]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: use same header for all files
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef 1<?xml version='1.0'?> <!--*-nxml-*-->
3a54a157 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
0307f791 4<!-- SPDX-License-Identifier: LGPL-2.1+ -->
eac684ef
TG		 5
6<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
7
798d3a52
ZJS		 8 <refentryinfo>
9 <title>systemd.network</title>
10 <productname>systemd</productname>
798d3a52
ZJS		 11 </refentryinfo>
12
13 <refmeta>
14 <refentrytitle>systemd.netdev</refentrytitle>
15 <manvolnum>5</manvolnum>
16 </refmeta>
17
18 <refnamediv>
19 <refname>systemd.netdev</refname>
20 <refpurpose>Virtual Network Device configuration</refpurpose>
21 </refnamediv>
22
23 <refsynopsisdiv>
24 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
25 </refsynopsisdiv>
26
27 <refsect1>
28 <title>Description</title>
29
30 <para>Network setup is performed by
31 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
32 </para>
33
bac150e9
ZJS		 34 <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
35 other extensions are ignored. Virtual network devices are created as soon as networkd is
36 started. If a netdev with the specified name already exists, networkd will use that as-is rather
37 than create its own. Note that the settings of the pre-existing netdev will not be changed by
798d3a52
ZJS		 38 networkd.</para>
39
bac150e9
ZJS		 40 <para>The <filename>.netdev</filename> files are read from the files located in the system
41 network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network
42 directory <filename>/run/systemd/network</filename> and the local administration network
43 directory <filename>/etc/systemd/network</filename>. All configuration files are collectively
44 sorted and processed in lexical order, regardless of the directories in which they live.
45 However, files with identical filenames replace each other. Files in <filename>/etc</filename>
46 have the highest priority, files in <filename>/run</filename> take precedence over files with
47 the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied
48 configuration file with a local file if needed. As a special case, an empty file (file size 0)
49 or symlink with the same name pointing to <filename>/dev/null</filename> disables the
50 configuration file entirely (it is "masked").</para>
51
52 <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
53 <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
54 from this directory will be parsed after the file itself is parsed. This is useful to alter or
55 add configuration settings, without having to modify the main configuration file. Each drop-in
56 file must have appropriate section headers.</para>
57
58 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
59 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
60 <filename>/run/systemd/network</filename> directories. Drop-in files in
61 <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn
62 take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these
63 directories take precedence over the main netdev file wherever located. (Of course, since
64 <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is
65 unlikely drop-ins should be used in either of those places.)</para>
798d3a52
ZJS		 66 </refsect1>
67
68 <refsect1>
69 <title>Supported netdev kinds</title>
70
71 <para>The following kinds of virtual network devices may be
72 configured in <filename>.netdev</filename> files:</para>
73
74 <table>
75 <title>Supported kinds of virtual network devices</title>
76
77 <tgroup cols='2'>
78 <colspec colname='kind' />
79 <colspec colname='explanation' />
80 <thead><row>
81 <entry>Kind</entry>
82 <entry>Description</entry>
83 </row></thead>
84 <tbody>
85 <row><entry><varname>bond</varname></entry>
86 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
87
88 <row><entry><varname>bridge</varname></entry>
a8eaaee7 89 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 90
91 <row><entry><varname>dummy</varname></entry>
92 <entry>A dummy device drops all packets sent to it.</entry></row>
93
94 <row><entry><varname>gre</varname></entry>
95 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
96
97 <row><entry><varname>gretap</varname></entry>
98 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
99
2266864b
SS		 100 <row><entry><varname>erspan</varname></entry>
101 <entry>ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch.
102 The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch
103 and the destination switch.</entry></row>
104
798d3a52
ZJS		 105 <row><entry><varname>ip6gre</varname></entry>
106 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
107
108 <row><entry><varname>ip6tnl</varname></entry>
109 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
110
111 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 112 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 113
114 <row><entry><varname>ipip</varname></entry>
115 <entry>An IPv4 over IPv4 tunnel.</entry></row>
116
117 <row><entry><varname>ipvlan</varname></entry>
118 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
119
120 <row><entry><varname>macvlan</varname></entry>
121 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
122
0371f2df
SS		 123 <row><entry><varname>macvtap</varname></entry>
124 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
125
798d3a52
ZJS		 126 <row><entry><varname>sit</varname></entry>
127 <entry>An IPv6 over IPv4 tunnel.</entry></row>
128
129 <row><entry><varname>tap</varname></entry>
130 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
131
132 <row><entry><varname>tun</varname></entry>
133 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
134
135 <row><entry><varname>veth</varname></entry>
a8eaaee7 136 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 137
138 <row><entry><varname>vlan</varname></entry>
139 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
140
141 <row><entry><varname>vti</varname></entry>
142 <entry>An IPv4 over IPSec tunnel.</entry></row>
143
5cc0748e
SS		 144 <row><entry><varname>vti6</varname></entry>
145 <entry>An IPv6 over IPSec tunnel.</entry></row>
146
798d3a52
ZJS		 147 <row><entry><varname>vxlan</varname></entry>
148 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d 149
6598e046
SS		 150 <row><entry><varname>geneve</varname></entry>
151 <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row>
152
3a56e697
SS		 153 <row><entry><varname>l2tp</varname></entry>
154 <entry>A Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself</entry></row>
155
20897a0d 156 <row><entry><varname>vrf</varname></entry>
92c918b0
SS		 157 <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
158
159 <row><entry><varname>vcan</varname></entry>
ba9fa3bc 160 <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
20897a0d 161
d6df583c
SS		 162 <row><entry><varname>vxcan</varname></entry>
163 <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication.
164 </entry></row>
165
e5719363
JT		 166 <row><entry><varname>wireguard</varname></entry>
167 <entry>WireGuard Secure Network Tunnel.</entry></row>
168
56e7fb50
SS		 169 <row><entry><varname>netdevsim</varname></entry>
170 <entry> A simulator. This simulated networking device is used for testing various networking APIs and at this time is particularly focused on testing hardware offloading related interfaces.</entry></row>
53cb501a
SS		 171
172 <row><entry><varname>fou</varname></entry>
173 <entry>Foo-over-UDP tunneling.</entry></row>
174
798d3a52
ZJS		 175 </tbody>
176 </tgroup>
177 </table>
178
179 </refsect1>
180
181 <refsect1>
182 <title>[Match] Section Options</title>
183
184 <para>A virtual network device is only created if the
185 <literal>[Match]</literal> section matches the current
186 environment, or if the section is empty. The following keys are
187 accepted:</para>
188
189 <variablelist class='network-directives'>
190 <varlistentry>
191 <term><varname>Host=</varname></term>
192 <listitem>
193 <para>Matches against the hostname or machine ID of the
194 host. See <literal>ConditionHost=</literal> in
195 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
196 for details.
197 </para>
198 </listitem>
199 </varlistentry>
200 <varlistentry>
201 <term><varname>Virtualization=</varname></term>
202 <listitem>
203 <para>Checks whether the system is executed in a virtualized
204 environment and optionally test whether it is a specific
205 implementation. See
206 <literal>ConditionVirtualization=</literal> in
207 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
208 for details.
209 </para>
210 </listitem>
211 </varlistentry>
212 <varlistentry>
213 <term><varname>KernelCommandLine=</varname></term>
214 <listitem>
215 <para>Checks whether a specific kernel command line option
216 is set (or if prefixed with the exclamation mark unset). See
217 <literal>ConditionKernelCommandLine=</literal> in
218 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
219 for details.
220 </para>
221 </listitem>
222 </varlistentry>
5022f08a
LP		 223 <varlistentry>
224 <term><varname>KernelVersion=</varname></term>
225 <listitem>
226 <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain
227 expression (or if prefixed with the exclamation mark does not match it). See
228 <literal>ConditionKernelVersion=</literal> in
229 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.
230 </para>
231 </listitem>
232 </varlistentry>
798d3a52
ZJS		 233 <varlistentry>
234 <term><varname>Architecture=</varname></term>
235 <listitem>
236 <para>Checks whether the system is running on a specific
237 architecture. See <literal>ConditionArchitecture=</literal> in
238 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
239 for details.
