Recipies for using ip link add:

Any decent ip(route2) command will give you some help when typing:

ip link help

Of course this page wouldn't still exist if that was sufficient. More help can be obtained by using:

ip link add type XXX

Where XXX is one of:

• vlan
• macvlan
• gre
• gretap
• veth
• dummy
• ifb

Creating gre-ip encapsulated ethernet tunnels

To link multiple logically separated networks between different locations across a single link, you usually create a vlan-tagged trunk to seperate the different networks. Sometimes you don't have the luxury of having a tag capable switch, or you only have separated networks. Well, gre-ip (starting from 2.6.28) allows you to tunnel ethernet from one ip to another ip. You need an iproute with the correct patches. Anyway: To get help for gre:

ip link add greETH type gretap remote 10.41.1.234 local 10.41.1.173 help

Anything less will give you:

RTNETLINK answers: Operation not supported

So the magic incantation to create a tunnel is:

ip link add greETH type gretap remote 10.41.1.234 local 10.41.1.173

greETH is the name of the ethernet device. The help from iproute type gre(tap):

Usage: ip link { add | set | change | replace | del } NAME
          type { gre | gretap } [ remote ADDR ] [ local ADDR ]
          [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
          [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]

Where: NAME := STRING
       ADDR := { IP_ADDRESS | any }
       TOS  := { NUMBER | inherit }
       TTL  := { 1..255 | inherit }
       KEY  := { DOTTED_QUAD | NUMBER }

The nopmtudisc is to make sure that you won't get the ICMP_NEED_FRAG, which is good, because it makes no sense if you want it to be transparent.

Creating vlans on an ethernet device

The tool to create vlans has always been vconfig. But changes to the kernel allowed for greater flexibility and the use of only the tool ip. The magic incantation to create a vlan device on a normal ethernet device:

ip link add link eth0 name aVlanName type vlan id 666

This create a network device called aVlanName which gets al the traffic from eth0 tagged with the .1Q tag id 666.

Backward compatible with vconfig:

vconfig add eth0 666

is equivalent with either:

ip link add link eth0 name eth0.666 type vlan id 666

or:

ip link add link eth0 name vlan666 type vlan id 666

Help

You can get help by typing:

ip link add link eth0 name test123 type vlan id 667 help

Which delivers:

Usage: ... vlan id VLANID [ FLAG-LIST ]
                          [ ingress-qos-map QOS-MAP ] [ egress-qos-map QOS-MAP ]

VLANID := 0-4095
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG := [ reorder_hdr { on | off } ]
QOS-MAP := [ QOS-MAP ] QOS-MAPPING
QOS-MAPPING := FROM:TO

Creating macvlans on an ethernet device

People always ask why you need macvlans. Because all it does is create a "clone" of the ethernet device with another mac-address. Well part of the ip-stack is that it filters out traffic not intended for that host by matching the mac-address. The specs of a real ethernet device are that it tries to filter out as much traffic as possible, but in the end the host must filter out any traffic not intended for that card. A problem arises, since you can only assign a single main mac-address to an ethernet device, and that one get's checked by the ip stack. So that's it for: to be able to accept traffic unicasted to other mac-addresses like those used in f.i. VRRP.

How to create a macvlan device:

	ip link add link eth0 name aMacvlanDevice type macvlan

This will give you aMacvlanDevice which is a new ethernet device just like eth0.

Backward compatibility with mvconfig

mvconfig enable eth0
mvconfig add eth0 22
ip link set eth0.22 address 00:00:5E:00:01:11

Is equivalent with:

	ip link add link eth0 name eth0#22 address 00:00:5E:00:01:11 type macvlan

00:00:5E:00:01:11 is conveniently a vrrp mac address. (VRRP id 17)

Help

Eh, what? help? Overrated! (No really! I really don't know why it works, I'm grepping the source code. Can't find it. Even strings on the binary....).

Other resources

Working with macvlans for HA: you definitely need this: http://217.196.41.9/public_html/vlarp/ .