been applied to
550 this packet. Policies MUST NOT be applied by devices when the A bit is set.
553 Format of lower 16 bits of packet mark (policy ID):
556 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
564 iptables -A OUTPUT [...] -j MARK --set-mark 0x800FF
571 GRE, IPIP, SIT Type Support
574 the following additional arguments are supported:
576 .BI "ip link add " DEVICE
577 .BR type " { gre | ipip | sit } "
578 .BI " remote " ADDR " local " ADDR
580 .BR encap " { fou | gue | none } "
582 .BI "encap-sport { " PORT " | auto } "
584 .BI "encap-dport " PORT
586 .I " [no]encap-csum "
588 .I " [no]encap-remcsum "
594 - specifies the remote address of the tunnel.
598 - specifies the fixed local address for tunneled packets.
599 It must be an address on another interface on this host.
602 .BR encap " { fou | gue | none } "
603 - specifies type of secondary UDP encapsulation. "fou" indicates
604 Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
607 .BI "encap-sport { " PORT " | auto } "
608 - specifies the source port in UDP encapsulation.
610 indicates the port by number, "auto"
611 indicates that the port number should be chosen automatically
612 (the kernel picks a flow based on the flow hash of the
613 encapsulated packet).
617 - specifies if UDP checksums are enabled in the secondary
622 - specifies if Remote Checksum Offload is enabled. This is only
623 applicable for Generic UDP Encapsulation.
628 IP6GRE/IP6GRETAP Type Support
631 the following additional arguments are supported:
633 .BI "ip link add " DEVICE
634 .BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR
644 .BI encaplimit " ELIM "
646 .BI tclass " TCLASS "
648 .BI flowlabel " FLOWLABEL "
658 - specifies the remote IPv6 address of the tunnel.
662 - specifies the fixed local IPv6 address for tunneled packets.
663 It must be an address on another interface on this host.
670 flag enables sequencing of outgoing packets.
673 flag requires that all input packets are serialized.
677 - use keyed GRE with key
679 is either a number or an IPv4 address-like dotted quad.
682 parameter specifies the same key to use in both directions.
684 .BR ikey " and " okey
685 parameters specify different keys for input and output.
689 - generate/require checksums for tunneled packets.
692 flag calculates checksums for outgoing packets.
695 flag requires that all input packets have the correct
698 flag is equivalent to the combination
703 - specifies Hop Limit value to use in outgoing packets.
706 .BI encaplimit " ELIM"
707 - specifies a fixed encapsulation limit. Default is 4.
710 .BI flowlabel " FLOWLABEL"
711 - specifies a fixed flowlabel.
715 - specifies the traffic class field on
716 tunneled packets, which can be specified as either a two-digit
717 hex value (e.g. c0) or a predefined string (e.g. internet).
720 causes the field to be copied from the original IP header. The
722 .BI "inherit/" STRING
724 .BI "inherit/" 00 ".." ff
725 will set the field to
729 when tunneling non-IP packets. The default value is 00.
737 the following additional arguments are supported:
739 .BI "ip link add " DEVICE " name " NAME
740 .BI type " ipoib [ " pkey " PKEY ] [" mode " MODE " ]
745 - specifies the IB P-Key to use.
748 - specifies the mode (datagram or connected) to use.
754 the following additional arguments are supported:
756 .BI "ip link add " DEVICE
757 .BI type " geneve " id " ID " remote " IPADDR"
767 - specifies the Virtual Network Identifer to use.
771 - specifies the unicast destination IP address to use in outgoing packets.
775 - specifies the TTL value to use in outgoing packets.
779 - specifies the TOS value to use in outgoing packets.
784 MACVLAN and MACVTAP Type Support
789 the following additional arguments are supported:
791 .BI "ip link add link " DEVICE " name " NAME
792 .BR type " { " macvlan " | " macvtap " } "
793 .BR mode " { " private " | " vepa " | " bridge " | " passthru
794 .BR " [ " nopromisc " ] } "
798 .BR type " { " macvlan " | " macvtap " } "
799 - specifies the link type to use.
