net tools - QueuingKoala/fn-netfilter GitHub Wiki
Limitations of net-tools
The entire suite of net-tools packages is outdated. The commands shown below have rather serious limitations, in particular with respect to modern networking on Linux.
Why ifconfig is out of date
The net-tools package uses code from the Linux kernel that is out of date. These APIs (also known as kernel ioctls) are unable to perform modern networking on Linux, some of which has been available for over a decade.
This means if you insist on using ifconfig instead of the newer iproute2 package's tools, you're going to be stuck using 20th century network support in a 21st century world. While this might technically "work," it's likely to pose a serious problem if you ever need modern networking features.
So what's wrong with ifconfig, exactly?
Lots. Here's a look at just some of its limitations.
ifconfig is unalbe to display secondary IPs
For the last decade, Linux has been able to set secondary IPs directly on an interface. Here's how you do this with the ip tool, assuming eth0 already has a primary IP on it:
ip addr add 10.20.30.1/24 dev eth0
Attempting to display this secondary IP with ifconfig will demonstrate that it's seemingly missing. It seems unwise to use tools that hide entire addresses from you.
ifconfig makes secondary IPs appear as separate interfaces
There is no reason for so-called "aliases" today; Linux hasn't required this for over a decade. Yet adding a secondary IP using ifconfig (not the modern ip addr replacement) results in what looks like another interface, but is not. This alias cannot be used in Netfilter (aka "iptables") or in iproute2, although many users mistakenly believe it can.
Nor can these aliases be used to control a device; this is, again, because it's not actually an interface.
ifconfig cannot display PtP peer addresses
Point-to-Point networking (sometimes called PtP or P-t-P) is becoming more commonplace, especially with the use of Layer-3 VPNs and the further pressure on limited IPv4 IP space over the last decade. However, ifconfig is unable to display the peer IP of these PtP devices.
Consider:
modprobe dummy
ip addr add 10.20.30.1/24 peer 10.20.30.99
Now ifconfig is completely unable to show you the peering IP. This is quite a hassle if you wanted to know how your device was configured. ip addr has no problem showing you this information, of course.
ifconfig cannot add/remove tun or tap devices
This one is fairly straight-forward: net-tools is unable to control the creation or destruction of tun/tap devices. These are often used for VPNs or in advanced bridge setups. ip tuntap is the ip(8) subcommand to create, configure, and remove tun or tap devices. Since ifconfig does not do this, you're stuck relying on another tool to do this job (or use the replacement that is able to properly do this.)
ifconfig displays lots of zeros for a tun "HWaddr"
Since tun is a Layer-3 device, it does not have a Layer-2 "hardware" address. Yet ifconfig insists on displaying 16 bytes full of zeros. Consider:
ip tuntap add dev mytun mode tun
ifconfig -a mytun
If there is no hardware address, what's the point of displaying such a huge string of pointless bytes?
Why route is out of date
The largest issue with route is its lack of support for secondary routing tables, though there may be other issues as well due to the old ioctls net-tools relies on.
Secondary tables
Secondary routing tables are commonly used in advanced routing configurations, specifically those used in policy-routing. This allows multiple FIB routing tables. Without being able to create secondary tables, the outdated route command cannot be used for this.
Here's how ip does this:
ip route add default via 203.0.113.12 dev eth0 table 100
The table can be replaced with a defined name as well: see ip-route(8) for details.
Unable to define policy routing rules
The route command cannot create policy routing rules to define a lookup to a specific routing table. This is accomplished with the ip rule command (see ip-rule(8) for usage.)