ip-addrlabel

ip addrlabel { add | del } SELECTOR label NUMBER
ip addrlabel { list | flush } [ SELECTOR ] [ label NUMBER ] [ dev NAME ]

add
    
Adds a new address label entry. This command associates an IP prefix (SELECTOR) with a specified numeric label NUMBER.

del
    
Deletes an existing address label entry that matches the specified SELECTOR and label NUMBER.

list
    
Lists all configured address label entries. The output can be filtered by specifying a SELECTOR, a label NUMBER, or a network dev NAME.

flush
    
Removes all or a subset of address label entries. This command is powerful and should be used with caution, as it can clear all configured labels if no filters are applied. It can be filtered by SELECTOR, label NUMBER, or dev NAME.

SELECTOR
    
An IP address prefix in PREFIX/LENGTH format (e.g., 192.168.1.0/24 for IPv4 or 2001:db8::/32 for IPv6). This defines the range of addresses that will receive the associated label.

label NUMBER
    
The numeric label (an integer from 0 to 4294967295) to be assigned to the SELECTOR. This label is used as a criterion in policy routing rules (e.g., ip rule add from LABEL ...).

dev NAME
    
Specifies the network device name (e.g., eth0, lo). This option is used exclusively to filter the output or scope of list and flush operations.

ip-addrlabel is a specialized utility within the iproute2 suite, designed to manage address labels used by the Linux kernel's policy routing subsystem. It allows system administrators to associate IP address prefixes (both IPv4 and IPv6) with arbitrary numeric labels. These labels effectively classify IP addresses into logical "zones" or categories.

When a packet's source or destination IP address matches a configured prefix, it is assigned the corresponding label. This label can then be utilized by ip rule commands to make routing decisions based on the address's label, providing a more granular and flexible approach to routing than simple prefix matching. It's particularly useful in complex network environments, such as multi-homed systems or virtual routing and forwarding (VRF) setups, where different traffic flows originating from or destined to specific address ranges need distinct routing treatment.

Address labels defined by
ip-addrlabel only become active when used in conjunction with ip rule commands. Without corresponding policy routing rules that reference these labels, the labels themselves have no effect on how traffic is routed. The flush operation can lead to unexpected routing behavior if not used carefully, as it can remove all configured address labels.

Address labels define 'zones' or categories for IP addresses. These labels are then referenced by ip rule commands to direct traffic. For instance, an ip rule can specify to use a different routing table (e.g., lookup 200) if the source address of a packet has a specific label (e.g., from LABEL_X). This separation allows for very fine-grained control over routing decisions based on the origin or destination characteristics of IP addresses.

Labels are 32-bit unsigned integers. While any valid integer can be used, it's common practice to use distinct, easily recognizable numbers for different logical zones or purposes to improve readability and maintainability of routing configurations.

The
ip-addrlabel command is an integral part of the iproute2 suite, which was developed by Alexey Kuznetsov starting in the late 1990s as a modern replacement for older network configuration tools like ifconfig and route. iproute2 was designed to fully expose and leverage the advanced networking capabilities of the Linux kernel, including policy routing and traffic control. The address labeling feature specifically enhances the flexibility of policy routing, allowing administrators to define more sophisticated and context-aware routing policies.

ip(8), ip-rule(8), ip-route(8), ip-link(8)