summaryrefslogtreecommitdiff
path: root/man/systemd.netdev.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/systemd.netdev.xml')
-rw-r--r--man/systemd.netdev.xml1316
1 files changed, 677 insertions, 639 deletions
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index e278aa1a80..4480e1999d 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -1,6 +1,6 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
@@ -23,609 +23,647 @@
<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
- <refentryinfo>
- <title>systemd.network</title>
- <productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Tom</firstname>
- <surname>Gundersen</surname>
- <email>teg@jklm.no</email>
- </author>
- </authorgroup>
- </refentryinfo>
-
- <refmeta>
- <refentrytitle>systemd.netdev</refentrytitle>
- <manvolnum>5</manvolnum>
- </refmeta>
-
- <refnamediv>
- <refname>systemd.netdev</refname>
- <refpurpose>Virtual Network Device configuration</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
- </refsynopsisdiv>
-
- <refsect1>
- <title>Description</title>
-
- <para>Network setup is performed by
- <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- </para>
-
- <para>Virtual Network Device files must have the extension
- <filename>.netdev</filename>; other extensions are ignored. Virtual
- network devices are created as soon as networkd is started. If a netdev
- with the specified name already exists, networkd will use that as-is
- rather than create its own. Note that the settings of the pre-existing
- netdev will not be changed by networkd.</para>
-
- <para>The <filename>.netdev</filename> files are read from the files located in the
- system network directory <filename>/usr/lib/systemd/network</filename>,
- the volatile runtime network directory
- <filename>/run/systemd/network</filename> and the local administration
- network directory <filename>/etc/systemd/network</filename>.
- All configuration files are collectively sorted and processed in lexical order,
- regardless of the directories in which they live. However, files with
- identical filenames replace each other. Files in
- <filename>/etc</filename> have the highest priority, files in
- <filename>/run</filename> take precedence over files with the same
- name in <filename>/usr/lib</filename>. This can be used to override a
- system-supplied configuration file with a local file if needed; a symlink in
- <filename>/etc</filename> with the same name as a configuration file in
- <filename>/usr/lib</filename>, pointing to <filename>/dev/null</filename>,
- disables the configuration file entirely.</para>
-
- </refsect1>
-
- <refsect1>
- <title>Supported netdev kinds</title>
-
- <para>The following kinds of virtual network devices may be configured in <filename>.netdev</filename> files:</para>
-
- <table>
- <title>Supported kinds of virtual network devices</title>
-
- <tgroup cols='2'>
- <colspec colname='kind' />
- <colspec colname='explanation' />
- <thead><row>
- <entry>Kind</entry>
- <entry>Description</entry>
- </row></thead>
- <tbody>
- <row><entry><varname>bond</varname></entry>
- <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
-
- <row><entry><varname>bridge</varname></entry>
- <entry>A bridge devcie is a software switch, each of its slave devices and the bridge itself are ports of the switch.</entry></row>
-
- <row><entry><varname>dummy</varname></entry>
- <entry>A dummy device drops all packets sent to it.</entry></row>
-
- <row><entry><varname>gre</varname></entry>
- <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
-
- <row><entry><varname>gretap</varname></entry>
- <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
-
- <row><entry><varname>ip6gre</varname></entry>
- <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
-
- <row><entry><varname>ip6tnl</varname></entry>
- <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
-
- <row><entry><varname>ip6gretap</varname></entry>
- <entry>An Level 2 GRE tunnel over IPv6.</entry></row>
-
- <row><entry><varname>ipip</varname></entry>
- <entry>An IPv4 over IPv4 tunnel.</entry></row>
-
- <row><entry><varname>ipvlan</varname></entry>
- <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
-
- <row><entry><varname>macvlan</varname></entry>
- <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
-
- <row><entry><varname>sit</varname></entry>
- <entry>An IPv6 over IPv4 tunnel.</entry></row>
-
- <row><entry><varname>tap</varname></entry>
- <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
-
- <row><entry><varname>tun</varname></entry>
- <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
-
- <row><entry><varname>veth</varname></entry>
- <entry>An ethernet tunnel between a pair of network devices.</entry></row>
-
- <row><entry><varname>vlan</varname></entry>
- <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
-
- <row><entry><varname>vti</varname></entry>
- <entry>An IPv4 over IPSec tunnel.</entry></row>
-
- <row><entry><varname>vxlan</varname></entry>
