diff options
Diffstat (limited to 'man/systemd.netdev.xml')
| -rw-r--r-- | man/systemd.netdev.xml | 1213 |
1 files changed, 0 insertions, 1213 deletions
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml deleted file mode 100644 index ffb66e735b..0000000000 --- a/man/systemd.netdev.xml +++ /dev/null @@ -1,1213 +0,0 @@ -<?xml version='1.0'?> <!--*-nxml-*--> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - -<!-- - This file is part of systemd. - - Copyright 2013 Tom Gundersen - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. ---> - -<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'> - - <refentryinfo> - <title>systemd.network</title> - <productname>systemd</productname> - - <authorgroup> - <author> - <contrib>Developer</contrib> - <firstname>Tom</firstname> - <surname>Gundersen</surname> - <email>teg@jklm.no</email> - </author> - </authorgroup> - </refentryinfo> - - <refmeta> - <refentrytitle>systemd.netdev</refentrytitle> - <manvolnum>5</manvolnum> - </refmeta> - - <refnamediv> - <refname>systemd.netdev</refname> - <refpurpose>Virtual Network Device configuration</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <para><filename><replaceable>netdev</replaceable>.netdev</filename></para> - </refsynopsisdiv> - - <refsect1> - <title>Description</title> - - <para>Network setup is performed by - <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. - </para> - - <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>; - other extensions are ignored. Virtual network devices are created as soon as networkd is - started. If a netdev with the specified name already exists, networkd will use that as-is rather - than create its own. Note that the settings of the pre-existing netdev will not be changed by - networkd.</para> - - <para>The <filename>.netdev</filename> files are read from the files located in the system - network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network - directory <filename>/run/systemd/network</filename> and the local administration network - directory <filename>/etc/systemd/network</filename>. All configuration files are collectively - sorted and processed in lexical order, regardless of the directories in which they live. - However, files with identical filenames replace each other. Files in <filename>/etc</filename> - have the highest priority, files in <filename>/run</filename> take precedence over files with - the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied - configuration file with a local file if needed. As a special case, an empty file (file size 0) - or symlink with the same name pointing to <filename>/dev/null</filename> disables the - configuration file entirely (it is "masked").</para> - - <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory - <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal> - from this directory will be parsed after the file itself is parsed. This is useful to alter or - add configuration settings, without having to modify the main configuration file. Each drop-in - file must have appropriate section headers.</para> - - <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal> - directories can be placed in <filename>/usr/lib/systemd/network</filename> or - <filename>/run/systemd/network</filename> directories. Drop-in files in - <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn - take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these - directories take precedence over the main netdev file wherever located. (Of course, since - <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is - unlikely drop-ins should be used in either of those places.)</para> - </refsect1> - - <refsect1> - <title>Supported netdev kinds</title> - - <para>The following kinds of virtual network devices may be - configured in <filename>.netdev</filename> files:</para> - - <table> - <title>Supported kinds of virtual network devices</title> - - <tgroup cols='2'> - <colspec colname='kind' /> - <colspec colname='explanation' /> - <thead><row> - <entry>Kind</entry> - <entry>Description</entry> - </row></thead> - <tbody> - <row><entry><varname>bond</varname></entry> - <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row> - - <row><entry><varname>bridge</varname></entry> - <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row> - - <row><entry><varname>dummy</varname></entry> - <entry>A dummy device drops all packets sent to it.</entry></row> - - <row><entry><varname>gre</varname></entry> - <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row> - - <row><entry><varname>gretap</varname></entry> - <entry>A Level 2 GRE tunnel over IPv4.</entry></row> - - <row><entry><varname>ip6gre</varname></entry> - <entry>A Level 3 GRE tunnel over IPv6.</entry></row> - - <row><entry><varname>ip6tnl</varname></entry> - <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row> - - <row><entry><varname>ip6gretap</varname></entry> - <entry>A Level 2 GRE tunnel over IPv6.</entry></row> - - <row><entry><varname>ipip</varname></entry> - <entry>An IPv4 over IPv4 tunnel.