Posted inNetwork

Mastering iproute2: Moving Beyond Just Assigning IPs

Network tutorial - IT technology blog
Network tutorial - IT technology blog

It’s Time to Retire ifconfig

Running ifconfig in 2024 is like using a paper map in the age of Google Maps. It still works, but it lacks too much critical information. The iproute2 suite isn’t just a replacement; it’s a powerful ecosystem that lets you dive deep into the Linux kernel’s networking stack.

Two years ago, I managed a server cluster running both IPv4 and IPv6 for about 200 users. The challenge: routing accounting department traffic through a private leased line for security, while other departments used a standard FTTH line. If I had stuck with the old route -n, I would have definitely failed. Here are the “battle-tested” techniques I’ve learned for diagnosing and troubleshooting network connectivity issues on Linux.

Quick Start: Essential Daily Commands

Before diving into complex configurations, you need to master system observation. Don’t let the wall of text overwhelm you.

1. Interface Management (ip link)

Instead of ifconfig, use ip link to inspect the physical layer of your network interface cards.

# List network interfaces with status (UP/DOWN)
ip link show

# Enable eth0 interface instantly
sudo ip link set eth0 up

# Change MAC address to bypass filters (e.g., aa:bb:cc:dd:ee:ff)
sudo ip link set eth0 address aa:bb:cc:dd:ee:ff

2. IP Address Management (ip addr)

An interface can handle multiple IPs. This is extremely useful for Web Servers requiring multiple virtual IPs.

# View detailed IP information
ip addr show

# Assign a secondary IP to eth0
sudo ip addr add 192.168.1.100/24 dev eth0

# Delete IP when no longer needed
sudo ip addr del 192.168.1.100/24 dev eth0

3. Routing Table Management (ip route)

# View current routing table
ip route show

# Add route for a specific network range
sudo ip route add 10.0.0.0/8 via 192.168.1.1 dev eth0

ip link and the MTU Optimization Story

In practice, ip link helps you handle difficult performance issues. One often overlooked parameter is MTU (Maximum Transmission Unit).

When I deployed WireGuard VPN, packets were often padded with an extra 80-byte header. Keeping the default MTU of 1500 caused packet fragmentation. The result? Network speeds dropped by 30-40%. Simply reducing the MTU to 1420 made everything smooth again.

# Set MTU to 1420 for VPN tunnel
sudo ip link set wg0 mtu 1420

# Quickly create VLAN 10 without additional tools
sudo ip link add link eth0 name eth0.10 type vlan id 10

If you need to segment your network further, you can easily create VLAN 10 or other isolated networks using these link commands.

Metric: The Referee of Default Gateways

Does your server have two NICs connected to two different ISPs? Linux will get confused if both have a Default Gateway. This is where metric comes into play.

The lower the Metric, the higher the priority. I usually set Metric 100 for the fiber line (Primary) and 200 for the 4G backup line (Backup).

# Prioritize eth0 (Viettel) over eth1 (VNPT)
sudo ip route add default via 192.168.1.1 dev eth0 metric 100
sudo ip route add default via 10.0.0.1 dev eth1 metric 200

Want to know where a packet is going? Don’t guess. Use ip route get to check the actual path of a packet.

# Check which interface is used to reach Google (8.8.8.8)
ip route get 8.8.8.8

Policy Based Routing (PBR): Advanced Techniques with ip rule

Normally, Linux routes based on the DESTINATION. But with ip rule, you can route traffic based on the SOURCE.

Scenario: A server has 2 Public IPs (ISP1 and ISP2). If a packet arrives from ISP2 but the server responds via ISP1 (due to the default gateway), the ISP’s firewall will immediately drop it. This is an asymmetric routing error.

The solution is to create a separate routing table for ISP2:

# 1. Create a table named 'isp2' (ID 200)
echo "200 isp2" | sudo tee -a /etc/iproute2/rt_tables

# 2. Force the isp2 table to use ISP2's gateway
sudo ip route add default via 10.0.0.1 dev eth1 table isp2

# 3. Rule: If the packet has source IP 10.0.0.50, force it to use the isp2 table
sudo ip rule add from 10.0.0.50 table isp2

This technique is crucial when dealing with Multi-WAN setups or complex Hybrid Cloud clusters.

“Hard-won” Lessons in Networking

After many sleepless nights fixing production networks, I’ve gathered four key takeaways:

  • Save configuration: ip commands evaporate after a reboot. Write them into Netplan (Ubuntu) or /etc/network/interfaces.
  • Replace instead of Add: If you see a “File exists” error, use ip route replace instead of add to quickly update old routes.
  • Priority order: Run ip rule show to see the Priority. The lowest number runs first. Don’t let generic rules (like default) override specific ones.
  • Flush Cache: If routing changes don’t seem to take effect, run sudo ip route flush cache to force the system to update its temporary tables.

Mastering link, route, and rule gives you 80% of the power over Linux networking. Instead of fumbling with a GUI, using commands allows you to troubleshoot much faster over SSH, whether you are managing a server or a basic Linux router.

Share:
Tags: