2. EL 7
  3. systemd-networkd
  4. systemd.netdev(5)

Scroll to navigation

SYSTEMD.NETDEV(5) systemd.network SYSTEMD.NETDEV(5)

NAME

systemd.netdev - Virtual Network Device configuration

SYNOPSIS

netdev.netdev

DESCRIPTION

Network setup is performed by systemd-networkd(8).

Virtual Network Device files must have the extension .netdev; other extensions are ignored. Virtual network devices are created as soon as networkd is started. If a netdev with the specified name already exists, networkd will use that as-is rather than create its own. Note that the settings of the pre-existing netdev will not be changed by networkd.

The .netdev files are read from the files located in the system network directory /usr/lib/systemd/network, the volatile runtime network directory /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical filenames replace each other. Files in /etc have the highest priority, files in /run take precedence over files with the same name in /usr/lib. This can be used to override a system-supplied configuration file with a local file if needed; a symlink in /etc with the same name as a configuration file in /usr/lib, pointing to /dev/null, disables the configuration file entirely.

SUPPORTED NETDEV KINDS

The following kinds of virtual network devices may be configured in .netdev files:

Table 1. Supported kinds of virtual network devices

Kind Description
bond A bond device is an aggregation of all its slave devices. See Linux Ethernet Bonding Driver HOWTO[1] for details.Local configuration
bridge A bridge device is a software switch, each of its slave devices and the bridge itself are ports of the switch.
dummy A dummy device drops all packets sent to it.
gre A Level 3 GRE tunnel over IPv4. See RFC 2784[2] for details.
gretap A Level 2 GRE tunnel over IPv4.
ip6gre A Level 3 GRE tunnel over IPv6.
ip6tnl An IPv4 or IPv6 tunnel over IPv6
ip6gretap An Level 2 GRE tunnel over IPv6.
ipip An IPv4 over IPv4 tunnel.
ipvlan An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.
macvlan A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.
sit An IPv6 over IPv4 tunnel.
tap A persistent Level 2 tunnel between a network device and a device node.
tun A persistent Level 3 tunnel between a network device and a device node.
veth An ethernet tunnel between a pair of network devices.
vlan A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See IEEE 802.1Q[3] for details.
vti An IPv4 over IPSec tunnel.
vxlan A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.

[MATCH] SECTION OPTIONS

A virtual network device is only created if the
"[Match]" section matches the current environment, or if the section is empty. The following keys are accepted:

Host=

Matches against the hostname or machine ID of the host. See "ConditionHost=" in systemd.unit(5) for details.

Virtualization=

Checks whether the system is executed in a virtualized environment and optionally test whether it is a specific implementation. See "ConditionVirtualization=" in systemd.unit(5) for details.

KernelCommandLine=

Checks whether a specific kernel command line option is set (or if prefixed with the exclamation mark unset). See "ConditionKernelCommandLine=" in systemd.unit(5) for details.

Architecture=

Checks whether the system is running on a specific architecture. See "ConditionArchitecture=" in systemd.unit(5) for details.

[NETDEV] SECTION OPTIONS

The "[NetDev]" section accepts the following keys:

Description=

A free-form description of the netdev.

Name=

The interface name used when creating the netdev. This option is compulsory.

Kind=

The netdev kind. This option is compulsory. See the "Supported netdev kinds" section for the valid keys.

MTUBytes=

The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G, are supported and are understood to the base of 1024. This key is not currently suported for "tun" or "tap" devices.

MACAddress=

The MAC address to use for the device. If none is given, one is generated based on the interface name and the machine-id(5). This key is not currently suported for "tun" or "tap" devices.

[VLAN] SECTION OPTIONS

The "[VLAN]" section only applies for netdevs of kind "vlan", and accepts the following key:

Id=

The VLAN ID to use. An integer in the range 0–4094. This option is compulsory.

[MACVLAN] SECTION OPTIONS

The "[MACVLAN]" section only applies for netdevs of kind "macvlan", and accepts the following key:

Mode=

The MACVLAN mode to use. The supported options are "private", "vepa", "bridge", and "passthru".

[IPVLAN] SECTION OPTIONS

The "[IPVLAN]" section only applies for netdevs of kind "ipvlan", and accepts the following key:

Mode=

The IPVLAN mode to use. The supported options are "L2" and "L3".

[VXLAN] SECTION OPTIONS

The "[VXLAN]" section only applies for netdevs of kind "vxlan", and accepts the following keys:

Id=

The VXLAN ID to use.

Group=

An assigned multicast group IP address.

TOS=

The Type Of Service byte value for a vxlan interface.

TTL=

A fixed Time To Live N on Virtual eXtensible Local Area Network packets. N is a number in the range 1-255. 0 is a special value meaning that packets inherit the TTL value.

MacLearning=

A boolean. When true, enables dynamic MAC learning to discover remote MAC addresses.

FDBAgeingSec=

The lifetime of Forwarding Database entry learnt by the kernel in seconds.

ARPProxy=

A boolean. When true, enables ARP proxy.

L2MissNotification=

A boolean. When true, enables netlink LLADDR miss notifications.

L3MissNotification=

A boolean. When true, enables netlink IP ADDR miss notifications.

RouteShortCircuit=

A boolean. When true route short circuit is turned on.

