]>
Commit | Line | Data |
---|---|---|
eac684ef | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
0307f791 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
eac684ef TG |
5 | |
6 | <refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'> | |
7 | ||
798d3a52 ZJS |
8 | <refentryinfo> |
9 | <title>systemd.network</title> | |
10 | <productname>systemd</productname> | |
798d3a52 ZJS |
11 | </refentryinfo> |
12 | ||
13 | <refmeta> | |
14 | <refentrytitle>systemd.netdev</refentrytitle> | |
15 | <manvolnum>5</manvolnum> | |
16 | </refmeta> | |
17 | ||
18 | <refnamediv> | |
19 | <refname>systemd.netdev</refname> | |
20 | <refpurpose>Virtual Network Device configuration</refpurpose> | |
21 | </refnamediv> | |
22 | ||
23 | <refsynopsisdiv> | |
24 | <para><filename><replaceable>netdev</replaceable>.netdev</filename></para> | |
25 | </refsynopsisdiv> | |
26 | ||
27 | <refsect1> | |
28 | <title>Description</title> | |
29 | ||
30 | <para>Network setup is performed by | |
31 | <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
32 | </para> | |
33 | ||
bac150e9 ZJS |
34 | <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>; |
35 | other extensions are ignored. Virtual network devices are created as soon as networkd is | |
36 | started. If a netdev with the specified name already exists, networkd will use that as-is rather | |
37 | than create its own. Note that the settings of the pre-existing netdev will not be changed by | |
798d3a52 ZJS |
38 | networkd.</para> |
39 | ||
bac150e9 ZJS |
40 | <para>The <filename>.netdev</filename> files are read from the files located in the system |
41 | network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network | |
42 | directory <filename>/run/systemd/network</filename> and the local administration network | |
43 | directory <filename>/etc/systemd/network</filename>. All configuration files are collectively | |
44 | sorted and processed in lexical order, regardless of the directories in which they live. | |
45 | However, files with identical filenames replace each other. Files in <filename>/etc</filename> | |
46 | have the highest priority, files in <filename>/run</filename> take precedence over files with | |
47 | the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied | |
48 | configuration file with a local file if needed. As a special case, an empty file (file size 0) | |
49 | or symlink with the same name pointing to <filename>/dev/null</filename> disables the | |
50 | configuration file entirely (it is "masked").</para> | |
51 | ||
52 | <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory | |
53 | <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal> | |
54 | from this directory will be parsed after the file itself is parsed. This is useful to alter or | |
55 | add configuration settings, without having to modify the main configuration file. Each drop-in | |
56 | file must have appropriate section headers.</para> | |
57 | ||
58 | <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal> | |
59 | directories can be placed in <filename>/usr/lib/systemd/network</filename> or | |
60 | <filename>/run/systemd/network</filename> directories. Drop-in files in | |
61 | <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn | |
62 | take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these | |
63 | directories take precedence over the main netdev file wherever located. (Of course, since | |
64 | <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is | |
65 | unlikely drop-ins should be used in either of those places.)</para> | |
798d3a52 ZJS |
66 | </refsect1> |
67 | ||
68 | <refsect1> | |
69 | <title>Supported netdev kinds</title> | |
70 | ||
71 | <para>The following kinds of virtual network devices may be | |
72 | configured in <filename>.netdev</filename> files:</para> | |
73 | ||
74 | <table> | |
75 | <title>Supported kinds of virtual network devices</title> | |
76 | ||
77 | <tgroup cols='2'> | |
78 | <colspec colname='kind' /> | |
79 | <colspec colname='explanation' /> | |
80 | <thead><row> | |
81 | <entry>Kind</entry> | |
82 | <entry>Description</entry> | |
83 | </row></thead> | |
84 | <tbody> | |
85 | <row><entry><varname>bond</varname></entry> | |
86 | <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row> | |
87 | ||
88 | <row><entry><varname>bridge</varname></entry> | |
a8eaaee7 | 89 | <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row> |
798d3a52 ZJS |
90 | |
91 | <row><entry><varname>dummy</varname></entry> | |
92 | <entry>A dummy device drops all packets sent to it.</entry></row> | |
93 | ||
94 | <row><entry><varname>gre</varname></entry> | |
95 | <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row> | |
96 | ||
97 | <row><entry><varname>gretap</varname></entry> | |
98 | <entry>A Level 2 GRE tunnel over IPv4.</entry></row> | |
99 | ||
2266864b SS |
100 | <row><entry><varname>erspan</varname></entry> |
101 | <entry>ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. | |
102 | The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch | |
103 | and the destination switch.</entry></row> | |
104 | ||
798d3a52 ZJS |
105 | <row><entry><varname>ip6gre</varname></entry> |
106 | <entry>A Level 3 GRE tunnel over IPv6.</entry></row> | |
107 | ||
108 | <row><entry><varname>ip6tnl</varname></entry> | |
109 | <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row> | |
110 | ||
111 | <row><entry><varname>ip6gretap</varname></entry> | |
037a3ded | 112 | <entry>A Level 2 GRE tunnel over IPv6.</entry></row> |
798d3a52 ZJS |
113 | |
114 | <row><entry><varname>ipip</varname></entry> | |
115 | <entry>An IPv4 over IPv4 tunnel.</entry></row> | |
116 | ||
117 | <row><entry><varname>ipvlan</varname></entry> | |
118 | <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row> | |
119 | ||
120 | <row><entry><varname>macvlan</varname></entry> | |
121 | <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> | |
122 | ||
0371f2df SS |
123 | <row><entry><varname>macvtap</varname></entry> |
124 | <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> | |
125 | ||
798d3a52 ZJS |
126 | <row><entry><varname>sit</varname></entry> |
127 | <entry>An IPv6 over IPv4 tunnel.</entry></row> | |
128 | ||
129 | <row><entry><varname>tap</varname></entry> | |
130 | <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row> | |
131 | ||
132 | <row><entry><varname>tun</varname></entry> | |
133 | <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row> | |
134 | ||
135 | <row><entry><varname>veth</varname></entry> | |
a8eaaee7 | 136 | <entry>An Ethernet tunnel between a pair of network devices.</entry></row> |
798d3a52 ZJS |
137 | |
138 | <row><entry><varname>vlan</varname></entry> | |
139 | <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row> | |
140 | ||
141 | <row><entry><varname>vti</varname></entry> | |
142 | <entry>An IPv4 over IPSec tunnel.</entry></row> | |
143 | ||
5cc0748e SS |
144 | <row><entry><varname>vti6</varname></entry> |
145 | <entry>An IPv6 over IPSec tunnel.</entry></row> | |
146 | ||
798d3a52 ZJS |
147 | <row><entry><varname>vxlan</varname></entry> |
148 | <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row> | |
20897a0d | 149 | |
6598e046 SS |
150 | <row><entry><varname>geneve</varname></entry> |
151 | <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row> | |
152 | ||
3a56e697 SS |
153 | <row><entry><varname>l2tp</varname></entry> |
154 | <entry>A Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself</entry></row> | |
155 | ||
20897a0d | 156 | <row><entry><varname>vrf</varname></entry> |
92c918b0 SS |
157 | <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row> |
158 | ||
159 | <row><entry><varname>vcan</varname></entry> | |
ba9fa3bc | 160 | <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row> |
20897a0d | 161 | |
d6df583c SS |
162 | <row><entry><varname>vxcan</varname></entry> |
163 | <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication. | |
164 | </entry></row> | |
165 | ||
e5719363 JT |
166 | <row><entry><varname>wireguard</varname></entry> |
167 | <entry>WireGuard Secure Network Tunnel.</entry></row> | |
168 | ||
56e7fb50 SS |
169 | <row><entry><varname>netdevsim</varname></entry> |
170 | <entry> A simulator. This simulated networking device is used for testing various networking APIs and at this time is particularly focused on testing hardware offloading related interfaces.</entry></row> | |
