Over the recent years a new tool, named ip, has appeared with a purpose of administering the network configurations of a Linux operating system. This tool, along with its related tools, form the 'iproute2' suite of tools and provide the same or similar functions to the existing tools that administer the network configurations such as; ifconfig, route and arp (net-tools). This report will evaluate the functions of ip and compare them to their 'old' counterparts. The report will also discuss whether the new tools provide an improvement over the existing tools.
Purpose of ip
Iproute2, which includes the ip command, replaces the aging 'net-tools' suite of commands. Both these suites of commands provide the tools to administer and configure network settings on a Linux based machine. Iproute2 replaces the net-tools command set with a more unified set of commands as shown below.
Purpose of command
New 'ip' command
Address & Link Configuration
ip addr, ip link
As shown the new ip command provides a more consistent set of tools to use for the network configuration and replaces the tool set which has gradually grown over the course of Linux development. Ip is mainly used to display or manipulate routing, policy routing, tunnels and network devices on a Linux machine. The new ip commands are very similar in use to the depreciated net-tools. The new commands are designed so that a user may quickly learn to use the new tools without having to spend a long time learning the new toolset. The new commands also prove similar to the commands used by Cisco configurations therefore providing a more common platform that some administrators may be more comfortable with. (Siever, et al., 2009)
When entering ip commands into the command line, each command may be shortened to the shortest unique set of characters, for example 'ip addr' can be entered as 'ip a' or 'ip route show' may be shortened to 'ip ro s'. Whilst these may cause significant confusion in documentation, especially across a range of sources, it can prove extremely useful for a systems administrator using the commands. (Juncu, 2012)
Address and Link Configuration (ip addr & ip link)
Using net-tools the ifconfig command is used to configure the settings related to IP address for a system and the related links between such systems. Using the new iproute2 suite of tools these tasks are given to ip addr and ip link respectively.
Both the 'ifconfig' and 'ip addr' commands produce similar outputs that display similar information. Ifconfig shows slightly more in terms of packets sent/received using the basic command.
Ip addr also provides the replacement functionality in order to add/remove IP address (including IPv6) and to enable/disable multicast mode
Routing Tables (ip route)
Configuring routing tables is an important part of administering a Linux network. The 'route' command handles this configuration using the net-tools suite, which is now replaced with 'ip route' from the iproute2 suite. Both of these commands are used in order to alter the routing tables on a Linux system. The basic command to show the current hosts routing table is 'route'. Within iproute2 the ip command is 'ip route'.
As iproute2 allows for multiple routing tables, it is important to note that where the old 'route' command would only work on the main routing table (254), the new 'ip route' command will work on the default main table (unless otherwise specified).
The 'ip route' command can be used in conjunction with the 'ip rule' command in order to create a stateless NAT table.
Neighbours (ip neigh)
Under the iproute2 suite of tools, 'ip neigh' is used in order to produce the neighbour table (ARP Cache) and to insert and remove entries to the table. 'Arp -n' displays the arp cache when using net-tools which has been replaced by 'ip neighbour show'.
On occasion when the situation requires only a specific interface to be shown, 'ip neighbour show dev eth0' can be used so that only the specified interface's arp table is shown, in this case 'eth0'. This can also be done for a particular network as opposed to interface, using the command 'ip neighbour show 10.10.25.0/24'. This would display the arp cache for only the 10.10.25.0/24 network.
The ip neighbour command also provides the function to map a static entry to the table. This may be done with the 'ip neighbour add' command. When this command is used to map a permanent entry to the ARP cache then all packets that were destined for the chosen IP address would be routed to a particular link layer address that relates to the specified entry in the ARP cache. This process cannot be overridden by ARP, and as such to cease the re-routing then you would have to remove the entry using 'ip neighbor delete'. (Brown, 2007)
New Functions Provided by iproute2
Iproute2 provides two noteworthy additional functions not provided by net-tools. The first is the addition of traffic control. This allows for the administration of traffic shaping, policing and incorporation of queuing policies. The second additional function is the ability to have multiple routing tables, thus being able to enable policy based routing (PBR).
Within the Linux environment, the 'tc' command is used to configure traffic control. Traffic control includes the following functions: (Hubert, 2001)
Shaping is utilised within traffic control in order to manage the rate of transmission. This may well include more than simply reducing the amount of bandwidth that is available to be used, but also includes managing the bursts of traffic in order to provide a more stable and better performing network.