- <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
- </tbody>
- </tgroup>
- </table>
-
- </refsect1>
-
- <refsect1>
- <title>[Match] Section Options</title>
-
- <para>A virtual network device is only created if the
- <literal>[Match]</literal> section matches the current
- environment, or if the section is empty. The following keys are accepted:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Host=</varname></term>
- <listitem>
- <para>Matches against the hostname or machine ID of the
- host. See <literal>ConditionHost=</literal> in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Virtualization=</varname></term>
- <listitem>
- <para>Checks whether the system is executed in a virtualized
- environment and optionally test whether it is a specific
- implementation. See <literal>ConditionVirtualization=</literal> in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>KernelCommandLine=</varname></term>
- <listitem>
- <para>Checks whether a specific kernel command line option is
- set (or if prefixed with the exclamation mark unset). See
- <literal>ConditionKernelCommandLine=</literal> in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Architecture=</varname></term>
- <listitem>
- <para>Checks whether the system is running on a specific
- architecture. See <literal>ConditionArchitecture=</literal> in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect1>
-
- <refsect1>
- <title>[NetDev] Section Options</title>
-
- <para>The <literal>[NetDev]</literal> section accepts the following
- keys:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Description=</varname></term>
- <listitem>
- <para>A free-form description of the netdev.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Name=</varname></term>
- <listitem>
- <para>The interface name used when creating the
- netdev. This option is compulsory.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Kind=</varname></term>
- <listitem>
- <para>The netdev kind. This option is compulsory. See the <literal>Supported netdev kinds</literal> section
- for the valid keys.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MTUBytes=</varname></term>
- <listitem>
- <para>The maximum transmission unit in bytes to
- set for the device. The usual suffixes K, M, G,
- are supported and are understood to the base of
- 1024. This key is not currently suported for
- <literal>tun</literal> or <literal>tap</literal> devices.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MACAddress=</varname></term>
- <listitem>
- <para>The MAC address to use for the device.
- If none is given, one is generated based on
- the interface name and the
- <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- This key is not currently suported for <literal>tun</literal> or <literal>tap</literal> devices.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1>
- <title>[VLAN] Section Options</title>
-
- <para>The <literal>[VLAN]</literal> section only applies for netdevs of kind <literal>vlan</literal>,
- and accepts the following key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Id=</varname></term>
- <listitem>
- <para>The VLAN ID to use. An integer in the range 0–4094.
- This option is compulsory.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect1>
-
- <refsect1>
- <title>[MACVLAN] Section Options</title>
-
- <para>The <literal>[MACVLAN]</literal> section only applies for netdevs of kind
- <literal>macvlan</literal>, and accepts the following key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Mode=</varname></term>
- <listitem>
- <para>The MACVLAN mode to use. The supported options are
- <literal>private</literal>, <literal>vepa</literal>,
- <literal>bridge</literal> and <literal>passthru</literal>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect1>
-
- <refsect1>
- <title>[IPVLAN] Section Options</title>
-
- <para>The <literal>[IPVLAN]</literal> section only applies for netdevs of kind
- <literal>ipvlan</literal>, and accepts the following key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Mode=</varname></term>
- <listitem>
- <para>The IPVLAN mode to use. The supported options are
- <literal>L2</literal> and <literal>L3</literal>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect1>
-
- <refsect1>
- <title>[VXLAN] Section Options</title>
- <para>The <literal>[VXLAN]</literal> section only applies for netdevs of kind
- <literal>vxlan</literal>, and accepts the following key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Id=</varname></term>
- <listitem>
- <para>The VXLAN ID to use.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Group=</varname></term>
- <listitem>
- <para>An assigned multicast group IP address.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TOS=</varname></term>
- <listitem>
- <para>The Type Of Service byte value for a vxlan interface.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TTL=</varname></term>
- <listitem>
- <para>A fixed Time To Live N on Virtual eXtensible Local Area Network packets.
- N is a number in the range 1-255. 0 is a special value meaning that packets
- inherit the TTL value.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MacLearning=</varname></term>
- <listitem>
- <para>A boolean. When true, enables dynamic MAC learning
- to discover remote MAC addresses.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>FDBAgeingSec=</varname></term>
- <listitem>
- <para>The lifetime of Forwarding Database entry learnt by the kernel in seconds.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>ARPProxy=</varname></term>
- <listitem>
- <para>A boolean. When true, enables ARP proxy.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>L2MissNotification=</varname></term>
- <listitem>
- <para>A boolean. When true, enables netlink LLADDR miss notifications.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>L3MissNotification=</varname></term>
- <listitem>
- <para>A boolean. When true, enables netlink IP ADDR miss notifications.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>RouteShortCircuit=</varname></term>
- <listitem>
- <para>A boolean. When true route short circuit is turned on.</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1>
- <title>[Tunnel] Section Options</title>
-
- <para>The <literal>[Tunnel]</literal> section only applies for netdevs of kind
- <literal>ipip</literal>, <literal>sit</literal>, <literal>gre</literal>, <literal>gretap</literal>,
- <literal>ip6gre</literal>, <literal>ip6gretap</literal>, <literal>vti</literal> and <literal>ip6tnl</literal>
- and accepts the following keys:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Local=</varname></term>
- <listitem>
- <para>A static local address for tunneled packets.
- It must be an address on another interface of this host.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Remote=</varname></term>
- <listitem>
- <para>The remote endpoint of the tunnel.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TOS=</varname></term>
- <listitem>
- <para>The Type Of Service byte value for a tunnel interface.
- For details about the TOS see the
- <ulink url="http://tools.ietf.org/html/rfc1349">
- Type of Service in the Internet Protocol Suite
- </ulink> document.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TTL=</varname></term>
- <listitem>
- <para>A fixed Time To Live N on tunneled packets.
- N is a number in the range 1-255. 0 is a special value meaning that packets
- inherit the TTL value. The default value for IPv4 tunnels is: inherit.
- The default value for IPv6 tunnels is: 64.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>DiscoverPathMTU=</varname></term>
- <listitem>
- <para>A boolean. When true, enables Path MTU Discovery on the tunnel.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Mode=</varname></term>
- <listitem>
- <para>An <literal>ip6tnl</literal> tunnels can have three modes
- <literal>ip6ip6</literal> for IPv6 over IPv6,
- <literal>ipip6</literal> for IPv4 over IPv6 or
- <literal>any</literal> for either.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1>
- <title>[Peer] Section Options</title>
-
- <para>The <literal>[Peer]</literal> section only applies for netdevs of kind <literal>veth</literal>
- and accepts the following key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Name=</varname></term>
- <listitem>
- <para>The interface name used when creating the netdev.
- This option is compulsory.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MACAddress=</varname></term>
- <listitem>
- <para>The peer MACAddress, if not set it is generated in the same
- way as the MAC address of the main interface.</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1>
- <title>[Tun] Section Options</title>
-
- <para>The <literal>[Tun]</literal> section only applies for netdevs of kind
- <literal>tun</literal>, and accepts the following keys:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>OneQueue=</varname></term>
- <listitem><para>Takes a boolean argument. Configures whether
- all packets are queued at the device (enabled), or a fixed number
- of packets are queued at the device and the rest at the
- <literal>qdisc</literal>. Defaults to <literal>no</literal>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MultiQueue=</varname></term>
- <listitem><para>Takes a boolean argument. Configures whether to
