1IP-LINK(8) Linux IP-LINK(8)
2
6 ip-link - network device configuration
7
9 ip link { COMMAND | help }
10 ip link add [ link DEVICE ] [ name ] NAME
13 [ txqueuelen PACKETS ]
14 [ address LLADDR ] [ broadcast LLADDR ]
15 [ mtu MTU ] [ index IDX ]
16 [ numtxqueues QUEUE_COUNT ] [ numrxqueues QUEUE_COUNT ]
17 [ gso_max_size BYTES ] [ gso_max_segs SEGMENTS ]
18 type TYPE [ ARGS ]
19 ip link delete { DEVICE | group GROUP } type TYPE [ ARGS ]
21 ip link set { DEVICE | group GROUP }
23 [ { up | down } ]
24 [ type ETYPE TYPE_ARGS ]
25 [ arp { on | off } ]
26 [ dynamic { on | off } ]
27 [ multicast { on | off } ]
28 [ allmulticast { on | off } ]
29 [ promisc { on | off } ]
30 [ protodown { on | off } ]
31 [ trailers { on | off } ]
32 [ txqueuelen PACKETS ]
33 [ name NEWNAME ]
34 [ address LLADDR ]
35 [ broadcast LLADDR ]
36 [ mtu MTU ]
37 [ netns { PID | NETNSNAME } ]
38 [ link-netnsid ID ]
39 [ alias NAME ]
40 [ vf NUM [ mac LLADDR ]
41 [ VFVLAN-LIST ]
42 [ rate TXRATE ]
43 [ max_tx_rate TXRATE ]
44 [ min_tx_rate TXRATE ]
45 [ spoofchk { on | off } ]
46 [ query_rss { on | off } ]
47 [ state { auto | enable | disable } ]
48 [ trust { on | off } ]
49 [ node_guid eui64 ]
50 [ port_guid eui64 ] ]
51 [ { xdp | xdpgeneric | xdpdrv | xdpoffload } { off |
52 object FILE [ section NAME ] [ verbose ] |
53 pinned FILE } ]
54 [ master DEVICE ]
55 [ nomaster ]
56 [ vrf NAME ]
57 [ addrgenmode { eui64 | none | stable_secret | random } ]
58 [ macaddr { flush | { add | del } MACADDR | set [ MACADDR [
59 MACADDR [ ... ] ] ] } ]
60 ip link show [ DEVICE | group GROUP ] [ up ] [ master DEVICE ] [ type
62 ETYPE ] [ vrf NAME ]
63 ip link xstats type TYPE [ ARGS ]
65 ip link afstats [ dev DEVICE ]
67 ip link help [ TYPE ]
69 TYPE := [ bridge | bond | can | dummy | hsr | ifb | ipoib | macvlan |
71 macvtap | vcan | vxcan | veth | vlan | vxlan | ip6tnl | ipip |
72 sit | gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |
73 vti | nlmon | ipvlan | lowpan | geneve | vrf | macsec | netde‐
74 vsim | rmnet ]
75 ETYPE := [ TYPE | bridge_slave | bond_slave ]
77 VFVLAN-LIST := [ VFVLAN-LIST ] VFVLAN
79 VFVLAN := [ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ]
81
84 ip link add - add virtual link
85 link DEVICE
86 specifies the physical device to act operate on.
87 NAME specifies the name of the new virtual device.
89 TYPE specifies the type of the new device.
91 Link types:
93 bridge - Ethernet Bridge device
95 bond - Bonding device
97 dummy - Dummy network interface
99 hsr - High-availability Seamless Redundancy device
101 ifb - Intermediate Functional Block device
103 ipoib - IP over Infiniband device
105 macvlan - Virtual interface base on link layer address
107 (MAC)
108 macvtap - Virtual interface based on link layer address
110 (MAC) and TAP.
111 vcan - Virtual Controller Area Network interface
113 vxcan - Virtual Controller Area Network tunnel interface
115 veth - Virtual ethernet interface
117 vlan - 802.1q tagged virtual LAN interface
119 vxlan - Virtual eXtended LAN
121 ip6tnl - Virtual tunnel interface IPv4|IPv6 over IPv6
123 ipip - Virtual tunnel interface IPv4 over IPv4
125 sit - Virtual tunnel interface IPv6 over IPv4
127 gre - Virtual tunnel interface GRE over IPv4
129 gretap - Virtual L2 tunnel interface GRE over IPv4
131 erspan - Encapsulated Remote SPAN over GRE and IPv4
133 ip6gre - Virtual tunnel interface GRE over IPv6
135 ip6gretap - Virtual L2 tunnel interface GRE over IPv6
137 ip6erspan - Encapsulated Remote SPAN over GRE and IPv6
139 vti - Virtual tunnel interface
141 nlmon - Netlink monitoring device
143 ipvlan - Interface for L3 (IPv6/IPv4) based VLANs
145 lowpan - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4
147 / Bluetooth
148 geneve - GEneric NEtwork Virtualization Encapsulation
150 macsec - Interface for IEEE 802.1AE MAC Security (MAC‐
152 sec)
153 vrf - Interface for L3 VRF domains
155 netdevsim - Interface for netdev API tests
157 rmnet - Qualcomm rmnet device
159 numtxqueues QUEUE_COUNT
162 specifies the number of transmit queues for new device.
163 numrxqueues QUEUE_COUNT
166 specifies the number of receive queues for new device.
167 gso_max_size BYTES
170 specifies the recommended maximum size of a Generic Segment Off‐
171 load packet the new device should accept.
172 gso_max_segs SEGMENTS
175 specifies the recommended maximum number of a Generic Segment
176 Offload segments the new device should accept.
177 index IDX
180 specifies the desired index of the new virtual device. The link
181 creation fails, if the index is busy.
182 VLAN Type Support
185 For a link of type VLAN the following additional arguments are
186 supported:
187 ip link add link DEVICE name NAME type vlan [ protocol
189 VLAN_PROTO ] id VLANID [ reorder_hdr { on | off } ] [ gvrp { on
190 | off } ] [ mvrp { on | off } ] [ loose_binding { on | off } ] [
191 ingress-qos-map QOS-MAP ] [ egress-qos-map QOS-MAP ]
192 protocol VLAN_PROTO - either 802.1Q or 802.1ad.
195 id VLANID - specifies the VLAN Identifer to use. Note
197 that numbers with a leading " 0 " or " 0x " are inter‐
198 preted as octal or hexadeimal, respectively.
199 reorder_hdr { on | off } - specifies whether ethernet
201 headers are reordered or not (default is on).
202 If reorder_hdr is on then VLAN header will be not
204 inserted immediately but only before passing to the
205 physical device (if this device does not support
206 VLAN offloading), the similar on the RX direction -
207 by default the packet will be untagged before being
208 received by VLAN device. Reordering allows to accel‐
209 erate tagging on egress and to hide VLAN header on
210 ingress so the packet looks like regular Ethernet
211 packet, at the same time it might be confusing for
212 packet capture as the VLAN header does not exist
213 within the packet.