</entry></row> - - <row><entry><varname>ipvlan</varname></entry> - <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row> - - <row><entry><varname>macvlan</varname></entry> - <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> - - <row><entry><varname>macvtap</varname></entry> - <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> - - <row><entry><varname>sit</varname></entry> - <entry>An IPv6 over IPv4 tunnel.</entry></row> - - <row><entry><varname>tap</varname></entry> - <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row> - - <row><entry><varname>tun</varname></entry> - <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row> - - <row><entry><varname>veth</varname></entry> - <entry>An Ethernet tunnel between a pair of network devices.</entry></row> - - <row><entry><varname>vlan</varname></entry> - <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row> - - <row><entry><varname>vti</varname></entry> - <entry>An IPv4 over IPSec tunnel.</entry></row> - - <row><entry><varname>vti6</varname></entry> - <entry>An IPv6 over IPSec tunnel.</entry></row> - - <row><entry><varname>vxlan</varname></entry> - <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row> - - <row><entry><varname>vrf</varname></entry> - <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row> - - <row><entry><varname>vcan</varname></entry> - <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row> - - </tbody> - </tgroup> - </table> - - </refsect1> - - <refsect1> - <title>[Match] Section Options</title> - - <para>A virtual network device is only created if the - <literal>[Match]</literal> section matches the current - environment, or if the section is empty. The following keys are - accepted:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Host=</varname></term> - <listitem> - <para>Matches against the hostname or machine ID of the - host. See <literal>ConditionHost=</literal> in - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Virtualization=</varname></term> - <listitem> - <para>Checks whether the system is executed in a virtualized - environment and optionally test whether it is a specific - implementation. See - <literal>ConditionVirtualization=</literal> in - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>KernelCommandLine=</varname></term> - <listitem> - <para>Checks whether a specific kernel command line option - is set (or if prefixed with the exclamation mark unset). See - <literal>ConditionKernelCommandLine=</literal> in - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Architecture=</varname></term> - <listitem> - <para>Checks whether the system is running on a specific - architecture. See <literal>ConditionArchitecture=</literal> in - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for details. - </para> - </listitem> - </varlistentry> - </variablelist> - - </refsect1> - - <refsect1> - <title>[NetDev] Section Options</title> - - <para>The <literal>[NetDev]</literal> section accepts the - following keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Description=</varname></term> - <listitem> - <para>A free-form description of the netdev.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Name=</varname></term> - <listitem> - <para>The interface name used when creating the netdev. - This option is compulsory.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Kind=</varname></term> - <listitem> - <para>The netdev kind. This option is compulsory. See the - <literal>Supported netdev kinds</literal> section for the - valid keys.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MTUBytes=</varname></term> - <listitem> - <para>The maximum transmission unit in bytes to set for - the device. The usual suffixes K, M, G, are supported and - are understood to the base of 1024. This key is not - currently supported for <literal>tun</literal> or - <literal>tap</literal> devices. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MACAddress=</varname></term> - <listitem> - <para>The MAC address to use for the device. If none is - given, one is generated based on the interface name and - the - <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. - This key is not currently supported for - <literal>tun</literal> or <literal>tap</literal> devices. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1> - <title>[Bridge] Section Options</title> - - <para>The <literal>[Bridge]</literal> section only applies for - netdevs of kind <literal>bridge</literal>, and accepts the - following keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>HelloTimeSec=</varname></term> - <listitem> - <para>HelloTimeSec specifies the number of seconds between two hello packets - sent out by the root bridge and the designated bridges. Hello packets are - used to communicate information about the topology throughout the entire - bridged local area network.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MaxAgeSec=</varname></term> - <listitem> - <para>MaxAgeSec specifies the number of seconds of maximum message age. - If the last seen (received) hello packet is more than this number of - seconds old, the bridge in question will start the takeover procedure - in attempt to become the Root Bridge itself.