Just another tech blog

iproute2: The Networking Swiss Army Knife for Linux Administrators

iproute2 is a collection of utilities for controlling network interfaces, routing, and traffic on Linux-based operating systems. It provides a comprehensive set of command-line tools for network configuration and management, offering more advanced features compared to the older net-tools package. Some of the key utilities included in iproute2 are:

  1. ip: The primary command for network configuration. It allows users to manipulate network interfaces, addresses, routes, and tunnels.

  2. tc (Traffic Control): Used for traffic shaping, queuing, policing, and scheduling. It enables users to manage network traffic to prioritize certain types of data or limit bandwidth usage.

  3. ss (Socket Statistics): Provides detailed information about network sockets, including active connections, listening ports, and socket statistics.

Here’s a list of virtual network devices that can be created using iproute2 or ip command, presented in Markdown format:

  • Virtual Ethernet Interface: Used for connecting virtual machines or containers to each other or to the host system. E.g. ip link add veth0 type veth peer name veth1

  • Dummy Interface: A loopback-like interface used for testing or simulation purposes. E.g. ip link add dummy0 type dummy

  • Bridge Interface: Used for connecting multiple Ethernet interfaces together at the data link layer. E.g. ip link add name br0 type bridge

  • Bonding Interface: Used for aggregating multiple network interfaces into a single logical interface for redundancy or increased bandwidth. E.g. ip link add bond0 type bond

  • VLAN Interface: Used for creating virtual LAN interfaces to segment network traffic. E.g. ip link add link eth0 name eth0.10 type vlan id 10

  • Tunnel Interface: Used for encapsulating one type of network packets within another. E.g. ip tunnel add tun0 mode gre remote 203.0.113.1 local 198.51.100.1

  • MACVLAN Interface: Creates virtual interfaces that share the same MAC address with the parent interface but have unique unicast and multicast addresses. E.g. ip link add link eth0 name macvlan0 type macvlan mode bridge

  • MACVTAP Interface: Similar to MACVLAN but provides a TAP (network tap) device for direct packet capture. E.g. ip link add link eth0 name macvtap0 type macvtap mode bridge

  • VRF (Virtual Routing and Forwarding) Interface: Used for creating separate routing tables and forwarding domains. E.g. ip link add name vrf-red type vrf table 10

  • Team Interface: Used for aggregating multiple network interfaces for increased throughput and failover. E.g. ip link add name team0 type team

Create a VLAN interface

To create a virtual interface that communicates using VLAN ID 100 using the ip command in Markdown, we can use the following command:

ip link add link eth0 name eth0.100 type vlan id 100

This command creates a virtual VLAN interface named eth0.100 attached to the physical interface eth0, with VLAN ID 100.

Create a VxLAN tunnel interface

To create a VXLAN (Virtual Extensible LAN) tunnel using ip, we can use the following command:

ip link add vxlan0 type vxlan id 100 dstport 4789 remote <remote_ip_address> local <local_ip_address> dev <physical_interface>
ip link set dev vxlan0 up

In the above commands:

  • vxlan0 is the name of the VXLAN interface we’re creating
  • id 100 specifies the VXLAN Network Identifier (VNI) or VXLAN ID
  • dstport 4789 specifies the UDP port used for VXLAN communication
  • remote <remote_ip_address> specifies the IP address of the remote endpoint where VXLAN packets should be sent
  • local <local_ip_address> specifies the local IP address used for VXLAN tunneling
  • <physical_interface> is the physical interface to which the VXLAN tunnel is attached

Create a bond interface

To create a bond interface using two physical interfaces in active-standby mode (also known as active-passive or primary-backup mode) using the ip command, we can follow these steps:

  1. Load the Bonding Kernel Module (if not already loaded):
modprobe bonding
  1. Create the Bond Interface:
ip link add bond0 type bond mode active-backup

This command creates a bond interface named bond0 in active-standby mode.

  1. Add Physical Interfaces to the Bond Interface:
ip link set eth0 master bond0
ip link set eth1 master bond0

Replace eth0 and eth1 with the names of wer actual physical interfaces.

  1. Activate the Bond Interface:
ip link set bond0 up

This command brings the bond interface bond0 up, activating it.