[TUNNEL] SECTION OPTIONS

The "[Tunnel]" section only applies for netdevs of kind "ipip", "sit", "gre", "gretap", "ip6gre", "ip6gretap", "vti", and "ip6tnl" and accepts the following keys:

Local=

A static local address for tunneled packets. It must be an address on another interface of this host.

Remote=

The remote endpoint of the tunnel.

TOS=

The Type Of Service byte value for a tunnel interface. For details about the TOS see the Type of Service in the Internet Protocol Suite[4] document.

TTL=

A fixed Time To Live N on tunneled packets. N is a number in the range 1-255. 0 is a special value meaning that packets inherit the TTL value. The default value for IPv4 tunnels is: inherit. The default value for IPv6 tunnels is: 64.

DiscoverPathMTU=

A boolean. When true, enables Path MTU Discovery on the tunnel.

Mode=

An "ip6tnl" tunnels can have three modes "ip6ip6" for IPv6 over IPv6, "ipip6" for IPv4 over IPv6 or "any" for either.

[PEER] SECTION OPTIONS

The "[Peer]" section only applies for netdevs of kind "veth" and accepts the following key:

Name=

The interface name used when creating the netdev. This option is compulsory.

MACAddress=

The peer MACAddress, if not set it is generated in the same way as the MAC address of the main interface.

[TUN] SECTION OPTIONS

The "[Tun]" section only applies for netdevs of kind "tun", and accepts the following keys:

OneQueue=

Takes a boolean argument. Configures whether all packets are queued at the device (enabled), or a fixed number of packets are queued at the device and the rest at the "qdisc". Defaults to "no".

MultiQueue=

Takes a boolean argument. Configures whether to use multiple file descriptors (queues) to parallelize packets sending and receiving. Defaults to "no".

PacketInfo=

Takes a boolean argument. Configures whether packets should be prepened with four extra bytes (two flag bytes and two protocol bytes). If disabled it indicates that the packets will be pure IP packets. Defaults to "no".

User=

User to grant access to the /dev/net/tun device.

Group=

Group to grant access to the /dev/net/tun device.

[TAP] SECTION OPTIONS

The "[Tap]" section only applies for netdevs of kind "tap", and accepts the same keys as the "[Tun]" section.

[BOND] SECTION OPTIONS

The "[Bond]" section accepts the following key:

Mode=

Specifies one of the bonding policies. The default is "balance-rr" (round robin). Possible values are "balance-rr", "active-backup", "balance-xor", "broadcast", "802.3ad", "balance-tlb", and "balance-alb".

TransmitHashPolicy=

Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes. Possible values are "layer2", "layer3+4", "layer2+3", "encap2+3", "802.3ad", and "encap3+4".

LACPTransmitRate=

Specifies the rate with which link partner transmits Link Aggregation Control Protocol Data Unit packets in 802.3ad mode. Possible values are "slow", which requests partner to transmit LACPDUs every 30 seconds, and "fast", which requests partner to transmit LACPDUs every second. The default value is "slow".

MIIMonitorSec=

Specifies the frequency that Media Independent Interface link monitoring will occur. A value of zero disables MII link monitoring. This values is rounded down to the nearest millisecond. The default value is 0.

UpDelaySec=

Specifies the delay before a link is enabled after a link up status has been detected. This value is rounded down to a multiple of MIIMonitorSec. The default value is 0.

DownDelaySec=

Specifies the delay before a link is disabled after a link down status has been detected. This value is rounded down to a multiple of MIIMonitorSec. The default value is 0.

EXAMPLE

Example 1. /etc/systemd/network/bridge.netdev

[NetDev]
Name=bridge0
Kind=bridge

Example 2. /etc/systemd/network/vlan1.netdev

[Match]
Virtualization=no
[NetDev]
Name=vlan1
Kind=vlan
[VLAN]
Id=1

Example 3. /etc/systemd/network/ipip.netdev

[NetDev]
Name=ipip-tun
Kind=ipip
MTUBytes=1480
[Tunnel]
Local=192.168.223.238
Remote=192.169.224.239
TTL=64

Example 4. /etc/systemd/network/tap.netdev

[NetDev]
Name=tap-test
Kind=tap
[Tap]
MultiQueue=true
PacketInfo=true

Example 5. /etc/systemd/network/sit.netdev

[NetDev]
Name=sit-tun
Kind=sit
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239

Example 6. /etc/systemd/network/gre.netdev

[NetDev]
Name=gre-tun
Kind=gre
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239

Example 7. /etc/systemd/network/vti.netdev

[NetDev]
Name=vti-tun
Kind=vti
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239

Example 8. /etc/systemd/network/veth.netdev

[NetDev]
Name=veth-test
Kind=veth
[Peer]
Name=veth-peer

Example 9. /etc/systemd/network/dummy.netdev

[NetDev]
Name=dummy-test
Kind=dummy
MACAddress=12:34:56:78:9a:bc

SEE ALSO

systemd(1), systemd-networkd(8), systemd.link(5), systemd.network(5)

NOTES

1.
Linux Ethernet Bonding Driver HOWTO
https://www.kernel.org/doc/Documentation/networking/bonding.txt
2.
RFC 2784
https://tools.ietf.org/html/rfc2784
3.
IEEE 802.1Q
http://www.ieee802.org/1/pages/802.1Q.html
4.
Type of Service in the Internet Protocol Suite
http://tools.ietf.org/html/rfc1349
systemd 219