mjhjmtu

Let's say I ran quite a few ip commands and ended up with a required network configuration, but I didn't save the command history.

Instead of rewriting commands in a file or script again, is there a way to dump/save the state of network configuration like iptables-save or mysqldump and so, later we can restore?

I see similar thing is possible with netnsh in windows (not sure if it's exactly the kind of solution I am looking for..havne't gone through it, but it seems like it dumps the network configuration state).

But I can't find any option in Linux (especially CentOS/RHEL)

Some support does exist for saving addresses, routes and rules, using iproute2's ip command.

For obvious reason, this doesn't exist for links, even if one could imagine the possibility to save some virtual links, not all ("saving" a single side of a veth-pair link with its peer accross an other network namespace? not gonna happen...), or being able to save a bridge's and bridge's ports configurations including vlan etc., this doesn't appear to exist currently.

Existing commands are:

ip address save
ip address restore
ip route save
ip route restore
ip rule save
ip rule restore

The dump format is binary and the commands will refuse to save to or restore from a tty.

I suggest restoring addresses before routes (rules can be done at any order), or most saved routes won't be restored because they can't satisfy routing conditions depending on addresses. Warning: of course all flush commands below will likely disrupt network connectivity until the restore is done, so this should be avoided from remote network access (or be done in other network namespaces).

• 
  

  ip address save / ip address restore

  
  
  

  So to copy addresses from a simple network namespace orig's configuration having a dummy0 interface (to keep the example simple) to a namespace copy:

  
  
  

  ip netns add orig
  ip netns exec orig sh << 'EOF'
  ip link add dummy0 type dummy
  ip address add dev dummy0 192.0.2.2/24
  ip address add dev dummy0 2001:db8:0:1::2/64
  ip link set dummy0 up
  ip address save > /tmp/address
  EOF
  
  ip netns add copy
  ip netns exec copy sh << 'EOF'
  ip link add dummy0 type dummy
  ip link set dummy0 up
  ip address restore < /tmp/address
  ip -br address
  EOF
  

  
  
  

  will give for example this result:

  
  
  

  lo DOWN 
  dummy0 UNKNOWN 192.0.2.2/24 2001:db8:0:1::2/64 fe80::68e3:bdff:feb0:6e85/64 fe80::e823:d1ff:fe8c:3a15/64 
  

  
  
  

  Note: that previous automatic IPv6 link-local (scope link) address was also saved, and is thus restored, leading to an additional (and wrong) IPv6 link-local address, because the link/ether address (here in orig 6a:e3:bd:b0:6e:85) on which is based the IPv6 link-local address is not saved and thus not restored (leaving here the in copy the other random MAC ea:23:d1:8c:3a:15 on dummy0). So care should actually be done to separately save and copy the MAC address of such virtual interfaces if it really matters, or prune after some addresses for physical interfaces.

  
  
  

  You should probably flush all addresses before restoring them to avoid leaving old ones if the environment wasn't a "clean slate". Contrary to routes below, I couldn't find a simple way to flush all of them in one command without having to state an interface. Using those two should be good enough:

  
  
  

  ip address flush permanent
  ip address flush temporary
  

  
  

On the same principle, routes and rules can be saved and restored:

• 
  

  ip route save / ip route restore

  
  
  

  There's a trick. ip route save will save only the main table, which is good for common use cases, but not with policy routing's additional routing tables. You can state a specific table (eg ip rule save table 220) if needed. But the special table 0 represents all tables, using ip route save table 0 will save all of them (including for each route the table it belongs to, like would be displayed with ip route show table 0) at once. Before restoring routes, it should be preferable to flush all existing routes:

  
  
  

  ip route flush table 0 all
  

  
  
  

  Example showing any routing table can be saved without having to know its value beforehand:

  
  
  

  # ip route add table 220 unreachable 10.0.0.0/8 metric 9999
  # ip route show table 220
  unreachable 10.0.0.0/8 metric 9999 
  # ip route save table 0 > /tmp/route
  # ip route flush table 0 all
  # ip route show table 220
  #
  # ip route restore table 0 < /tmp/route
  # ip route show table 220
  unreachable 10.0.0.0/8 metric 9999 
  

  
  
  

  Of course all routes from other tables, including table 254 aka main, are also saved and restored.

  
  


• 
  

  ip rule save / ip rule restore

  
  
  

  This one is also tricky because if not flushed before it will add duplicates without complaining, and flushing the rules never flushes rule prio 0, so rule priority 0 has to be explicitly deleted:

  
  
  

  ip rule flush
  ip rule delete priority 0
  

  
  
  

  So to save and restore:

  
  
  

  ip rule save > /tmp/rule
  

  
  
  

  [...] just deleting, or switching to some other environment etc.

  
  
  

  ip rule flush
  ip rule delete priority 0
  ip rule restore < /tmp/rule
  

  
  

I hope you can find some usage of this, for example for automatization with multiple network namespaces.

Your network configuration should be saved in files such as /etc/sysconfig/network-scripts/ifconfig-(interface) and /etc/sysconfig/network, /etc/resolv.conf, etc. You should just modify these files and restart your network service rather then making your changes on the fly. Any changes you make on the fly, like route or IP changes, will be lost when your system restarts.