214 VLAN offloading can be checked by ethtool(8):
216 ethtool -k <phy_dev> | grep tx-vlan-offload
218 where <phy_dev> is the physical device to which VLAN
220 device is bound.
221 gvrp { on | off } - specifies whether this VLAN should
223 be registered using GARP VLAN Registration Protocol.
224 mvrp { on | off } - specifies whether this VLAN should
226 be registered using Multiple VLAN Registration Protocol.
227 loose_binding { on | off } - specifies whether the VLAN
229 device state is bound to the physical device state.
230 ingress-qos-map QOS-MAP - defines a mapping of VLAN
232 header prio field to the Linux internal packet priority
233 on incoming frames. The format is FROM:TO with multiple
234 mappings separated by spaces.
235 egress-qos-map QOS-MAP - defines a mapping of Linux
237 internal packet priority to VLAN header prio field but
238 for outgoing frames. The format is the same as for
239 ingress-qos-map.
240 Linux packet priority can be set by iptables(8):
242 iptables -t mangle -A POSTROUTING [...] -j CLAS‐
244 SIFY --set-class 0:4
245 and this "4" priority can be used in the egress qos
247 mapping to set VLAN prio "5":
248 ip link set veth0.10 type vlan egress 4:5
250 VXLAN Type Support
253 For a link of type VXLAN the following additional arguments are
254 supported:
255 ip link add DEVICE type vxlan id VNI [ dev PHYS_DEV ] [ { group
257 | remote } IPADDR ] [ local { IPADDR | any } ] [ ttl TTL ] [ tos
258 TOS ] [ flowlabel FLOWLABEL ] [ dstport PORT ] [ srcport MIN MAX
259 ] [ [no]learning ] [ [no]proxy ] [ [no]rsc ] [ [no]l2miss ] [
260 [no]l3miss ] [ [no]udpcsum ] [ [no]udp6zerocsumtx ] [
261 [no]udp6zerocsumrx ] [ ageing SECONDS ] [ maxaddress NUMBER ] [
262 [no]external ] [ gbp ] [ gpe ]
263 id VNI - specifies the VXLAN Network Identifer (or VXLAN
266 Segment Identifier) to use.
267 dev PHYS_DEV - specifies the physical device to use for
269 tunnel endpoint communication.
270 group IPADDR - specifies the multicast IP address to
273 join. This parameter cannot be specified with the
274 remote parameter.
275 remote IPADDR - specifies the unicast destination IP
278 address to use in outgoing packets when the destination
279 link layer address is not known in the VXLAN device for‐
280 warding database. This parameter cannot be specified
281 with the group parameter.
282 local IPADDR - specifies the source IP address to use in
285 outgoing packets.
286 ttl TTL - specifies the TTL value to use in outgoing
289 packets.
290 tos TOS - specifies the TOS value to use in outgoing
293 packets.
294 flowlabel FLOWLABEL - specifies the flow label to use in
297 outgoing packets.
298 dstport PORT - specifies the UDP destination port to
301 communicate to the remote VXLAN tunnel endpoint.
302 srcport MIN MAX - specifies the range of port numbers to
305 use as UDP source ports to communicate to the remote
306 VXLAN tunnel endpoint.
307 [no]learning - specifies if unknown source link layer
310 addresses and IP addresses are entered into the VXLAN
311 device forwarding database.
312 [no]rsc - specifies if route short circuit is turned on.
315 [no]proxy - specifies ARP proxy is turned on.
318 [no]l2miss - specifies if netlink LLADDR miss notifica‐
321 tions are generated.
322 [no]l3miss - specifies if netlink IP ADDR miss notifica‐
325 tions are generated.
326 [no]udpcsum - specifies if UDP checksum is calculated
329 for transmitted packets over IPv4.
330 [no]udp6zerocsumtx - skip UDP checksum calculation for
333 transmitted packets over IPv6.
334 [no]udp6zerocsumrx - allow incoming UDP packets over
337 IPv6 with zero checksum field.
338 ageing SECONDS - specifies the lifetime in seconds of
341 FDB entries learnt by the kernel.
342 maxaddress NUMBER - specifies the maximum number of FDB
345 entries.
346 [no]external - specifies whether an external control
349 plane (e.g. ip route encap) or the internal FDB should
350 be used.
351 gbp - enables the Group Policy extension (VXLAN-GBP).
354 Allows to transport group policy context across
356 VXLAN network peers. If enabled, includes the mark
357 of a packet in the VXLAN header for outgoing packets
358 and fills the packet mark based on the information
359 found in the VXLAN header for incomming packets.
360 Format of upper 16 bits of packet mark (flags);
362 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
364 |-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
366 D := Don't Learn bit. When set, this bit indicates
368 that the egress VTEP MUST NOT learn the source
369 address of the encapsulated frame.
370 A := Indicates that the group policy has already
372 been applied to this packet. Policies MUST NOT be
373 applied by devices when the A bit is set.
374 Format of lower 16 bits of packet mark (policy ID):
376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
378 | Group Policy ID |
379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
380 Example:
382 iptables -A OUTPUT [...] -j MARK --set-mark
383 0x800FF
384 gpe - enables the Generic Protocol extension (VXLAN-
388 GPE). Currently, this is only supported together with
389 the external keyword.
390 VETH, VXCAN Type Support
394 For a link of types VETH/VXCAN the following additional argu‐
395 ments are supported:
396 ip link add DEVICE type { veth | vxcan } [ peer name NAME ]
398 peer name NAME - specifies the virtual pair device name
401 of the VETH/VXCAN tunnel.
402 IPIP, SIT Type Support
406 For a link of type IPIPorSIT the following additional arguments
407 are supported:
408 ip link add DEVICE type { ipip | sit } remote ADDR local ADDR [
410 encap { fou | gue | none } ] [ encap-sport { PORT | auto } ] [
411 encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-remcsum ] [
412 mode { ip6ip | ipip | mplsip | any } ] [ external ]
413 remote ADDR - specifies the remote address of the tun‐
416 nel.
417 local ADDR - specifies the fixed local address for tun‐
420 neled packets. It must be an address on another inter‐
421 face on this host.
422 encap { fou | gue | none } - specifies type of secondary
425 UDP encapsulation. "fou" indicates Foo-Over-UDP, "gue"
426 indicates Generic UDP Encapsulation.
427 encap-sport { PORT | auto } - specifies the source port
430 in UDP encapsulation. PORT indicates the port by num‐
431 ber, "auto" indicates that the port number should be
432 chosen automatically (the kernel picks a flow based on
433 the flow hash of the encapsulated packet).
434 [no]encap-csum - specifies if UDP checksums are enabled
437 in the secondary encapsulation.
