1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2013 Tom Gundersen
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
27 <title>systemd.network</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Tom</firstname>
34 <surname>Gundersen</surname>
35 <email>teg@jklm.no</email>
41 <refentrytitle>systemd.netdev</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.netdev</refname>
47 <refpurpose>Virtual Network Device configuration</refpurpose>
51 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
55 <title>Description</title>
57 <para>Network setup is performed by
58 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
61 <para>Virtual Network Device files must have the extension
62 <filename>.netdev</filename>; other extensions are ignored. Virtual
63 network devices are created as soon as networkd is started. If a netdev
64 with the specified name already exists, networkd will use that as-is
65 rather than create its own. Note that the settings of the pre-existing
66 netdev will not be changed by networkd.</para>
68 <para>The <filename>.netdev</filename> files are read from the files located in the
69 system network directory <filename>/usr/lib/systemd/network</filename>,
70 the volatile runtime network directory
71 <filename>/run/systemd/network</filename> and the local administration
72 network directory <filename>/etc/systemd/network</filename>.
73 All configuration files are collectively sorted and processed in lexical order,
74 regardless of the directories in which they live. However, files with
75 identical filenames replace each other. Files in
76 <filename>/etc</filename> have the highest priority, files in
77 <filename>/run</filename> take precedence over files with the same
78 name in <filename>/usr/lib</filename>. This can be used to override a
79 system-supplied configuration file with a local file if needed; a symlink in
80 <filename>/etc</filename> with the same name as a configuration file in
81 <filename>/usr/lib</filename>, pointing to <filename>/dev/null</filename>,
82 disables the configuration file entirely.</para>
87 <title>[Match] Section Options</title>
89 <para>A virtual network device is only created if the
90 <literal>[Match]</literal> section matches the current
91 environment, or if the section is empty. The following keys are accepted:</para>
93 <variablelist class='network-directives'>
95 <term><varname>Host=</varname></term>
97 <para>Matches against the hostname or machine ID of the
98 host. See <literal>ConditionHost=</literal> in
99 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
105 <term><varname>Virtualization=</varname></term>
107 <para>Checks whether the system is executed in a virtualized
108 environment and optionally test whether it is a specific
109 implementation. See <literal>ConditionVirtualization=</literal> in
110 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
116 <term><varname>KernelCommandLine=</varname></term>
118 <para>Checks whether a specific kernel command line option is
119 set (or if prefixed with the exclamation mark unset). See
120 <literal>ConditionKernelCommandLine=</literal> in
121 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
127 <term><varname>Architecture=</varname></term>
129 <para>Checks whether the system is running on a specific
130 architecture. See <literal>ConditionArchitecture=</literal> in
131 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
141 <title>[NetDev] Section Options</title>
143 <para>The <literal>[NetDev]</literal> section accepts the following
146 <variablelist class='network-directives'>
148 <term><varname>Description=</varname></term>
150 <para>A free-form description of the netdev.
155 <term><varname>Name=</varname></term>
157 <para>The interface name used when creating the
158 netdev. This option is compulsory.</para>
162 <term><varname>Kind=</varname></term>
164 <para>The netdev kind. Currently, <literal>bridge</literal>,
165 <literal>bond</literal>, <literal>vlan</literal>,
166 <literal>macvlan</literal>, <literal>vxlan</literal>,
167 <literal>ipip</literal>, <literal>gre</literal>,
168 <literal>sit</literal>, <literal>vti</literal>,
169 <literal>veth</literal>, <literal>tun</literal>,
170 <literal>tap</literal> and <literal>dummy</literal>
171 are supported. This option is compulsory.</para>
175 <term><varname>MTUBytes=</varname></term>
177 <para>The maximum transmission unit in bytes to
178 set for the device. The usual suffixes K, M, G,
179 are supported and are understood to the base of
180 1024. This key is not currently suported for
181 <literal>tun</literal> or <literal>tap</literal> devices.
186 <term><varname>MACAddress=</varname></term>
188 <para>The MAC address to use for the device.
189 If none is given, one is generated based on
190 the interface name and the
191 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
192 This key is not currently suported for <literal>tun</literal> or <literal>tap</literal> devices.
200 <title>[VLAN] Section Options</title>
202 <para>The <literal>[VLAN]</literal> section only applies for netdevs of kind <literal>vlan</literal>,
203 and accepts the following key:</para>
205 <variablelist class='network-directives'>
207 <term><varname>Id=</varname></term>
209 <para>The VLAN ID to use. An integer in the range 0–4094.