240 </para>
241 </listitem>
242 </varlistentry>
243 </variablelist>
244
245 </refsect1>
246
247 <refsect1>
248 <title>[NetDev] Section Options</title>
249
250 <para>The <literal>[NetDev]</literal> section accepts the
251 following keys:</para>
252
253 <variablelist class='network-directives'>
254 <varlistentry>
255 <term><varname>Description=</varname></term>
256 <listitem>
257 <para>A free-form description of the netdev.</para>
258 </listitem>
259 </varlistentry>
260 <varlistentry>
261 <term><varname>Name=</varname></term>
262 <listitem>
263 <para>The interface name used when creating the netdev.
264 This option is compulsory.</para>
265 </listitem>
266 </varlistentry>
267 <varlistentry>
268 <term><varname>Kind=</varname></term>
269 <listitem>
270 <para>The netdev kind. This option is compulsory. See the
271 <literal>Supported netdev kinds</literal> section for the
272 valid keys.</para>
273 </listitem>
274 </varlistentry>
275 <varlistentry>
276 <term><varname>MTUBytes=</varname></term>
277 <listitem>
48847676
YW		 278 <para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G,
279 are supported and are understood to the base of 1024. For <literal>tun</literal> or
280 <literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
281 <literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of
282 corresponding
283 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
284 files.</para>
798d3a52
ZJS		 285 </listitem>
286 </varlistentry>
287 <varlistentry>
288 <term><varname>MACAddress=</varname></term>
289 <listitem>
a61b550c
YW		 290 <para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal>
291 devices, setting <varname>MACAddress=</varname> in the <literal>[NetDev]</literal> section is not
292 supported. Please specify it in <literal>[Link]</literal> section of the corresponding
48847676 293 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
a61b550c
YW		 294 file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the
295 physical interface. For other kind of netdevs, if this option is not set, then MAC address is
296 generated based on the interface name and the
297 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
298 </para>
798d3a52
ZJS		 299 </listitem>
300 </varlistentry>
301 </variablelist>
302 </refsect1>
303
3428fe07
SS		 304 <refsect1>
305 <title>[Bridge] Section Options</title>
306
307 <para>The <literal>[Bridge]</literal> section only applies for
308 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 309 following keys:</para>
3428fe07
SS		 310
311 <variablelist class='network-directives'>
312 <varlistentry>
313 <term><varname>HelloTimeSec=</varname></term>
314 <listitem>
a8eaaee7 315 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 316 sent out by the root bridge and the designated bridges. Hello packets are
317 used to communicate information about the topology throughout the entire
318 bridged local area network.</para>
319 </listitem>
320 </varlistentry>
321 <varlistentry>
322 <term><varname>MaxAgeSec=</varname></term>
323 <listitem>
324 <para>MaxAgeSec specifies the number of seconds of maximum message age.
325 If the last seen (received) hello packet is more than this number of
326 seconds old, the bridge in question will start the takeover procedure
327 in attempt to become the Root Bridge itself.</para>
328 </listitem>
329 </varlistentry>
330 <varlistentry>
331 <term><varname>ForwardDelaySec=</varname></term>
332 <listitem>
333 <para>ForwardDelaySec specifies the number of seconds spent in each
334 of the Listening and Learning states before the Forwarding state is entered.</para>
335 </listitem>
336 </varlistentry>
c7440e74
TJ		 337 <varlistentry>
338 <term><varname>AgeingTimeSec=</varname></term>
339 <listitem>
340 <para>This specifies the number of seconds a MAC Address will be kept in
d23a0044 341 the forwarding database after having a packet received from this MAC Address.</para>
c7440e74
TJ		 342 </listitem>
343 </varlistentry>
344 <varlistentry>
345 <term><varname>Priority=</varname></term>
346 <listitem>
347 <para>The priority of the bridge. An integer between 0 and 65535. A lower value
348 means higher priority. The bridge having the lowest priority will be elected as root bridge.</para>
349 </listitem>
350 </varlistentry>
c4819961
JC		 351 <varlistentry>
352 <term><varname>GroupForwardMask=</varname></term>
353 <listitem>
354 <para>A 16-bit bitmask represented as an integer which allows forwarding of link
355 local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND
356 is performed between the specified bitmask and the exponentiation of 2^X, the
357 lower nibble of the last octet of the MAC address. For example, a value of 8
358 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para>
359 </listitem>
360 </varlistentry>
c7440e74
TJ		 361 <varlistentry>
362 <term><varname>DefaultPVID=</varname></term>
363 <listitem>
0d6c68eb
TJ		 364 <para>This specifies the default port VLAN ID of a newly attached bridge port.
365 Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para>
c7440e74
TJ		 366 </listitem>
367 </varlistentry>
3fef7a3f
SS		 368 <varlistentry>
369 <term><varname>MulticastQuerier=</varname></term>
370 <listitem>
9b6ffef3 371 <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
3fef7a3f
SS		 372 If enabled, the kernel will send general ICMP queries from a zero source address.
373 This feature should allow faster convergence on startup, but it causes some
374 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
025314d9 375 When unset, the kernel's default will be used.
3fef7a3f
SS		 376 </para>
377 </listitem>
378 </varlistentry>
6df6d898
SS		 379 <varlistentry>
380 <term><varname>MulticastSnooping=</varname></term>
381 <listitem>
9b6ffef3 382 <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
6df6d898 383 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
025314d9 384 between hosts and multicast routers. When unset, the kernel's default will be used.
6df6d898
SS		 385 </para>
386 </listitem>
387 </varlistentry>
c6f8d17d
TJ		 388 <varlistentry>
389 <term><varname>VLANFiltering=</varname></term>
390 <listitem>
9b6ffef3 391 <para>Takes a boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
025314d9 392 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's default will be used.
c6f8d17d
TJ		 393 </para>
394 </listitem>
395 </varlistentry>
b760a9af
SS		 396 <varlistentry>
397 <term><varname>STP=</varname></term>
398 <listitem>
9b6ffef3 399 <para>Takes a boolean. This enables the bridge's Spanning Tree Protocol (STP).
025314d9 400 When unset, the kernel's default will be used.
b760a9af
SS		 401 </para>
402 </listitem>
403 </varlistentry>
3428fe07 404 </variablelist>
3428fe07
SS		 405 </refsect1>
406
798d3a52
ZJS		 407 <refsect1>
408 <title>[VLAN] Section Options</title>
409
410 <para>The <literal>[VLAN]</literal> section only applies for
411 netdevs of kind <literal>vlan</literal>, and accepts the
412 following key:</para>
413
414 <variablelist class='network-directives'>
415 <varlistentry>
416 <term><varname>Id=</varname></term>
417 <listitem>
418 <para>The VLAN ID to use. An integer in the range 0–4094.
419 This option is compulsory.</para>
420 </listitem>
421 </varlistentry>
c8b21184
SS		 422 <varlistentry>
423 <term><varname>GVRP=</varname></term>
424 <listitem>
9b6ffef3
YW		 425 <para>Takes a boolean. The Generic VLAN Registration Protocol (GVRP) is a protocol that
426 allows automatic learning of VLANs on a network.
025314d9
YW		 427 When unset, the kernel's default will be used.
428 </para>
c8b21184
SS		 429 </listitem>
430 </varlistentry>
6c1ff21b
SS		 431 <varlistentry>
432 <term><varname>MVRP=</varname></term>
433 <listitem>
9b6ffef3 434 <para>Takes a boolean. Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN
6c1ff21b
SS		 435 Registration Protocol (GVRP) is a standards-based Layer 2 network protocol,
436 for automatic configuration of VLAN information on switches. It was defined
9b6ffef3 437 in the 802.1ak amendment to 802.1Q-2005. When unset, the kernel's default will be used.
025314d9 438 </para>
6c1ff21b
SS		 439 </listitem>
440 </varlistentry>
441 <varlistentry>
442 <term><varname>LooseBinding=</varname></term>
443 <listitem>
9b6ffef3 444 <para>Takes a boolean. The VLAN loose binding mode, in which only the operational state is passed
6c1ff21b 445 from the parent to the associated VLANs, but the VLAN device state is not changed.