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>ForwardDelaySec=</varname></term> - <listitem> - <para>ForwardDelaySec specifies the number of seconds spent in each - of the Listening and Learning states before the Forwarding state is entered.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>AgeingTimeSec=</varname></term> - <listitem> - <para>This specifies the number of seconds a MAC Address will be kept in - the forwarding database after having a packet received from this MAC Address.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Priority=</varname></term> - <listitem> - <para>The priority of the bridge. An integer between 0 and 65535. A lower value - means higher priority. The bridge having the lowest priority will be elected as root bridge.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>DefaultPVID=</varname></term> - <listitem> - <para>This specifies the default port VLAN ID of a newly attached bridge port.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MulticastQuerier=</varname></term> - <listitem> - <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel. - If enabled, the kernel will send general ICMP queries from a zero source address. - This feature should allow faster convergence on startup, but it causes some - multicast-aware switches to misbehave and disrupt forwarding of multicast packets. - When unset, the kernel's default setting applies. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MulticastSnooping=</varname></term> - <listitem> - <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel. - If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic - between hosts and multicast routers. When unset, the kernel's default setting applies. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>VLANFiltering=</varname></term> - <listitem> - <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel. - If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's - default setting applies. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>STP=</varname></term> - <listitem> - <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset, - the kernel's default setting applies. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1> - <title>[VLAN] Section Options</title> - - <para>The <literal>[VLAN]</literal> section only applies for - netdevs of kind <literal>vlan</literal>, and accepts the - following key:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Id=</varname></term> - <listitem> - <para>The VLAN ID to use. An integer in the range 0–4094. - This option is compulsory.</para> - </listitem> - </varlistentry> - </variablelist> - - </refsect1> - - <refsect1> - <title>[MACVLAN] Section Options</title> - - <para>The <literal>[MACVLAN]</literal> section only applies for - netdevs of kind <literal>macvlan</literal>, and accepts the - following key:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Mode=</varname></term> - <listitem> - <para>The MACVLAN mode to use. The supported options are - <literal>private</literal>, - <literal>vepa</literal>, - <literal>bridge</literal>, and - <literal>passthru</literal>. - </para> - </listitem> - </varlistentry> - </variablelist> - - </refsect1> - - <refsect1> - <title>[MACVTAP] Section Options</title> - - <para>The <literal>[MACVTAP]</literal> section applies for - netdevs of kind <literal>macvtap</literal> and accepts the - same key as <literal>[MACVLAN]</literal>.</para> - - </refsect1> - - <refsect1> - <title>[IPVLAN] Section Options</title> - - <para>The <literal>[IPVLAN]</literal> section only applies for - netdevs of kind <literal>ipvlan</literal>, and accepts the - following key:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Mode=</varname></term> - <listitem> - <para>The IPVLAN mode to use. The supported options are - <literal>L2</literal> and <literal>L3</literal>. - </para> - </listitem> - </varlistentry> - </variablelist> - - </refsect1> - - <refsect1> - <title>[VXLAN] Section Options</title> - <para>The <literal>[VXLAN]</literal> section only applies for - netdevs of kind <literal>vxlan</literal>, and accepts the - following keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Id=</varname></term> - <listitem> - <para>The VXLAN ID to use.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Group=</varname></term> - <listitem> - <para>An assigned multicast group IP address.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>TOS=</varname></term> - <listitem> - <para>The Type Of Service byte value for a vxlan interface.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>TTL=</varname></term> - <listitem> - <para>A fixed Time To Live N on Virtual eXtensible Local - Area Network packets. N is a number in the range 1–255. 0 - is a special value meaning that packets inherit the TTL - value.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MacLearning=</varname></term> - <listitem> - <para>A boolean. When true, enables dynamic MAC learning - to discover remote MAC addresses.