210 This option is compulsory.</para>
218 <title>[MACVLAN] Section Options</title>
220 <para>The <literal>[MACVLAN]</literal> section only applies for netdevs of kind
221 <literal>macvlan</literal>, and accepts the following key:</para>
223 <variablelist class='network-directives'>
225 <term><varname>Mode=</varname></term>
227 <para>The MACVLAN mode to use. The supported options are
228 <literal>private</literal>, <literal>vepa</literal>,
229 <literal>bridge</literal> and <literal>passthru</literal>.
237 <title>[VXLAN] Section Options</title>
238 <para>The <literal>[VXLAN]</literal> section only applies for netdevs of kind
239 <literal>vxlan</literal>, and accepts the following key:</para>
241 <variablelist class='network-directives'>
243 <term><varname>Id=</varname></term>
245 <para>The VXLAN ID to use.</para>
249 <term><varname>Group=</varname></term>
251 <para>An assigned multicast group IP address.</para>
255 <term><varname>TOS=</varname></term>
257 <para>The Type Of Service byte value for a vxlan interface.</para>
261 <term><varname>TTL=</varname></term>
263 <para>A fixed Time To Live N on Virtual eXtensible Local Area Network packets.
264 N is a number in the range 1-255. 0 is a special value meaning that packets
265 inherit the TTL value.</para>
269 <term><varname>MacLearning=</varname></term>
271 <para>A boolean. When true, enables dynamic MAC learning
272 to discover remote MAC addresses.</para>
278 <title>[Tunnel] Section Options</title>
280 <para>The <literal>[Tunnel]</literal> section only applies for netdevs of kind
281 <literal>ipip</literal>, <literal>sit</literal>, <literal>gre</literal> and
282 <literal>vti</literal> and accepts the following keys:</para>
284 <variablelist class='network-directives'>
286 <term><varname>Local=</varname></term>
288 <para>A static local address for tunneled packets.
289 It must be an address on another interface of this host.</para>
293 <term><varname>Remote=</varname></term>
295 <para>The remote endpoint of the tunnel.</para>
299 <term><varname>TOS=</varname></term>
301 <para>The Type Of Service byte value for a tunnel interface.
302 For details about the TOS see the
303 <ulink url="http://tools.ietf.org/html/rfc1349">
304 Type of Service in the Internet Protocol Suite
310 <term><varname>TTL=</varname></term>
312 <para>A fixed Time To Live N on tunneled packets.
313 N is a number in the range 1-255. 0 is a special value meaning that packets
314 inherit the TTL value. The default value for IPv4 tunnels is: inherit.
315 The default value for IPv6 tunnels is: 64.</para>
319 <term><varname>DiscoverPathMTU=</varname></term>
321 <para>A boolean. When true, enables Path MTU Discovery on the tunnel.</para>
327 <title>[Peer] Section Options</title>
329 <para>The <literal>[Peer]</literal> section only applies for netdevs of kind <literal>veth</literal>
330 and accepts the following key:</para>
332 <variablelist class='network-directives'>
334 <term><varname>Name=</varname></term>
336 <para>The interface name used when creating the netdev.