- use multiple file descriptors (queues) to parallelize packets
- sending and receiving. Defaults to <literal>no</literal>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>PacketInfo=</varname></term>
- <listitem><para>Takes a boolean argument. Configures whether packets
- should be prepened with four extra bytes (two flag bytes and two
- protocol bytes). If disabled it indicates that the packets will be
- pure IP packets. Defaults to <literal>no</literal>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>User=</varname></term>
- <listitem><para>User to grant access to the <filename>/dev/net/tun</filename>
- device.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Group=</varname></term>
- <listitem><para>Group to grant access to the <filename>/dev/net/tun</filename>
- device.</para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-
- </refsect1>
-
- <refsect1>
- <title>[Tap] Section Options</title>
-
- <para>The <literal>[Tap]</literal> section only applies for netdevs of kind
- <literal>tap</literal>, and accepts the same keys as the
- <literal>[Tun]</literal> section.</para>
- </refsect1>
-
- <refsect1>
- <title>[Bond] Section Options</title>
-
- <para>The <literal>[Bond]</literal> section accepts the following
- key:</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Mode=</varname></term>
- <listitem>
- <para>Specifies one of the bonding policies. The default is
- <literal>balance-rr</literal> (round robin). Possible values are
- <literal>balance-rr</literal>,
- <literal>active-backup</literal>,
- <literal>balance-xor</literal>,
- <literal>broadcast</literal>,
- <literal>802.3ad</literal>,
- <literal>balance-tlb</literal>, and
- <literal>balance-alb</literal>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>TransmitHashPolicy=</varname></term>
- <listitem>
- <para>Selects the transmit hash policy to use for slave selection in
- balance-xor, 802.3ad, and tlb modes. Possible values are
- <literal>layer2</literal>,
- <literal>layer3+4</literal>,
- <literal>layer2+3</literal>,
- <literal>encap2+3</literal>,
- <literal>802.3ad</literal>, and
- <literal>encap3+4</literal>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>LACPTransmitRate=</varname></term>
- <listitem>
- <para>Specifies the rate with which link partner
- transmits Link Aggregation Control Protocol Data Unit packets
- in 802.3ad mode. Possible values are
- <literal>slow</literal>, which requests partner to transmit LACPDUs every 30 seconds, and
- <literal>fast</literal>, which requests partner to transmit LACPDUs every second.
- The default value is <literal>slow</literal>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>MIIMonitorSec=</varname></term>
- <listitem>
- <para>Specifies the frequency that Media Independent Interface link
- monitoring will occur. A value of zero disables MII link monitoring.
- This values is rounded down to the nearest millisecond. The default
- value is 0.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>UpDelaySec=</varname></term>
- <listitem>
- <para>Specifies the delay before a link is enabled after a link up
- status has been detected. This value is rounded down to a multiple of
- MIIMonitorSec. The default value is 0.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>DownDelaySec=</varname></term>
- <listitem>
- <para>Specifies the delay before a link is disabled after a link down
- status has been detected. This value is rounded down to a multiple of
- MIIMonitorSec. The default value is 0.</para>
- </listitem>
- </varlistentry>
-
- </variablelist>
- </refsect1>
-
- <refsect1>
- <title>Example</title>
- <example>
- <title>/etc/systemd/network/bridge.netdev</title>
-
- <programlisting>[NetDev]
+ <refentryinfo>
+ <title>systemd.network</title>
+ <productname>systemd</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Tom</firstname>
+ <surname>Gundersen</surname>
+ <email>teg@jklm.no</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd.netdev</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd.netdev</refname>
+ <refpurpose>Virtual Network Device configuration</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>Network setup is performed by
+ <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ </para>
+
+ <para>Virtual Network Device files must have the extension
+ <filename>.netdev</filename>; other extensions are ignored.