438 [no]encap-remcsum - specifies if Remote Checksum Offload
441 is enabled. This is only applicable for Generic UDP
442 Encapsulation.
443 mode { ip6ip | ipip | mplsip | any } - specifies mode in
446 which device should run. "ip6ip" indicates IPv6-Over-
447 IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indi‐
448 cates MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS
449 Over IPv4. Supported for SIT where the default is
450 "ip6ip" and IPIP where the default is "ipip".
451 IPv6-Over-IPv4 is not supported for IPIP.
452 external - make this tunnel externally controlled (e.g.
455 ip route encap).
456 GRE Type Support
459 For a link of type GRE or GRETAP the following additional argu‐
460 ments are supported:
461 ip link add DEVICE type { gre | gretap } remote ADDR local ADDR
463 [ [no][i|o]seq ] [ [i|o]key KEY | no[i|o]key ] [ [no][i|o]csum ]
464 [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ [no]ignore-df ] [ dev
465 PHYS_DEV ] [ encap { fou | gue | none } ] [ encap-sport { PORT |
466 auto } ] [ encap-dport PORT ] [ [no]encap-csum ] [ [no]encap-
467 remcsum ] [ external ]
468 remote ADDR - specifies the remote address of the tun‐
471 nel.
472 local ADDR - specifies the fixed local address for tun‐
475 neled packets. It must be an address on another inter‐
476 face on this host.
477 [no][i|o]seq - serialize packets. The oseq flag enables
480 sequencing of outgoing packets. The iseq flag requires
481 that all input packets are serialized.
482 [i|o]key KEY | no[i|o]key - use keyed GRE with key KEY.
485 KEY is either a number or an IPv4 address-like dotted
486 quad. The key parameter specifies the same key to use
487 in both directions. The ikey and okey parameters spec‐
488 ify different keys for input and output.
489 [no][i|o]csum - generate/require checksums for tunneled
492 packets. The ocsum flag calculates checksums for outgo‐
493 ing packets. The icsum flag requires that all input
494 packets have the correct checksum. The csum flag is
495 equivalent to the combination icsum ocsum .
496 ttl TTL - specifies the TTL value to use in outgoing
499 packets.
500 tos TOS - specifies the TOS value to use in outgoing
503 packets.
504 [no]pmtudisc - enables/disables Path MTU Discovery on
507 this tunnel. It is enabled by default. Note that a
508 fixed ttl is incompatible with this option: tunneling
509 with a fixed ttl always makes pmtu discovery.
510 [no]ignore-df - enables/disables IPv4 DF suppression on
513 this tunnel. Normally datagrams that exceed the MTU
514 will be fragmented; the presence of the DF flag inhibits
515 this, resulting instead in an ICMP Unreachable (Fragmen‐
516 tation Required) message. Enabling this attribute
517 casues the DF flag to be ignored.
518 dev PHYS_DEV - specifies the physical device to use for
521 tunnel endpoint communication.
522 encap { fou | gue | none } - specifies type of secondary
525 UDP encapsulation. "fou" indicates Foo-Over-UDP, "gue"
526 indicates Generic UDP Encapsulation.
527 encap-sport { PORT | auto } - specifies the source port
530 in UDP encapsulation. PORT indicates the port by num‐
531 ber, "auto" indicates that the port number should be
532 chosen automatically (the kernel picks a flow based on
533 the flow hash of the encapsulated packet).
534 [no]encap-csum - specifies if UDP checksums are enabled
537 in the secondary encapsulation.
538 [no]encap-remcsum - specifies if Remote Checksum Offload
541 is enabled. This is only applicable for Generic UDP
542 Encapsulation.
543 external - make this tunnel externally controlled (e.g.
546 ip route encap).
547 IP6GRE/IP6GRETAP Type Support
551 For a link of type IP6GRE/IP6GRETAP the following additional
552 arguments are supported:
553 ip link add DEVICE type { ip6gre | ip6gretap } remote ADDR local
555 ADDR [ [no][i|o]seq ] [ [i|o]key KEY | no[i|o]key ] [
556 [no][i|o]csum ] [ hoplimit TTL ] [ encaplimit ELIM ] [ tclass
557 TCLASS ] [ flowlabel FLOWLABEL ] [ dscp inherit ] [ [no]allow-
558 localremote ] [ dev PHYS_DEV ] [ external ]
559 remote ADDR - specifies the remote IPv6 address of the
562 tunnel.
563 local ADDR - specifies the fixed local IPv6 address for
566 tunneled packets. It must be an address on another
567 interface on this host.
568 [no][i|o]seq - serialize packets. The oseq flag enables
571 sequencing of outgoing packets. The iseq flag requires
572 that all input packets are serialized.
573 [i|o]key KEY | no[i|o]key - use keyed GRE with key KEY.
576 KEY is either a number or an IPv4 address-like dotted
577 quad. The key parameter specifies the same key to use
578 in both directions. The ikey and okey parameters spec‐
579 ify different keys for input and output.
580 [no][i|o]csum - generate/require checksums for tunneled
583 packets. The ocsum flag calculates checksums for outgo‐
584 ing packets. The icsum flag requires that all input
585 packets have the correct checksum. The csum flag is
586 equivalent to the combination icsum ocsum.
587 hoplimit TTL - specifies Hop Limit value to use in out‐
590 going packets.
591 encaplimit ELIM - specifies a fixed encapsulation limit.
594 Default is 4.
595 flowlabel FLOWLABEL - specifies a fixed flowlabel.
598 [no]allow-localremote - specifies whether to allow
601 remote endpoint to have an address configured on local
602 host.
603 tclass TCLASS - specifies the traffic class field on
606 tunneled packets, which can be specified as either a
607 two-digit hex value (e.g. c0) or a predefined string
608 (e.g. internet). The value inherit causes the field to
609 be copied from the original IP header. The values
610 inherit/STRING or inherit/00..ff will set the field to
611 STRING or 00..ff when tunneling non-IP packets. The
612 default value is 00.
613 external - make this tunnel externally controlled (or
616 not, which is the default). In the kernel, this is
617 referred to as collect metadata mode. This flag is
618 mutually exclusive with the remote, local, seq, key,
619 csum, hoplimit, encaplimit, flowlabel and tclass
620 options.
621 IPoIB Type Support
625 For a link of type IPoIB the following additional arguments are
626 supported:
627 ip link add DEVICE name NAME type ipoib [ pkey PKEY ] [ mode
629 MODE ]
630 pkey PKEY - specifies the IB P-Key to use.
633 mode MODE - specifies the mode (datagram or connected)
635 to use.
636 ERSPAN Type Support
639 For a link of type ERSPAN/IP6ERSPAN the following additional
640 arguments are supported:
641 ip link add DEVICE type { erspan | ip6erspan } remote ADDR local
643 ADDR seq key KEY erspan_ver version [ erspan IDX ] [ erspan_dir
644 { ingress | egress } ] [ erspan_hwid hwid ] [ [no]allow-localre‐
645 mote ] [ external ]
646 remote ADDR - specifies the remote address of the tun‐
649 nel.
650 local ADDR - specifies the fixed local address for tun‐
653 neled packets. It must be an address on another inter‐
654 face on this host.
655 erspan_ver version - specifies the ERSPAN version num‐
658 ber. version indicates the ERSPAN version to be cre‐
659 ated: 1 for version 1 (type II) or 2 for version 2 (type
660 III).
661 erspan IDX - specifies the ERSPAN v1 index field. IDX
664 indicates a 20 bit index/port number associated with the
665 ERSPAN traffic's source port and direction.
666 erspan_dir { ingress | egress } - specifies the ERSPAN
669 v2 mirrored traffic's direction.
670 erspan_hwid hwid - an unique identifier of an ERSPAN v2
673 engine within a system. hwid is a 6-bit value for users
674 to configure.
675 [no]allow-localremote - specifies whether to allow
678 remote endpoint to have an address configured on local
679 host.
680 external - make this tunnel externally controlled (or
683 not, which is the default). In the kernel, this is
684 referred to as collect metadata mode. This flag is
685 mutually exclusive with the remote, local, erspan_ver,
686 erspan, erspan_dir and erspan_hwid options.
687 GENEVE Type Support
691 For a link of type GENEVE the following additional arguments are
692 supported:
693 ip link add DEVICE type geneve id VNI remote IPADDR [ ttl TTL ]
695 [ tos TOS ] [ flowlabel FLOWLABEL ] [ dstport PORT ] [
696 [no]external ] [ [no]udpcsum ] [ [no]udp6zerocsumtx ] [
697 [no]udp6zerocsumrx ]
698 id VNI - specifies the Virtual Network Identifer to use.
701 remote IPADDR - specifies the unicast destination IP
704 address to use in outgoing packets.
705 ttl TTL - specifies the TTL value to use in outgoing
708 packets.
709 tos TOS - specifies the TOS value to use in outgoing
712 packets.
713 flowlabel FLOWLABEL - specifies the flow label to use in
716 outgoing packets.
717 dstport PORT - select a destination port other than the
720 default of 6081.
721 [no]external - make this tunnel externally controlled
724 (or not, which is the default). This flag is mutually
725 exclusive with the id, remote, ttl, tos and flowlabel
726 options.
727 [no]udpcsum - specifies if UDP checksum is calculated
730 for transmitted packets over IPv4.
731 [no]udp6zerocsumtx - skip UDP checksum calculation for
734 transmitted packets over IPv6.
735 [no]udp6zerocsumrx - allow incoming UDP packets over
738 IPv6 with zero checksum field.
739 MACVLAN and MACVTAP Type Support
743 For a link of type MACVLAN or MACVTAP the following additional
744 arguments are supported:
745 ip link add link DEVICE name NAME type { macvlan | macvtap }
747 mode { private | vepa | bridge | passthru [ nopromisc ] |
748 source }
749 type { macvlan | macvtap } - specifies the link type to
752 use. macvlan creates just a virtual interface, while
753 macvtap in addition creates a character device /dev/tapX
754 to be used just like a tuntap device.
755 mode private - Do not allow communication between
757 macvlan instances on the same physical interface, even
758 if the external switch supports hairpin mode.
759 mode vepa - Virtual Ethernet Port Aggregator mode. Data
761 from one macvlan instance to the other on the same phys‐
762 ical interface is transmitted over the physical inter‐
763 face. Either the attached switch needs to support hair‐
764 pin mode, or there must be a TCP/IP router forwarding
765 the packets in order to allow communication. This is the
766 default mode.
767 mode bridge - In bridge mode, all endpoints are directly
769 connected to each other, communication is not redirected
770 through the physical interface's peer.
771 mode passthru [ nopromisc ] - This mode gives more power
773 to a single endpoint, usually in macvtap mode. It is not
774 allowed for more than one endpoint on the same physical
775 interface. All traffic will be forwarded to this end‐
776 point, allowing virtio guests to change MAC address or
777 set promiscuous mode in order to bridge the interface or
778 create vlan interfaces on top of it. By default, this
779 mode forces the underlying interface into promiscuous
780 mode. Passing the nopromisc flag prevents this, so the
781 promisc flag may be controlled using standard tools.
782 mode source - allows one to set a list of allowed mac
784 address, which is used to match against source mac
785 address from received frames on underlying interface.
786 This allows creating mac based VLAN associations,
787 instead of standard port or tag based. The feature is
788 useful to deploy 802.1x mac based behavior, where driv‐
789 ers of underlying interfaces doesn't allows that.
790 High-availability Seamless Redundancy (HSR) Support
793 For a link of type HSR the following additional arguments are
794 supported:
795 ip link add link DEVICE name NAME type hsr slave1 SLAVE1-IF
797 slave2 SLAVE2-IF [ supervision ADDR-BYTE ] [ version { 0 | 1 } ]
798 type hsr - specifies the link type to use, here HSR.
801 slave1 SLAVE1-IF - Specifies the physical device used
803 for the first of the two ring ports.
804 slave2 SLAVE2-IF - Specifies the physical device used
806 for the second of the two ring ports.
807 supervision ADDR-BYTE - The last byte of the multicast
809 address used for HSR supervision frames. Default option
810 is "0", possible values 0-255.
811 version { 0 | 1 } - Selects the protocol version of the
813 interface. Default option is "0", which corresponds to
814 the 2010 version of the HSR standard. Option "1" acti‐
815 vates the 2012 version.
816 BRIDGE Type Support
819 For a link of type BRIDGE the following additional arguments are
820 supported:
821 ip link add DEVICE type bridge [ ageing_time AGEING_TIME ] [
823 group_fwd_mask MASK ] [ group_address ADDRESS ] [ forward_delay
824 FORWARD_DELAY ] [ hello_time HELLO_TIME ] [ max_age MAX_AGE ] [
825 stp_state STP_STATE ] [ priority PRIORITY ] [ vlan_filtering
826 VLAN_FILTERING ] [ vlan_protocol VLAN_PROTOCOL ] [
827 vlan_default_pvid VLAN_DEFAULT_PVID ] [ vlan_stats_enabled
828 VLAN_STATS_ENABLED ] [ mcast_snooping MULTICAST_SNOOPING ] [
829 mcast_router MULTICAST_ROUTER ] [ mcast_query_use_ifaddr
830 MCAST_QUERY_USE_IFADDR ] [ mcast_querier MULTICAST_QUERIER ] [
831 mcast_hash_elasticity HASH_ELASTICITY ] [ mcast_hash_max
832 HASH_MAX ] [ mcast_last_member_count LAST_MEMBER_COUNT ] [
833 mcast_startup_query_count STARTUP_QUERY_COUNT ] [
834 mcast_last_member_interval LAST_MEMBER_INTERVAL ] [ mcast_mem‐
835 bership_interval MEMBERSHIP_INTERVAL ] [ mcast_querier_interval
836 QUERIER_INTERVAL ] [ mcast_query_interval QUERY_INTERVAL ] [
837 mcast_query_response_interval QUERY_RESPONSE_INTERVAL ] [
838 mcast_startup_query_interval STARTUP_QUERY_INTERVAL ] [
839 mcast_stats_enabled MCAST_STATS_ENABLED ] [ mcast_igmp_version
840 IGMP_VERSION ] [ mcast_mld_version MLD_VERSION ] [ nf_call_ipta‐
841 bles NF_CALL_IPTABLES ] [ nf_call_ip6tables NF_CALL_IP6TABLES ]
842 [ nf_call_arptables NF_CALL_ARPTABLES ]
843 ageing_time AGEING_TIME - configure the bridge's FDB
846 entries ageing time, ie the number of seconds a MAC
847 address will be kept in the FDB after a packet has been
848 received from that address. after this time has passed,
849 entries are cleaned up.
