ip addressProtocol Address Management

---

ip address ” Protocol Address Management

address refers to a protocol (IPv4 or IPv6) address attached to a network device. Each device must have at least one address in order to use the corresponding protocol. It is possible to have several different addresses attached to one device. These addresses are not discriminated within the protocol structure, so the term alias is not quite appropriate for such multiple addresses. I will not refer to this situation in those terms.

Abbreviations: address, addr, a

Arguments

add, delete, flush, show (list)

The ip addr command allows you to look at the addresses and their properties on an interface. You can add new addresses and delete old ones without regard to any ordering. Later in this section you will see the concept of primary and secondary addresses as applied to Linux.

For reference as you go through the command syntax listing, here is the full ip addr help output:

 Usage: ip addr { adddel}  IFADDR dev STRING        ip addr { showflush}  [ dev STRING ] [ scope SCOPE-ID ]                               [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ] IFADDR := PREFIX  ADDR peer PREFIX           [ broadcast ADDR ] [ anycast ADDR ]           [ label STRING ] [ scope SCOPE-ID ] SCOPE-ID := [ host  link  global  NUMBER ] FLAG-LIST := [ FLAG-LIST ] FLAG FLAG  := [ permanent  dynamic  secondary  primary             tentative  deprecated ] 

ip address add ” Add New Protocol Address

This command is used to add a new protocol address.

Abbreviations: add, a

Arguments

• dev NAME ”The name of the device to which you add the address.

• local ADDRESS (default) ”The address of the interface.

  The format of the address depends on the protocol. IPv4 uses dotted quad, and IPv6 uses a sequence of hexadecimal halfwords separated by colons. ADDRESS may be followed by a slash and a decimal number, which encodes network prefix (netmask) length in CIDR notation. If no CIDR netmask notation is specified, the command assumes a host ( /32 mask) address is specified.

• peer ADDRESS ”The address of remote endpoint for POINTOPOINT interfaces.

  Again, ADDRESS may be followed by a slash and a decimal number, encoding the network prefix length. If a peer address is specified, then the local address cannot have a network prefix length because the network prefix is associated with the peer rather than with the local address. In other words, netmasks can only be assigned to peer addresses when specifying both peer and local addresses.

• broadcast ADDRESS ”The broadcast address on the interface.

  The special symbols + and - can be used instead of specifying the broadcast address. In this case the broadcast address is derived either by setting all of the interface host bits to one ( + ) or by setting all of the interface host bits to zero ( - ). In most modern implementations of IPv4 networking you will want to use the ( + ) setting. Unlike ifconfig , the ip command does not set a broadcast address unless explicitly requested .

• label NAME ”Each address may be tagged with a label string.

  In order to preserve compatibility with Linux 2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by a colon ( eth0:duh ).

• scope SCOPE_VALUE ”The scope of the area within which this address is valid.

The available scopes are listed in the file /etc/iproute2/rt_scopes . The predefined scope values are

• global ”The address is globally valid.

• site (IPv6 only) ”The address is site local, valid only inside this site.

• link ” The address is link local, valid only on this link.

• host ” The address is valid only inside this host.

Examples

ip addr add 127.0.0.1/8 dev lo brd + scope host adds the usual loopback address to a loopback device. The device must be enabled before this address will show up.

ip addr add 10.0.0.1/24 brd + dev eth0 adds address 10.0.0.1 with prefix length 24 (netmask 255.255.255.0 ) and standard broadcast to interface eth0 .

ip address delete ” Delete Protocol Address

This commands allows you to delete the protocol address.

Abbreviations: delete, del, d

Arguments

The arguments coincide with arguments of ip addr add . The device name is a required argument, and the rest are optional. If no arguments are given, the first address listed is deleted.

Examples

ip addr del 127.0.0.1/8 dev lo deletes the loopback address from the loopback device.

To delete all IPv4 addresses on interface eth0:

  while ip -f inet addr del dev eth0; do   nothing   done  

Another method to disable all IP addresses on an interface using ip addr flush is discussed in the ip addr flush section.

ip address show ” Look at Protocol Addresses

This command allows you to look at the protocol addresses.

Abbreviations: show, list, lst, sh, ls, l

Arguments

• dev NAME (default) ”The name of the device.

• scope SCOPE_VAL ”List only addresses with this scope.

• to PREFIX ”List only addresses matching this prefix.

• label PATTERN ”List only addresses with labels matching PATTERN. PATTERN is the usual shell regexp-style pattern.

• dynamic/permanent (IPv6 only) ”List only addresses installed due to stateless address configuration or only permanent (not dynamic) addresses.

• tentative (IPv6 only) ”List only addresses that did not pass duplicate address detection.

• deprecated (IPv6 only) ”List only deprecated addresses.

• primary/secondary ” List only primary (or secondary) addresses.

