Good Neighbors

Another useful option is neighbor. It lets admins display and manipulate the IPv4 ARP cache and the IPv6 NDISC cache [3]. NDISC replaces the ARP mechanism in IPv6. The command

ip neighbor show

returns all cached mappings between MAC addresses and logical addresses for both IPv4 and IPv6. To restrict your results to one protocol, add -4 or -6 (e.g., -4 ip neighbor show).

In some situations, static addressing assignments are useful (e.g., to make address spoofing more difficult). Additionally, selectively preventing access to hosts with an intentionally incorrect link-layer address means a host cannot be addressed. If you want to assign the IP address 10.1.1.1 to a fixed MAC address of 00:d0:a7:b1:c7:de on eth1, the following command will do the trick:

ip neigh add 10.1.1.1 lladdr 00:d0:a7:b1:c7:de dev eth1 nud perm

Here, nud stands for Neighbor Unreachability Detection, a mechanism that was introduced in IPv6 but that can also set the status of an entry in IPv4. Conversely, an entry can also be removed using:

ip neigh del 10.1.1.1 dev eth1

The IPRoute2 toolbox is extremely comprehensive; ip alone contains a seemingly endless number of possibilities and options.

More Options for ip

The ip route command lets you view and manipulate the kernel routing table. For example, ip route show displays the IPv4 routing table, and ip -6 route show generates the same output for IPv6. A static route, say, for the prefix 200.1.1.0/24 via the next hop at 10.1.1.254 , can be created with the command:

ip route add 200.1.1.0/24 via 10.1.1.254

Similarly, you can delete or modify routes or even configure forbidden paths. This approach applies equally to IPv4 and IPv6, of course.

With ip, you also can adjust the multicast properties, configure different types of tunnels, and manipulate the Routing Policy Database (RPDB) [4], which determines the routing table used to forward a packet.

Traffic Shaping

Beyond ip, IPRoute2 offers several other ways of manipulating network traffic – in particular, the tc (Traffic Control) tool. With tc, you can manage QoS and traffic shaping, which is based on queuing mechanisms, wherein individual queues (interface queues) are assigned to certain traffic. On the basis of the IP QoS mechanisms, which set an appropriate value in the Type of Service (ToS) byte in the IP header, each packet can be assigned to a particular queue, which, in turn, is associated with a predetermined processing priority.

In this way, the Linux kernel can ensure that a certain amount of bandwidth is reserved for important traffic flows, and that less important traffic is limited at the same time. The concept of traffic shaping relies on various mechanisms, including CBQ [5], wherein the traffic is divided into different classes that are then prioritized.