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>FDBAgeingSec=</varname></term> - <listitem> - <para>The lifetime of Forwarding Database entry learnt by - the kernel, in seconds.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MaximumFDBEntries=</varname></term> - <listitem> - <para>Configures maximum number of FDB entries.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>ARPProxy=</varname></term> - <listitem> - <para>A boolean. When true, enables ARP proxying.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>L2MissNotification=</varname></term> - <listitem> - <para>A boolean. When true, enables netlink LLADDR miss - notifications.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>L3MissNotification=</varname></term> - <listitem> - <para>A boolean. When true, enables netlink IP address miss - notifications.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>RouteShortCircuit=</varname></term> - <listitem> - <para>A boolean. When true, route short circuiting is turned - on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>UDPChecksum=</varname></term> - <listitem> - <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>UDP6ZeroChecksumTx=</varname></term> - <listitem> - <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>UDP6ZeroChecksumRx=</varname></term> - <listitem> - <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>RemoteChecksumTx=</varname></term> - <listitem> - <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>RemoteChecksumRx=</varname></term> - <listitem> - <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>GroupPolicyExtension=</varname></term> - <listitem> - <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism - across network peers based on VXLAN. For details about the Group Policy VXLAN, see the - <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy"> - VXLAN Group Policy </ulink> document. Defaults to false.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>DestinationPort=</varname></term> - <listitem> - <para>Configures the default destination UDP port on a per-device basis. - If destination port is not specified then Linux kernel default will be used. - Set destination port 4789 to get the IANA assigned value, - and destination port 0 to get default values.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>PortRange=</varname></term> - <listitem> - <para>Configures VXLAN port range. VXLAN bases source - UDP port based on flow to help the receiver to be able - to load balance based on outer header flow. It - restricts the port range to the normal UDP local - ports, and allows overriding via configuration.</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - <refsect1> - <title>[Tunnel] Section Options</title> - - <para>The <literal>[Tunnel]</literal> section only applies for - netdevs of kind - <literal>ipip</literal>, - <literal>sit</literal>, - <literal>gre</literal>, - <literal>gretap</literal>, - <literal>ip6gre</literal>, - <literal>ip6gretap</literal>, - <literal>vti</literal>, - <literal>vti6</literal>, and - <literal>ip6tnl</literal> and accepts - the following keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Local=</varname></term> - <listitem> - <para>A static local address for tunneled packets. It must - be an address on another interface of this host.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Remote=</varname></term> - <listitem> - <para>The remote endpoint of the tunnel.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>TOS=</varname></term> - <listitem> - <para>The Type Of Service byte value for a tunnel interface. - For details about the TOS, see the - <ulink url="http://tools.ietf.org/html/rfc1349"> Type of - Service in the Internet Protocol Suite </ulink> document. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>TTL=</varname></term> - <listitem> - <para>A fixed Time To Live N on tunneled packets. N is a - number in the range 1–255. 0 is a special value meaning that - packets inherit the TTL value. The default value for IPv4 - tunnels is: inherit. The default value for IPv6 tunnels is - 64.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>DiscoverPathMTU=</varname></term> - <listitem> - <para>A boolean. When true, enables Path MTU Discovery on - the tunnel.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>IPv6FlowLabel=</varname></term> - <listitem> - <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437"> - RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460"> - RFC 2460</ulink>), which is used by a node to label packets of a flow. - It is only used for IPv6 tunnels. - A flow label of zero is used to indicate packets that have - not been labeled. - It can be configured to a value in the range 0–0xFFFFF, or be - set to <literal>inherit</literal>, in which case the original flowlabel is used.