Example

 kuznet@alisa~ $  ip addr ls eth0  3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100     link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff     inet 193.233.7.90/24 brd 193.233.7.255 scope global eth0     inet6 3ffe:2400:0:1:2a0:ccff:fe66:1878/64 scope global dynamic        valid_lft forever preferred_lft 604746sec     inet6 fe80::2a0:ccff:fe66:1878/10 scope link 

The first two lines coincide with the output of ip link list , since it is only natural to interpret link layer addresses as being addresses of the protocol family AF_PACKET . The list of IPv4 and IPv6 addresses follows , accompanied by additional attributes such as scope value, flags, and address labels. Address flags are set by the kernel and cannot be changed administratively. Currently, the following flags are defined:

• secondary ” This address is not used when selecting the default source address for outgoing packets. An IP address becomes secondary if another address within the same prefix (network) already exists. The first address within the prefix is primary and is the tag address for the group of all the secondary addresses. When the primary address is deleted, all of the secondary s are purged, too. See the examples in Chapter 5 "Simple Network Examples" and "Primary/Secondary Addressing Versus Multiple Addresses Explained" at the end of the ip addr section for the actual functionality of these steps.

• dynamic ” The address was created due to stateless autoconfiguration. In this case, the output also contains information on the times for which the address remains valid. After the preferred lifetime ( preferred_lft ) expires , the address is moved to the deprecated state and, after the valid lifetime ( valid_lft ) expires, the address is finally invalidated.

• deprecated ” The address is deprecated. It is still valid but cannot be used by newly created connections. See dynamic , above.

• tentative ” The address is not used because duplicate address detection is still not complete or has failed.

ip address flush ” Flush Protocol Addresses

This command flushes protocol addresses selected by some criteria.

Abbreviations: flush, f

Arguments

This command has the same arguments as show . The major difference is that this command will not run if no arguments are given. Otherwise you could delete all of your addresses by mistake. This command (and the other flush commands described below) are very dangerous. If you make a mistake, the command does not ask or forgive but will cruelly purge all of your addresses. Be warned !

With the option -statistics , the command becomes verbose and prints out the number of deleted addresses and number of processing rounds made in flushing the address list. If the statistics option is given twice, ip addr flush also dumps all of the deleted addresses in the full format, as described in the ip addr list section.

Examples

To delete all the addresses from private network 10.0.0.0/8:

 netadm@amber~ #  ip -stat -stat addr flush to 10/8  2 dummy    inet 10.7.7.7/16 brd 10.7.255.255 scope global dummy 3 eth0    inet 10.10.7.7/16 brd 10.10.255.255 scope global eth0 4 eth1    inet 10.8.7.7/16 brd 10.8.255.255 scope global eth1 ***Round 1, deleting 3 addresses*** ***Flush is complete after 1 round*** 

Another instructive example is deleting all IPv4 addresses from all ethernet interfaces in the system:

 netadm@amber~ #  ip -4 addr flush label "eth*"  

The last example shows how to flush all the IPv6 addresses acquired by the host from stateless address autoconfiguration after enabling forwarding or disabling autoconfiguration.

 netadm@amber~ #  ip -6 addr flush dynamic  

Primary/Secondary Addressing Versus Multiple Addresses Explained

There are two sides to the relationship between multiple IP addresses assigned to a single device. If all of the addresses are independent of each other ”in other words, they are not members explicitly of the same IP network ”then they may be manipulated and used without regard to each other. If the addresses are coded to belong to the same IP network, they are considered to be in a Primary/Secondary addressing group. In such a group the first network address added will be the Primary address for that network group and all other addresses added within that group are considered Secondaries. This is best illustrated through example.

Primary/Secondary Address Groups

Consider the IPv4 network defined by 10.1.1.0/24, which contains all IPv4 addresses from 10.1.1.0 through 10.1.1.255 inclusive. On interface eth0 you define the following multiple addresses:

  ip addr add 10.1.1.1/24 dev eth0   ip addr add 10.1.1.64/24 dev eth0   ip addr add 10.1.1.200/24 dev eth0  

This is a Primary/Secondary addressing group. The group is the set of all addresses that belong to the IPv4 network defined by 10.1.1.0/24. The Primary address is 10.1.1.1 and all other addresses, in this case 10.1.1.64 and 10.1.1.200, are Secondary addresses. To see this you issue the ip addr list command for eth0 .

  ip addr list dev eth0  8: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100    link/ether 00:a0:cc:21:ee:d3 brd ff:ff:ff:ff:ff:ff    inet 10.1.1.1/24 scope global eth0    inet 10.1.1.64/24 scope global secondary eth0    inet 10.1.1.200/24 scope global secondary eth0 

Any and all other IPv4 addresses added that are defined within the IPv4 10.1.1.0/24 network through specification of an appropriate network mask are considered Secondary addresses. But the definition of the network does not cover all addresses within the 10.1.1.0/24 network block!