53cb501a SS |
171 | |
172 | <row><entry><varname>fou</varname></entry> | |
173 | <entry>Foo-over-UDP tunneling.</entry></row> | |
174 | ||
798d3a52 ZJS |
175 | </tbody> |
176 | </tgroup> | |
177 | </table> | |
178 | ||
179 | </refsect1> | |
180 | ||
181 | <refsect1> | |
182 | <title>[Match] Section Options</title> | |
183 | ||
184 | <para>A virtual network device is only created if the | |
185 | <literal>[Match]</literal> section matches the current | |
186 | environment, or if the section is empty. The following keys are | |
187 | accepted:</para> | |
188 | ||
189 | <variablelist class='network-directives'> | |
190 | <varlistentry> | |
191 | <term><varname>Host=</varname></term> | |
192 | <listitem> | |
193 | <para>Matches against the hostname or machine ID of the | |
194 | host. See <literal>ConditionHost=</literal> in | |
195 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
196 | for details. | |
197 | </para> | |
198 | </listitem> | |
199 | </varlistentry> | |
200 | <varlistentry> | |
201 | <term><varname>Virtualization=</varname></term> | |
202 | <listitem> | |
203 | <para>Checks whether the system is executed in a virtualized | |
204 | environment and optionally test whether it is a specific | |
205 | implementation. See | |
206 | <literal>ConditionVirtualization=</literal> in | |
207 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
208 | for details. | |
209 | </para> | |
210 | </listitem> | |
211 | </varlistentry> | |
212 | <varlistentry> | |
213 | <term><varname>KernelCommandLine=</varname></term> | |
214 | <listitem> | |
215 | <para>Checks whether a specific kernel command line option | |
216 | is set (or if prefixed with the exclamation mark unset). See | |
217 | <literal>ConditionKernelCommandLine=</literal> in | |
218 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
219 | for details. | |
220 | </para> | |
221 | </listitem> | |
222 | </varlistentry> | |
5022f08a LP |
223 | <varlistentry> |
224 | <term><varname>KernelVersion=</varname></term> | |
225 | <listitem> | |
226 | <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain | |
227 | expression (or if prefixed with the exclamation mark does not match it). See | |
228 | <literal>ConditionKernelVersion=</literal> in | |
229 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details. | |
230 | </para> | |
231 | </listitem> | |
232 | </varlistentry> | |
798d3a52 ZJS |
233 | <varlistentry> |
234 | <term><varname>Architecture=</varname></term> | |
235 | <listitem> | |
236 | <para>Checks whether the system is running on a specific | |
237 | architecture. See <literal>ConditionArchitecture=</literal> in | |
238 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
239 | for details. | |
240 | </para> | |
241 | </listitem> | |
242 | </varlistentry> | |
243 | </variablelist> | |
244 | ||
245 | </refsect1> | |
246 | ||
247 | <refsect1> | |
248 | <title>[NetDev] Section Options</title> | |
249 | ||
250 | <para>The <literal>[NetDev]</literal> section accepts the | |
251 | following keys:</para> | |
252 | ||
253 | <variablelist class='network-directives'> | |
254 | <varlistentry> | |
255 | <term><varname>Description=</varname></term> | |
256 | <listitem> | |
257 | <para>A free-form description of the netdev.</para> | |
258 | </listitem> | |
259 | </varlistentry> | |
260 | <varlistentry> | |
261 | <term><varname>Name=</varname></term> | |
262 | <listitem> | |
263 | <para>The interface name used when creating the netdev. | |
264 | This option is compulsory.</para> | |
265 | </listitem> | |
266 | </varlistentry> | |
267 | <varlistentry> | |
268 | <term><varname>Kind=</varname></term> | |
269 | <listitem> | |
270 | <para>The netdev kind. This option is compulsory. See the | |
271 | <literal>Supported netdev kinds</literal> section for the | |
272 | valid keys.</para> | |
273 | </listitem> | |
274 | </varlistentry> | |
275 | <varlistentry> | |
276 | <term><varname>MTUBytes=</varname></term> | |
277 | <listitem> | |
48847676 YW |
278 | <para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G, |
279 | are supported and are understood to the base of 1024. For <literal>tun</literal> or | |
280 | <literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in | |
281 | <literal>[NetDev]</literal> section. Please specify it in <literal>[Link]</literal> section of | |
282 | corresponding | |
283 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
284 | files.</para> | |
798d3a52 ZJS |
285 | </listitem> |
286 | </varlistentry> | |
287 | <varlistentry> | |
288 | <term><varname>MACAddress=</varname></term> | |
289 | <listitem> | |
a61b550c YW |
290 | <para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal> |
291 | devices, setting <varname>MACAddress=</varname> in the <literal>[NetDev]</literal> section is not | |
292 | supported. Please specify it in <literal>[Link]</literal> section of the corresponding | |
48847676 | 293 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
a61b550c YW |
294 | file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the |
295 | physical interface. For other kind of netdevs, if this option is not set, then MAC address is | |
296 | generated based on the interface name and the | |
297 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. | |
298 | </para> | |
798d3a52 ZJS |
299 | </listitem> |
300 | </varlistentry> | |
301 | </variablelist> | |
302 | </refsect1> | |
303 | ||
3428fe07 SS |
304 | <refsect1> |
305 | <title>[Bridge] Section Options</title> | |
306 | ||
307 | <para>The <literal>[Bridge]</literal> section only applies for | |
308 | netdevs of kind <literal>bridge</literal>, and accepts the | |
a8eaaee7 | 309 | following keys:</para> |
3428fe07 SS |
310 | |
311 | <variablelist class='network-directives'> | |
312 | <varlistentry> | |
313 | <term><varname>HelloTimeSec=</varname></term> | |
314 | <listitem> | |
a8eaaee7 | 315 | <para>HelloTimeSec specifies the number of seconds between two hello packets |
3428fe07 SS |
316 | sent out by the root bridge and the designated bridges. Hello packets are |
317 | used to communicate information about the topology throughout the entire | |
318 | bridged local area network.</para> | |
319 | </listitem> | |
320 | </varlistentry> | |
321 | <varlistentry> | |
322 | <term><varname>MaxAgeSec=</varname></term> | |
323 | <listitem> | |
324 | <para>MaxAgeSec specifies the number of seconds of maximum message age. | |
325 | If the last seen (received) hello packet is more than this number of | |
326 | seconds old, the bridge in question will start the takeover procedure | |
327 | in attempt to become the Root Bridge itself.</para> | |
328 | </listitem> | |
329 | </varlistentry> | |
330 | <varlistentry> | |
331 | <term><varname>ForwardDelaySec=</varname></term> | |
332 | <listitem> | |
333 | <para>ForwardDelaySec specifies the number of seconds spent in each | |
334 | of the Listening and Learning states before the Forwarding state is entered.</para> | |
335 | </listitem> | |
336 | </varlistentry> | |
c7440e74 TJ |
337 | <varlistentry> |
338 | <term><varname>AgeingTimeSec=</varname></term> | |
339 | <listitem> | |
340 | <para>This specifies the number of seconds a MAC Address will be kept in | |
d23a0044 | 341 | the forwarding database after having a packet received from this MAC Address.</para> |
c7440e74 TJ |
342 | </listitem> |
343 | </varlistentry> | |
344 | <varlistentry> | |
345 | <term><varname>Priority=</varname></term> | |
346 | <listitem> | |
347 | <para>The priority of the bridge. An integer between 0 and 65535. A lower value | |
348 | means higher priority. The bridge having the lowest priority will be elected as root bridge.</para> | |
349 | </listitem> | |
350 | </varlistentry> | |
c4819961 JC |
351 | <varlistentry> |
352 | <term><varname>GroupForwardMask=</varname></term> | |
353 | <listitem> | |
354 | <para>A 16-bit bitmask represented as an integer which allows forwarding of link | |
355 | local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND | |
356 | is performed between the specified bitmask and the exponentiation of 2^X, the | |
357 | lower nibble of the last octet of the MAC address. For example, a value of 8 | |
358 | would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para> | |
359 | </listitem> | |
360 | </varlistentry> | |
c7440e74 TJ |
361 | <varlistentry> |
362 | <term><varname>DefaultPVID=</varname></term> | |
363 | <listitem> | |
0d6c68eb TJ |