+ Virtual network devices are created as soon as networkd is
+ started. If a netdev with the specified name already exists,
+ networkd will use that as-is rather than create its own. Note that
+ the settings of the pre-existing netdev will not be changed by
+ networkd.</para>
+
+ <para>The <filename>.netdev</filename> files are read from the
+ files located in the system network directory
+ <filename>/usr/lib/systemd/network</filename>, the volatile
+ runtime network directory
+ <filename>/run/systemd/network</filename> and the local
+ administration network directory
+ <filename>/etc/systemd/network</filename>. All configuration files
+ are collectively sorted and processed in lexical order, regardless
+ of the directories in which they live. However, files with
+ identical filenames replace each other. Files in
+ <filename>/etc</filename> have the highest priority, files in
+ <filename>/run</filename> take precedence over files with the same
+ name in <filename>/usr/lib</filename>. This can be used to
+ override a system-supplied configuration file with a local file if
+ needed; a symlink in <filename>/etc</filename> with the same name
+ as a configuration file in <filename>/usr/lib</filename>, pointing
+ to <filename>/dev/null</filename>, disables the configuration file
+ entirely.</para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>Supported netdev kinds</title>
+
+ <para>The following kinds of virtual network devices may be
+ configured in <filename>.netdev</filename> files:</para>
+
+ <table>
+ <title>Supported kinds of virtual network devices</title>
+
+ <tgroup cols='2'>
+ <colspec colname='kind' />
+ <colspec colname='explanation' />
+ <thead><row>
+ <entry>Kind</entry>
+ <entry>Description</entry>
+ </row></thead>
+ <tbody>
+ <row><entry><varname>bond</varname></entry>
+ <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
+
+ <row><entry><varname>bridge</varname></entry>
+ <entry>A bridge devcie is a software switch, each of its slave devices and the bridge itself are ports of the switch.</entry></row>
+
+ <row><entry><varname>dummy</varname></entry>
+ <entry>A dummy device drops all packets sent to it.</entry></row>
+
+ <row><entry><varname>gre</varname></entry>
+ <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
+
+ <row><entry><varname>gretap</varname></entry>
+ <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
+
+ <row><entry><varname>ip6gre</varname></entry>
+ <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
+
+ <row><entry><varname>ip6tnl</varname></entry>
+ <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
+
+ <row><entry><varname>ip6gretap</varname></entry>
+ <entry>An Level 2 GRE tunnel over IPv6.</entry></row>
+
+ <row><entry><varname>ipip</varname></entry>
+ <entry>An IPv4 over IPv4 tunnel.</entry></row>
+
+ <row><entry><varname>ipvlan</varname></entry>
+ <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
+
+ <row><entry><varname>macvlan</varname></entry>
+ <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
+
+ <row><entry><varname>sit</varname></entry>
+ <entry>An IPv6 over IPv4 tunnel.</entry></row>
+
+ <row><entry><varname>tap</varname></entry>
+ <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
+
+ <row><entry><varname>tun</varname></entry>
+ <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
+
+ <row><entry><varname>veth</varname></entry>
+ <entry>An ethernet tunnel between a pair of network devices.</entry></row>
+
+ <row><entry><varname>vlan</varname></entry>
+ <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
+
+ <row><entry><varname>vti</varname></entry>
+ <entry>An IPv4 over IPSec tunnel.</entry></row>
+
+ <row><entry><varname>vxlan</varname></entry>
+ <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[Match] Section Options</title>
+
+ <para>A virtual network device is only created if the
+ <literal>[Match]</literal> section matches the current
+ environment, or if the section is empty. The following keys are
+ accepted:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Host=</varname></term>
+ <listitem>
+ <para>Matches against the hostname or machine ID of the
+ host. See <literal>ConditionHost=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Virtualization=</varname></term>
+ <listitem>
+ <para>Checks whether the system is executed in a virtualized
+ environment and optionally test whether it is a specific
+ implementation. See
+ <literal>ConditionVirtualization=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>KernelCommandLine=</varname></term>
+ <listitem>
+ <para>Checks whether a specific kernel command line option
+ is set (or if prefixed with the exclamation mark unset). See
+ <literal>ConditionKernelCommandLine=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Architecture=</varname></term>
+ <listitem>
+ <para>Checks whether the system is running on a specific
+ architecture. See <literal>ConditionArchitecture=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[NetDev] Section Options</title>
+
+ <para>The <literal>[NetDev]</literal> section accepts the
+ following keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Description=</varname></term>
+ <listitem>
+ <para>A free-form description of the netdev.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Name=</varname></term>
+ <listitem>
+ <para>The interface name used when creating the netdev.
+ This option is compulsory.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Kind=</varname></term>
+ <listitem>
+ <para>The netdev kind. This option is compulsory. See the
+ <literal>Supported netdev kinds</literal> section for the
+ valid keys.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MTUBytes=</varname></term>
+ <listitem>
+ <para>The maximum transmission unit in bytes to set for
+ the device. The usual suffixes K, M, G, are supported and
+ are understood to the base of 1024. This key is not
+ currently suported for <literal>tun</literal> or
+ <literal>tap</literal> devices.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MACAddress=</varname></term>
+ <listitem>
+ <para>The MAC address to use for the device. If none is
+ given, one is generated based on the interface name and
+ the
+ <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ This key is not currently suported for
+ <literal>tun</literal> or <literal>tap</literal> devices.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>[VLAN] Section Options</title>
+
+ <para>The <literal>[VLAN]</literal> section only applies for
+ netdevs of kind <literal>vlan</literal>, and accepts the
+ following key:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Id=</varname></term>
+ <listitem>
+ <para>The VLAN ID to use. An integer in the range 0–4094.
+ This option is compulsory.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[MACVLAN] Section Options</title>
+
+ <para>The <literal>[MACVLAN]</literal> section only applies for
+ netdevs of kind <literal>macvlan</literal>, and accepts the
+ following key:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Mode=</varname></term>
+ <listitem>
+ <para>The MACVLAN mode to use. The supported options are
+ <literal>private</literal>,
+ <literal>vepa</literal>,
+ <literal>bridge</literal>, and
+ <literal>passthru</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[IPVLAN] Section Options</title>
+
+ <para>The <literal>[IPVLAN]</literal> section only applies for
+ netdevs of kind <literal>ipvlan</literal>, and accepts the
+ following key:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Mode=</varname></term>
+ <listitem>
+ <para>The IPVLAN mode to use. The supported options are
+ <literal>L2</literal> and <literal>L3</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[VXLAN] Section Options</title>
+ <para>The <literal>[VXLAN]</literal> section only applies for
+ netdevs of kind <literal>vxlan</literal>, and accepts the
+ following keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Id=</varname></term>
+ <listitem>
+ <para>The VXLAN ID to use.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Group=</varname></term>
+ <listitem>
+ <para>An assigned multicast group IP address.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TOS=</varname></term>
+ <listitem>
+ <para>The Type Of Service byte value for a vxlan interface.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TTL=</varname></term>
+ <listitem>
+ <para>A fixed Time To Live N on Virtual eXtensible Local
+ Area Network packets. N is a number in the range 1-255. 0
+ is a special value meaning that packets inherit the TTL
+ value.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MacLearning=</varname></term>
+ <listitem>
+ <para>A boolean. When true, enables dynamic MAC learning
+ to discover remote MAC addresses.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>FDBAgeingSec=</varname></term>
+ <listitem>
+ <para>The lifetime of Forwarding Database entry learnt by
+ the kernel in seconds.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ARPProxy=</varname></term>
+ <listitem>
+ <para>A boolean. When true, enables ARP proxy.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>L2MissNotification=</varname></term>
+ <listitem>
+ <para>A boolean. When true, enables netlink LLADDR miss
+ notifications.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>L3MissNotification=</varname></term>
+ <listitem>
+ <para>A boolean. When true, enables netlink IP ADDR miss
+ notifications.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>RouteShortCircuit=</varname></term>
+ <listitem>
+ <para>A boolean. When true route short circuit is turned
+ on.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>[Tunnel] Section Options</title>
+
+ <para>The <literal>[Tunnel]</literal> section only applies for
+ netdevs of kind
+ <literal>ipip</literal>,
+ <literal>sit</literal>,
+ <literal>gre</literal>,
+ <literal>gretap</literal>,
+ <literal>ip6gre</literal>,
+ <literal>ip6gretap</literal>,
+ <literal>vti</literal>, and
+ <literal>ip6tnl</literal> and accepts
+ the following keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Local=</varname></term>
+ <listitem>
+ <para>A static local address for tunneled packets. It must
+ be an address on another interface of this host.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Remote=</varname></term>
+ <listitem>
+ <para>The remote endpoint of the tunnel.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TOS=</varname></term>
+ <listitem>
+ <para>The Type Of Service byte value for a tunnel interface.
+ For details about the TOS see the
+ <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
+ Service in the Internet Protocol Suite </ulink> document.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TTL=</varname></term>
+ <listitem>
+ <para>A fixed Time To Live N on tunneled packets. N is a
+ number in the range 1-255. 0 is a special value meaning that
+ packets inherit the TTL value. The default value for IPv4
+ tunnels is: inherit. The default value for IPv6 tunnels is:
+ 64.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>DiscoverPathMTU=</varname></term>
+ <listitem>
+ <para>A boolean. When true, enables Path MTU Discovery on
+ the tunnel.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Mode=</varname></term>
+ <listitem>
+ <para>An <literal>ip6tnl</literal> tunnels can have three
+ modes
+ <literal>ip6ip6</literal> for IPv6 over IPv6,
+ <literal>ipip6</literal> for IPv4 over IPv6 or
+ <literal>any</literal> for either.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>[Peer] Section Options</title>
+
+ <para>The <literal>[Peer]</literal> section only applies for
+ netdevs of kind <literal>veth</literal> and accepts the
+ following key:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Name=</varname></term>
+ <listitem>
+ <para>The interface name used when creating the netdev.
+ This option is compulsory.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MACAddress=</varname></term>
+ <listitem>
+ <para>The peer MACAddress, if not set it is generated in
+ the same way as the MAC address of the main
+ interface.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>[Tun] Section Options</title>
+
+ <para>The <literal>[Tun]</literal> section only applies for
+ netdevs of kind <literal>tun</literal>, and accepts the following
+ keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>OneQueue=</varname></term>
+ <listitem><para>Takes a boolean argument. Configures whether
+ all packets are queued at the device (enabled), or a fixed
+ number of packets are queued at the device and the rest at the
+ <literal>qdisc</literal>. Defaults to
+ <literal>no</literal>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MultiQueue=</varname></term>
+ <listitem><para>Takes a boolean argument. Configures whether
+ to use multiple file descriptors (queues) to parallelize
+ packets sending and receiving. Defaults to
+ <literal>no</literal>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>PacketInfo=</varname></term>
+ <listitem><para>Takes a boolean argument. Configures whether
+ packets should be prepened with four extra bytes (two flag
+ bytes and two protocol bytes). If disabled it indicates that
+ the packets will be pure IP packets. Defaults to
+ <literal>no</literal>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>User=</varname></term>
+ <listitem><para>User to grant access to the
+ <filename>/dev/net/tun</filename> device.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Group=</varname></term>
+ <listitem><para>Group to grant access to the
+ <filename>/dev/net/tun</filename> device.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[Tap] Section Options</title>
+
+ <para>The <literal>[Tap]</literal> section only applies for
+ netdevs of kind <literal>tap</literal>, and accepts the same keys
+ as the <literal>[Tun]</literal> section.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>[Bond] Section Options</title>
+
+ <para>The <literal>[Bond]</literal> section accepts the following
+ key:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>Mode=</varname></term>
+ <listitem>
+ <para>Specifies one of the bonding policies. The default is
+ <literal>balance-rr</literal> (round robin). Possible values are
+ <literal>balance-rr</literal>,
+ <literal>active-backup</literal>,
+ <literal>balance-xor</literal>,
+ <literal>broadcast</literal>,
+ <literal>802.3ad</literal>,
+ <literal>balance-tlb</literal>, and
+ <literal>balance-alb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>TransmitHashPolicy=</varname></term>
+ <listitem>
+ <para>Selects the transmit hash policy to use for slave
+ selection in balance-xor, 802.3ad, and tlb modes. Possible
+ values are
+ <literal>layer2</literal>,
+ <literal>layer3+4</literal>,
+ <literal>layer2+3</literal>,
+ <literal>encap2+3</literal>,
+ <literal>802.3ad</literal>, and
+ <literal>encap3+4</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LACPTransmitRate=</varname></term>
+ <listitem>
+ <para>Specifies the rate with which link partner transmits
+ Link Aggregation Control Protocol Data Unit packets in
+ 802.3ad mode. Possible values are <literal>slow</literal>,
+ which requests partner to transmit LACPDUs every 30 seconds,
+ and <literal>fast</literal>, which requests partner to
+ transmit LACPDUs every second. The default value is
+ <literal>slow</literal>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>MIIMonitorSec=</varname></term>
+ <listitem>
+ <para>Specifies the frequency that Media Independent
+ Interface link monitoring will occur. A value of zero
+ disables MII link monitoring. This values is rounded down to
+ the nearest millisecond. The default value is 0.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>UpDelaySec=</varname></term>
+ <listitem>
+ <para>Specifies the delay before a link is enabled after a
+ link up status has been detected. This value is rounded down
+ to a multiple of MIIMonitorSec. The default value is
+ 0.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DownDelaySec=</varname></term>
+ <listitem>
+ <para>Specifies the delay before a link is disabled after a
+ link down status has been detected. This value is rounded
+ down to a multiple of MIIMonitorSec. The default value is
+ 0.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Example</title>
+ <example>
+ <title>/etc/systemd/network/bridge.netdev</title>
+
+ <programlisting>[NetDev]
Name=bridge0
Kind=bridge</programlisting>
- </example>
+ </example>
- <example>
- <title>/etc/systemd/network/vlan1.netdev</title>
+ <example>
+ <title>/etc/systemd/network/vlan1.netdev</title>
- <programlisting>[Match]
+ <programlisting>[Match]
Virtualization=no
[NetDev]
@@ -634,10 +672,10 @@ Kind=vlan
[VLAN]
Id=1</programlisting>
- </example>
- <example>
- <title>/etc/systemd/network/ipip.netdev</title>
- <programlisting>[NetDev]
+ </example>
+ <example>
+ <title>/etc/systemd/network/ipip.netdev</title>
+ <programlisting>[NetDev]
Name=ipip-tun
Kind=ipip
MTUBytes=1480
@@ -646,10 +684,10 @@ MTUBytes=1480
Local=192.168.223.238
Remote=192.169.224.239
TTL=64</programlisting>
- </example>
- <example>
- <title>/etc/systemd/network/tap.netdev</title>
- <programlisting>[NetDev]
+ </example>
+ <example>
+ <title>/etc/systemd/network/tap.netdev</title>
+ <programlisting>[NetDev]
Name=tap-test
Kind=tap
@@ -657,9 +695,9 @@ Kind=tap
MultiQueue=true
PacketInfo=true</programlisting> </example>
- <example>
- <title>/etc/systemd/network/sit.netdev</title>
- <programlisting>[NetDev]
+ <example>
+ <title>/etc/systemd/network/sit.netdev</title>
+ <programlisting>[NetDev]
Name=sit-tun
Kind=sit
MTUBytes=1480
@@ -667,11 +705,11 @@ MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239</programlisting>
- </example>
+ </example>
- <example>
- <title>/etc/systemd/network/gre.netdev</title>
- <programlisting>[NetDev]
+ <example>
+ <title>/etc/systemd/network/gre.netdev</title>
+ <programlisting>[NetDev]
Name=gre-tun
Kind=gre
MTUBytes=1480
@@ -679,12 +717,12 @@ MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239</programlisting>
- </example>
+ </example>
- <example>
- <title>/etc/systemd/network/vti.netdev</title>
+ <example>
+ <title>/etc/systemd/network/vti.netdev</title>
- <programlisting>[NetDev]
+ <programlisting>[NetDev]
Name=vti-tun
Kind=vti
MTUBytes=1480
@@ -692,35 +730,35 @@ MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239</programlisting>
- </example>
+ </example>
- <example>
- <title>/etc/systemd/network/veth.netdev</title>
- <programlisting>[NetDev]
+ <example>
+ <title>/etc/systemd/network/veth.netdev</title>
+ <programlisting>[NetDev]
Name=veth-test
Kind=veth
[Peer]
Name=veth-peer</programlisting>
- </example>
+ </example>
- <example>
- <title>/etc/systemd/network/dummy.netdev</title>
- <programlisting>[NetDev]
+ <example>
+ <title>/etc/systemd/network/dummy.netdev</title>
+ <programlisting>[NetDev]
Name=dummy-test
Kind=dummy
MACAddress=12:34:56:78:9a:bc</programlisting>
- </example>
-
- </refsect1>
- <refsect1>
- <title>See Also</title>
- <para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- </para>
- </refsect1>
+ </example>
+
+ </refsect1>
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ </para>
+ </refsect1>
</refentry>