337 This option is compulsory.</para>
341 <term><varname>MACAddress=</varname></term>
343 <para>The peer MACAddress, if not set it is generated in the same
344 way as the MAC address of the main interface.</para>
350 <title>[Tun] Section Options</title>
352 <para>The <literal>[Tun]</literal> section only applies for netdevs of kind
353 <literal>tun</literal>, and accepts the following keys:</para>
355 <variablelist class='network-directives'>
357 <term><varname>OneQueue=</varname></term>
358 <listitem><para>Takes a boolean argument. Configures whether
359 all packets are queued at the device (enabled), or a fixed number
360 of packets are queued at the device and the rest at the
361 <literal>qdisc</literal>. Defaults to <literal>no</literal>.</para>
365 <term><varname>MultiQueue=</varname></term>
366 <listitem><para>Takes a boolean argument. Configures whether to
367 use multiple file descriptors (queues) to parallelize packets
368 sending and receiving. Defaults to <literal>no</literal>.</para>
372 <term><varname>PacketInfo=</varname></term>
373 <listitem><para>Takes a boolean argument. Configures whether packets
374 should be prepened with four extra bytes (two flag bytes and two
375 protocol bytes). If disabled it indicates that the packets will be
376 pure IP packets. Defaults to <literal>no</literal>.</para>
380 <term><varname>User=</varname></term>
381 <listitem><para>User to grant access to the <filename>/dev/net/tun</filename>
386 <term><varname>Group=</varname></term>
387 <listitem><para>Group to grant access to the <filename>/dev/net/tun</filename>
397 <title>[Tap] Section Options</title>
399 <para>The <literal>[Tap]</literal> section only applies for netdevs of kind
400 <literal>tap</literal>, and accepts the same keys as the
401 <literal>[Tun]</literal> section.</para>
405 <title>[Bond] Section Options</title>
407 <para>The <literal>[Bond]</literal> section accepts the following
410 <variablelist class='network-directives'>
412 <term><varname>Mode=</varname></term>
414 <para>Specifies one of the bonding policies. The default is
415 <literal>balance-rr</literal> (round robin). Possible values are
416 <literal>balance-rr</literal>,
417 <literal>active-backup</literal>,
418 <literal>balance-xor</literal>,
419 <literal>broadcast</literal>,
420 <literal>802.3ad</literal>,
421 <literal>balance-tlb</literal>, and
422 <literal>balance-alb</literal>.
428 <term><varname>TransmitHashPolicy=</varname></term>
430 <para>Selects the transmit hash policy to use for slave selection in
431 balance-xor, 802.3ad, and tlb modes. Possible values are
432 <literal>layer2</literal>,
433 <literal>layer3+4</literal>,
434 <literal>layer2+3</literal>,
435 <literal>encap2+3</literal>,
436 <literal>802.3ad</literal>, and
437 <literal>encap3+4</literal>.
443 <term><varname>LACPTransmitRate=</varname></term>
445 <para>Specifies the rate with which link partner
446 transmits Link Aggregation Control Protocol Data Unit packets
447 in 802.3ad mode. Possible values are
448 <literal>slow</literal>, which requests partner to transmit LACPDUs every 30 seconds, and
449 <literal>fast</literal>, which requests partner to transmit LACPDUs every second.
450 The default value is <literal>slow</literal>.</para>
455 <term><varname>MIIMonitorSec=</varname></term>
457 <para>Specifies the frequency that Media Independent Interface link
458 monitoring will occur. A value of zero disables MII link monitoring.
459 This values is rounded down to the nearest millisecond. The default
465 <term><varname>UpDelaySec=</varname></term>
467 <para>Specifies the delay before a link is enabled after a link up
468 status has been detected. This value is rounded down to a multiple of
469 MIIMonitorSec. The default value is 0.</para>
474 <term><varname>DownDelaySec=</varname></term>
476 <para>Specifies the delay before a link is disabled after a link down
477 status has been detected. This value is rounded down to a multiple of
478 MIIMonitorSec. The default value is 0.</para>
486 <title>Example</title>
488 <title>/etc/systemd/network/bridge.netdev</title>
490 <programlisting>[NetDev]
492 Kind=bridge</programlisting>
496 <title>/etc/systemd/network/vlan1.netdev</title>
498 <programlisting>[Match]
506 Id=1</programlisting>
509 <title>/etc/systemd/network/ipip.netdev</title>
510 <programlisting>[NetDev]
516 Local=192.168.223.238
517 Remote=192.169.224.239
518 TTL=64</programlisting>
521 <title>/etc/systemd/network/tap.netdev</title>
522 <programlisting>[NetDev]
528 PacketInfo=true</programlisting> </example>
531 <title>/etc/systemd/network/sit.netdev</title>
532 <programlisting>[NetDev]
539 Remote=10.65.223.239</programlisting>
543 <title>/etc/systemd/network/gre.netdev</title>
544 <programlisting>[NetDev]
551 Remote=10.65.223.239</programlisting>
555 <title>/etc/systemd/network/vti.netdev</title>
557 <programlisting>[NetDev]
564 Remote=10.65.223.239</programlisting>
568 <title>/etc/systemd/network/veth.netdev</title>
569 <programlisting>[NetDev]
574 Name=veth-peer</programlisting>
578 <title>/etc/systemd/network/dummy.netdev</title>
579 <programlisting>[NetDev]
582 MACAddress=12:34:56:78:9a:bc</programlisting>
587 <title>See Also</title>
589 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
590 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
591 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob