Demystifying ifconfig and network interfaces in Linux
This post explains ifconfig output of common developer’s box, paying special attention to parameters poorly explained in official documentation. It also slightly touches Linux network interfaces.
ifconfig
ifconfig is a command line tool for UNIX-like systems that allows for diagnosing and configuring network interfaces. At boot time, it sets up network interfaces such as Loopback and Ethernet. Most of the time, however, ifconfig is used for network diagnostics.
Before diving into details of its output, let’s first make clear what is an interface.
network interface
A network interface is a software interface to networking hardware. Linux kernel distinguishes between two types of network interfaces: physical and virtual.
Physical network interface represents an actual network hardware device such as network interface controller (NIC). In practice, you’ll often find eth0 interface, which represents Ethernet network card.
Virtual network interface doesn’t represent any hardware device and is usually linked to one. There are different kinds of virtual interfaces: Loopback, bridges, VLANs, tunnel interfaces and so on. With proliferation of software defined networks, virtual interfaces become wildly used.
Demystifying ifconfig output
Let’s have a look at ifconfig output for a developer’s box with installed Ubuntu and Docker.
$ ifconfig docker0 Link encap:Ethernet HWaddr 02:42:2d:66:fc:f1 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:2dff:fe66:fcf1/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:152 (152.0 B) TX bytes:258 (258.0 B) eth0 Link encap:Ethernet HWaddr 08:00:27:31:65:b5 inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::3db9:eaaa:e0ae:6e09/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1089467 errors:0 dropped:0 overruns:0 frame:0 TX packets:508121 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:903808796 (903.8 MB) TX bytes:31099448 (31.0 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:9643 errors:0 dropped:0 overruns:0 frame:0 TX packets:9643 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:719527 (719.5 KB) TX bytes:719527 (719.5 KB) interfaces
There are 3 network interfaces on the box:
eth0 is a physical interface representing Ethernet network card. It’s used for communication with other computers on the network and on the Internet.
lo is a special virtual network interface called loopback device. Loopback is used mainly for diagnostics and troubleshooting, and to connect to services running on local host.
docker0 is a virtual bridge interface created by Docker. This bridge creates a separate network for docker containers and allows them to communicate with each other.
interface details
Let’s look closely at details of ifconfig output:
Link encap shows how packets are encapsulated for transmission. Most interfaces wrap packets in Ethernet frames.
HWaddr is hardware address of the ethernet interface (also known as MAC address).
inet addr is IPv4 address assigned to the interface.
Bcast is broadcast address for the interface.
Mask is network mask for the interface.
inet6 addr is IPv6 address assigned to the interface.
Scope is scope of IPv6 address. It can be link-local or global. Link-local address is used in local area network and is not routable. Global address is routable.
UP indicates that kernel modules related to the interface have been loaded and interface is activated.
BROADCAST indicates that interface is configured to handle broadcast packets, which is required for obtaining IP address via DHCP.
RUNNING indicates that interface is ready to accept data.
MULTICAST indicates that interface supports multicasting.
MTU is maximum transmission unit. IP datagrams larger than MTU bytes will be fragmented into multiple Ethernet frames.
Metric determines the cost of using the interface. Interfaces with lower cost have higher priority.
interface stats
RX packets is a total number of packets received.
RX errors shows a total number of packets received with error. This includes too-long-frames errors, ring-buffer overflow errors, CRC errors, frame alignment errors, fifo overruns, and missed packets.
RX dropped is a number of dropped packets due to unintended VLAN tags or receiving IPv6 frames when interface is not configured for IPv6.
RX overruns is a number of received packets that experienced fifo overruns, caused by rate at which a buffer gets full and kernel isn’t able to empty it.
RX frame is a number of misaligned frames, i.e. frames with length not divisible by 8.
TX packets is total number of packets transmitted.
TX errors , TX dropped and TX overruns are similar to RX equivalents.
TX carriers is a number of packets that experienced loss of carriers. This usually happens when link is flapping.
TX collisions is a number of transmitted packets that experienced Ethernet collisions.
TX txqueuelen is length of transmission queue.
RX bytes is a total number of bytes received over interface.
TX bytes is a total number of bytes transmitted over interface.
Summary
Despite being superseded by ip command, ifconfig is still commonly used and provides lots of useful details about network interfaces, both physical and virtual.
Good detailed explanation of /etc/network/interfaces syntax?
I understood the very basic concept of how to use /etc/network/interfaces , but all I find online are examples, example after example, which I can copy-paste from. What I miss is an explanation of the syntax, an explanation of the meaning of the commands and which order the commands require. I want to understand, because most of the time copy-paste is not enough, because I’m not working on a fresh machine, so I can’t just overwrite existing configurations because it would break a lot of stuff. man interfaces was not very helpful since it is written very complicated. Example questions I have: what does inet in an iface line mean exactly (I could not even find it in the manpage), what does manual in an iface line mean exactly (many examples use it, but according to manpage it needs an extra config file then, which the examples don’t present), when do I use or need them? When not? When I create a bridge, what exactly happens to the interfaces?
The man page says what comes after the interface name is the address family that the interface uses. «inet» is the name for IPv4, inet6 for ipv6. There’s also ipx, x25, appletalk. though ifupdown only deal with inet/inet6/ipx as the man page explains. manual means that ifupdown don’t do anything about them, you have to do it yourself manually.
4 Answers 4
Well, let’s separate it into pieces, to make it easier to understand /etc/network/interfaces :
Link layer+interface type options (generally the first of each interface stanza and called address family + method by interfaces(5) manpages):
auto interface – Start the interface(s) at boot. That’s why the lo interface uses this kind of linking configuration.
allow-auto interface – Same as auto
allow-hotplug interface – Start the interface when a «hotplug» event is detected. In the real world, this is used in the same situations as auto but the difference is that it will wait for an event like «being detected by udev hotplug api» or «cable linked». See «Related Stuff(hotplug)» for additional info.
These options are pretty much «layer 2» options, setting up link states on interfaces, and are not related with «layer 3» (routing and addressing). As an example you could have a link aggregation where the bond0 interface needs to be up whatever the link state is, and its members could be up after a link state event:
auto bond0 iface bond0 inet manual down ip link set $IFACE down post-down rmmod bonding pre-up modprobe bonding mode=4 miimon=200 up ip link set $IFACE up mtu 9000 up udevadm trigger allow-hotplug eth0 iface eth0 inet manual up ifenslave bond0 $IFACE down ifenslave -d bond0 $IFACE 2> /dev/null allow-hotplug eth1 iface eth1 inet manual up ifenslave bond0 $IFACE down ifenslave -d bond0 $IFACE 2> /dev/null So, this way I create a link aggregation and the interfaces will be added to it and removed on cable link states.
Most common interface types:
All options below are a suffix to a defined interface ( iface ). Basically the iface eth0 creates a stanza called eth0 on an Ethernet device. iface ppp0 should create a point-to-point interface, and it could have different ways to acquire addresses like inet wvdial that will forward the configuration of this interface to wvdialconf script. The tuple inet / inet6 + option will define the version of the IP protocol that will be used and the way this address will be configured ( static , dhcp , scripts . ). The online Debian manuals will give you more details about this.
Options on Ethernet interfaces:
inet static – Defines a static IP address.
inet manual – Does not define an IP address for an interface. Generally used by interfaces that are bridge or aggregation members, interfaces that need to operate in promiscuous mode (e.g. port mirroring or network TAPs), or have a VLAN device configured on them. It’s a way to keep the interface up without an IP address.
inet dhcp – Acquire IP address through DHCP protocol.
inet6 static – Defines a static IPv6 address.
# Eth0 auto eth0 iface eth0 inet manual pre-up modprobe 8021q pre-up ifconfig eth0 up post-down ifconfig eth0 down # Vlan Interface auto vlan10 iface vlan10 inet static address 10.0.0.1 netmask 255.255.255.0 gateway 10.0.0.254 vlan-raw-device eth0 ip_rp_filter 0 This example will bring eth0 up, and create a VLAN interface called vlan10 that will process the tag number 10 on an Ethernet frame.
Common options inside an interface stanza(layer 2 and 3):
address – IP address for a static IP configured interface
netmask – Network mask. Can be omitted if you use cidr address. Example:
iface eth1 inet static address 192.168.1.2/24 gateway 192.168.1.1 gateway – The default gateway of a server. Be careful to use only one of this guy.
vlan-raw-device – On a VLAN interface, defines its «father».
bridge_ports – On a bridge interface, define its members.
down – Use the following command to down the interface instead of ifdown .
post-down – Actions taken right after the interface is down.
pre-up – Actions before the interface is up.
up – Use the following command to up the interface instead of ifup . It is up to your imagination to use any option available on iputils . As an example we could use up ip link set $IFACE up mtu 9000 to enable jumbo frames during the up operation(instead of using the mtu option itself). You can also call any other software like up sleep 5; mii-tool -F 100baseTx-FD $IFACE to force 100Mbps Full duplex 5 seconds after the interface is up.
hwaddress ether 00:00:00:00:00:00 — Change the mac address of the interface instead of using the one that is hardcoded into rom, or generated by algorithms. You can use the keyword random to get a randomized mac address.
dns-nameservers – IP addresses of nameservers. Requires the resolvconf package. It’s a way to concentrate all the information in /etc/network/interfaces instead of using /etc/resolv.conf for DNS-related configurations. Do not edit the resolv.conf configuration file manually as it will be dynamically changed by programs in the system.
dns-search example.net – Append example.net as domain to queries of host, creating the FQDN. Option domain of /etc/resolv.conf
wpa-ssid – Wireless: Set a wireless WPA SSID.
mtu — MTU size. mtu 9000 = Jumbo Frame. Useful if your Linux box is connected with switches that support larger MTU sizes. Can break some protocols(I had bad experiences with snmp and jumbo frames).
wpa-psk – Wireless: Set a hexadecimal encoded PSK for your SSID.
ip_rp_filter 1 — Reverse path filter enabled. Useful in situations where you have 2 routes to a host, and this will force the packet to come back from where it came(same interface, using its routes). Example: You are connected on your lan( 192.168.1.1/24 ) and you have a dlna server with one interface on your lan( 192.168.1.10/24 ) and other interface on dmz to execute administrative tasks( 172.16.1.1/24 ). During a ssh session from your computer to dlna dmz ip, the information needs to come back to you, but will hang forever because your dlna server will try to deliver the response directly through it’s lan interface. With rp_filter enabled, it will ensure that the connection will come back from where it came from. More information here.
Some of those options are not optional. Debian will warn you if you put an IP address on an interface without a netmask, for example.
You can find more good examples of network configuration here.
Related Stuff:
Links that have information related to /etc/network/interfaces network configuration file: