Modern Linux Networking with ip and iproute2 (Stop Using ifconfig)
ifconfig and route have been deprecated for years. Here's the iproute2 toolset every Linux admin should know, with the ip commands that replace the old ones.
- #linux
- #networking
- #iproute2
- #ip-command
- #routing
- #troubleshooting
I still catch myself typing ifconfig out of muscle memory after 25 years, and on a modern box it usually isn’t even installed. The net-tools package — ifconfig, route, netstat, arp — has been deprecated for over a decade in favor of iproute2. The replacements aren’t just renames; they expose things net-tools literally cannot show you, like multiple addresses per interface, policy routing, and network namespaces. Here’s the working subset I actually use.
The mental model: ip OBJECT COMMAND
Everything in iproute2 follows ip OBJECT COMMAND. The objects you’ll use daily are addr, link, route, and neigh. Once that clicks, the whole tool is discoverable.
ip addr # addresses (replaces ifconfig)
ip link # interfaces, up/down, MTU, MAC
ip route # the routing table (replaces route)
ip neigh # the ARP/neighbor table (replaces arp)
Every object accepts -br for brief columnar output, which is what you want when scanning:
ip -br addr
ip -br link
Addresses: ifconfig’s replacement
To see addresses:
ip addr show # all interfaces
ip addr show dev eth0 # one interface
Note that one interface can have many addresses — iproute2 shows them all, where ifconfig showed one and a hidden “alias.” To add and remove:
sudo ip addr add 10.0.0.50/24 dev eth0
sudo ip addr del 10.0.0.50/24 dev eth0
These are runtime changes that vanish on reboot. For persistence, use your distro’s network layer — netplan, NetworkManager, or systemd-networkd. The ip command is for diagnosis and for temporary fixes, not config-of-record.
Links: up, down, MTU, MAC
ip link show
sudo ip link set eth0 up
sudo ip link set eth0 down
sudo ip link set eth0 mtu 9000 # jumbo frames
sudo ip link set eth0 address 02:11:22:33:44:55
The MTU one matters more than people think. A mismatched MTU across a path causes the maddening “small requests work, large transfers hang” class of bug, because path-MTU discovery gets black-holed. When TLS handshakes succeed but bulk downloads stall, check MTU end to end.
Routing: the table that decides everything
ip route # main routing table
ip route get 8.8.8.8 # which route WOULD be used for this dest
ip route get is the single most useful diagnostic in the whole suite. It tells you the exact route, source address, and outgoing interface the kernel would pick for a destination — answering “why is this traffic leaving the wrong interface?” without guessing.
Adding routes at runtime:
sudo ip route add 192.168.50.0/24 via 10.0.0.1 dev eth0
sudo ip route add default via 10.0.0.1
sudo ip route del 192.168.50.0/24
Policy routing: the thing ifconfig never had
On multi-homed boxes you often need “traffic from this source uses this gateway.” That’s policy routing, and iproute2 is the only way to do it. You add a routing table and a rule that selects it:
echo "200 uplink2" | sudo tee -a /etc/iproute2/rt_tables
sudo ip route add default via 203.0.113.1 table uplink2
sudo ip rule add from 203.0.113.10 table uplink2
ip rule show
This is how you avoid asymmetric-routing drops on dual-WAN servers. If a server has two public IPs and replies leave via the wrong gateway, a from rule fixes it cleanly.
The neighbor table and connections
ARP lives under neigh:
ip neigh show
sudo ip neigh flush dev eth0 # clear stale entries after a failover
And netstat is replaced by ss, which is dramatically faster on busy boxes:
ss -tulpn # listening TCP/UDP sockets with process names
ss -tan state established | wc -l # count established connections
ss -ti dst 10.0.0.5 # detailed TCP info per connection
ss -ti exposes congestion window, RTT, and retransmits — data you need to diagnose “the network is slow” complaints that turn out to be packet loss.
Network namespaces in one breath
iproute2 also manages network namespaces, which is the foundation containers are built on:
sudo ip netns add testns
sudo ip netns exec testns ip addr # run a command inside the namespace
sudo ip netns del testns
Understanding this makes container networking far less magical — a container’s network is just a namespace with a virtual-ethernet pair into it.
A cheat sheet from net-tools to iproute2
| Old (net-tools) | New (iproute2) |
|---|---|
ifconfig | ip addr, ip link |
route -n | ip route |
arp -a | ip neigh |
netstat -tulpn | ss -tulpn |
netstat -rn | ip route |
Print that, tape it to your monitor for a week, and the muscle memory rewires itself.
Where AI helps
The hard part of iproute2 isn’t the commands, it’s reading a complex routing setup — multiple tables, rules, and namespaces — and reasoning about which path a packet takes. Paste your ip route, ip rule, and a failing ip route get into a model and ask it to trace the decision; it’s good at that kind of deterministic reasoning. I keep a few Linux admin prompts for exactly these “explain this routing table” tasks.
Switching from net-tools to iproute2 isn’t busywork. It’s the difference between seeing a partial, single-address view of your network and seeing what the kernel actually does. Learn ip route get first, then the rest follows.
Generated commands and configs are assistive, not authoritative. Always verify against your own systems before applying changes in production.
Download the Free 500-Prompt DevOps AI Toolkit
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.