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>CopyDSCP=</varname></term> - <listitem> - <para>A boolean. When true, the Differentiated Service Code - Point (DSCP) field will be copied to the inner header from - outer header during the decapsulation of an IPv6 tunnel - packet. DSCP is a field in an IP packet that enables different - levels of service to be assigned to network traffic. - Defaults to <literal>no</literal>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>EncapsulationLimit=</varname></term> - <listitem> - <para>The Tunnel Encapsulation Limit option specifies how many additional - levels of encapsulation are permitted to be prepended to the packet. - For example, a Tunnel Encapsulation Limit option containing a limit - value of zero means that a packet carrying that option may not enter - another tunnel before exiting the current tunnel. - (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>). - The valid range is 0–255 and <literal>none</literal>. Defaults to 4. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Key=</varname></term> - <listitem> - <para>The <varname>Key=</varname> parameter specifies the same key to use in - both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>). - The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad. - It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data - and control path) in ip xfrm (framework used to implement IPsec protocol). - See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html"> - ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6 - tunnels.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>InputKey=</varname></term> - <listitem> - <para>The <varname>InputKey=</varname> parameter specifies the key to use for input. - The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>OutputKey=</varname></term> - <listitem> - <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output. - The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Mode=</varname></term> - <listitem> - <para>An <literal>ip6tnl</literal> tunnel can be in one of three - modes - <literal>ip6ip6</literal> for IPv6 over IPv6, - <literal>ipip6</literal> for IPv4 over IPv6 or - <literal>any</literal> for either. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - <refsect1> - <title>[Peer] Section Options</title> - - <para>The <literal>[Peer]</literal> section only applies for - netdevs of kind <literal>veth</literal> and accepts the - following keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Name=</varname></term> - <listitem> - <para>The interface name used when creating the netdev. - This option is compulsory.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MACAddress=</varname></term> - <listitem> - <para>The peer MACAddress, if not set, it is generated in - the same way as the MAC address of the main - interface.</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - <refsect1> - <title>[Tun] Section Options</title> - - <para>The <literal>[Tun]</literal> section only applies for - netdevs of kind <literal>tun</literal>, and accepts the following - keys:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>OneQueue=</varname></term> - <listitem><para>Takes a boolean argument. Configures whether - all packets are queued at the device (enabled), or a fixed - number of packets are queued at the device and the rest at the - <literal>qdisc</literal>. Defaults to - <literal>no</literal>.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>MultiQueue=</varname></term> - <listitem><para>Takes a boolean argument. Configures whether - to use multiple file descriptors (queues) to parallelize - packets sending and receiving. Defaults to - <literal>no</literal>.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>PacketInfo=</varname></term> - <listitem><para>Takes a boolean argument. Configures whether - packets should be prepended with four extra bytes (two flag - bytes and two protocol bytes). If disabled, it indicates that - the packets will be pure IP packets. Defaults to - <literal>no</literal>.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>VNetHeader=</varname></term> - <listitem><para>Takes a boolean argument. Configures - IFF_VNET_HDR flag for a tap device. It allows sending - and receiving larger Generic Segmentation Offload (GSO) - packets. This may increase throughput significantly. - Defaults to - <literal>no</literal>.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>User=</varname></term> - <listitem><para>User to grant access to the - <filename>/dev/net/tun</filename> device.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>Group=</varname></term> - <listitem><para>Group to grant access to the - <filename>/dev/net/tun</filename> device.</para> - </listitem> - </varlistentry> - - </variablelist> - - </refsect1> - - <refsect1> - <title>[Tap] Section Options</title> - - <para>The <literal>[Tap]</literal> section only applies for - netdevs of kind <literal>tap</literal>, and accepts the same keys - as the <literal>[Tun]</literal> section.