850 group_fwd_mask MASK - set the group forward mask. This
852 is the bitmask that is applied to decide whether to for‐
853 ward incoming frames destined to link-local addresses,
854 ie addresses of the form 01:80:C2:00:00:0X (defaults to
855 0, ie the bridge does not forward any link-local
856 frames).
857 group_address ADDRESS - set the MAC address of the mul‐
859 ticast group this bridge uses for STP. The address must
860 be a link-local address in standard Ethernet MAC address
861 format, ie an address of the form 01:80:C2:00:00:0X,
862 with X in [0, 4..f].
863 forward_delay FORWARD_DELAY - set the forwarding delay
865 in seconds, ie the time spent in LISTENING state (before
866 moving to LEARNING) and in LEARNING state (before moving
867 to FORWARDING). Only relevant if STP is enabled. Valid
868 values are between 2 and 30.
869 hello_time HELLO_TIME - set the time in seconds between
871 hello packets sent by the bridge, when it is a root
872 bridge or a designated bridges. Only relevant if STP is
873 enabled. Valid values are between 1 and 10.
874 max_age MAX_AGE - set the hello packet timeout, ie the
876 time in seconds until another bridge in the spanning
877 tree is assumed to be dead, after reception of its last
878 hello message. Only relevant if STP is enabled. Valid
879 values are between 6 and 40.
880 stp_state STP_STATE - turn spanning tree protocol on
882 (STP_STATE > 0) or off (STP_STATE == 0). for this
883 bridge.
884 priority PRIORITY - set this bridge's spanning tree pri‐
886 ority, used during STP root bridge election. PRIORITY
887 is a 16bit unsigned integer.
888 vlan_filtering VLAN_FILTERING - turn VLAN filtering on
890 (VLAN_FILTERING > 0) or off (VLAN_FILTERING == 0). When
891 disabled, the bridge will not consider the VLAN tag when
892 handling packets.
893 vlan_protocol { 802.1Q | 802.1ad } - set the protocol
895 used for VLAN filtering.
896 vlan_default_pvid VLAN_DEFAULT_PVID - set the default
898 PVID (native/untagged VLAN ID) for this bridge.
899 vlan_stats_enabled VLAN_STATS_ENABLED - enable
901 (VLAN_STATS_ENABLED == 1) or disable (VLAN_STATS_ENABLED
902 == 0) per-VLAN stats accounting.
903 mcast_snooping MULTICAST_SNOOPING - turn multicast
905 snooping on (MULTICAST_SNOOPING > 0) or off (MULTI‐
906 CAST_SNOOPING == 0).
907 mcast_router MULTICAST_ROUTER - set bridge's multicast
909 router if IGMP snooping is enabled. MULTICAST_ROUTER is
910 an integer value having the following meaning:
911 0 - disabled.
913 1 - automatic (queried).
915 2 - permanently enabled.
917 mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR - whether
919 to use the bridge's own IP address as source address for
920 IGMP queries (MCAST_QUERY_USE_IFADDR > 0) or the default
921 of 0.0.0.0 (MCAST_QUERY_USE_IFADDR == 0).
922 mcast_querier MULTICAST_QUERIER - enable (MULTI‐
924 CAST_QUERIER > 0) or disable (MULTICAST_QUERIER == 0)
925 IGMP querier, ie sending of multicast queries by the
926 bridge (default: disabled).
927 mcast_querier_interval QUERIER_INTERVAL - interval
929 between queries sent by other routers. if no queries are
930 seen after this delay has passed, the bridge will start
931 to send its own queries (as if mcast_querier was
932 enabled).
933 mcast_hash_elasticity HASH_ELASTICITY - set multicast
935 database hash elasticity, ie the maximum chain length in
936 the multicast hash table (defaults to 4).
937 mcast_hash_max HASH_MAX - set maximum size of multicast
939 hash table (defaults to 512, value must be a power of
940 2).
941 mcast_last_member_count LAST_MEMBER_COUNT - set multi‐
943 cast last member count, ie the number of queries the
944 bridge will send before stopping forwarding a multicast
945 group after a "leave" message has been received
946 (defaults to 2).
947 mcast_last_member_interval LAST_MEMBER_INTERVAL - inter‐
949 val between queries to find remaining members of a
950 group, after a "leave" message is received.
951 mcast_startup_query_count STARTUP_QUERY_COUNT - set the
953 number of IGMP queries to send during startup phase
954 (defaults to 2).
955 mcast_startup_query_interval STARTUP_QUERY_INTERVAL -
957 interval between queries in the startup phase.
958 mcast_query_interval QUERY_INTERVAL - interval between
960 queries sent by the bridge after the end of the startup
961 phase.
962 mcast_query_response_interval QUERY_RESPONSE_INTERVAL -
964 set the Max Response Time/Maximum Response Delay for
965 IGMP/MLD queries sent by the bridge.
966 mcast_membership_interval MEMBERSHIP_INTERVAL - delay
968 after which the bridge will leave a group, if no member‐
969 ship reports for this group are received.
970 mcast_stats_enabled MCAST_STATS_ENABLED - enable
972 (MCAST_STATS_ENABLED > 0) or disable
973 (MCAST_STATS_ENABLED == 0) multicast (IGMP/MLD) stats
974 accounting.
975 mcast_igmp_version IGMP_VERSION - set the IGMP version.
977 mcast_mld_version MLD_VERSION - set the MLD version.
979 nf_call_iptables NF_CALL_IPTABLES - enable (NF_CALL_IPT‐
981 ABLES > 0) or disable (NF_CALL_IPTABLES == 0) iptables
982 hooks on the bridge.