800 .BR macvlan " creates just a virtual interface, while "
801 .BR macvtap " in addition creates a character device "
802 .BR /dev/tapX " to be used just like a " tuntap " device."
805 - Do not allow communication between
807 instances on the same physical interface, even if the external switch supports
811 - Virtual Ethernet Port Aggregator mode. Data from one
813 instance to the other on the same physical interface is transmitted over the
814 physical interface. Either the attached switch needs to support hairpin mode,
815 or there must be a TCP/IP router forwarding the packets in order to allow
816 communication. This is the default mode.
819 - In bridge mode, all endpoints are directly connected to each other,
820 communication is not redirected through the physical interface's peer.
822 .BR mode " " passthru " [ " nopromisc " ] "
823 - This mode gives more power to a single endpoint, usually in
824 .BR macvtap " mode. It is not allowed for more than one endpoint on the same "
825 physical interface. All traffic will be forwarded to this endpoint, allowing
826 virtio guests to change MAC address or set promiscuous mode in order to bridge
827 the interface or create vlan interfaces on top of it. By default, this mode
828 forces the underlying interface into promiscuous mode. Passing the
829 .BR nopromisc " flag prevents this, so the promisc flag may be controlled "
830 using standard tools.
833 .SS ip link delete - delete virtual link
837 specifies the virtual device to act operate on.
841 specifies the group of virtual links to delete. Group 0 is not allowed to be
842 deleted since it is the default group.
846 specifies the type of the device.
848 .SS ip link set - change device attributes
853 specifies network device to operate on. When configuring SR-IOV Virtual Function
854 (VF) devices, this keyword should specify the associated Physical Function (PF)
860 has a dual role: If both group and dev are present, then move the device to the
861 specified group. If only a group is specified, then the command operates on
862 all devices in that group.
866 change the state of the device to
872 .BR "arp on " or " arp off"
878 .BR "multicast on " or " multicast off"
884 .BR "protodown on " or " protodown off"
887 state on the device. Indicates that a protocol error has been detected on the port. Switch drivers can react to this error by doing a phys down on the switch port.
890 .BR "dynamic on " or " dynamic off"
893 flag on the device. Indicates that address can change when interface goes down (currently
899 change the name of the device. This operation is not
900 recommended if the device is running or has some addresses
904 .BI txqueuelen " NUMBER"
907 change the transmit queue length of the device.
916 .BI address " LLADDRESS"
917 change the station address of the interface.
920 .BI broadcast " LLADDRESS"
924 .BI peer " LLADDRESS"
925 change the link layer broadcast address or the peer address when
930 .BI netns " NETNSNAME " \fR| " PID"
931 move the device to the network namespace associated with name
935 Some devices are not allowed to change network namespace: loopback, bridge,
936 ppp, wireless. These are network namespace local devices. In such case
938 tool will return "Invalid argument" error. It is possible to find out if device is local
939 to a single network namespace by checking
941 flag in the output of the
949 To change network namespace for wireless devices the
951 tool can be used. But it allows to change network namespace only for physical devices and by process
956 give the device a symbolic name for easy reference.
960 specify the group the device belongs to.
961 The available groups are listed in file
962 .BR "@SYSCONFDIR@/group" .
966 specify a Virtual Function device to be configured. The associated PF device
967 must be specified using the
973 - change the station address for the specified VF. The
975 parameter must be specified.
979 - change the assigned VLAN for the specified VF. When specified, all traffic
980 sent from the VF will be tagged with the specified VLAN ID. Incoming traffic
981 will be filtered for the specified VLAN ID, and will have all VLAN tags
982 stripped before being passed to the VF. Setting this parameter to 0 disables
983 VLAN tagging and filtering. The
985 parameter must be specified.
989 - assign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLAN
990 tags transmitted by the VF will include the specified priority bits in the
991 VLAN tag. If not specified, the value is assumed to be 0. Both the
995 parameters must be specified. Setting both
999 as 0 disables VLAN tagging and filtering for the VF.