9b6ffef3 446 When unset, the kernel's default will be used.</para>
6c1ff21b
SS		 447 </listitem>
448 </varlistentry>
449 <varlistentry>
450 <term><varname>ReorderHeader=</varname></term>
451 <listitem>
9b6ffef3
YW		 452 <para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
453 When unset, the kernel's default will be used.</para>
6c1ff21b
SS		 454 </listitem>
455 </varlistentry>
798d3a52 456 </variablelist>
798d3a52
ZJS		 457 </refsect1>
458
459 <refsect1>
460 <title>[MACVLAN] Section Options</title>
461
462 <para>The <literal>[MACVLAN]</literal> section only applies for
463 netdevs of kind <literal>macvlan</literal>, and accepts the
464 following key:</para>
465
466 <variablelist class='network-directives'>
467 <varlistentry>
468 <term><varname>Mode=</varname></term>
469 <listitem>
470 <para>The MACVLAN mode to use. The supported options are
471 <literal>private</literal>,
472 <literal>vepa</literal>,
473 <literal>bridge</literal>, and
474 <literal>passthru</literal>.
475 </para>
476 </listitem>
477 </varlistentry>
478 </variablelist>
479
480 </refsect1>
481
0371f2df
SS		 482 <refsect1>
483 <title>[MACVTAP] Section Options</title>
484
485 <para>The <literal>[MACVTAP]</literal> section applies for
486 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 487 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 488
489 </refsect1>
490
798d3a52
ZJS		 491 <refsect1>
492 <title>[IPVLAN] Section Options</title>
493
494 <para>The <literal>[IPVLAN]</literal> section only applies for
495 netdevs of kind <literal>ipvlan</literal>, and accepts the
496 following key:</para>
497
498 <variablelist class='network-directives'>
499 <varlistentry>
500 <term><varname>Mode=</varname></term>
501 <listitem>
502 <para>The IPVLAN mode to use. The supported options are
d384826f
SS		 503 <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>.
504 </para>
505 </listitem>
506 </varlistentry>
507 <varlistentry>
508 <term><varname>Flags=</varname></term>
509 <listitem>
510 <para>The IPVLAN flags to use. The supported options are
511 <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>.
798d3a52
ZJS		 512 </para>
513 </listitem>
514 </varlistentry>
515 </variablelist>
516
517 </refsect1>
518
519 <refsect1>
520 <title>[VXLAN] Section Options</title>
521 <para>The <literal>[VXLAN]</literal> section only applies for
522 netdevs of kind <literal>vxlan</literal>, and accepts the
523 following keys:</para>
524
525 <variablelist class='network-directives'>
526 <varlistentry>
527 <term><varname>Id=</varname></term>
528 <listitem>
529 <para>The VXLAN ID to use.</para>
530 </listitem>
531 </varlistentry>
532 <varlistentry>
d35e5d37 533 <term><varname>Remote=</varname></term>
798d3a52 534 <listitem>
bf443be9 535 <para>Configures destination IP address.</para>
798d3a52
ZJS		 536 </listitem>
537 </varlistentry>
538 <varlistentry>
d35e5d37
SS		 539 <term><varname>Local=</varname></term>
540 <listitem>
541 <para>Configures local IP address.</para>
542 </listitem>
543 </varlistentry>
544 <varlistentry>
798d3a52
ZJS		 545 <term><varname>TOS=</varname></term>
546 <listitem>
547 <para>The Type Of Service byte value for a vxlan interface.</para>
548 </listitem>
549 </varlistentry>
550 <varlistentry>
551 <term><varname>TTL=</varname></term>
552 <listitem>
553 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 554 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 555 is a special value meaning that packets inherit the TTL
556 value.</para>
557 </listitem>
558 </varlistentry>
559 <varlistentry>
560 <term><varname>MacLearning=</varname></term>
561 <listitem>
9b6ffef3 562 <para>Takes a boolean. When true, enables dynamic MAC learning
798d3a52
ZJS		 563 to discover remote MAC addresses.</para>
564 </listitem>
565 </varlistentry>
566 <varlistentry>
567 <term><varname>FDBAgeingSec=</varname></term>
568 <listitem>
569 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 570 the kernel, in seconds.</para>
798d3a52
ZJS		 571 </listitem>
572 </varlistentry>
573 <varlistentry>
3d276dd2
SS		 574 <term><varname>MaximumFDBEntries=</varname></term>
575 <listitem>
576 <para>Configures maximum number of FDB entries.</para>
577 </listitem>
578 </varlistentry>
798d3a52 579 <varlistentry>
7dd6974c 580 <term><varname>ReduceARPProxy=</varname></term>
798d3a52 581 <listitem>
9b6ffef3 582 <para>Takes a boolean. When true, bridge-connected VXLAN tunnel
7dd6974c
SS		 583 endpoint answers ARP requests from the local bridge on behalf
584 of remote Distributed Overlay Virtual Ethernet
585 <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet">
586 (DVOE)</ulink> clients. Defaults to false.</para>
798d3a52
ZJS		 587 </listitem>
588 </varlistentry>
589 <varlistentry>
590 <term><varname>L2MissNotification=</varname></term>
591 <listitem>
9b6ffef3 592 <para>Takes a boolean. When true, enables netlink LLADDR miss
798d3a52
ZJS		 593 notifications.</para>
594 </listitem>
595 </varlistentry>
596 <varlistentry>
597 <term><varname>L3MissNotification=</varname></term>
598 <listitem>
9b6ffef3 599 <para>Takes a boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 600 notifications.</para>
601 </listitem>
602 </varlistentry>
603 <varlistentry>
604 <term><varname>RouteShortCircuit=</varname></term>
605 <listitem>
9b6ffef3 606 <para>Takes a boolean. When true, route short circuiting is turned
798d3a52
ZJS		 607 on.</para>
608 </listitem>
609 </varlistentry>
cffacc74 610 <varlistentry>
53c06862 611 <term><varname>UDPChecksum=</varname></term>
cffacc74 612 <listitem>
9b6ffef3 613 <para>Takes a boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 614 </listitem>
615 </varlistentry>
616 <varlistentry>
617 <term><varname>UDP6ZeroChecksumTx=</varname></term>
618 <listitem>
9b6ffef3 619 <para>Takes a boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 620 </listitem>
621 </varlistentry>
622 <varlistentry>
53c06862 623 <term><varname>UDP6ZeroChecksumRx=</varname></term>
cffacc74 624 <listitem>
9b6ffef3 625 <para>Takes a boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
16441027
SS		 626 </listitem>
627 </varlistentry>
628 <varlistentry>
53c06862 629 <term><varname>RemoteChecksumTx=</varname></term>
16441027 630 <listitem>
9b6ffef3 631 <para>Takes a boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
16441027
SS		 632 </listitem>
633 </varlistentry>
634 <varlistentry>
53c06862 635 <term><varname>RemoteChecksumRx=</varname></term>
16441027 636 <listitem>
9b6ffef3 637 <para>Takes a boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
cffacc74
SS		 638 </listitem>
639 </varlistentry>
8b414e52
SS		 640 <varlistentry>
641 <term><varname>GroupPolicyExtension=</varname></term>
642 <listitem>
9b6ffef3 643 <para>Takes a boolean. When true, it enables Group Policy VXLAN extension security label mechanism
b938cb90 644 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 645 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
646 VXLAN Group Policy </ulink> document. Defaults to false.</para>
647 </listitem>
648 </varlistentry>
ea0288d1
SS		 649 <varlistentry>
650 <term><varname>DestinationPort=</varname></term>
651 <listitem>
652 <para>Configures the default destination UDP port on a per-device basis.
653 If destination port is not specified then Linux kernel default will be used.
98616735
SS		 654 Set destination port 4789 to get the IANA assigned value. If not set or if the
655 destination port is assigned the empty string the default port of 4789 is used.</para>
ea0288d1
SS		 656 </listitem>
657 </varlistentry>
658 <varlistentry>
659 <term><varname>PortRange=</varname></term>
660 <listitem>
661 <para>Configures VXLAN port range. VXLAN bases source
662 UDP port based on flow to help the receiver to be able
663 to load balance based on outer header flow. It
664 restricts the port range to the normal UDP local
665 ports, and allows overriding via configuration.</para>
666 </listitem>
667 </varlistentry>
d8653945
SS		 668 <varlistentry>
669 <term><varname>FlowLabel=</varname></term>
670 <listitem>
671 <para>Specifies the flow label to use in outgoing packets.
