Linux networking is a vast domain, and the kernel's networking stack is one of the most capable in existence. From simple static IP assignments to complex multi-VLAN bridge configurations with network namespaces, the same kernel primitives power everything from home servers to cloud infrastructure. Docker, Kubernetes, and every major container runtime rely on Linux networking features like namespaces, bridges, and iptables/nftables for their network isolation and connectivity.

This guide covers the networking concepts and tools that every Linux system administrator needs to know, with practical examples you can use immediately.

The ip Command: Your Primary Network Tool

The ip command from the iproute2 package has replaced the older ifconfig, route, and netstat commands. It is the single tool for managing addresses, routes, links, and network namespaces:

# Show all interfaces with addresses
ip addr show
ip a                  # Short form

# Show a specific interface
ip addr show dev eth0

# Add an IP address
ip addr add 192.168.1.100/24 dev eth0

# Remove an IP address
ip addr del 192.168.1.100/24 dev eth0

# Bring an interface up/down
ip link set eth0 up
ip link set eth0 down

# Show link layer information
ip link show
ip -s link show       # With statistics (packets, bytes, errors)

# Change MTU
ip link set eth0 mtu 9000

Routing

# Show routing table
ip route show
ip r                  # Short form

# Add a default gateway
ip route add default via 192.168.1.1

# Add a static route
ip route add 10.0.0.0/8 via 192.168.1.254
ip route add 172.16.0.0/16 via 192.168.1.254 dev eth0

# Delete a route
ip route del 10.0.0.0/8

# Show the route to a specific destination
ip route get 8.8.8.8

# Policy-based routing (multiple routing tables)
ip rule add from 192.168.1.0/24 table 100
ip route add default via 10.0.0.1 table 100

Neighbor (ARP) Table

# Show ARP table
ip neigh show
ip n                  # Short form

# Add a static ARP entry
ip neigh add 192.168.1.1 lladdr aa:bb:cc:dd:ee:ff dev eth0

# Flush ARP cache
ip neigh flush all

Network Namespaces

Network namespaces provide complete network stack isolation. Each namespace has its own interfaces, routes, firewall rules, and socket bindings. This is the foundation of container networking:

# Create a network namespace
ip netns add ns1
ip netns add ns2

# List namespaces
ip netns list

# Run a command in a namespace
ip netns exec ns1 ip addr show
ip netns exec ns1 bash     # Shell inside the namespace

# Create a veth pair (virtual ethernet cable)
ip link add veth0 type veth peer name veth1

# Move one end to the namespace
ip link set veth1 netns ns1

# Configure addresses
ip addr add 10.0.0.1/24 dev veth0
ip link set veth0 up

ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1
ip netns exec ns1 ip link set veth1 up
ip netns exec ns1 ip link set lo up

# Test connectivity
ip netns exec ns1 ping 10.0.0.1

# Delete a namespace
ip netns del ns1
Tip: Docker creates a network namespace for each container. You can inspect a container's namespace with nsenter or by using docker exec. Understanding namespaces helps you debug container networking issues at the host level.

Linux Bridges

A Linux bridge is a virtual Layer 2 switch. It connects multiple network interfaces and forwards frames between them based on MAC addresses:

# Create a bridge
ip link add name br0 type bridge

# Add interfaces to the bridge
ip link set eth1 master br0
ip link set eth2 master br0

# Assign an IP to the bridge (for management)
ip addr add 192.168.1.1/24 dev br0

# Bring everything up
ip link set br0 up
ip link set eth1 up
ip link set eth2 up

# Show bridge information
bridge link show
bridge fdb show       # Forwarding database (MAC table)

# Enable STP (Spanning Tree Protocol)
ip link set br0 type bridge stp_state 1

# Show STP status
bridge link show dev br0

Docker's default bridge network (docker0) is a Linux bridge. Each container's veth pair has one end attached to this bridge:

# See Docker's bridge and connected containers
bridge link show dev docker0
ip addr show docker0

VLANs

VLANs (Virtual LANs) segment a physical network into isolated broadcast domains using 802.1Q tagging:

# Create a VLAN interface
ip link add link eth0 name eth0.100 type vlan id 100
ip link add link eth0 name eth0.200 type vlan id 200

# Assign addresses
ip addr add 10.100.0.1/24 dev eth0.100
ip addr add 10.200.0.1/24 dev eth0.200

# Bring up
ip link set eth0.100 up
ip link set eth0.200 up

# Show VLAN details
cat /proc/net/vlan/eth0.100

VLANs with systemd-networkd

# /etc/systemd/network/10-eth0.network
[Match]
Name=eth0

[Network]
VLAN=eth0.100
VLAN=eth0.200

# /etc/systemd/network/20-vlan100.netdev
[NetDev]
Name=eth0.100
Kind=vlan

[VLAN]
Id=100

# /etc/systemd/network/21-vlan100.network
[Match]
Name=eth0.100

[Network]
Address=10.100.0.1/24

Network Bonding

Bonding combines multiple physical interfaces into a single logical interface for redundancy or increased throughput:

# Load the bonding module
modprobe bonding

# Create a bond interface
ip link add bond0 type bond mode 802.3ad

# Configure bond parameters
ip link set bond0 type bond miimon 100 lacp_rate fast

# Add slave interfaces
ip link set eth0 down
ip link set eth1 down
ip link set eth0 master bond0
ip link set eth1 master bond0

# Configure and bring up
ip addr add 192.168.1.10/24 dev bond0
ip link set bond0 up

# Check bond status
cat /proc/net/bonding/bond0
Bond Mode Name Use Case
0 balance-rr Round-robin load balancing
1 active-backup Failover (most common for servers)
2 balance-xor XOR hash load balancing
4 802.3ad LACP (requires switch support)
5 balance-tlb Adaptive transmit load balancing
6 balance-alb Adaptive load balancing (TX and RX)

DNS Resolution

Understanding how Linux resolves hostnames is essential for troubleshooting connectivity issues:

# The resolution order is defined in /etc/nsswitch.conf
# hosts: files dns mymachines
# This means: check /etc/hosts first, then DNS

# /etc/resolv.conf - DNS resolver configuration
nameserver 1.1.1.1
nameserver 8.8.8.8
search example.com
options timeout:2 attempts:3

# If using systemd-resolved:
# /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
# The stub resolver listens on 127.0.0.53

# Check systemd-resolved status
resolvectl status
resolvectl query example.com

# Flush DNS cache
resolvectl flush-caches

Network Configuration Systems Compared

System Distribution Config Location Strengths
systemd-networkd Arch, Fedora, servers /etc/systemd/network/ Lightweight, no extra deps, good for servers
NetworkManager Most desktop distros /etc/NetworkManager/ Desktop-friendly, VPN support, GUI
netplan Ubuntu /etc/netplan/ YAML config, backends to networkd or NM
/etc/network/interfaces Debian (legacy) /etc/network/interfaces Simple, well-understood, legacy

netplan Example (Ubuntu)

# /etc/netplan/01-config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]
        search: [example.com]

# Apply
netplan apply
netplan try    # Apply with automatic rollback on disconnect

Troubleshooting Tools

ss -- Socket Statistics

# Show all listening ports
ss -tlnp                      # TCP, listening, numeric, process

# Show established connections
ss -tnp                       # TCP, numeric, process

# Show UDP listeners
ss -ulnp

# Filter by port
ss -tlnp | grep :8080
ss -tlnp 'sport == :443'

# Show socket memory usage
ss -tm

# Count connections by state
ss -s

dig -- DNS Queries

# Basic lookup
dig example.com

# Query specific record type
dig example.com MX
dig example.com NS
dig example.com TXT

# Use a specific DNS server
dig @1.1.1.1 example.com

# Trace the resolution path
dig +trace example.com

# Short output
dig +short example.com

# Reverse DNS lookup
dig -x 93.184.216.34

traceroute and mtr

# Trace the path to a host
traceroute example.com
traceroute -n example.com      # Skip DNS resolution

# Using TCP instead of ICMP (bypasses some firewalls)
traceroute -T -p 443 example.com

# mtr combines ping and traceroute (better for ongoing monitoring)
mtr example.com
mtr --report example.com       # Report mode (run and exit)

tcpdump -- Packet Capture

# Capture all traffic on an interface
tcpdump -i eth0

# Capture specific traffic
tcpdump -i eth0 port 80
tcpdump -i eth0 host 192.168.1.100
tcpdump -i eth0 'tcp port 443 and host 10.0.0.5'

# Write to file for Wireshark analysis
tcpdump -i eth0 -w /tmp/capture.pcap

# Capture Docker bridge traffic
tcpdump -i docker0 -n
Warning: Running tcpdump without filters on a busy server can produce enormous amounts of data and impact performance. Always use filters and consider writing to a file with a size or count limit: tcpdump -i eth0 -w capture.pcap -c 10000.

When managing container networking across multiple hosts, usulnet provides a unified view of Docker network configurations, port mappings, and container connectivity, making it easier to troubleshoot networking issues that span multiple servers.

Remember: Linux networking is hierarchical. Start troubleshooting from the bottom up: check the link layer (ip link), then addressing (ip addr), then routing (ip route), then DNS (dig), then the application layer (ss, curl). Most networking problems become obvious when you methodically check each layer.