983 nf_call_ip6tables NF_CALL_IP6TABLES - enable
985 (NF_CALL_IP6TABLES > 0) or disable (NF_CALL_IP6TABLES ==
986 0) ip6tables hooks on the bridge.
987 nf_call_arptables NF_CALL_ARPTABLES - enable
989 (NF_CALL_ARPTABLES > 0) or disable (NF_CALL_ARPTABLES ==
990 0) arptables hooks on the bridge.
991 MACsec Type Support
996 For a link of type MACsec the following additional arguments are
997 supported:
998 ip link add link DEVICE name NAME type macsec [ [ address
1000 <lladdr> ] port PORT | sci SCI ] [ cipher CIPHER_SUITE ] [
1001 icvlen { 8..16 } ] [ encrypt { on | off } ] [ send_sci { on |
1002 off } ] [ end_station { on | off } ] [ scb { on | off } ] [ pro‐
1003 tect { on | off } ] [ replay { on | off } window { 0..2^32-1 } ]
1004 [ validate { strict | check | disabled } ] [ encodingsa { 0..3 }
1005 ]
1006 address <lladdr> - sets the system identifier component
1009 of secure channel for this MACsec device.
1010 port PORT - sets the port number component of secure
1013 channel for this MACsec device, in a range from 1 to
1014 65535 inclusive. Numbers with a leading " 0 " or " 0x "
1015 are interpreted as octal and hexadecimal, respectively.
1016 sci SCI - sets the secure channel identifier for this
1019 MACsec device. SCI is a 64bit wide number in hexadeci‐
1020 mal format.
1021 cipher CIPHER_SUITE - defines the cipher suite to use.
1024 icvlen LENGTH - sets the length of the Integrity Check
1027 Value (ICV).
1028 encrypt on or encrypt off - switches between authenti‐
1031 cated encryption, or authenticity mode only.
1032 send_sci on or send_sci off - specifies whether the SCI
1035 is included in every packet, or only when it is neces‐
1036 sary.
1037 end_station on or end_station off - sets the End Station
1040 bit.
1041 scb on or scb off - sets the Single Copy Broadcast bit.
1044 protect on or protect off - enables MACsec protection on
1047 the device.
1048 replay on or replay off - enables replay protection on
1051 the device.
1052 window SIZE - sets the size of the replay win‐
1056 dow.
1057 validate strict or validate check or validate disabled -
1061 sets the validation mode on the device.
1062 encodingsa AN - sets the active secure association for
1065 transmission.
1066 VRF Type Support
1070 For a link of type VRF the following additional arguments are
1071 supported:
1072 ip link add DEVICE type vrf table TABLE
1074 table table id associated with VRF device
1077 RMNET Type Support
1081 For a link of type RMNET the following additional arguments are
1082 supported:
1083 ip link add link DEVICE name NAME type rmnet mux_id MUXID
1085 mux_id MUXID - specifies the mux identifier for the
1088 rmnet device, possible values 1-254.
1089 ip link delete - delete virtual link
1093 dev DEVICE
1094 specifies the virtual device to act operate on.
1095 group GROUP
1098 specifies the group of virtual links to delete. Group 0 is not
1099 allowed to be deleted since it is the default group.
1100 type TYPE
1103 specifies the type of the device.
1104 ip link set - change device attributes
1107 Warning: If multiple parameter changes are requested, ip aborts immedi‐
1108 ately after any of the changes have failed. This is the only case when
1109 ip can move the system to an unpredictable state. The solution is to
1110 avoid changing several parameters with one ip link set call.
1111 dev DEVICE
1114 DEVICE specifies network device to operate on. When configuring
1115 SR-IOV Virtual Function (VF) devices, this keyword should spec‐
1116 ify the associated Physical Function (PF) device.
1117 group GROUP
1120 GROUP has a dual role: If both group and dev are present, then
1121 move the device to the specified group. If only a group is spec‐
1122 ified, then the command operates on all devices in that group.
1123 up and down
1126 change the state of the device to UP or DOWN.
1127 arp on or arp off
1130 change the NOARP flag on the device.
1131 multicast on or multicast off
1134 change the MULTICAST flag on the device.
1135 protodown on or protodown off
1138 change the PROTODOWN state on the device. Indicates that a pro‐
1139 tocol error has been detected on the port. Switch drivers can
1140 react to this error by doing a phys down on the switch port.
1141 dynamic on or dynamic off
1144 change the DYNAMIC flag on the device. Indicates that address
1145 can change when interface goes down (currently NOT used by the
1146 Linux).
1147 name NAME
1150 change the name of the device. This operation is not recommended
1151 if the device is running or has some addresses already config‐
1152 ured.
1153 txqueuelen NUMBER
1156 txqlen NUMBER
1158 change the transmit queue length of the device.
1159 mtu NUMBER
1162 change the MTU of the device.
1163 address LLADDRESS
1166 change the station address of the interface.
1167 broadcast LLADDRESS
1170 brd LLADDRESS
1172 peer LLADDRESS
1174 change the link layer broadcast address or the peer address when
1175 the interface is POINTOPOINT.
1176 netns NETNSNAME | PID
1179 move the device to the network namespace associated with name
1180 NETNSNAME or process PID.
1181 Some devices are not allowed to change network namespace: loop‐
1183 back, bridge, ppp, wireless. These are network namespace local
1184 devices. In such case ip tool will return "Invalid argument"
1185 error. It is possible to find out if device is local to a single
1186 network namespace by checking netns-local flag in the output of
1187 the ethtool:
1188 ethtool -k DEVICE
1190 To change network namespace for wireless devices the iw tool can
1192 be used. But it allows to change network namespace only for
1193 physical devices and by process PID.
1194 alias NAME
1197 give the device a symbolic name for easy reference.
1198 group GROUP
1201 specify the group the device belongs to. The available groups
1202 are listed in file /etc/iproute2/group.
1203 vf NUM specify a Virtual Function device to be configured. The associ‐
1206 ated PF device must be specified using the dev parameter.
1207 mac LLADDRESS - change the station address for the spec‐
1209 ified VF. The vf parameter must be specified.
1210 vlan VLANID - change the assigned VLAN for the specified
1213 VF. When specified, all traffic sent from the VF will be
1214 tagged with the specified VLAN ID. Incoming traffic will
1215 be filtered for the specified VLAN ID, and will have all
1216 VLAN tags stripped before being passed to the VF. Set‐
1217 ting this parameter to 0 disables VLAN tagging and fil‐
1218 tering. The vf parameter must be specified.
1219 qos VLAN-QOS - assign VLAN QOS (priority) bits for the
1222 VLAN tag. When specified, all VLAN tags transmitted by
1223 the VF will include the specified priority bits in the
1224 VLAN tag. If not specified, the value is assumed to be
1225 0. Both the vf and vlan parameters must be specified.
1226 Setting both vlan and qos as 0 disables VLAN tagging and
1227 filtering for the VF.
1228 proto VLAN-PROTO - assign VLAN PROTOCOL for the VLAN
1231 tag, either 802.1Q or 802.1ad. Setting to 802.1ad, all
1232 traffic sent from the VF will be tagged with VLAN S-Tag.
1233 Incoming traffic will have VLAN S-Tags stripped before
1234 being passed to the VF. Setting to 802.1ad also enables
1235 an option to concatenate another VLAN tag, so both S-TAG
1236 and C-TAG will be inserted/stripped for outgoing/incom‐
1237 ing traffic, respectively. If not specified, the value
1238 is assumed to be 802.1Q. Both the vf and vlan parameters
1239 must be specified.
1240 rate TXRATE -- change the allowed transmit bandwidth, in
1243 Mbps, for the specified VF. Setting this parameter to 0
1244 disables rate limiting. vf parameter must be specified.
1245 Please use new API max_tx_rate option instead.
1246 max_tx_rate TXRATE - change the allowed maximum transmit
1249 bandwidth, in Mbps, for the specified VF. Setting this
1250 parameter to 0 disables rate limiting. vf parameter
1251 must be specified.
1252 min_tx_rate TXRATE - change the allowed minimum transmit
1255 bandwidth, in Mbps, for the specified VF. Minimum
1256 TXRATE should be always <= Maximum TXRATE. Setting this
1257 parameter to 0 disables rate limiting. vf parameter
1258 must be specified.
1259 spoofchk on|off - turn packet spoof checking on or off
1262 for the specified VF.
1263 query_rss on|off - toggle the ability of querying the
1265 RSS configuration of a specific VF. VF RSS information
1266 like RSS hash key may be considered sensitive on some
1267 devices where this information is shared between VF and
1268 PF and thus its querying may be prohibited by default.
1269 state auto|enable|disable - set the virtual link state
1271 as seen by the specified VF. Setting to auto means a
1272 reflection of the PF link state, enable lets the VF to
1273 communicate with other VFs on this host even if the PF
1274 link state is down, disable causes the HW to drop any
1275 packets sent by the VF.
1276 trust on|off - trust the specified VF user. This enables
1278 that VF user can set a specific feature which may impact
1279 security and/or performance. (e.g. VF multicast promis‐
1280 cuous mode)
1281 node_guid eui64 - configure node GUID for Infiniband
1283 VFs.
1284 port_guid eui64 - configure port GUID for Infiniband
1286 VFs.
1287 xdp object | pinned | off
1290 set (or unset) a XDP ("eXpress Data Path") BPF program to run on
1291 every packet at driver level. ip link output will indicate a
1292 xdp flag for the networking device. If the driver does not have
1293 native XDP support, the kernel will fall back to a slower,
1294 driver-independent "generic" XDP variant. The ip link output
1295 will in that case indicate xdpgeneric instead of xdp only. If
1296 the driver does have native XDP support, but the program is
1297 loaded under xdpgeneric object | pinned then the kernel will use
1298 the generic XDP variant instead of the native one. xdpdrv has
1299 the opposite effect of requestsing that the automatic fallback
1300 to the generic XDP variant be disabled and in case driver is not
1301 XDP-capable error should be returned. xdpdrv also disables
1302 hardware offloads. xdpoffload in ip link output indicates that
1303 the program has been offloaded to hardware and can also be used
1304 to request the "offload" mode, much like xdpgeneric it forces
1305 program to be installed specifically in HW/FW of the apater.
1306 off (or none ) - Detaches any currently attached XDP/BPF program
1308 from the given device.
1309 object FILE - Attaches a XDP/BPF program to the given device.
1311 The FILE points to a BPF ELF file (f.e. generated by LLVM) that
1312 contains the BPF program code, map specifications, etc. If a
1313 XDP/BPF program is already attached to the given device, an
1314 error will be thrown. If no XDP/BPF program is currently
1315 attached, the device supports XDP and the program from the BPF
1316 ELF file passes the kernel verifier, then it will be attached to
1317 the device. If the option -force is passed to ip then any prior
1318 attached XDP/BPF program will be atomically overridden and no
1319 error will be thrown in this case. If no section option is
1320 passed, then the default section name ("prog") will be assumed,
1321 otherwise the provided section name will be used. If no verbose
1322 option is passed, then a verifier log will only be dumped on
1323 load error. See also EXAMPLES section for usage examples.
1324 section NAME - Specifies a section name that contains the BPF
1326 program code. If no section name is specified, the default one
1327 ("prog") will be used. This option is to be passed with the
1328 object option.
1329 verbose - Act in verbose mode. For example, even in case of suc‐
1331 cess, this will print the verifier log in case a program was
1332 loaded from a BPF ELF file.
1333 pinned FILE - Attaches a XDP/BPF program to the given device.
1335 The FILE points to an already pinned BPF program in the BPF file
1336 system. The option section doesn't apply here, but otherwise
1337 semantics are the same as with the option object described
1338 already.
1339 master DEVICE
1342 set master device of the device (enslave device).
1343 nomaster
1346 unset master device of the device (release device).
1347 addrgenmode eui64|none|stable_secret|random
1350 set the IPv6 address generation mode
1351 eui64 - use a Modified EUI-64 format interface identifier
1353 none - disable automatic address generation
1355 stable_secret - generate the interface identifier based on a
1357 preset /proc/sys/net/ipv6/conf/{default,DEVICE}/stable_secret
1358 random - like stable_secret, but auto-generate a new random
1360 secret if none is set
1361 link-netnsid
1364 set peer netnsid for a cross-netns interface
1365 type ETYPE TYPE_ARGS
1368 Change type-specific settings. For a list of supported types and
1369 arguments refer to the description of ip link add above. In
1370 addition to that, it is possible to manipulate settings to slave
1371 devices:
1372 Bridge Slave Support
1375 For a link with master bridge the following additional arguments
1376 are supported:
1377 ip link set type bridge_slave [ fdb_flush ] [ state STATE ] [
1379 priority PRIO ] [ cost COST ] [ guard { on | off } ] [ hairpin {
1380 on | off } ] [ fastleave { on | off } ] [ root_block { on | off
1381 } ] [ learning { on | off } ] [ flood { on | off } ] [ proxy_arp
1382 { on | off } ] [ proxy_arp_wifi { on | off } ] [ mcast_router
1383 MULTICAST_ROUTER ] [ mcast_fast_leave { on | off} ] [
1384 mcast_flood { on | off } ] [ group_fwd_mask MASK ] [ neigh_sup‐
1385 press { on | off } ] ] [ vlan_tunnel { on | off } ]
1386 fdb_flush - flush bridge slave's fdb dynamic entries.
1389 state STATE - Set port state. STATE is a number repre‐
1391 senting the following states: 0 (disabled), 1 (listen‐
1392 ing), 2 (learning), 3 (forwarding), 4 (blocking).
1393 priority PRIO - set port priority (allowed values are
1395 between 0 and 63, inclusively).
1396 cost COST - set port cost (allowed values are between 1
1398 and 65535, inclusively).
1399 guard { on | off } - block incoming BPDU packets on this
1401 port.
1402 hairpin { on | off } - enable hairpin mode on this port.
1404 This will allow incoming packets on this port to be
1405 reflected back.
1406 fastleave { on | off } - enable multicast fast leave on
1408 this port.
1409 root_block { on | off } - block this port from becoming
1411 the bridge's root port.
1412 learning { on | off } - allow MAC address learning on
1414 this port.
1415 flood { on | off } - open the flood gates on this port,
1417 i.e. forward all unicast frames to this port also.
1418 Requires proxy_arp and proxy_arp_wifi to be turned off.
1419 proxy_arp { on | off } - enable proxy ARP on this port.
1421 proxy_arp_wifi { on | off } - enable proxy ARP on this
1423 port which meets extended requirements by IEEE 802.11
1424 and Hotspot 2.0 specifications.
1425 mcast_router MULTICAST_ROUTER - configure this port for
1427 having multicast routers attached. A port with a multi‐
1428 cast router will receive all multicast traffic. MULTI‐
1429 CAST_ROUTER may be either 0 to disable multicast routers
1430 on this port, 1 to let the system detect the presence of
1431 of routers (this is the default), 2 to permanently
1432 enable multicast traffic forwarding on this port or 3 to
1433 enable multicast routers temporarily on this port, not
1434 depending on incoming queries.
1435 mcast_fast_leave { on | off } - this is a synonym to the
1437 fastleave option above.
1438 mcast_flood { on | off } - controls whether a given port
1440 will be flooded with multicast traffic for which there
1441 is no MDB entry.
1442 group_fwd_mask MASK - set the group forward mask. This
1444 is the bitmask that is applied to decide whether to for‐
1445 ward incoming frames destined to link-local addresses,
1446 ie addresses of the form 01:80:C2:00:00:0X (defaults to
1447 0, ie the bridge does not forward any link-local frames
1448 coming on this port).
1449 neigh_suppress { on | off } - controls whether neigh
1451 discovery (arp and nd) proxy and suppression is enabled
1452 on the port. By default this flag is off.
1453 vlan_tunnel { on | off } - Controls whether vlan to tun‐
1455 nel mapping is enabled on the port. By default this flag
1456 is off.
1457 Bonding Slave Support
1461 For a link with master bond the following additional arguments
1462 are supported:
1463 ip link set type bond_slave [ queue_id ID ]
1465 queue_id ID - set the slave's queue ID (a 16bit unsigned
1468 value).
1469 MACVLAN and MACVTAP Support
1473 Modify list of allowed macaddr for link in source mode.
1474 ip link set type { macvlan | macvap } [ macaddr COMMAND MACADDR
1476 ... ]
1477 Commands:
1479 add - add MACADDR to allowed list
1480 set - replace allowed list
1482 del - remove MACADDR from allowed list
1484 flush - flush whole allowed list
1486 ip link show - display device attributes
1491 dev NAME (default)
1492 NAME specifies the network device to show. If this argument is
1493 omitted all devices in the default group are listed.
1494 group GROUP
1497 GROUP specifies what group of devices to show.
1498 up only display running interfaces.
1501 master DEVICE
1504 DEVICE specifies the master device which enslaves devices to
1505 show.
1506 vrf NAME
1509 NAME speficies the VRF which enslaves devices to show.
1510 type TYPE
1513 TYPE specifies the type of devices to show.
1514 Note that the type name is not checked against the list of sup‐
1516 ported types - instead it is sent as-is to the kernel. Later it
1517 is used to filter the returned interface list by comparing it
1518 with the relevant attribute in case the kernel didn't filter
1519 already. Therefore any string is accepted, but may lead to empty
1520 output.
1521 ip link xstats - display extended statistics
1524 type TYPE
1525 TYPE specifies the type of devices to display extended statis‐
1526 tics for.
1527 ip link afstats - display address-family specific statistics
1530 dev DEVICE
1531 DEVICE specifies the device to display address-family statistics
1532 for.
1533 ip link help - display help
1536 TYPE specifies which help of link type to dislpay.
1537 GROUP
1540 may be a number or a string from the file /etc/iproute2/group which can
1541 be manually filled.
1542
1545 ip link show
1546 Shows the state of all network interfaces on the system.
1547 ip link show type bridge
1549 Shows the bridge devices.
1550 ip link show type vlan
1552 Shows the vlan devices.
1553 ip link show master br0
1555 Shows devices enslaved by br0
1556 ip link set dev ppp0 mtu 1400
1558 Change the MTU the ppp0 device.
1559 ip link add link eth0 name eth0.10 type vlan id 10
1561 Creates a new vlan device eth0.10 on device eth0.
1562 ip link delete dev eth0.10
1564 Removes vlan device.
1565 ip link help gre
1567 Display help for the gre link type.
1568 ip link add name tun1 type ipip remote 192.168.1.1 local 192.168.1.2
1570 ttl 225 encap gue encap-sport auto encap-dport 5555 encap-csum encap-
1571 remcsum
1572 Creates an IPIP that is encapsulated with Generic UDP Encapsula‐
1573 tion, and the outer UDP checksum and remote checksum offload are
1574 enabled.
1575 ip link set dev eth0 xdp obj prog.o
1577 Attaches a XDP/BPF program to device eth0, where the program is
1578 located in prog.o, section "prog" (default section). In case a
1579 XDP/BPF program is already attached, throw an error.
1580 ip -force link set dev eth0 xdp obj prog.o sec foo
1582 Attaches a XDP/BPF program to device eth0, where the program is
1583 located in prog.o, section "foo". In case a XDP/BPF program is
1584 already attached, it will be overridden by the new one.
1585 ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
1587 Attaches a XDP/BPF program to device eth0, where the program was
1588 previously pinned as an object node into BPF file system under name
1589 foo.
1590 ip link set dev eth0 xdp off
1592 If a XDP/BPF program is attached on device eth0, detach it and
1593 effectively turn off XDP for device eth0.
1594 ip link add link wpan0 lowpan0 type lowpan
1596 Creates a 6LoWPAN interface named lowpan0 on the underlying IEEE
1597 802.15.4 device wpan0.
1598 ip link add dev ip6erspan11 type ip6erspan seq key 102 local
1600 fc00:100::2 remote fc00:100::1 erspan_ver 2 erspan_dir ingress
1601 erspan_hwid 17
1602 Creates a IP6ERSPAN version 2 interface named ip6erspan00.
1603
1606 ip(8), ip-netns(8), ethtool(8), iptables(8)
1607
1610 Original Manpage by Michail Litvak <mci@owl.openwall.com>
1611iproute2 13 Dec 2012 IP-LINK(8)