672 The valid range is 0-1048575.
673 </para>
674 </listitem>
675 </varlistentry>
798d3a52
ZJS		 676 </variablelist>
677 </refsect1>
6598e046
SS		 678 <refsect1>
679 <title>[GENEVE] Section Options</title>
680 <para>The <literal>[GENEVE]</literal> section only applies for
681 netdevs of kind <literal>geneve</literal>, and accepts the
682 following keys:</para>
683
684 <variablelist class='network-directives'>
685 <varlistentry>
686 <term><varname>Id=</varname></term>
687 <listitem>
785889e5 688 <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para>
6598e046
SS		 689 </listitem>
690 </varlistentry>
691 <varlistentry>
692 <term><varname>Remote=</varname></term>
693 <listitem>
694 <para>Specifies the unicast destination IP address to use in outgoing packets.</para>
695 </listitem>
696 </varlistentry>
697 <varlistentry>
698 <term><varname>TOS=</varname></term>
699 <listitem>
98616735 700 <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 701 </listitem>
702 </varlistentry>
703 <varlistentry>
704 <term><varname>TTL=</varname></term>
705 <listitem>
98616735 706 <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 707 </listitem>
708 </varlistentry>
709 <varlistentry>
710 <term><varname>UDPChecksum=</varname></term>
711 <listitem>
9b6ffef3 712 <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
6598e046
SS		 713 </listitem>
714 </varlistentry>
715 <varlistentry>
716 <term><varname>UDP6ZeroChecksumTx=</varname></term>
717 <listitem>
9b6ffef3 718 <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
6598e046
SS		 719 </listitem>
720 </varlistentry>
721 <varlistentry>
722 <term><varname>UDP6ZeroChecksumRx=</varname></term>
723 <listitem>
9b6ffef3 724 <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
6598e046
SS		 725 </listitem>
726 </varlistentry>
727 <varlistentry>
728 <term><varname>DestinationPort=</varname></term>
729 <listitem>
98616735
SS		 730 <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default
731 port of 6081 is used.</para>
6598e046
SS		 732 </listitem>
733 </varlistentry>
734 <varlistentry>
735 <term><varname>FlowLabel=</varname></term>
736 <listitem>
737 <para>Specifies the flow label to use in outgoing packets.</para>
738 </listitem>
739 </varlistentry>
740 </variablelist>
741 </refsect1>
3a56e697
SS		 742 <refsect1>
743 <title>[L2TP] Section Options</title>
744 <para>The <literal>[L2TP]</literal> section only applies for
745 netdevs of kind <literal>l2tp</literal>, and accepts the
746 following keys:</para>
747
748 <variablelist class='network-directives'>
749 <varlistentry>
750 <term><varname>TunnelId=</varname></term>
751 <listitem>
752 <para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
753 Ranges a number between 1 and 4294967295). This option is compulsory.</para>
754 </listitem>
755 </varlistentry>
756 <varlistentry>
757 <term><varname>PeerTunnelId=</varname></term>
758 <listitem>
759 <para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer.
760 Ranges a number between 1 and 4294967295). This option is compulsory.</para>
761 </listitem>
762 </varlistentry>
763 <varlistentry>
764 <term><varname>Remote=</varname></term>
765 <listitem>
766 <para>Specifies the IP address of the remote peer. This option is compulsory.</para>
767 </listitem>
768 </varlistentry>
769 <varlistentry>
770 <term><varname>Local=</varname></term>
771 <listitem>
d053d08a
YW		 772 <para>Specifies the IP address of the local interface. Takes an IP address, or the special values
773 <literal>auto</literal>, <literal>static</literal>, or <literal>dynamic</literal>. When an address
774 is set, then the local interface must have the address. If <literal>auto</literal>, then one of the
775 addresses on the local interface is used. Similarly, if <literal>static</literal> or
776 <literal>dynamic</literal> is set, then one of the static or dynamic addresses on the local
777 interface is used. Defaults to <literal>auto</literal>.</para>
3a56e697
SS		 778 </listitem>
779 </varlistentry>
780 <varlistentry>
781 <term><varname>EncapsulationType=</varname></term>
782 <listitem>
783 <para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para>
784 </listitem>
785 </varlistentry>
786 <varlistentry>
787 <term><varname>UDPSourcePort=</varname></term>
788 <listitem>
789 <para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip
790 encapsulation is selected.</para>
791 </listitem>
792 </varlistentry>
793 <varlistentry>
794 <term><varname>DestinationPort=</varname></term>
795 <listitem>
796 <para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip
797 encapsulation is selected.</para>
798 </listitem>
799 </varlistentry>
800 <varlistentry>
801 <term><varname>UDPChecksum=</varname></term>
802 <listitem>
803 <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
804 </listitem>
805 </varlistentry>
806 <varlistentry>
807 <term><varname>UDP6ZeroChecksumTx=</varname></term>
808 <listitem>
809 <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
810 </listitem>
811 </varlistentry>
812 <varlistentry>
813 <term><varname>UDP6ZeroChecksumRx=</varname></term>
814 <listitem>
815 <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
816 </listitem>
817 </varlistentry>
818 </variablelist>
819 </refsect1>
820 <refsect1>
821 <title>[L2TPSession] Section Options</title>
822 <para>The <literal>[L2TPSession]</literal> section only applies for
823 netdevs of kind <literal>l2tp</literal>, and accepts the
824 following keys:</para>
825 <variablelist class='network-directives'>
826 <varlistentry>
827 <term><varname>Name=</varname></term>
828 <listitem>
829 <para>Specifies the name of the sesssion. This option is compulsory.</para>
830 </listitem>
831 </varlistentry>
832 <varlistentry>
833 <term><varname>SessionId=</varname></term>
834 <listitem>
835 <para>Specifies the sesssion id. The value used must match the <literal>SessionId=</literal> value being used at the peer.
836 Ranges a number between 1 and 4294967295). This option is compulsory.</para>
837 </listitem>
838 </varlistentry>
839 <varlistentry>
840 <term><varname>PeerSessionId=</varname></term>
841 <listitem>
842 <para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
843 Ranges a number between 1 and 4294967295). This option is compulsory.</para>
844 </listitem>
845 </varlistentry>
846 <varlistentry>
847 <term><varname>Layer2SpecificHeader=</varname></term>
848 <listitem>
849 <para>Specifies layer2specific header type of the session. One of <literal>none</literal> or <literal>default</literal>. Defaults to <literal>default</literal>.</para>
850 </listitem>
851 </varlistentry>
852 </variablelist>
853 </refsect1>
798d3a52
ZJS		 854 <refsect1>
855 <title>[Tunnel] Section Options</title>
856
857 <para>The <literal>[Tunnel]</literal> section only applies for
858 netdevs of kind
859 <literal>ipip</literal>,
860 <literal>sit</literal>,
861 <literal>gre</literal>,
862 <literal>gretap</literal>,
863 <literal>ip6gre</literal>,
864 <literal>ip6gretap</literal>,
5cc0748e 865 <literal>vti</literal>,
af555aa3
YW		 866 <literal>vti6</literal>,
867 <literal>ip6tnl</literal>, and
868 <literal>erspan</literal> and accepts
798d3a52
ZJS		 869 the following keys:</para>
870
871 <variablelist class='network-directives'>
872 <varlistentry>
873 <term><varname>Local=</varname></term>
874 <listitem>
875 <para>A static local address for tunneled packets. It must
876 be an address on another interface of this host.</para>
877 </listitem>
878 </varlistentry>
879 <varlistentry>
880 <term><varname>Remote=</varname></term>
881 <listitem>
882 <para>The remote endpoint of the tunnel.</para>
883 </listitem>
884 </varlistentry>
885 <varlistentry>
886 <term><varname>TOS=</varname></term>
887 <listitem>
888 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 889 For details about the TOS, see the
798d3a52
ZJS		 890 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
891 Service in the Internet Protocol Suite </ulink> document.
892 </para>
893 </listitem>
894 </varlistentry>
895 <varlistentry>
896 <term><varname>TTL=</varname></term>
897 <listitem>
898 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 899 number in the range 1–255. 0 is a special value meaning that
798d3a52 900 packets inherit the TTL value. The default value for IPv4
b938cb90 901 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 902 64.</para>
903 </listitem>
904 </varlistentry>
905 <varlistentry>
906 <term><varname>DiscoverPathMTU=</varname></term>
907 <listitem>
9b6ffef3 908 <para>Takes a boolean. When true, enables Path MTU Discovery on
798d3a52
ZJS		 909 the tunnel.</para>
910 </listitem>
911 </varlistentry>
276de526
SS		 912 <varlistentry>
913 <term><varname>IPv6FlowLabel=</varname></term>
914 <listitem>
a8eaaee7 915 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 916 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 917 RFC 2460</ulink>), which is used by a node to label packets of a flow.