1003 -- change the allowed transmit bandwidth, in Mbps, for the specified VF.
1004 Setting this parameter to 0 disables rate limiting.
1006 parameter must be specified.
1012 .BI max_tx_rate " TXRATE"
1013 - change the allowed maximum transmit bandwidth, in Mbps, for the specified VF.
1015 parameter must be specified.
1018 .BI min_tx_rate " TXRATE"
1019 - change the allowed minimum transmit bandwidth, in Mbps, for the specified VF.
1020 Minimum TXRATE should be always <= Maximum TXRATE.
1022 parameter must be specified.
1025 .BI spoofchk " on|off"
1026 - turn packet spoof checking on or off for the specified VF.
1028 .BI state " auto|enable|disable"
1029 - set the virtual link state as seen by the specified VF. Setting to auto means a
1030 reflection of the PF link state, enable lets the VF to communicate with other VFs on
1031 this host even if the PF link state is down, disable causes the HW to drop any packets
1035 - trust the specified VF user. This enables that VF user can set a specific feature
1036 which may impact security and/or performance. (e.g. VF multicast promiscuous mode)
1040 .BI master " DEVICE"
1041 set master device of the device (enslave device).
1045 unset master device of the device (release device).
1048 .BI addrgenmode " eui64|none|stable_secret|random"
1049 set the IPv6 address generation mode
1052 - use a Modified EUI-64 format interface identifier
1055 - disable automatic address generation
1058 - generate the interface identifier based on a preset /proc/sys/net/ipv6/conf/{default,DEVICE}/stable_secret
1061 - like stable_secret, but auto-generate a new random secret if none is set
1065 set peer netnsid for a cross-netns interface
1069 If multiple parameter changes are requested,
1071 aborts immediately after any of the changes have failed.
1072 This is the only case when
1074 can move the system to an unpredictable state. The solution
1075 is to avoid changing several parameters with one
1079 .SS ip link show - display device attributes
1082 .BI dev " NAME " (default)
1084 specifies the network device to show.
1085 If this argument is omitted all devices in the default group are listed.
1090 specifies what group of devices to show.
1094 only display running interfaces.
1097 .BI master " DEVICE "
1099 specifies the master device which enslaves devices to show.
1104 specifies the type of devices to show.
1107 The show command has additional formatting options:
1111 .BR "\-s" , " \-stats", " \-statistics"
1112 output more statistics about packet usage.
1115 .BR "\-d", " \-details"
1116 output more detailed information.
1119 .BR "\-h", " \-human", " \-human-readable"
1120 output statistics with human readable values number followed by suffix
1124 print human readable rates in IEC units (ie. 1K = 1024).
1127 .SS ip link help - display help
1131 specifies which help of link type to dislpay.
1135 may be a number or a string from the file
1136 .B @SYSCONFDIR@/group
1137 which can be manually filled.
1143 Shows the state of all network interfaces on the system.
1146 ip link show type bridge
1148 Shows the bridge devices.
1151 ip link show type vlan
1153 Shows the vlan devices.
1156 ip link show master br0
1158 Shows devices enslaved by br0
1161 ip link set dev ppp0 mtu 1400
1163 Change the MTU the ppp0 device.
1166 ip link add link eth0 name eth0.10 type vlan id 10
1168 Creates a new vlan device eth0.10 on device eth0.
1171 ip link delete dev eth0.10
1173 Removes vlan device.
1178 Display help for the gre link type.
1181 ip link add name tun1 type ipip remote 192.168.1.1
1182 local 192.168.1.2 ttl 225 encap gue encap-sport auto
1183 encap-dport 5555 encap-csum encap-remcsum
1185 Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
1186 and the outer UDP checksum and remote checksum offload are enabled.
1190 ip link add link wpan0 lowpan0 type lowpan
1192 Creates a 6LoWPAN interface named lowpan0 on the underlying
1193 IEEE 802.15.4 device wpan0.
1204 Original Manpage by Michail Litvak <mci@owl.openwall.com>