Multiple Addresses

Membership in a Primary/Secondary Address Group is defined only by administrative specification of an appropriate netmask. Thus all of the addresses assigned above are defined as belonging to the IPv4 10.1.1.0/24 network address block by virtue of the netmasks used.

So if you rerun the example above but use any other netmask then you define addresses that are not considered members of a Primary/Secondary Address Group. This is coded as follows:

  ip addr add 10.1.1.1/24 dev eth0   ip addr add 10.1.1.64/32 dev eth0   ip addr add 10.1.1.200/16 dev eth0  

Notice the use of a host mask (10.1.1.64/32) and a "Class B" mask (10.1.1.200/16), which should technically include the "Class C" mask (10.1.1.1/24). Now if you look at the ip addr list output you see the difference:

  ip addr list dev eth0  8: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100    link/ether 00:a0:cc:21:ee:d3 brd ff:ff:ff:ff:ff:ff    inet 10.1.1.1/24 scope global eth0    inet 10.1.1.64/32 scope global eth0    inet 10.1.1.200/16 scope global eth0 

Note that all of these addresses are considered independent addresses. Another way of thinking about this is that each of these addresses is a Primary address for a defined IPv4 network that has no Secondary members. Thus the Primary/Secondary Address Group is only defined by administrative function.

Relationship Between Addressing Types

At this point you may be wondering why I even bother to make a distinction between these types of addressing. The reason lies both historically within the multiple addressing structure of the Linux network stack and in practical application of adding and removing addresses from interfaces.

Interface Aliases

Historically within Linux you added multiple IPv4 addresses to an interface through use of aliases. An alias was an interface name extension such as eth0:1 . You would add an IPv4 address by defining it as the address for a specific alias. Thus in the first example of Primary/Secondary addresses above, the following definitions should exist under aliases:

eth0 = 10.1.1.1/24

eth0:1 = 10.1.1.64/24

eth0:2 = 10.1.1.200/24

And if you then took down any of the aliases you would take down all of the interfaces. This is a limitation of the ifconfig tool and the way in which IPv4 addresses are traditionally considered. This methodology has been replaced within Linux by the multiple addressing methods . But using the concept of Primary/Secondary Address Groups allows for the same behavior.

The core concept is that a Primary/Secondary Address Group is removed and treated as a single entity whereas all other multiple addresses are treated independently. Thus when you remove a Primary address from an interface you remove all associated Secondary addresses. As an example I will look at an interface with two Primary/Secondary Address Groups defined along with several independent multiple addresses.

First, add a Primary/Secondary Address Group for 10.1.1.0/24 to your eth0 interface:

  ip addr add 10.1.1.1/24 dev eth0   ip addr add 10.1.1.65/24 dev eth0  

And now you add a Primary/Secondary Address Group for 10.1.1.0/16 to your eth0 interface:

  ip addr add 10.1.1.64/16 dev eth0   ip addr add 10.1.1.200/16 dev eth0  

Finally, add in some other addresses within this set:

  ip addr add 10.1.1.32/25 dev eth0   ip addr add 10.1.1.192/25 dev eth0  

Note that these two addresses have the same netmask but are in different networks.

Now look at the address listing:

  ip addr list dev eth0  8: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100    link/ether 00:a0:cc:21:ee:d3 brd ff:ff:ff:ff:ff:ff    inet 10.1.1.1/24 scope global eth0    inet 10.1.1.64/16 scope global eth0    inet 10.1.1.32/25 scope global eth0    inet 10.1.1.192/25 scope global eth0    inet 10.1.1.65/24 scope global secondary eth0    inet 10.1.1.200/16 scope global secondary eth0 

Note that you have four (4) Primary addresses defined and two (2) Secondary addresses defined. Note also that they are not grouped together as you would think they should be. This is because the definition of a Primary/Secondary Address Group is an artificial structure imposed on the actual addressing functions.

Now remove the Primary address for the 10.1.1.0/24 network:

  ip addr del 10.1.1.1/24 dev eth0  

And look at the end result:

  ip addr list dev eth0  8: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100    link/ether 00:a0:cc:21:ee:d3 brd ff:ff:ff:ff:ff:ff    inet 10.1.1.64/16 scope global eth0    inet 10.1.1.32/25 scope global eth0    inet 10.1.1.192/25 scope global eth0    inet 10.1.1.200/16 scope global secondary eth0 

Note that both addresses belonging to the 10.1.1.0/24 Primary/Secondary Address Group were removed but that no other address was touched. That is the definition of a Primary/Secondary Address Group.

This point is deeply related to the concept of the scope when talking about the address member of the Triad. Chapter 5 covers this entire subject of scopes and Primary/ Secondary groups in detail. For now you should just note that the older concept of interface aliases is dead and that some backward compatibility is retained through the Primary/Secondary groups.

---

Top