918 It is only used for IPv6 tunnels.
919 A flow label of zero is used to indicate packets that have
920 not been labeled.
921 It can be configured to a value in the range 0–0xFFFFF, or be
922 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 923 </listitem>
924 </varlistentry>
9b0ca30a 925 <varlistentry>
a9b70f9d 926 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 927 <listitem>
9b6ffef3 928 <para>Takes a boolean. When true, the Differentiated Service Code
3cf4bcab 929 Point (DSCP) field will be copied to the inner header from
a9b70f9d 930 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 931 packet. DSCP is a field in an IP packet that enables different
932 levels of service to be assigned to network traffic.
933 Defaults to <literal>no</literal>.
9b0ca30a
SS		 934 </para>
935 </listitem>
936 </varlistentry>
dae398a8
SS		 937 <varlistentry>
938 <term><varname>EncapsulationLimit=</varname></term>
939 <listitem>
940 <para>The Tunnel Encapsulation Limit option specifies how many additional
941 levels of encapsulation are permitted to be prepended to the packet.
942 For example, a Tunnel Encapsulation Limit option containing a limit
943 value of zero means that a packet carrying that option may not enter
944 another tunnel before exiting the current tunnel.
945 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 946 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 947 </para>
948 </listitem>
949 </varlistentry>
1d710029
SS		 950 <varlistentry>
951 <term><varname>Key=</varname></term>
952 <listitem>
953 <para>The <varname>Key=</varname> parameter specifies the same key to use in
954 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
955 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
956 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
957 and control path) in ip xfrm (framework used to implement IPsec protocol).
958 See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
e306f2df 959 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
1d710029
SS		 960 tunnels.</para>
961 </listitem>
962 </varlistentry>
963 <varlistentry>
964 <term><varname>InputKey=</varname></term>
965 <listitem>
966 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
967 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
968 </listitem>
969 </varlistentry>
970 <varlistentry>
971 <term><varname>OutputKey=</varname></term>
972 <listitem>
973 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
974 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
975 </listitem>
976 </varlistentry>
798d3a52
ZJS		 977 <varlistentry>
978 <term><varname>Mode=</varname></term>
979 <listitem>
a8eaaee7 980 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 981 modes
982 <literal>ip6ip6</literal> for IPv6 over IPv6,
983 <literal>ipip6</literal> for IPv4 over IPv6 or
984 <literal>any</literal> for either.
985 </para>
986 </listitem>
987 </varlistentry>
4d7fa6de
SS		 988 <varlistentry>
989 <term><varname>Independent=</varname></term>
990 <listitem>
9b6ffef3 991 <para>Takes a boolean. When true tunnel does not require .network file. Created as "tunnel@NONE".
4d7fa6de
SS		 992 Defaults to <literal>false</literal>.
993 </para>
994 </listitem>
995 </varlistentry>
3a4f3e42
SS		 996 <varlistentry>
997 <term><varname>AllowLocalRemote=</varname></term>
998 <listitem>
9b6ffef3 999 <para>Takes a boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
025314d9 1000 When unset, the kernel's default will be used.
3a4f3e42
SS		 1001 </para>
1002 </listitem>
1003 </varlistentry>
53cb501a
SS		 1004 <varlistentry>
1005 <term><varname>FooOverUDP=</varname></term>
1006 <listitem>
9b6ffef3 1007 <para>Takes a boolean. Specifies whether <varname>FooOverUDP=</varname> tunnel is to be configured.
53cb501a
SS		 1008 Defaults to false. For more detail information see
1009 <ulink url="https://lwn.net/Articles/614348">Foo over UDP</ulink></para>
1010 </listitem>
1011 </varlistentry>
1012 <varlistentry>
1013 <term><varname>FOUDestinationPort=</varname></term>
1014 <listitem>
6f520e74 1015 <para>This setting specifies the UDP destination port for encapsulation.
53cb501a
SS		 1016 This field is mandatory and is not set by default.</para>
1017 </listitem>
1018 </varlistentry>
1019 <varlistentry>
1020 <term><varname>FOUSourcePort=</varname></term>
1021 <listitem>
6f520e74
ZJS		 1022 <para>This setting specifies the UDP source port for encapsulation. Defaults to <constant>0</constant>
1023 — that is, the source port for packets is left to the network stack to decide.</para>
53cb501a
SS		 1024 </listitem>
1025 </varlistentry>
1026 <varlistentry>
1027 <term><varname>Encapsulation=</varname></term>
1028 <listitem>
1029 <para>Accepts the same key as <literal>[FooOverUDP]</literal></para>
1030 </listitem>
1031 </varlistentry>
d067cab3
DA		 1032 <varlistentry>
1033 <term><varname>IPv6RapidDeploymentPrefix=</varname></term>
1034 <listitem>
1035 <para>Reconfigure the tunnel for <ulink url="https://tools.ietf.org/html/rfc5569">IPv6 Rapid
1036 Deployment</ulink>, also known as 6rd. The value is an ISP-specific IPv6 prefix with a non-zero length. Only
1037 applicable to SIT tunnels.</para>
1038 </listitem>
1039 </varlistentry>
918049ad
SS		 1040 <varlistentry>
1041 <term><varname>ISATAP=</varname></term>
1042 <listitem>
1043 <para>Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel.
1044 Only applicable to SIT tunnels. When unset, the kernel's default will be used.</para>
1045 </listitem>
1046 </varlistentry>
2266864b
SS		 1047 <varlistentry>
1048 <term><varname>SerializeTunneledPackets=</varname></term>
1049 <listitem>
9b6ffef3 1050 <para>Takes a boolean. If set to yes, then packets are serialized. Only applies for ERSPAN tunnel.
025314d9 1051 When unset, the kernel's default will be used.
2266864b
SS		 1052 </para>
1053 </listitem>
1054 </varlistentry>
1055 <varlistentry>
1056 <term><varname>ERSPANIndex=</varname></term>
1057 <listitem>
1058 <para>Specifies the ERSPAN index field for the interface, an integer in the range 1-1048575 associated with
1059 the ERSPAN traffic's source port and direction. This field is mandatory.
1060 </para>
1061 </listitem>
1062 </varlistentry>
798d3a52
ZJS		 1063 </variablelist>
1064 </refsect1>
53cb501a
SS		 1065
1066 <refsect1>
1067 <title>[FooOverUDP] Section Options</title>
1068
1069 <para>The <literal>[FooOverUDP]</literal> section only applies for
1070 netdevs of kind <literal>fou</literal> and accepts the
1071 following keys:</para>
1072
1073 <variablelist class='network-directives'>
1074 <varlistentry>
1075 <term><varname>Protocol=</varname></term>
1076 <listitem>
1077 <para>The <varname>Protocol=</varname> specifies the protocol number of the
1078 packets arriving at the UDP port. This field is mandatory and is not set by default. Valid range is 1-255.</para>
1079 </listitem>
1080 </varlistentry>
1081 <varlistentry>
1082 <term><varname>Encapsulation=</varname></term>
1083 <listitem>
1084 <para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values:
1085
1086 <literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates
1087 packets directly in the UDP payload.
1088 <literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP
1089 protocol and optional data as part of the encapsulation.
1090 For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>.
1091 Defaults to <literal>FooOverUDP</literal>.
1092 </para>
1093 </listitem>
1094 </varlistentry>
1095 <varlistentry>
1096 <term><varname>Port=</varname></term>
1097 <listitem>
1098 <para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets
1099 will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead
1100 for delivery to the real destination. This option is mandatory.</para>
1101 </listitem>
1102 </varlistentry>
1103 </variablelist>
1104 </refsect1>
798d3a52
ZJS		 1105 <refsect1>
1106 <title>[Peer] Section Options</title>
1107
1108 <para>The <literal>[Peer]</literal> section only applies for
1109 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 1110 following keys:</para>
798d3a52
ZJS		 1111
1112 <variablelist class='network-directives'>
1113 <varlistentry>
1114 <term><varname>Name=</varname></term>
1115 <listitem>
1116 <para>The interface name used when creating the netdev.