  1. Optional: Configure Parameters:

We can configure additional parameters for the bond interface, such as bonding mode, MTU, etc., as needed.

To set the bonding mode to balance-rr (Round-Robin), we can use:

ip link set bond0 mode balance-rr

To set the MTU to 1500, we can use:

ip link set bond0 mtu 1500

To set the MII link monitoring interval (in milliseconds):

ip link set bond0 mode active-backup miimon 100

Here’s a summary of the commands:

modprobe bonding
ip link add bond0 type bond mode active-backup mtu 1500 miimon 100
ip link set eth0 master bond0
ip link set eth1 master bond0
ip link set bond0 up

After running these commands, we’ll have a bond interface named bond0 configured in active-standby mode with eth0 and eth1 as its slave interfaces. The bond interface will automatically use eth0 as the active interface and eth1 as the standby interface. If eth0 fails, eth1 will take over automatically.

Configuration automation

To automate iproute2 or ip commands, we can leverage scripting languages such as Bash, Python, or Perl to create scripts that execute the desired commands. Below are some approaches to automate iproute2 commands:

Bash Scripting

We can create a Bash script (.sh file) containing the ip commands we want to automate. For example, let’s say we want to create a script to configure a bond interface with specific parameters:

#!/bin/bash

# Load bonding kernel module
modprobe bonding

# Create bond interface
ip link add bond0 type bond mode active-backup

# Add physical interfaces to bond
ip link set eth0 master bond0
ip link set eth1 master bond0

# Set bond parameters
ip link set bond0 mtu 1500
ip link set bond0 up

# Assign IP address to bond interface
ip addr add 192.168.1.10/24 dev bond0

Python Scripting

import subprocess

# Load bonding kernel module
subprocess.run(['modprobe', 'bonding'])

# Create bond interface
subprocess.run(['ip', 'link', 'add', 'bond0', 'type', 'bond', 'mode', 'active-backup'])

# Add physical interfaces to bond
subprocess.run(['ip', 'link', 'set', 'eth0', 'master', 'bond0'])
subprocess.run(['ip', 'link', 'set', 'eth1', 'master', 'bond0'])

# Set bond parameters
subprocess.run(['ip', 'link', 'set', 'bond0', 'mtu', '1500'])
subprocess.run(['ip', 'link', 'set', 'bond0', 'up'])

# Assign IP address to bond interface
subprocess.run(['ip', 'addr', 'add', '192.168.1.10/24', 'dev', 'bond0'])

Here’s a list of Python libraries commonly used for configuring networking:

  1. netifaces: A Python library to query and manipulate network interfaces on the system. It provides functions to retrieve information such as interface addresses, netmasks, and hardware addresses.

  2. pyroute2: A Python library that provides a set of high-level abstractions for network configuration and management. It allows you to interact with the Linux kernel’s networking subsystem, enabling tasks such as configuring interfaces, routes, and traffic control.

  3. scapy: A powerful Python library for crafting and dissecting network packets. It allows you to create, send, capture, and analyze network packets at a low level, making it useful for network debugging, testing, and prototyping.

  4. socket: A built-in Python library for low-level networking operations, such as creating and managing sockets, sending and receiving data over network connections, and handling network-related errors. It provides a simple interface for basic network communication tasks.

  5. paramiko: A Python library for SSH (Secure Shell) protocol implementation, allowing you to automate tasks on remote systems over SSH connections. It’s useful for configuring network devices, managing servers, and performing network automation tasks programmatically.

  6. netmiko: A Python library that extends paramiko and provides additional functionality for managing network devices such as routers and switches. It supports various network vendors and protocols, making it suitable for automating network device configuration tasks.

  7. napalm: A Python library that abstracts network device configuration and management across multiple vendors and platforms. It provides a consistent and vendor-agnostic interface for configuring and managing network devices, simplifying network automation tasks.

These are few well konwn libraries that offer different levels of abstraction and functionality for configuring and managing networking using Python.

Automation Tools

We can also use automation tools like Ansible or Puppet to automate iproute2 commands across multiple systems in wer network. These tools provide higher-level abstractions and features for managing network configurations in a more scalable and centralized manner.

That’s all folks.