Traffic control shaping includes using a method called queue discipline. Queue discipline (qdisc) is a set of rules that control the sequence in which arriving packets are dealt with. According to Scott Seong, queue discipline works in a similar way to a restaurant or an emergency department. A restaurant would generally use a first-in-first-out strategy, where the customers who have queued the longest get the next available table. Where as an emergency room, when a patient arrives they would be assessed and the patient with the most severe case would be seen to first. (Seong, n.d.)
This is simply an example of a possible real world scenario. Within traffic control queue disciple a much stricter and more in depth set of rules must be consulted and assessed in order to determine the appropriate action for an incoming packet.
Policing works in a similar way to shaping, however policing deals with the inbound traffic. Policing is simply a means by which network based traffic may be restricted. Policing may allow all network traffic up to a pre-set limit, after which it will begin to intervene on the incoming traffic. This may involve dropping the traffic, as mentioned below, or alternatively reclassifying the traffic so that it avoids the consequences of being dropped. (Brown, 2006)
Scheduling is used so that bandwidth can be best utilised by the traffic that requires it, whilst still guaranteeing that there is bandwidth available for bulk transfers.
Dropping is used so that should traffic either arriving or leaving exceed a designated bandwidth, then the traffic will be dropped. This helps to ensure that the traffic profile is being complied with. (Black, et al., 1998)
Multiple Routing Tables
iproute2 includes the ability to manage multiple routing tables, something which net-tools lacked. By utilising multiple routing tables you then have the ability to implement policy based routing (PBR). The 'ip route' and 'ip rule' commands may be used to administer multiple tables. There are two default tables, main and local. After these the Linux system allows for a further 252 additional routing tables to be created.
By permitting multiple traditional routing tables to be linked to the routing policy database the Linux system allows for support of a common interface whilst at the same time increasing its routing capabilities. (Brown, 2007) When using this method the system will still work in the same way as it would before, however you are simply given the choice of multiple routing tables.
Drawbacks of the New Software
Whilst the new software provides the same or similar function to the old software, and whilst is has it benefits, it does have some downsides of its own. The new set of tools within iproute2 is very strongly integrated to a Linux system and cannot be incorporated or used in other operating systems. This may create problems for users native to other operating systems; ifconfig and route for example are similar in use and appearance to the relevant commands on other operating systems. In contrast the iproute2 set of commands are unique and may provide problems for users inexperienced with the Linux operating system.
Another potential problem is where system administrators chose to administer machines via remote locations using SSH for example. Should an administrator attempt to use ip commands on a machine where iproute2 is not installed then they may encounter problems and have to revert to the old net-tools.
Users may also encounter a problem when reading tutorials or articles relating to network administration on a Linux platform. Many articles, books, web pages and tutorial continue to use the 'old' suite of tools when referring to network administration. This can cause problems for potential users of iproute2 as they continue to be exposed to the legacy tools when reading about chosen topics. (Miller, 2012)
A major limitation of the net-tools suite is the abcense of full support for IPv6.
A limitation of the net-tools suite is the in-ability to have multiple routing tables. With the new iproute2 set of commands, using 'ip route' it is possible to create and configure multiple routing tables on a single system. By enabling this feature it provides several benefits including the ability to configure a policy for routing which is based on the IP address of the source of transmission. This is often called policy based routing (PBR). (Heckman, 2011)
Iproute2 provides a step-up from the existing net-tools suite available to Linux. Whilst it has its problems, though relatively minor, it does provide good functionality in order to replace the legacy net-tools. IProute2 offers ip, which provides a consistent and common command set for administering the network interfaces and controlling routing on Linux distributions. Another potential benefit to convert an administrator to iproute2 is its similarity to the Cisco commands. This would mean there is a more common platform to work with across different operating systems.
An administrator who is considering the potential change to iproute2 must consider whether or not it is right for them and their organisation. Some administrators may be more comfortable using the 'old net-tools' and as such may wish to stick with them for the foreseeable future. As it stands at the moment, plenty of people and organisations still regularly use net-tools and a small number of groups continue to maintain them. As such it entirely dependant on the person to make the choice as to whether they feel the change to iproute2 is necessary.