1117 This option is compulsory.</para>
1118 </listitem>
1119 </varlistentry>
1120 <varlistentry>
1121 <term><varname>MACAddress=</varname></term>
1122 <listitem>
b938cb90 1123 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 1124 the same way as the MAC address of the main
1125 interface.</para>
1126 </listitem>
1127 </varlistentry>
1128 </variablelist>
1129 </refsect1>
d6df583c
SS		 1130 <refsect1>
1131 <title>[VXCAN] Section Options</title>
1132 <para>The <literal>[VXCAN]</literal> section only applies for
1133 netdevs of kind <literal>vxcan</literal> and accepts the
1134 following key:</para>
1135
1136 <variablelist class='network-directives'>
1137 <varlistentry>
1138 <term><varname>Peer=</varname></term>
1139 <listitem>
1140 <para>The peer interface name used when creating the netdev.
1141 This option is compulsory.</para>
1142 </listitem>
1143 </varlistentry>
1144 </variablelist>
1145 </refsect1>
798d3a52
ZJS		 1146 <refsect1>
1147 <title>[Tun] Section Options</title>
1148
1149 <para>The <literal>[Tun]</literal> section only applies for
1150 netdevs of kind <literal>tun</literal>, and accepts the following
1151 keys:</para>
1152
1153 <variablelist class='network-directives'>
1154 <varlistentry>
1155 <term><varname>OneQueue=</varname></term>
9b6ffef3 1156 <listitem><para>Takes a boolean. Configures whether
798d3a52
ZJS		 1157 all packets are queued at the device (enabled), or a fixed
1158 number of packets are queued at the device and the rest at the
1159 <literal>qdisc</literal>. Defaults to
1160 <literal>no</literal>.</para>
1161 </listitem>
1162 </varlistentry>
1163 <varlistentry>
1164 <term><varname>MultiQueue=</varname></term>
9b6ffef3 1165 <listitem><para>Takes a boolean. Configures whether
798d3a52
ZJS		 1166 to use multiple file descriptors (queues) to parallelize
1167 packets sending and receiving. Defaults to
1168 <literal>no</literal>.</para>
1169 </listitem>
1170 </varlistentry>
1171 <varlistentry>
1172 <term><varname>PacketInfo=</varname></term>
9b6ffef3 1173 <listitem><para>Takes a boolean. Configures whether
ff9b60f3 1174 packets should be prepended with four extra bytes (two flag
b938cb90 1175 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 1176 the packets will be pure IP packets. Defaults to
1177 <literal>no</literal>.</para>
1178 </listitem>
1179 </varlistentry>
43f78da4 1180 <varlistentry>
2aba142e 1181 <term><varname>VNetHeader=</varname></term>
9b6ffef3 1182 <listitem><para>Takes a boolean. Configures
43f78da4
SS		 1183 IFF_VNET_HDR flag for a tap device. It allows sending
1184 and receiving larger Generic Segmentation Offload (GSO)
1185 packets. This may increase throughput significantly.
1186 Defaults to
1187 <literal>no</literal>.</para>
1188 </listitem>
1189 </varlistentry>
798d3a52
ZJS		 1190 <varlistentry>
1191 <term><varname>User=</varname></term>
1192 <listitem><para>User to grant access to the
1193 <filename>/dev/net/tun</filename> device.</para>
1194 </listitem>
1195 </varlistentry>
1196 <varlistentry>
1197 <term><varname>Group=</varname></term>
1198 <listitem><para>Group to grant access to the
1199 <filename>/dev/net/tun</filename> device.</para>
1200 </listitem>
1201 </varlistentry>
1202
1203 </variablelist>
1204
1205 </refsect1>
1206
1207 <refsect1>
1208 <title>[Tap] Section Options</title>
1209
1210 <para>The <literal>[Tap]</literal> section only applies for
1211 netdevs of kind <literal>tap</literal>, and accepts the same keys
1212 as the <literal>[Tun]</literal> section.</para>
1213 </refsect1>
1214
e5719363
JT		 1215 <refsect1>
1216 <title>[WireGuard] Section Options</title>
1217
1218 <para>The <literal>[WireGuard]</literal> section accepts the following
1219 keys:</para>
1220
1221 <variablelist class='network-directives'>
1222 <varlistentry>
1223 <term><varname>PrivateKey=</varname></term>
1224 <listitem>
1225 <para>The Base64 encoded private key for the interface. It can be
1226 generated using the <command>wg genkey</command> command
1227 (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
76df7779 1228 This option or <varname>PrivateKeyFile=</varname> is mandatory to use WireGuard.
a8d6dbed 1229 Note that because this information is secret, you may want to set
bd277f53 1230 the permissions of the .netdev file to be owned by <literal>root:systemd-network</literal>
a8d6dbed 1231 with a <literal>0640</literal> file mode.</para>
e5719363
JT		 1232 </listitem>
1233 </varlistentry>
76df7779
YW		 1234 <varlistentry>
1235 <term><varname>PrivateKeyFile=</varname></term>
1236 <listitem>
1237 <para>Takes a absolute path to a file which contains the Base64 encoded private key for the interface.
1238 If both <varname>PrivateKey=</varname> and <varname>PrivateKeyFile=</varname> are specified, and if
1239 the file specified in <varname>PrivateKeyFile=</varname> contains valid wireguard key, then
1240 the key provided by <varname>PrivateKey=</varname> is ignored.
1241 Note that the file must be readable by the user <literal>systemd-network</literal>, so it
1242 should be, e.g., owned by <literal>root:systemd-network</literal> with a
1243 <literal>0640</literal> file mode.</para>
1244 </listitem>
1245 </varlistentry>
e5719363
JT		 1246 <varlistentry>
1247 <term><varname>ListenPort=</varname></term>
1248 <listitem>
1249 <para>Sets UDP port for listening. Takes either value between 1 and 65535
1250 or <literal>auto</literal>. If <literal>auto</literal> is specified,
1251 the port is automatically generated based on interface name.
1252 Defaults to <literal>auto</literal>.</para>
1253 </listitem>
1254 </varlistentry>
1255 <varlistentry>
1256 <term><varname>FwMark=</varname></term>
1257 <listitem>
3209474f 1258 <para>Sets a firewall mark on outgoing WireGuard packets from this interface.</para>
e5719363
JT		 1259 </listitem>
1260 </varlistentry>
1261 </variablelist>
1262 </refsect1>
1263
1264 <refsect1>
1265 <title>[WireGuardPeer] Section Options</title>
1266
1267 <para>The <literal>[WireGuardPeer]</literal> section accepts the following
1268 keys:</para>
1269
1270 <variablelist class='network-directives'>
1271 <varlistentry>
1272 <term><varname>PublicKey=</varname></term>
1273 <listitem>
1274 <para>Sets a Base64 encoded public key calculated by <command>wg pubkey</command>
1275 (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
1276 from a private key, and usually transmitted out of band to the
1277 author of the configuration file. This option is mandatory for this
1278 section.</para>
1279 </listitem>
1280 </varlistentry>
1281 <varlistentry>
1282 <term><varname>PresharedKey=</varname></term>
1283 <listitem>
1284 <para>Optional preshared key for the interface. It can be generated
1285 by the <command>wg genpsk</command> command. This option adds an
1286 additional layer of symmetric-key cryptography to be mixed into the
1287 already existing public-key cryptography, for post-quantum
a8d6dbed
JD		 1288 resistance.
1289 Note that because this information is secret, you may want to set
1290 the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal>
1291 with a <literal>0640</literal> file mode.</para>
e5719363
JT		 1292 </listitem>
1293 </varlistentry>
1294 <varlistentry>
1295 <term><varname>AllowedIPs=</varname></term>
1296 <listitem>
1297 <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks
1298 from which this peer is allowed to send incoming traffic and to
1299 which outgoing traffic for this peer is directed. The catch-all
1300 0.0.0.0/0 may be specified for matching all IPv4 addresses, and
1301 ::/0 may be specified for matching all IPv6 addresses. </para>
1302 </listitem>
1303 </varlistentry>
1304 <varlistentry>
1305 <term><varname>Endpoint=</varname></term>
1306 <listitem>
1307 <para>Sets an endpoint IP address or hostname, followed by a colon, and then
1308 a port number. This endpoint will be updated automatically once to
1309 the most recent source IP address and port of correctly
1310 authenticated packets from the peer at configuration time.</para>
1311 </listitem>
1312 </varlistentry>
1313 <varlistentry>
1314 <term><varname>PersistentKeepalive=</varname></term>
1315 <listitem>
1316 <para>Sets a seconds interval, between 1 and 65535 inclusive, of how often
1317 to send an authenticated empty packet to the peer for the purpose
1318 of keeping a stateful firewall or NAT mapping valid persistently.
1319 For example, if the interface very rarely sends traffic, but it
1320 might at anytime receive traffic from a peer, and it is behind NAT,
1321 the interface might benefit from having a persistent keepalive
1322 interval of 25 seconds. If set to 0 or "off", this option is
1323 disabled. By default or when unspecified, this option is off.
1324 Most users will not need this.</para>
1325 </listitem>
1326 </varlistentry>
1327 </variablelist>
1328 </refsect1>
1329
798d3a52
ZJS		 1330 <refsect1>
1331 <title>[Bond] Section Options</title>
1332
1333 <para>The <literal>[Bond]</literal> section accepts the following
1334 key:</para>
1335
1336 <variablelist class='network-directives'>
1337 <varlistentry>
1338 <term><varname>Mode=</varname></term>
1339 <listitem>
1340 <para>Specifies one of the bonding policies. The default is
1341 <literal>balance-rr</literal> (round robin). Possible values are
1342 <literal>balance-rr</literal>,
1343 <literal>active-backup</literal>,
1344 <literal>balance-xor</literal>,
1345 <literal>broadcast</literal>,
1346 <literal>802.3ad</literal>,
1347 <literal>balance-tlb</literal>, and
1348 <literal>balance-alb</literal>.
1349 </para>
1350 </listitem>
1351 </varlistentry>
1352
1353 <varlistentry>
1354 <term><varname>TransmitHashPolicy=</varname></term>
1355 <listitem>
1356 <para>Selects the transmit hash policy to use for slave
1357 selection in balance-xor, 802.3ad, and tlb modes. Possible
1358 values are
1359 <literal>layer2</literal>,
1360 <literal>layer3+4</literal>,
1361 <literal>layer2+3</literal>,
4d89618a 1362 <literal>encap2+3</literal>, and
798d3a52
ZJS		 1363 <literal>encap3+4</literal>.
1364 </para>
1365 </listitem>
1366 </varlistentry>
1367
1368 <varlistentry>
1369 <term><varname>LACPTransmitRate=</varname></term>
1370 <listitem>
1371 <para>Specifies the rate with which link partner transmits
1372 Link Aggregation Control Protocol Data Unit packets in
1373 802.3ad mode. Possible values are <literal>slow</literal>,
1374 which requests partner to transmit LACPDUs every 30 seconds,
1375 and <literal>fast</literal>, which requests partner to
1376 transmit LACPDUs every second. The default value is
1377 <literal>slow</literal>.</para>
1378 </listitem>
1379 </varlistentry>
1380
1381 <varlistentry>
1382 <term><varname>MIIMonitorSec=</varname></term>
1383 <listitem>
1384 <para>Specifies the frequency that Media Independent
1385 Interface link monitoring will occur. A value of zero
dd2b607b 1386 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 1387 the nearest millisecond. The default value is 0.</para>
1388 </listitem>
1389 </varlistentry>
1390
1391 <varlistentry>
1392 <term><varname>UpDelaySec=</varname></term>
1393 <listitem>
1394 <para>Specifies the delay before a link is enabled after a
1395 link up status has been detected. This value is rounded down
1396 to a multiple of MIIMonitorSec. The default value is
1397 0.</para>
1398 </listitem>
1399 </varlistentry>
1400
1401 <varlistentry>
1402 <term><varname>DownDelaySec=</varname></term>
1403 <listitem>
1404 <para>Specifies the delay before a link is disabled after a
1405 link down status has been detected. This value is rounded
1406 down to a multiple of MIIMonitorSec. The default value is
1407 0.</para>
1408 </listitem>
1409 </varlistentry>
1410
81bd37a8 1411 <varlistentry>
38422da7 1412 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 1413 <listitem>
1414 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 1415 driver sends learning packets to each slave peer switch.
1416 The valid range is 1–0x7fffffff; the default value is 1. This option
1417 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 1418 </listitem>
1419 </varlistentry>
1420
1421 <varlistentry>
1422 <term><varname>AdSelect=</varname></term>
1423 <listitem>
1424 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
1425 <literal>stable</literal>,
a8eaaee7
JE		 1426 <literal>bandwidth</literal> and
1427 <literal>count</literal>.
81bd37a8
SS		 1428 </para>
1429 </listitem>
1430 </varlistentry>
1431
99f68ef0 1432 <varlistentry>
db688b7e 1433 <term><varname>AdActorSystemPriority=</varname></term>
99f68ef0 1434 <listitem>
db688b7e 1435 <para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para>
99f68ef0
TJ		 1436 </listitem>
1437 </varlistentry>
1438
1439 <varlistentry>
1440 <term><varname>AdUserPortKey=</varname></term>
1441 <listitem>
1442 <para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para>
1443 </listitem>
1444 </varlistentry>
1445
1446 <varlistentry>
1447 <term><varname>AdActorSystem=</varname></term>
1448 <listitem>
1449 <para>Specifies the 802.3ad system mac address. This can not be either NULL or Multicast.</para>
1450 </listitem>
1451 </varlistentry>
1452
81bd37a8 1453 <varlistentry>
38422da7 1454 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 1455 <listitem>
a8eaaee7
JE		 1456 <para>Specifies whether the active-backup mode should set all slaves to
1457 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 1458 bond's MAC address in accordance with the selected policy. The default policy is none.
1459 Possible values are
1460 <literal>none</literal>,
a8eaaee7
JE		 1461 <literal>active</literal> and
1462 <literal>follow</literal>.
81bd37a8
SS		 1463 </para>
1464 </listitem>
1465 </varlistentry>
1466
1467 <varlistentry>
38422da7 1468 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 1469 <listitem>
1470 <para>Specifies whether or not ARP probes and replies should be
38422da7 1471 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 1472 non-ARP traffic should be filtered (disregarded) for link
1473 monitoring purposes. Possible values are
1474 <literal>none</literal>,
1475 <literal>active</literal>,
a8eaaee7
JE		 1476 <literal>backup</literal> and
1477 <literal>all</literal>.
81bd37a8
SS		 1478 </para>
1479 </listitem>
1480 </varlistentry>
1481
1482 <varlistentry>
38422da7 1483 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 1484 <listitem>
1485 <para>Specifies the ARP link monitoring frequency in milliseconds.
1486 A value of 0 disables ARP monitoring. The default value is 0.
1487 </para>
1488 </listitem>
1489 </varlistentry>
1490
1491 <varlistentry>
38422da7 1492 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 1493 <listitem>
1494 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 1495 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 1496 sent to determine the health of the link to the targets.
a8eaaee7 1497 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 1498 address must be given for ARP monitoring to function. The
1499 maximum number of targets that can be specified is 16. The
1500 default value is no IP addresses.
1501 </para>
1502 </listitem>
1503 </varlistentry>
1504
1505 <varlistentry>
38422da7 1506 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 1507 <listitem>
38422da7 1508 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 1509 in order for the ARP monitor to consider a slave as being up.
1510 This option affects only active-backup mode for slaves with
38422da7 1511 ARPValidate enabled. Possible values are
a8eaaee7
JE		 1512 <literal>any</literal> and
1513 <literal>all</literal>.
81bd37a8
SS		 1514 </para>
1515 </listitem>
1516 </varlistentry>
1517
1518 <varlistentry>
38422da7 1519 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 1520 <listitem>
1521 <para>Specifies the reselection policy for the primary slave. This
1522 affects how the primary slave is chosen to become the active slave
1523 when failure of the active slave or recovery of the primary slave
1524 occurs. This option is designed to prevent flip-flopping between
1525 the primary slave and other slaves. Possible values are
1526 <literal>always</literal>,
a8eaaee7
JE		 1527 <literal>better</literal> and
1528 <literal>failure</literal>.
81bd37a8
SS		 1529 </para>
1530 </listitem>
1531 </varlistentry>
1532
1533 <varlistentry>
1534 <term><varname>ResendIGMP=</varname></term>
1535 <listitem>
1536 <para>Specifies the number of IGMP membership reports to be issued after
1537 a failover event. One membership report is issued immediately after
1538 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 1539 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 1540 prevents the IGMP membership report from being issued in response
1541 to the failover event.
1542 </para>
1543 </listitem>
1544 </varlistentry>
1545
1546 <varlistentry>
1547 <term><varname>PacketsPerSlave=</varname></term>
1548 <listitem>
b938cb90
JE		 1549 <para>Specify the number of packets to transmit through a slave before
1550 moving to the next one. When set to 0, then a slave is chosen at
1551 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 1552 only has effect when in balance-rr mode.
81bd37a8
SS		 1553 </para>
1554 </listitem>
1555 </varlistentry>
1556
1557 <varlistentry>
38422da7 1558 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 1559 <listitem>
1560 <para>Specify the number of peer notifications (gratuitous ARPs and
1561 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 1562 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 1563 a peer notification is sent on the bonding device and each
1564 VLAN sub-device. This is repeated at each link monitor interval
38422da7 1565 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 1566 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 1567 These options affect only the active-backup mode.
81bd37a8
SS		 1568 </para>
1569 </listitem>
1570 </varlistentry>
1571
1572 <varlistentry>
1573 <term><varname>AllSlavesActive=</varname></term>
1574 <listitem>
9b6ffef3 1575 <para>Takes a boolean. Specifies that duplicate frames (received on inactive ports)
a8eaaee7 1576 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 1577 duplicate frames (received on inactive ports), which is desirable for
1578 most users. But there are some times it is nice to allow duplicate
1579 frames to be delivered. The default value is false (drop duplicate frames
1580 received on inactive ports).
1581 </para>
1582 </listitem>
1583 </varlistentry>
1584
fde60a42
SS		 1585 <varlistentry>
1586 <term><varname>DynamicTransmitLoadBalancing=</varname></term>
1587 <listitem>
1588 <para>Takes a boolean. Specifies if dynamic shuffling of flows is enabled. Applies only
1589 for balance-tlb mode. Defaults to unset.
1590 </para>
1591 </listitem>
1592 </varlistentry>
1593
81bd37a8
SS		 1594 <varlistentry>
1595 <term><varname>MinLinks=</varname></term>
1596 <listitem>
1597 <para>Specifies the minimum number of links that must be active before
1598 asserting carrier. The default value is 0.
1599 </para>
1600 </listitem>
1601 </varlistentry>
798d3a52 1602 </variablelist>
81bd37a8
SS		 1603
1604 <para>For more detail information see
1605 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
1606 Linux Ethernet Bonding Driver HOWTO</ulink></para>
1607
798d3a52
ZJS		 1608 </refsect1>
1609
1610 <refsect1>
48847676 1611 <title>Examples</title>
798d3a52 1612 <example>
6c1695be 1613 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 1614
1615 <programlisting>[NetDev]
eac684ef
TG		 1616Name=bridge0
1617Kind=bridge</programlisting>
798d3a52 1618 </example>
eac684ef 1619
798d3a52 1620 <example>
6c1695be 1621 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 1622
798d3a52 1623 <programlisting>[Match]
eac684ef
TG		 1624Virtualization=no
1625
1626[NetDev]
1627Name=vlan1
1628Kind=vlan
1629
1630[VLAN]
1631Id=1</programlisting>
798d3a52
ZJS		 1632 </example>
1633 <example>
6c1695be 1634 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1635 <programlisting>[NetDev]
b35a2909
TG		 1636Name=ipip-tun
1637Kind=ipip
1638MTUBytes=1480
1639
1640[Tunnel]
1641Local=192.168.223.238
1642Remote=192.169.224.239
1643TTL=64</programlisting>
798d3a52 1644 </example>
53cb501a
SS		 1645 <example>
1646 <title>/etc/systemd/network/1-fou-tunnel.netdev</title>
1647 <programlisting>[NetDev]
1648Name=fou-tun
1649Kind=fou
1650
1651[FooOverUDP]
1652Port=5555
1653Protocol=4
1654 </programlisting>
1655 </example>
1656 <example>
1657 <title>/etc/systemd/network/25-fou-ipip.netdev</title>
1658 <programlisting>[NetDev]
53cb501a
SS		 1659Name=ipip-tun
1660Kind=ipip
1661
1662[Tunnel]
964c4eda 1663Independent=yes
53cb501a
SS		 1664Local=10.65.208.212
1665Remote=10.65.208.211
964c4eda 1666FooOverUDP=yes
53cb501a
SS		 1667FOUDestinationPort=5555
1668 </programlisting>
1669 </example>
798d3a52 1670 <example>
6c1695be 1671 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1672 <programlisting>[NetDev]
30ae9dfd
SS		 1673Name=tap-test
1674Kind=tap
1675
1676[Tap]
964c4eda
LP		 1677MultiQueue=yes
1678PacketInfo=yes</programlisting> </example>
eac684ef 1679
798d3a52 1680 <example>
6c1695be 1681 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1682 <programlisting>[NetDev]
b35a2909
TG		 1683Name=sit-tun
1684Kind=sit
1685MTUBytes=1480
1686
1687[Tunnel]
1688Local=10.65.223.238
1689Remote=10.65.223.239</programlisting>
798d3a52 1690 </example>
eac684ef 1691
d067cab3
DA		 1692 <example>
1693 <title>/etc/systemd/network/25-6rd.netdev</title>
1694 <programlisting>[NetDev]
1695Name=6rd-tun
1696Kind=sit
1697MTUBytes=1480
1698
1699[Tunnel]
1700Local=10.65.223.238
1701IPv6RapidDeploymentPrefix=2602::/24</programlisting>
1702 </example>
1703
798d3a52 1704 <example>
6c1695be 1705 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1706 <programlisting>[NetDev]
b35a2909
TG		 1707Name=gre-tun
1708Kind=gre
1709MTUBytes=1480
1710
1711[Tunnel]
1712Local=10.65.223.238
1713Remote=10.65.223.239</programlisting>
798d3a52 1714 </example>
b35a2909 1715
798d3a52 1716 <example>
6c1695be 1717 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1718
798d3a52 1719 <programlisting>[NetDev]
b35a2909
TG		 1720Name=vti-tun
1721Kind=vti
1722MTUBytes=1480
1723
1724[Tunnel]
1725Local=10.65.223.238
1726Remote=10.65.223.239</programlisting>
798d3a52 1727 </example>
b35a2909 1728
798d3a52 1729 <example>
6c1695be 1730 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1731 <programlisting>[NetDev]
b35a2909
TG		 1732Name=veth-test
1733Kind=veth
1734
1735[Peer]
1736Name=veth-peer</programlisting>
798d3a52 1737 </example>
b35a2909 1738
d94facdc 1739 <example>
6c1695be 1740 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1741 <programlisting>[NetDev]
1742Name=bond1
1743Kind=bond
1744
1745[Bond]
1746Mode=802.3ad
1747TransmitHashPolicy=layer3+4
1748MIIMonitorSec=1s
1749LACPTransmitRate=fast
1750</programlisting>
1751 </example>
1752
798d3a52 1753 <example>
6c1695be 1754 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1755 <programlisting>[NetDev]
9e358851
TG		 1756Name=dummy-test
1757Kind=dummy
1758MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 1759 </example>
20897a0d
AR		 1760 <example>
1761 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 1762 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 1763 <programlisting>[NetDev]
1764Name=vrf-test
1765Kind=vrf
798d3a52 1766
20897a0d 1767[VRF]
362f6336 1768Table=42</programlisting>
20897a0d 1769 </example>
42125eda
SS		 1770
1771 <example>
1772 <title>/etc/systemd/network/25-macvtap.netdev</title>
1773 <para>Create a MacVTap device.</para>
1774 <programlisting>[NetDev]
1775Name=macvtap-test
1776Kind=macvtap
1777 </programlisting>
1778 </example>
e5719363
JT		 1779 <example>
1780 <title>/etc/systemd/network/25-wireguard.netdev</title>
1781 <programlisting>[NetDev]
1782Name=wg0
1783Kind=wireguard
1784
1785[WireGuard]
1786PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
1787ListenPort=51820
1788
1789[WireGuardPeer]
1790PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
1791AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
1792Endpoint=wireguard.example.com:51820</programlisting>
1793 </example>
798d3a52
ZJS		 1794 </refsect1>
1795 <refsect1>
1796 <title>See Also</title>
1797 <para>
1798 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1799 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1800 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1801 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1802 </para>
1803 </refsect1>
eac684ef
TG		 1804
1805</refentry>
Unnamed repository; edit this file 'description' to name the repository.