</para> - </refsect1> - - <refsect1> - <title>[Bond] Section Options</title> - - <para>The <literal>[Bond]</literal> section accepts the following - key:</para> - - <variablelist class='network-directives'> - <varlistentry> - <term><varname>Mode=</varname></term> - <listitem> - <para>Specifies one of the bonding policies. The default is - <literal>balance-rr</literal> (round robin). Possible values are - <literal>balance-rr</literal>, - <literal>active-backup</literal>, - <literal>balance-xor</literal>, - <literal>broadcast</literal>, - <literal>802.3ad</literal>, - <literal>balance-tlb</literal>, and - <literal>balance-alb</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>TransmitHashPolicy=</varname></term> - <listitem> - <para>Selects the transmit hash policy to use for slave - selection in balance-xor, 802.3ad, and tlb modes. Possible - values are - <literal>layer2</literal>, - <literal>layer3+4</literal>, - <literal>layer2+3</literal>, - <literal>encap2+3</literal>, and - <literal>encap3+4</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>LACPTransmitRate=</varname></term> - <listitem> - <para>Specifies the rate with which link partner transmits - Link Aggregation Control Protocol Data Unit packets in - 802.3ad mode. Possible values are <literal>slow</literal>, - which requests partner to transmit LACPDUs every 30 seconds, - and <literal>fast</literal>, which requests partner to - transmit LACPDUs every second. The default value is - <literal>slow</literal>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MIIMonitorSec=</varname></term> - <listitem> - <para>Specifies the frequency that Media Independent - Interface link monitoring will occur. A value of zero - disables MII link monitoring. This value is rounded down to - the nearest millisecond. The default value is 0.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>UpDelaySec=</varname></term> - <listitem> - <para>Specifies the delay before a link is enabled after a - link up status has been detected. This value is rounded down - to a multiple of MIIMonitorSec. The default value is - 0.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>DownDelaySec=</varname></term> - <listitem> - <para>Specifies the delay before a link is disabled after a - link down status has been detected. This value is rounded - down to a multiple of MIIMonitorSec. The default value is - 0.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>LearnPacketIntervalSec=</varname></term> - <listitem> - <para>Specifies the number of seconds between instances where the bonding - driver sends learning packets to each slave peer switch. - The valid range is 1–0x7fffffff; the default value is 1. This option - has an effect only for the balance-tlb and balance-alb modes.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>AdSelect=</varname></term> - <listitem> - <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are - <literal>stable</literal>, - <literal>bandwidth</literal> and - <literal>count</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>FailOverMACPolicy=</varname></term> - <listitem> - <para>Specifies whether the active-backup mode should set all slaves to - the same MAC address at the time of enslavement or, when enabled, to perform special handling of the - bond's MAC address in accordance with the selected policy. The default policy is none. - Possible values are - <literal>none</literal>, - <literal>active</literal> and - <literal>follow</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ARPValidate=</varname></term> - <listitem> - <para>Specifies whether or not ARP probes and replies should be - validated in any mode that supports ARP monitoring, or whether - non-ARP traffic should be filtered (disregarded) for link - monitoring purposes. Possible values are - <literal>none</literal>, - <literal>active</literal>, - <literal>backup</literal> and - <literal>all</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ARPIntervalSec=</varname></term> - <listitem> - <para>Specifies the ARP link monitoring frequency in milliseconds. - A value of 0 disables ARP monitoring. The default value is 0. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ARPIPTargets=</varname></term> - <listitem> - <para>Specifies the IP addresses to use as ARP monitoring peers when - ARPIntervalSec is greater than 0. These are the targets of the ARP request - sent to determine the health of the link to the targets. - Specify these values in IPv4 dotted decimal format. At least one IP - address must be given for ARP monitoring to function. The - maximum number of targets that can be specified is 16. The - default value is no IP addresses. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ARPAllTargets=</varname></term> - <listitem> - <para>Specifies the quantity of ARPIPTargets that must be reachable - in order for the ARP monitor to consider a slave as being up. - This option affects only active-backup mode for slaves with - ARPValidate enabled. Possible values are - <literal>any</literal> and - <literal>all</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>PrimaryReselectPolicy=</varname></term> - <listitem> - <para>Specifies the reselection policy for the primary slave. This - affects how the primary slave is chosen to become the active slave - when failure of the active slave or recovery of the primary slave - occurs. This option is designed to prevent flip-flopping between - the primary slave and other slaves. Possible values are - <literal>always</literal>, - <literal>better</literal> and - <literal>failure</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ResendIGMP=</varname></term> - <listitem> - <para>Specifies the number of IGMP membership reports to be issued after - a failover event. One membership report is issued immediately after - the failover, subsequent packets are sent in each 200ms interval. - The valid range is 0–255. Defaults to 1. A value of 0 - prevents the IGMP membership report from being issued in response - to the failover event. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>PacketsPerSlave=</varname></term> - <listitem> - <para>Specify the number of packets to transmit through a slave before - moving to the next one. When set to 0, then a slave is chosen at - random. The valid range is 0–65535. Defaults to 1. This option - only has effect when in balance-rr mode. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>GratuitousARP=</varname></term> - <listitem> - <para>Specify the number of peer notifications (gratuitous ARPs and - unsolicited IPv6 Neighbor Advertisements) to be issued after a - failover event. As soon as the link is up on the new slave, - a peer notification is sent on the bonding device and each - VLAN sub-device. This is repeated at each link monitor interval - (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is - greater than 1. The valid range is 0–255. The default value is 1. - These options affect only the active-backup mode. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>AllSlavesActive=</varname></term> - <listitem> - <para>A boolean. Specifies that duplicate frames (received on inactive ports) - should be dropped when false, or delivered when true. Normally, bonding will drop - duplicate frames (received on inactive ports), which is desirable for - most users. But there are some times it is nice to allow duplicate - frames to be delivered. The default value is false (drop duplicate frames - received on inactive ports). - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MinLinks=</varname></term> - <listitem> - <para>Specifies the minimum number of links that must be active before - asserting carrier. The default value is 0. - </para> - </listitem> - </varlistentry> - - </variablelist> - - <para>For more detail information see - <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt"> - Linux Ethernet Bonding Driver HOWTO</ulink></para> - - </refsect1> - - <refsect1> - <title>Example</title> - <example> - <title>/etc/systemd/network/25-bridge.netdev</title> - - <programlisting>[NetDev] -Name=bridge0 -Kind=bridge</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-vlan1.netdev</title> - - <programlisting>[Match] -Virtualization=no - -[NetDev] -Name=vlan1 -Kind=vlan - -[VLAN] -Id=1</programlisting> - </example> - <example> - <title>/etc/systemd/network/25-ipip.netdev</title> - <programlisting>[NetDev] -Name=ipip-tun -Kind=ipip -MTUBytes=1480 - -[Tunnel] -Local=192.168.223.238 -Remote=192.169.224.239 -TTL=64</programlisting> - </example> - <example> - <title>/etc/systemd/network/25-tap.netdev</title> - <programlisting>[NetDev] -Name=tap-test -Kind=tap - -[Tap] -MultiQueue=true -PacketInfo=true</programlisting> </example> - - <example> - <title>/etc/systemd/network/25-sit.netdev</title> - <programlisting>[NetDev] -Name=sit-tun -Kind=sit -MTUBytes=1480 - -[Tunnel] -Local=10.65.223.238 -Remote=10.65.223.239</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-gre.netdev</title> - <programlisting>[NetDev] -Name=gre-tun -Kind=gre -MTUBytes=1480 - -[Tunnel] -Local=10.65.223.238 -Remote=10.65.223.239</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-vti.netdev</title> - - <programlisting>[NetDev] -Name=vti-tun -Kind=vti -MTUBytes=1480 - -[Tunnel] -Local=10.65.223.238 -Remote=10.65.223.239</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-veth.netdev</title> - <programlisting>[NetDev] -Name=veth-test -Kind=veth - -[Peer] -Name=veth-peer</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-bond.netdev</title> - <programlisting>[NetDev] -Name=bond1 -Kind=bond - -[Bond] -Mode=802.3ad -TransmitHashPolicy=layer3+4 -MIIMonitorSec=1s -LACPTransmitRate=fast -</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-dummy.netdev</title> - <programlisting>[NetDev] -Name=dummy-test -Kind=dummy -MACAddress=12:34:56:78:9a:bc</programlisting> - </example> - <example> - <title>/etc/systemd/network/25-vrf.netdev</title> - <para>Create a VRF interface with table 42.</para> - <programlisting>[NetDev] -Name=vrf-test -Kind=vrf - -[VRF] -TableId=42</programlisting> - </example> - </refsect1> - <refsect1> - <title>See Also</title> - <para> - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> - </para> - </refsect1> - -</refentry> |