364 | <para>This specifies the default port VLAN ID of a newly attached bridge port. |
365 | Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para> | |
c7440e74 TJ |
366 | </listitem> |
367 | </varlistentry> | |
3fef7a3f SS |
368 | <varlistentry> |
369 | <term><varname>MulticastQuerier=</varname></term> | |
370 | <listitem> | |
9b6ffef3 | 371 | <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel. |
3fef7a3f SS |
372 | If enabled, the kernel will send general ICMP queries from a zero source address. |
373 | This feature should allow faster convergence on startup, but it causes some | |
374 | multicast-aware switches to misbehave and disrupt forwarding of multicast packets. | |
025314d9 | 375 | When unset, the kernel's default will be used. |
3fef7a3f SS |
376 | </para> |
377 | </listitem> | |
378 | </varlistentry> | |
6df6d898 SS |
379 | <varlistentry> |
380 | <term><varname>MulticastSnooping=</varname></term> | |
381 | <listitem> | |
9b6ffef3 | 382 | <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel. |
6df6d898 | 383 | If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic |
025314d9 | 384 | between hosts and multicast routers. When unset, the kernel's default will be used. |
6df6d898 SS |
385 | </para> |
386 | </listitem> | |
387 | </varlistentry> | |
c6f8d17d TJ |
388 | <varlistentry> |
389 | <term><varname>VLANFiltering=</varname></term> | |
390 | <listitem> | |
9b6ffef3 | 391 | <para>Takes a boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel. |
025314d9 | 392 | If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's default will be used. |
c6f8d17d TJ |
393 | </para> |
394 | </listitem> | |
395 | </varlistentry> | |
b760a9af SS |
396 | <varlistentry> |
397 | <term><varname>STP=</varname></term> | |
398 | <listitem> | |
9b6ffef3 | 399 | <para>Takes a boolean. This enables the bridge's Spanning Tree Protocol (STP). |
025314d9 | 400 | When unset, the kernel's default will be used. |
b760a9af SS |
401 | </para> |
402 | </listitem> | |
403 | </varlistentry> | |
3428fe07 | 404 | </variablelist> |
3428fe07 SS |
405 | </refsect1> |
406 | ||
798d3a52 ZJS |
407 | <refsect1> |
408 | <title>[VLAN] Section Options</title> | |
409 | ||
410 | <para>The <literal>[VLAN]</literal> section only applies for | |
411 | netdevs of kind <literal>vlan</literal>, and accepts the | |
412 | following key:</para> | |
413 | ||
414 | <variablelist class='network-directives'> | |
415 | <varlistentry> | |
416 | <term><varname>Id=</varname></term> | |
417 | <listitem> | |
418 | <para>The VLAN ID to use. An integer in the range 0–4094. | |
419 | This option is compulsory.</para> | |
420 | </listitem> | |
421 | </varlistentry> | |
c8b21184 SS |
422 | <varlistentry> |
423 | <term><varname>GVRP=</varname></term> | |
424 | <listitem> | |
9b6ffef3 YW |
425 | <para>Takes a boolean. The Generic VLAN Registration Protocol (GVRP) is a protocol that |
426 | allows automatic learning of VLANs on a network. | |
025314d9 YW |
427 | When unset, the kernel's default will be used. |
428 | </para> | |
c8b21184 SS |
429 | </listitem> |
430 | </varlistentry> | |
6c1ff21b SS |
431 | <varlistentry> |
432 | <term><varname>MVRP=</varname></term> | |
433 | <listitem> | |
9b6ffef3 | 434 | <para>Takes a boolean. Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN |
6c1ff21b SS |
435 | Registration Protocol (GVRP) is a standards-based Layer 2 network protocol, |
436 | for automatic configuration of VLAN information on switches. It was defined | |
9b6ffef3 | 437 | in the 802.1ak amendment to 802.1Q-2005. When unset, the kernel's default will be used. |
025314d9 | 438 | </para> |
6c1ff21b SS |
439 | </listitem> |
440 | </varlistentry> | |
441 | <varlistentry> | |
442 | <term><varname>LooseBinding=</varname></term> | |
443 | <listitem> | |
9b6ffef3 | 444 | <para>Takes a boolean. The VLAN loose binding mode, in which only the operational state is passed |
6c1ff21b | 445 | from the parent to the associated VLANs, but the VLAN device state is not changed. |
9b6ffef3 | 446 | When unset, the kernel's default will be used.</para> |
6c1ff21b SS |
447 | </listitem> |
448 | </varlistentry> | |
449 | <varlistentry> | |
450 | <term><varname>ReorderHeader=</varname></term> | |
451 | <listitem> | |
9b6ffef3 YW |
452 | <para>Takes a boolean. The VLAN reorder header is set VLAN interfaces behave like physical interfaces. |
453 | When unset, the kernel's default will be used.</para> | |
6c1ff21b SS |
454 | </listitem> |
455 | </varlistentry> | |
798d3a52 | 456 | </variablelist> |
798d3a52 ZJS |
457 | </refsect1> |
458 | ||
459 | <refsect1> | |
460 | <title>[MACVLAN] Section Options</title> | |
461 | ||
462 | <para>The <literal>[MACVLAN]</literal> section only applies for | |
463 | netdevs of kind <literal>macvlan</literal>, and accepts the | |
464 | following key:</para> | |
465 | ||
466 | <variablelist class='network-directives'> | |
467 | <varlistentry> | |
468 | <term><varname>Mode=</varname></term> | |
469 | <listitem> | |
470 | <para>The MACVLAN mode to use. The supported options are | |
471 | <literal>private</literal>, | |
472 | <literal>vepa</literal>, | |
473 | <literal>bridge</literal>, and | |
474 | <literal>passthru</literal>. | |
475 | </para> | |
476 | </listitem> | |
477 | </varlistentry> | |
478 | </variablelist> | |
479 | ||
480 | </refsect1> | |
481 | ||
0371f2df SS |
482 | <refsect1> |
483 | <title>[MACVTAP] Section Options</title> | |
484 | ||
485 | <para>The <literal>[MACVTAP]</literal> section applies for | |
486 | netdevs of kind <literal>macvtap</literal> and accepts the | |
96d49011 | 487 | same key as <literal>[MACVLAN]</literal>.</para> |
0371f2df SS |
488 | |
489 | </refsect1> | |
490 | ||
798d3a52 ZJS |
491 | <refsect1> |
492 | <title>[IPVLAN] Section Options</title> | |
493 | ||
494 | <para>The <literal>[IPVLAN]</literal> section only applies for | |
495 | netdevs of kind <literal>ipvlan</literal>, and accepts the | |
496 | following key:</para> | |
497 | ||
498 | <variablelist class='network-directives'> | |
499 | <varlistentry> | |
500 | <term><varname>Mode=</varname></term> | |
501 | <listitem> | |
502 | <para>The IPVLAN mode to use. The supported options are | |
d384826f SS |
503 | <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>. |
504 | </para> | |
505 | </listitem> | |
506 | </varlistentry> | |
507 | <varlistentry> | |
508 | <term><varname>Flags=</varname></term> | |
509 | <listitem> | |
510 | <para>The IPVLAN flags to use. The supported options are | |
511 | <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>. | |
798d3a52 ZJS |
512 | </para> |
513 | </listitem> | |
514 | </varlistentry> | |
515 | </variablelist> | |
516 | ||
517 | </refsect1> | |
518 | ||
519 | <refsect1> | |
520 | <title>[VXLAN] Section Options</title> | |
521 | <para>The <literal>[VXLAN]</literal> section only applies for | |
522 | netdevs of kind <literal>vxlan</literal>, and accepts the | |
523 | following keys:</para> | |
524 | ||
525 | <variablelist class='network-directives'> | |
526 | <varlistentry> | |
527 | <term><varname>Id=</varname></term> | |
528 | <listitem> | |
529 | <para>The VXLAN ID to use.</para> | |
530 | </listitem> | |
531 | </varlistentry> | |
532 | <varlistentry> | |
d35e5d37 | 533 | <term><varname>Remote=</varname></term> |
798d3a52 | 534 | <listitem> |
bf443be9 | 535 | <para>Configures destination IP address.</para> |
798d3a52 ZJS |
536 | </listitem> |
537 | </varlistentry> | |
538 | <varlistentry> | |
d35e5d37 SS |
539 | <term><varname>Local=</varname></term> |
540 | <listitem> | |
541 | <para>Configures local IP address.</para> | |
542 | </listitem> | |
543 | </varlistentry> | |
544 | <varlistentry> | |
798d3a52 ZJS |
545 | <term><varname>TOS=</varname></term> |
546 | <listitem> | |
547 | <para>The Type Of Service byte value for a vxlan interface.</para> | |
548 | </listitem> | |
549 | </varlistentry> | |
550 | <varlistentry> | |
551 | <term><varname>TTL=</varname></term> | |
552 | <listitem> | |
553 | <para>A fixed Time To Live N on Virtual eXtensible Local | |
b938cb90 | 554 | Area Network packets. N is a number in the range 1–255. 0 |
798d3a52 ZJS |
555 | is a special value meaning that packets inherit the TTL |
556 | value.</para> | |
557 | </listitem> | |
558 | </varlistentry> | |
559 | <varlistentry> | |
560 | <term><varname>MacLearning=</varname></term> | |
561 | <listitem> | |
9b6ffef3 | 562 | <para>Takes a boolean. When true, enables dynamic MAC learning |
798d3a52 ZJS |
563 | to discover remote MAC addresses.</para> |
564 | </listitem> | |
565 | </varlistentry> | |
566 | <varlistentry> | |
567 | <term><varname>FDBAgeingSec=</varname></term> | |
568 | <listitem> | |
569 | <para>The lifetime of Forwarding Database entry learnt by | |
b938cb90 | 570 | the kernel, in seconds.</para> |
798d3a52 ZJS |
571 | </listitem> |
572 | </varlistentry> | |
573 | <varlistentry> | |
3d276dd2 SS |
574 | <term><varname>MaximumFDBEntries=</varname></term> |
575 | <listitem> | |
576 | <para>Configures maximum number of FDB entries.</para> | |
577 | </listitem> | |
578 | </varlistentry> | |
798d3a52 | 579 | <varlistentry> |
7dd6974c | 580 | <term><varname>ReduceARPProxy=</varname></term> |
798d3a52 | 581 | <listitem> |
9b6ffef3 | 582 | <para>Takes a boolean. When true, bridge-connected VXLAN tunnel |
7dd6974c SS |
583 | endpoint answers ARP requests from the local bridge on behalf |
584 | of remote Distributed Overlay Virtual Ethernet | |
585 | <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet"> | |
586 | (DVOE)</ulink> clients. Defaults to false.</para> | |
798d3a52 ZJS |
587 | </listitem> |
588 | </varlistentry> | |
589 | <varlistentry> | |
590 | <term><varname>L2MissNotification=</varname></term> | |
591 | <listitem> | |
9b6ffef3 | 592 | <para>Takes a boolean. When true, enables netlink LLADDR miss |
798d3a52 ZJS |
593 | notifications.</para> |
594 | </listitem> | |
595 | </varlistentry> | |
596 | <varlistentry> | |
597 | <term><varname>L3MissNotification=</varname></term> | |
598 | <listitem> | |
9b6ffef3 | 599 | <para>Takes a boolean. When true, enables netlink IP address miss |
798d3a52 ZJS |
600 | notifications.</para> |
601 | </listitem> | |
602 | </varlistentry> | |
603 | <varlistentry> | |
604 | <term><varname>RouteShortCircuit=</varname></term> | |
605 | <listitem> | |
9b6ffef3 | 606 | <para>Takes a boolean. When true, route short circuiting is turned |
798d3a52 ZJS |
607 | on.</para> |
608 | </listitem> | |
609 | </varlistentry> | |
cffacc74 | 610 | <varlistentry> |
53c06862 | 611 | <term><varname>UDPChecksum=</varname></term> |
cffacc74 | 612 | <listitem> |
9b6ffef3 | 613 | <para>Takes a boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para> |
cffacc74 SS |
614 | </listitem> |
615 | </varlistentry> | |
616 | <varlistentry> | |
617 | <term><varname>UDP6ZeroChecksumTx=</varname></term> | |
618 | <listitem> | |
9b6ffef3 | 619 | <para>Takes a boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para> |
cffacc74 SS |
620 | </listitem> |
621 | </varlistentry> | |
622 | <varlistentry> | |
53c06862 | 623 | <term><varname>UDP6ZeroChecksumRx=</varname></term> |
cffacc74 | 624 | <listitem> |
9b6ffef3 | 625 | <para>Takes a boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para> |
16441027 SS |
626 | </listitem> |
627 | </varlistentry> | |
628 | <varlistentry> | |
53c06862 | 629 | <term><varname>RemoteChecksumTx=</varname></term> |
16441027 | 630 | <listitem> |
9b6ffef3 | 631 | <para>Takes a boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para> |
16441027 SS |
632 | </listitem> |
633 | </varlistentry> | |
634 | <varlistentry> | |
53c06862 | 635 | <term><varname>RemoteChecksumRx=</varname></term> |
16441027 | 636 | <listitem> |
9b6ffef3 | 637 | <para>Takes a boolean. When true, remote receive checksum offload in VXLAN is turned on.</para> |
cffacc74 SS |
638 | </listitem> |
639 | </varlistentry> | |
8b414e52 SS |
640 | <varlistentry> |
641 | <term><varname>GroupPolicyExtension=</varname></term> | |
642 | <listitem> | |
9b6ffef3 | 643 | <para>Takes a boolean. When true, it enables Group Policy VXLAN extension security label mechanism |
b938cb90 | 644 | across network peers based on VXLAN. For details about the Group Policy VXLAN, see the |
8b414e52 SS |
645 | <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy"> |
646 | VXLAN Group Policy </ulink> document. Defaults to false.</para> | |
647 | </listitem> | |
648 | </varlistentry> | |
ea0288d1 SS |
649 | <varlistentry> |
650 | <term><varname>DestinationPort=</varname></term> | |
651 | <listitem> | |
652 | <para>Configures the default destination UDP port on a per-device basis. | |
653 | If destination port is not specified then Linux kernel default will be used. | |
98616735 SS |
654 | Set destination port 4789 to get the IANA assigned value. If not set or if the |
655 | destination port is assigned the empty string the default port of 4789 is used.</para> | |
ea0288d1 SS |
656 | </listitem> |
657 | </varlistentry> | |
658 | <varlistentry> | |
659 | <term><varname>PortRange=</varname></term> | |
660 | <listitem> | |
661 | <para>Configures VXLAN port range. VXLAN bases source | |
662 | UDP port based on flow to help the receiver to be able | |
663 | to load balance based on outer header flow. It | |
664 | restricts the port range to the normal UDP local | |
665 | ports, and allows overriding via configuration.</para> | |
666 | </listitem> | |
667 | </varlistentry> | |
d8653945 SS |
668 | <varlistentry> |
669 | <term><varname>FlowLabel=</varname></term> | |
670 | <listitem> | |
671 | <para>Specifies the flow label to use in outgoing packets. | |
672 | The valid range is 0-1048575. | |
673 | </para> | |
674 | </listitem> | |
675 | </varlistentry> | |
798d3a52 ZJS |
676 | </variablelist> |
677 | </refsect1> | |
6598e046 SS |
678 | <refsect1> |
679 | <title>[GENEVE] Section Options</title> | |
680 | <para>The <literal>[GENEVE]</literal> section only applies for | |
681 | netdevs of kind <literal>geneve</literal>, and accepts the | |
682 | following keys:</para> | |
683 | ||
684 | <variablelist class='network-directives'> | |
685 | <varlistentry> | |
686 | <term><varname>Id=</varname></term> | |
687 | <listitem> | |
785889e5 | 688 | <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para> |
6598e046 SS |
689 | </listitem> |
690 | </varlistentry> | |
691 | <varlistentry> | |
692 | <term><varname>Remote=</varname></term> | |
693 | <listitem> | |
694 | <para>Specifies the unicast destination IP address to use in outgoing packets.</para> | |
695 | </listitem> | |
696 | </varlistentry> | |
697 | <varlistentry> | |
698 | <term><varname>TOS=</varname></term> | |
699 | <listitem> | |
98616735 | 700 | <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para> |
6598e046 SS |
701 | </listitem> |
702 | </varlistentry> | |
703 | <varlistentry> | |
704 | <term><varname>TTL=</varname></term> | |
705 | <listitem> | |
98616735 | 706 | <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para> |
6598e046 SS |
707 | </listitem> |
708 | </varlistentry> | |
709 | <varlistentry> | |
710 | <term><varname>UDPChecksum=</varname></term> | |
711 | <listitem> | |
9b6ffef3 | 712 | <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para> |
6598e046 SS |
713 | </listitem> |
714 | </varlistentry> | |
715 | <varlistentry> | |
716 | <term><varname>UDP6ZeroChecksumTx=</varname></term> | |
717 | <listitem> | |
9b6ffef3 | 718 | <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para> |
6598e046 SS |
719 | </listitem> |
720 | </varlistentry> | |
721 | <varlistentry> | |
722 | <term><varname>UDP6ZeroChecksumRx=</varname></term> | |
723 | <listitem> | |
9b6ffef3 | 724 | <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para> |
6598e046 SS |
725 | </listitem> |
726 | </varlistentry> | |
727 | <varlistentry> | |
728 | <term><varname>DestinationPort=</varname></term> | |
729 | <listitem> | |
98616735 SS |
730 | <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default |
731 | port of 6081 is used.</para> | |
6598e046 SS |
732 | </listitem> |
733 | </varlistentry> | |
734 | <varlistentry> | |
735 | <term><varname>FlowLabel=</varname></term> | |
736 | <listitem> | |
737 | <para>Specifies the flow label to use in outgoing packets.</para> | |
738 | </listitem> | |
739 | </varlistentry> | |
740 | </variablelist> | |
741 | </refsect1> | |
3a56e697 SS |
742 | <refsect1> |
743 | <title>[L2TP] Section Options</title> | |
744 | <para>The <literal>[L2TP]</literal> section only applies for | |
745 | netdevs of kind <literal>l2tp</literal>, and accepts the | |
746 | following keys:</para> | |
747 | ||
748 | <variablelist class='network-directives'> | |
749 | <varlistentry> | |
750 | <term><varname>TunnelId=</varname></term> | |
751 | <listitem> | |
752 | <para>Specifies the tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer. | |
753 | Ranges a number between 1 and 4294967295). This option is compulsory.</para> | |
754 | </listitem> | |
755 | </varlistentry> | |
756 | <varlistentry> | |
757 | <term><varname>PeerTunnelId=</varname></term> | |
758 | <listitem> | |
759 | <para>Specifies the peer tunnel id. The value used must match the <literal>PeerTunnelId=</literal> value being used at the peer. | |
760 | Ranges a number between 1 and 4294967295). This option is compulsory.</para> | |
761 | </listitem> | |
762 | </varlistentry> | |
763 | <varlistentry> | |
764 | <term><varname>Remote=</varname></term> | |
765 | <listitem> | |
766 | <para>Specifies the IP address of the remote peer. This option is compulsory.</para> | |
767 | </listitem> | |
768 | </varlistentry> | |
769 | <varlistentry> | |
770 | <term><varname>Local=</varname></term> | |
771 | <listitem> | |
d053d08a YW |
772 | <para>Specifies the IP address of the local interface. Takes an IP address, or the special values |
773 | <literal>auto</literal>, <literal>static</literal>, or <literal>dynamic</literal>. When an address | |
774 | is set, then the local interface must have the address. If <literal>auto</literal>, then one of the | |
775 | addresses on the local interface is used. Similarly, if <literal>static</literal> or | |
776 | <literal>dynamic</literal> is set, then one of the static or dynamic addresses on the local | |
777 | interface is used. Defaults to <literal>auto</literal>.</para> | |
3a56e697 SS |
778 | </listitem> |
779 | </varlistentry> | |
780 | <varlistentry> | |
781 | <term><varname>EncapsulationType=</varname></term> | |
782 | <listitem> | |
783 | <para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or <literal>ip</literal>.</para> | |
784 | </listitem> | |
785 | </varlistentry> | |
786 | <varlistentry> | |
787 | <term><varname>UDPSourcePort=</varname></term> | |
788 | <listitem> | |
789 | <para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip | |
790 | encapsulation is selected.</para> | |
791 | </listitem> | |
792 | </varlistentry> | |
793 | <varlistentry> | |
794 | <term><varname>DestinationPort=</varname></term> | |
795 | <listitem> | |
796 | <para>Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip | |
797 | encapsulation is selected.</para> | |
798 | </listitem> | |
799 | </varlistentry> | |
800 | <varlistentry> | |
801 | <term><varname>UDPChecksum=</varname></term> | |
802 | <listitem> | |
803 | <para>Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para> | |
804 | </listitem> | |
805 | </varlistentry> | |
806 | <varlistentry> | |
807 | <term><varname>UDP6ZeroChecksumTx=</varname></term> | |
808 | <listitem> | |
809 | <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para> | |
810 | </listitem> | |
811 | </varlistentry> | |
812 | <varlistentry> | |
813 | <term><varname>UDP6ZeroChecksumRx=</varname></term> | |
814 | <listitem> | |
815 | <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para> | |
816 | </listitem> | |
817 | </varlistentry> | |
818 | </variablelist> | |
819 | </refsect1> | |
820 | <refsect1> | |
821 | <title>[L2TPSession] Section Options</title> | |
822 | <para>The <literal>[L2TPSession]</literal> section only applies for | |
823 | netdevs of kind <literal>l2tp</literal>, and accepts the | |
824 | following keys:</para> | |
825 | <variablelist class='network-directives'> | |
826 | <varlistentry> | |
827 | <term><varname>Name=</varname></term> | |
828 | <listitem> | |
829 | <para>Specifies the name of the sesssion. This option is compulsory.</para> | |
830 | </listitem> | |
831 | </varlistentry> | |
832 | <varlistentry> | |
833 | <term><varname>SessionId=</varname></term> | |
834 | <listitem> | |
835 | <para>Specifies the sesssion id. The value used must match the <literal>SessionId=</literal> value being used at the peer. | |
836 | Ranges a number between 1 and 4294967295). This option is compulsory.</para> | |
837 | </listitem> | |
838 | </varlistentry> | |
839 | <varlistentry> | |
840 | <term><varname>PeerSessionId=</varname></term> | |
841 | <listitem> | |
842 | <para>Specifies the peer session id. The value used must match the <literal>PeerSessionId=</literal> value being used at the peer. | |
843 | Ranges a number between 1 and 4294967295). This option is compulsory.</para> | |
844 | </listitem> | |
845 | </varlistentry> | |
846 | <varlistentry> | |
847 | <term><varname>Layer2SpecificHeader=</varname></term> | |
848 | <listitem> | |
849 | <para>Specifies layer2specific header type of the session. One of <literal>none</literal> or <literal>default</literal>. Defaults to <literal>default</literal>.</para> | |
850 | </listitem> | |
851 | </varlistentry> | |
852 | </variablelist> | |
853 | </refsect1> | |
798d3a52 ZJS |
854 | <refsect1> |
855 | <title>[Tunnel] Section Options</title> | |
856 | ||
857 | <para>The <literal>[Tunnel]</literal> section only applies for | |
858 | netdevs of kind | |
859 | <literal>ipip</literal>, | |
860 | <literal>sit</literal>, | |
861 | <literal>gre</literal>, | |
862 | <literal>gretap</literal>, | |
863 | <literal>ip6gre</literal>, | |
864 | <literal>ip6gretap</literal>, | |
5cc0748e | 865 | <literal>vti</literal>, |
af555aa3 YW |
866 | <literal>vti6</literal>, |
867 | <literal>ip6tnl</literal>, and | |
868 | <literal>erspan</literal> and accepts | |
798d3a52 ZJS |
869 | the following keys:</para> |
870 | ||
871 | <variablelist class='network-directives'> | |
872 | <varlistentry> | |
873 | <term><varname>Local=</varname></term> | |
874 | <listitem> | |
875 | <para>A static local address for tunneled packets. It must | |
876 | be an address on another interface of this host.</para> | |
877 | </listitem> | |
878 | </varlistentry> | |
879 | <varlistentry> | |
880 | <term><varname>Remote=</varname></term> | |
881 | <listitem> | |
882 | <para>The remote endpoint of the tunnel.</para> | |
883 | </listitem> | |
884 | </varlistentry> | |
885 | <varlistentry> | |
886 | <term><varname>TOS=</varname></term> | |
887 | <listitem> | |
888 | <para>The Type Of Service byte value for a tunnel interface. | |
b938cb90 | 889 | For details about the TOS, see the |
798d3a52 ZJS |
890 | <ulink url="http://tools.ietf.org/html/rfc1349"> Type of |
891 | Service in the Internet Protocol Suite </ulink> document. | |
892 | </para> | |
893 | </listitem> | |
894 | </varlistentry> | |
895 | <varlistentry> | |
896 | <term><varname>TTL=</varname></term> | |
897 | <listitem> | |
898 | <para>A fixed Time To Live N on tunneled packets. N is a | |
b938cb90 | 899 | number in the range 1–255. 0 is a special value meaning that |
798d3a52 | 900 | packets inherit the TTL value. The default value for IPv4 |
b938cb90 | 901 | tunnels is: inherit. The default value for IPv6 tunnels is |
798d3a52 ZJS |
902 | 64.</para> |
903 | </listitem> | |
904 | </varlistentry> | |
905 | <varlistentry> | |
906 | <term><varname>DiscoverPathMTU=</varname></term> | |
907 | <listitem> | |
9b6ffef3 | 908 | <para>Takes a boolean. When true, enables Path MTU Discovery on |
798d3a52 ZJS |
909 | the tunnel.</para> |
910 | </listitem> | |
911 | </varlistentry> | |
276de526 SS |
912 | <varlistentry> |
913 | <term><varname>IPv6FlowLabel=</varname></term> | |
914 | <listitem> | |
a8eaaee7 | 915 | <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437"> |
276de526 | 916 | RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460"> |
a8eaaee7 JE |
917 | RFC 2460</ulink>), which is used by a node to label packets of a flow. |
918 | It is only used for IPv6 tunnels. | |
919 | A flow label of zero is used to indicate packets that have | |
920 | not been labeled. | |
921 | It can be configured to a value in the range 0–0xFFFFF, or be | |
922 | set to <literal>inherit</literal>, in which case the original flowlabel is used.</para> | |
276de526 SS |
923 | </listitem> |
924 | </varlistentry> | |
9b0ca30a | 925 | <varlistentry> |
a9b70f9d | 926 | <term><varname>CopyDSCP=</varname></term> |
9b0ca30a | 927 | <listitem> |
9b6ffef3 | 928 | <para>Takes a boolean. When true, the Differentiated Service Code |
3cf4bcab | 929 | Point (DSCP) field will be copied to the inner header from |
a9b70f9d | 930 | outer header during the decapsulation of an IPv6 tunnel |
3cf4bcab ZJS |
931 | packet. DSCP is a field in an IP packet that enables different |
932 | levels of service to be assigned to network traffic. | |
933 | Defaults to <literal>no</literal>. | |
9b0ca30a SS |
934 | </para> |
935 | </listitem> | |
936 | </varlistentry> | |
dae398a8 SS |
937 | <varlistentry> |
938 | <term><varname>EncapsulationLimit=</varname></term> | |
939 | <listitem> | |
940 | <para>The Tunnel Encapsulation Limit option specifies how many additional | |
941 | levels of encapsulation are permitted to be prepended to the packet. | |
942 | For example, a Tunnel Encapsulation Limit option containing a limit | |
943 | value of zero means that a packet carrying that option may not enter | |
944 | another tunnel before exiting the current tunnel. | |
945 | (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>). | |
b938cb90 | 946 | The valid range is 0–255 and <literal>none</literal>. Defaults to 4. |
dae398a8 SS |
947 | </para> |
948 | </listitem> | |
949 | </varlistentry> | |
1d710029 SS |
950 | <varlistentry> |
951 | <term><varname>Key=</varname></term> | |
952 | <listitem> | |
953 | <para>The <varname>Key=</varname> parameter specifies the same key to use in | |
954 | both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>). | |
955 | The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad. | |
956 | It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data | |
957 | and control path) in ip xfrm (framework used to implement IPsec protocol). | |
958 | See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html"> | |
e306f2df | 959 | ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6 |
1d710029 SS |
960 | tunnels.</para> |
961 | </listitem> | |
962 | </varlistentry> | |
963 | <varlistentry> | |
964 | <term><varname>InputKey=</varname></term> | |
965 | <listitem> | |
966 | <para>The <varname>InputKey=</varname> parameter specifies the key to use for input. | |
967 | The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> | |
968 | </listitem> | |
969 | </varlistentry> | |
970 | <varlistentry> | |
971 | <term><varname>OutputKey=</varname></term> | |
972 | <listitem> | |
973 | <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output. | |
974 | The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> | |
975 | </listitem> | |
976 | </varlistentry> | |
798d3a52 ZJS |
977 | <varlistentry> |
978 | <term><varname>Mode=</varname></term> | |
979 | <listitem> | |
a8eaaee7 | 980 | <para>An <literal>ip6tnl</literal> tunnel can be in one of three |
798d3a52 ZJS |
981 | modes |
982 | <literal>ip6ip6</literal> for IPv6 over IPv6, | |
983 | <literal>ipip6</literal> for IPv4 over IPv6 or | |
984 | <literal>any</literal> for either. | |
985 | </para> | |
986 | </listitem> | |
987 | </varlistentry> | |
4d7fa6de SS |
988 | <varlistentry> |
989 | <term><varname>Independent=</varname></term> | |
990 | <listitem> | |
9b6ffef3 | 991 | <para>Takes a boolean. When true tunnel does not require .network file. Created as "tunnel@NONE". |
4d7fa6de SS |
992 | Defaults to <literal>false</literal>. |
993 | </para> | |
994 | </listitem> | |
995 | </varlistentry> | |
3a4f3e42 SS |
996 | <varlistentry> |
997 | <term><varname>AllowLocalRemote=</varname></term> | |
998 | <listitem> | |
9b6ffef3 | 999 | <para>Takes a boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address. |
025314d9 | 1000 | When unset, the kernel's default will be used. |
3a4f3e42 SS |
1001 | </para> |
1002 | </listitem> | |
1003 | </varlistentry> | |
53cb501a SS |
1004 | <varlistentry> |
1005 | <term><varname>FooOverUDP=</varname></term> | |
1006 | <listitem> | |
9b6ffef3 | 1007 | <para>Takes a boolean. Specifies whether <varname>FooOverUDP=</varname> tunnel is to be configured. |
53cb501a SS |
1008 | Defaults to false. For more detail information see |
1009 | <ulink url="https://lwn.net/Articles/614348">Foo over UDP</ulink></para> | |
1010 | </listitem> | |
1011 | </varlistentry> | |
1012 | <varlistentry> | |
1013 | <term><varname>FOUDestinationPort=</varname></term> | |
1014 | <listitem> | |
6f520e74 | 1015 | <para>This setting specifies the UDP destination port for encapsulation. |
53cb501a SS |
1016 | This field is mandatory and is not set by default.</para> |
1017 | </listitem> | |
1018 | </varlistentry> | |
1019 | <varlistentry> | |
1020 | <term><varname>FOUSourcePort=</varname></term> | |
1021 | <listitem> | |
6f520e74 ZJS |
1022 | <para>This setting specifies the UDP source port for encapsulation. Defaults to <constant>0</constant> |
1023 | — that is, the source port for packets is left to the network stack to decide.</para> | |
53cb501a SS |
1024 | </listitem> |
1025 | </varlistentry> | |
1026 | <varlistentry> | |
1027 | <term><varname>Encapsulation=</varname></term> | |
1028 | <listitem> | |
1029 | <para>Accepts the same key as <literal>[FooOverUDP]</literal></para> | |
1030 | </listitem> | |
1031 | </varlistentry> | |
d067cab3 DA |
1032 | <varlistentry> |
1033 | <term><varname>IPv6RapidDeploymentPrefix=</varname></term> | |
1034 | <listitem> | |
1035 | <para>Reconfigure the tunnel for <ulink url="https://tools.ietf.org/html/rfc5569">IPv6 Rapid | |
1036 | Deployment</ulink>, also known as 6rd. The value is an ISP-specific IPv6 prefix with a non-zero length. Only | |
1037 | applicable to SIT tunnels.</para> | |
1038 | </listitem> | |
1039 | </varlistentry> | |
918049ad SS |
1040 | <varlistentry> |
1041 | <term><varname>ISATAP=</varname></term> | |
1042 | <listitem> | |
1043 | <para>Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel. | |
1044 | Only applicable to SIT tunnels. When unset, the kernel's default will be used.</para> | |
1045 | </listitem> | |
1046 | </varlistentry> | |
2266864b SS |
1047 | <varlistentry> |
1048 | <term><varname>SerializeTunneledPackets=</varname></term> | |
1049 | <listitem> | |
9b6ffef3 | 1050 | <para>Takes a boolean. If set to yes, then packets are serialized. Only applies for ERSPAN tunnel. |
025314d9 | 1051 | When unset, the kernel's default will be used. |
2266864b SS |
1052 | </para> |
1053 | </listitem> | |
1054 | </varlistentry> | |
1055 | <varlistentry> | |
1056 | <term><varname>ERSPANIndex=</varname></term> | |
1057 | <listitem> | |
1058 | <para>Specifies the ERSPAN index field for the interface, an integer in the range 1-1048575 associated with | |
1059 | the ERSPAN traffic's source port and direction. This field is mandatory. | |
1060 | </para> | |
1061 | </listitem> | |
1062 | </varlistentry> | |
798d3a52 ZJS |
1063 | </variablelist> |
1064 | </refsect1> | |
53cb501a SS |
1065 | |
1066 | <refsect1> | |
1067 | <title>[FooOverUDP] Section Options</title> | |
1068 | ||
1069 | <para>The <literal>[FooOverUDP]</literal> section only applies for | |
1070 | netdevs of kind <literal>fou</literal> and accepts the | |
1071 | following keys:</para> | |
1072 | ||
1073 | <variablelist class='network-directives'> | |
1074 | <varlistentry> | |
1075 | <term><varname>Protocol=</varname></term> | |
1076 | <listitem> | |
1077 | <para>The <varname>Protocol=</varname> specifies the protocol number of the | |
1078 | packets arriving at the UDP port. This field is mandatory and is not set by default. Valid range is 1-255.</para> | |
1079 | </listitem> | |
1080 | </varlistentry> | |
1081 | <varlistentry> | |
1082 | <term><varname>Encapsulation=</varname></term> | |
1083 | <listitem> | |
1084 | <para>Specifies the encapsulation mechanism used to store networking packets of various protocols inside the UDP packets. Supports the following values: | |
1085 | ||
1086 | <literal>FooOverUDP</literal> provides the simplest no frills model of UDP encapsulation, it simply encapsulates | |
1087 | packets directly in the UDP payload. | |
1088 | <literal>GenericUDPEncapsulation</literal> is a generic and extensible encapsulation, it allows encapsulation of packets for any IP | |
1089 | protocol and optional data as part of the encapsulation. | |
1090 | For more detailed information see <ulink url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. | |
1091 | Defaults to <literal>FooOverUDP</literal>. | |
1092 | </para> | |
1093 | </listitem> | |
1094 | </varlistentry> | |
1095 | <varlistentry> | |
1096 | <term><varname>Port=</varname></term> | |
1097 | <listitem> | |
1098 | <para>Specifies the port number, where the IP encapsulation packets will arrive. Please take note that the packets | |
1099 | will arrive with the encapsulation will be removed. Then they will be manually fed back into the network stack, and sent ahead | |
1100 | for delivery to the real destination. This option is mandatory.</para> | |
1101 | </listitem> | |
1102 | </varlistentry> | |
1103 | </variablelist> | |
1104 | </refsect1> | |
798d3a52 ZJS |
1105 | <refsect1> |
1106 | <title>[Peer] Section Options</title> | |
1107 | ||
1108 | <para>The <literal>[Peer]</literal> section only applies for | |
1109 | netdevs of kind <literal>veth</literal> and accepts the | |
a8eaaee7 | 1110 | following keys:</para> |
798d3a52 ZJS |
1111 | |
1112 | <variablelist class='network-directives'> | |
1113 | <varlistentry> | |
1114 | <term><varname>Name=</varname></term> | |
1115 | <listitem> | |
1116 | <para>The interface name used when creating the netdev. | |
1117 | This option is compulsory.</para> | |
1118 | </listitem> | |
1119 | </varlistentry> | |
1120 | <varlistentry> | |
1121 | <term><varname>MACAddress=</varname></term> | |
1122 | <listitem> | |
b938cb90 | 1123 | <para>The peer MACAddress, if not set, it is generated in |
798d3a52 ZJS |
1124 | the same way as the MAC address of the main |
1125 | interface.</para> | |
1126 | </listitem> | |
1127 | </varlistentry> | |
1128 | </variablelist> | |
1129 | </refsect1> | |
d6df583c SS |
1130 | <refsect1> |
1131 | <title>[VXCAN] Section Options</title> | |
1132 | <para>The <literal>[VXCAN]</literal> section only applies for | |
1133 | netdevs of kind <literal>vxcan</literal> and accepts the | |
1134 | following key:</para> | |
1135 | ||
1136 | <variablelist class='network-directives'> | |
1137 | <varlistentry> | |
1138 | <term><varname>Peer=</varname></term> | |
1139 | <listitem> | |
1140 | <para>The peer interface name used when creating the netdev. | |
1141 | This option is compulsory.</para> | |
1142 | </listitem> | |
1143 | </varlistentry> | |
1144 | </variablelist> | |
1145 | </refsect1> | |
798d3a52 ZJS |
1146 | <refsect1> |
1147 | <title>[Tun] Section Options</title> | |
1148 | ||
1149 | <para>The <literal>[Tun]</literal> section only applies for | |
1150 | netdevs of kind <literal>tun</literal>, and accepts the following | |
1151 | keys:</para> | |
1152 | ||
1153 | <variablelist class='network-directives'> | |
1154 | <varlistentry> | |
1155 | <term><varname>OneQueue=</varname></term> | |
9b6ffef3 | 1156 | <listitem><para>Takes a boolean. Configures whether |
798d3a52 ZJS |
1157 | all packets are queued at the device (enabled), or a fixed |
1158 | number of packets are queued at the device and the rest at the | |
1159 | <literal>qdisc</literal>. Defaults to | |
1160 | <literal>no</literal>.</para> | |
1161 | </listitem> | |
1162 | </varlistentry> | |
1163 | <varlistentry> | |
1164 | <term><varname>MultiQueue=</varname></term> | |
9b6ffef3 | 1165 | <listitem><para>Takes a boolean. Configures whether |
798d3a52 ZJS |
1166 | to use multiple file descriptors (queues) to parallelize |
1167 | packets sending and receiving. Defaults to | |
1168 | <literal>no</literal>.</para> | |
1169 | </listitem> | |
1170 | </varlistentry> | |
1171 | <varlistentry> | |
1172 | <term><varname>PacketInfo=</varname></term> | |
9b6ffef3 | 1173 | <listitem><para>Takes a boolean. Configures whether |
ff9b60f3 | 1174 | packets should be prepended with four extra bytes (two flag |
b938cb90 | 1175 | bytes and two protocol bytes). If disabled, it indicates that |
798d3a52 ZJS |
1176 | the packets will be pure IP packets. Defaults to |
1177 | <literal>no</literal>.</para> | |
1178 | </listitem> | |
1179 | </varlistentry> | |
43f78da4 | 1180 | <varlistentry> |
2aba142e | 1181 | <term><varname>VNetHeader=</varname></term> |
9b6ffef3 | 1182 | <listitem><para>Takes a boolean. Configures |
43f78da4 SS |
1183 | IFF_VNET_HDR flag for a tap device. It allows sending |
1184 | and receiving larger Generic Segmentation Offload (GSO) | |
1185 | packets. This may increase throughput significantly. | |
1186 | Defaults to | |
1187 | <literal>no</literal>.</para> | |
1188 | </listitem> | |
1189 | </varlistentry> | |
798d3a52 ZJS |
1190 | <varlistentry> |
1191 | <term><varname>User=</varname></term> | |
1192 | <listitem><para>User to grant access to the | |
1193 | <filename>/dev/net/tun</filename> device.</para> | |
1194 | </listitem> | |
1195 | </varlistentry> | |
1196 | <varlistentry> | |
1197 | <term><varname>Group=</varname></term> | |
1198 | <listitem><para>Group to grant access to the | |
1199 | <filename>/dev/net/tun</filename> device.</para> | |
1200 | </listitem> | |
1201 | </varlistentry> | |
1202 | ||
1203 | </variablelist> | |
1204 | ||
1205 | </refsect1> | |
1206 | ||
1207 | <refsect1> | |
1208 | <title>[Tap] Section Options</title> | |
1209 | ||
1210 | <para>The <literal>[Tap]</literal> section only applies for | |
1211 | netdevs of kind <literal>tap</literal>, and accepts the same keys | |
1212 | as the <literal>[Tun]</literal> section.</para> | |
1213 | </refsect1> | |
1214 | ||
e5719363 JT |
1215 | <refsect1> |
1216 | <title>[WireGuard] Section Options</title> | |
1217 | ||
1218 | <para>The <literal>[WireGuard]</literal> section accepts the following | |
1219 | keys:</para> | |
1220 | ||
1221 | <variablelist class='network-directives'> | |
1222 | <varlistentry> | |
1223 | <term><varname>PrivateKey=</varname></term> | |
1224 | <listitem> | |
1225 | <para>The Base64 encoded private key for the interface. It can be | |
1226 | generated using the <command>wg genkey</command> command | |
1227 | (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>). | |
76df7779 | 1228 | This option or <varname>PrivateKeyFile=</varname> is mandatory to use WireGuard. |
a8d6dbed | 1229 | Note that because this information is secret, you may want to set |
bd277f53 | 1230 | the permissions of the .netdev file to be owned by <literal>root:systemd-network</literal> |
a8d6dbed | 1231 | with a <literal>0640</literal> file mode.</para> |
e5719363 JT |
1232 | </listitem> |
1233 | </varlistentry> | |
76df7779 YW |
1234 | <varlistentry> |
1235 | <term><varname>PrivateKeyFile=</varname></term> | |
1236 | <listitem> | |
1237 | <para>Takes a absolute path to a file which contains the Base64 encoded private key for the interface. | |
1238 | If both <varname>PrivateKey=</varname> and <varname>PrivateKeyFile=</varname> are specified, and if | |
1239 | the file specified in <varname>PrivateKeyFile=</varname> contains valid wireguard key, then | |
1240 | the key provided by <varname>PrivateKey=</varname> is ignored. | |
1241 | Note that the file must be readable by the user <literal>systemd-network</literal>, so it | |
1242 | should be, e.g., owned by <literal>root:systemd-network</literal> with a | |
1243 | <literal>0640</literal> file mode.</para> | |
1244 | </listitem> | |
1245 | </varlistentry> | |
e5719363 JT |
1246 | <varlistentry> |
1247 | <term><varname>ListenPort=</varname></term> | |
1248 | <listitem> | |
1249 | <para>Sets UDP port for listening. Takes either value between 1 and 65535 | |
1250 | or <literal>auto</literal>. If <literal>auto</literal> is specified, | |
1251 | the port is automatically generated based on interface name. | |
1252 | Defaults to <literal>auto</literal>.</para> | |
1253 | </listitem> | |
1254 | </varlistentry> | |
1255 | <varlistentry> | |
1256 | <term><varname>FwMark=</varname></term> | |
1257 | <listitem> | |
3209474f | 1258 | <para>Sets a firewall mark on outgoing WireGuard packets from this interface.</para> |
e5719363 JT |
1259 | </listitem> |
1260 | </varlistentry> | |
1261 | </variablelist> | |
1262 | </refsect1> | |
1263 | ||
1264 | <refsect1> | |
1265 | <title>[WireGuardPeer] Section Options</title> | |
1266 | ||
1267 | <para>The <literal>[WireGuardPeer]</literal> section accepts the following | |
1268 | keys:</para> | |
1269 | ||
1270 | <variablelist class='network-directives'> | |
1271 | <varlistentry> | |
1272 | <term><varname>PublicKey=</varname></term> | |
1273 | <listitem> | |
1274 | <para>Sets a Base64 encoded public key calculated by <command>wg pubkey</command> | |
1275 | (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>) | |
1276 | from a private key, and usually transmitted out of band to the | |
1277 | author of the configuration file. This option is mandatory for this | |
1278 | section.</para> | |
1279 | </listitem> | |
1280 | </varlistentry> | |
1281 | <varlistentry> | |
1282 | <term><varname>PresharedKey=</varname></term> | |
1283 | <listitem> | |
1284 | <para>Optional preshared key for the interface. It can be generated | |
1285 | by the <command>wg genpsk</command> command. This option adds an | |
1286 | additional layer of symmetric-key cryptography to be mixed into the | |
1287 | already existing public-key cryptography, for post-quantum | |
a8d6dbed JD |
1288 | resistance. |
1289 | Note that because this information is secret, you may want to set | |
1290 | the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal> | |
1291 | with a <literal>0640</literal> file mode.</para> | |
e5719363 JT |
1292 | </listitem> |
1293 | </varlistentry> | |
1294 | <varlistentry> | |
1295 | <term><varname>AllowedIPs=</varname></term> | |
1296 | <listitem> | |
1297 | <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks | |
1298 | from which this peer is allowed to send incoming traffic and to | |
1299 | which outgoing traffic for this peer is directed. The catch-all | |
1300 | 0.0.0.0/0 may be specified for matching all IPv4 addresses, and | |
1301 | ::/0 may be specified for matching all IPv6 addresses. </para> | |
1302 | </listitem> | |
1303 | </varlistentry> | |
1304 | <varlistentry> | |
1305 | <term><varname>Endpoint=</varname></term> | |
1306 | <listitem> | |
1307 | <para>Sets an endpoint IP address or hostname, followed by a colon, and then | |
1308 | a port number. This endpoint will be updated automatically once to | |
1309 | the most recent source IP address and port of correctly | |
1310 | authenticated packets from the peer at configuration time.</para> | |
1311 | </listitem> | |
1312 | </varlistentry> | |
1313 | <varlistentry> | |
1314 | <term><varname>PersistentKeepalive=</varname></term> | |
1315 | <listitem> | |
1316 | <para>Sets a seconds interval, between 1 and 65535 inclusive, of how often | |
1317 | to send an authenticated empty packet to the peer for the purpose | |
1318 | of keeping a stateful firewall or NAT mapping valid persistently. | |
1319 | For example, if the interface very rarely sends traffic, but it | |
1320 | might at anytime receive traffic from a peer, and it is behind NAT, | |
1321 | the interface might benefit from having a persistent keepalive | |
1322 | interval of 25 seconds. If set to 0 or "off", this option is | |
1323 | disabled. By default or when unspecified, this option is off. | |
1324 | Most users will not need this.</para> | |
1325 | </listitem> | |
1326 | </varlistentry> | |
1327 | </variablelist> | |
1328 | </refsect1> | |
1329 | ||
798d3a52 ZJS |
1330 | <refsect1> |
1331 | <title>[Bond] Section Options</title> | |
1332 | ||
1333 | <para>The <literal>[Bond]</literal> section accepts the following | |
1334 | key:</para> | |
1335 | ||
1336 | <variablelist class='network-directives'> | |
1337 | <varlistentry> | |
1338 | <term><varname>Mode=</varname></term> | |
1339 | <listitem> | |
1340 | <para>Specifies one of the bonding policies. The default is | |
1341 | <literal>balance-rr</literal> (round robin). Possible values are | |
1342 | <literal>balance-rr</literal>, | |
1343 | <literal>active-backup</literal>, | |
1344 | <literal>balance-xor</literal>, | |
1345 | <literal>broadcast</literal>, | |
1346 | <literal>802.3ad</literal>, | |
1347 | <literal>balance-tlb</literal>, and | |
1348 | <literal>balance-alb</literal>. | |
1349 | </para> | |
1350 | </listitem> | |
1351 | </varlistentry> | |
1352 | ||
1353 | <varlistentry> | |
1354 | <term><varname>TransmitHashPolicy=</varname></term> | |
1355 | <listitem> | |
1356 | <para>Selects the transmit hash policy to use for slave | |
1357 | selection in balance-xor, 802.3ad, and tlb modes. Possible | |
1358 | values are | |
1359 | <literal>layer2</literal>, | |
1360 | <literal>layer3+4</literal>, | |
1361 | <literal>layer2+3</literal>, | |
4d89618a | 1362 | <literal>encap2+3</literal>, and |
798d3a52 ZJS |
1363 | <literal>encap3+4</literal>. |
1364 | </para> | |
1365 | </listitem> | |
1366 | </varlistentry> | |
1367 | ||
1368 | <varlistentry> | |
1369 | <term><varname>LACPTransmitRate=</varname></term> | |
1370 | <listitem> | |
1371 | <para>Specifies the rate with which link partner transmits | |
1372 | Link Aggregation Control Protocol Data Unit packets in | |
1373 | 802.3ad mode. Possible values are <literal>slow</literal>, | |
1374 | which requests partner to transmit LACPDUs every 30 seconds, | |
1375 | and <literal>fast</literal>, which requests partner to | |
1376 | transmit LACPDUs every second. The default value is | |
1377 | <literal>slow</literal>.</para> | |
1378 | </listitem> | |
1379 | </varlistentry> | |
1380 | ||
1381 | <varlistentry> | |
1382 | <term><varname>MIIMonitorSec=</varname></term> | |
1383 | <listitem> | |
1384 | <para>Specifies the frequency that Media Independent | |
1385 | Interface link monitoring will occur. A value of zero | |
dd2b607b | 1386 | disables MII link monitoring. This value is rounded down to |
798d3a52 ZJS |
1387 | the nearest millisecond. The default value is 0.</para> |
1388 | </listitem> | |
1389 | </varlistentry> | |
1390 | ||
1391 | <varlistentry> | |
1392 | <term><varname>UpDelaySec=</varname></term> | |
1393 | <listitem> | |
1394 | <para>Specifies the delay before a link is enabled after a | |
1395 | link up status has been detected. This value is rounded down | |
1396 | to a multiple of MIIMonitorSec. The default value is | |
1397 | 0.</para> | |
1398 | </listitem> | |
1399 | </varlistentry> | |
1400 | ||
1401 | <varlistentry> | |
1402 | <term><varname>DownDelaySec=</varname></term> | |
1403 | <listitem> | |
1404 | <para>Specifies the delay before a link is disabled after a | |
1405 | link down status has been detected. This value is rounded | |
1406 | down to a multiple of MIIMonitorSec. The default value is | |
1407 | 0.</para> | |
1408 | </listitem> | |
1409 | </varlistentry> | |
1410 | ||
81bd37a8 | 1411 | <varlistentry> |
38422da7 | 1412 | <term><varname>LearnPacketIntervalSec=</varname></term> |
81bd37a8 SS |
1413 | <listitem> |
1414 | <para>Specifies the number of seconds between instances where the bonding | |
a8eaaee7 JE |
1415 | driver sends learning packets to each slave peer switch. |
1416 | The valid range is 1–0x7fffffff; the default value is 1. This option | |
1417 | has an effect only for the balance-tlb and balance-alb modes.</para> | |
81bd37a8 SS |
1418 | </listitem> |
1419 | </varlistentry> | |
1420 | ||
1421 | <varlistentry> | |
1422 | <term><varname>AdSelect=</varname></term> | |
1423 | <listitem> | |
1424 | <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are | |
1425 | <literal>stable</literal>, | |
a8eaaee7 JE |
1426 | <literal>bandwidth</literal> and |
1427 | <literal>count</literal>. | |
81bd37a8 SS |
1428 | </para> |
1429 | </listitem> | |
1430 | </varlistentry> | |
1431 | ||
99f68ef0 | 1432 | <varlistentry> |
db688b7e | 1433 | <term><varname>AdActorSystemPriority=</varname></term> |
99f68ef0 | 1434 | <listitem> |
db688b7e | 1435 | <para>Specifies the 802.3ad actor system priority. Ranges [1-65535].</para> |
99f68ef0 TJ |
1436 | </listitem> |
1437 | </varlistentry> | |
1438 | ||
1439 | <varlistentry> | |
1440 | <term><varname>AdUserPortKey=</varname></term> | |
1441 | <listitem> | |
1442 | <para>Specifies the 802.3ad user defined portion of the port key. Ranges [0-1023].</para> | |
1443 | </listitem> | |
1444 | </varlistentry> | |
1445 | ||
1446 | <varlistentry> | |
1447 | <term><varname>AdActorSystem=</varname></term> | |
1448 | <listitem> | |
1449 | <para>Specifies the 802.3ad system mac address. This can not be either NULL or Multicast.</para> | |
1450 | </listitem> | |
1451 | </varlistentry> | |
1452 | ||
81bd37a8 | 1453 | <varlistentry> |
38422da7 | 1454 | <term><varname>FailOverMACPolicy=</varname></term> |
81bd37a8 | 1455 | <listitem> |
a8eaaee7 JE |
1456 | <para>Specifies whether the active-backup mode should set all slaves to |
1457 | the same MAC address at the time of enslavement or, when enabled, to perform special handling of the | |
81bd37a8 SS |
1458 | bond's MAC address in accordance with the selected policy. The default policy is none. |
1459 | Possible values are | |
1460 | <literal>none</literal>, | |
a8eaaee7 JE |
1461 | <literal>active</literal> and |
1462 | <literal>follow</literal>. | |
81bd37a8 SS |
1463 | </para> |
1464 | </listitem> | |
1465 | </varlistentry> | |
1466 | ||
1467 | <varlistentry> | |
38422da7 | 1468 | <term><varname>ARPValidate=</varname></term> |
81bd37a8 SS |
1469 | <listitem> |
1470 | <para>Specifies whether or not ARP probes and replies should be | |
38422da7 | 1471 | validated in any mode that supports ARP monitoring, or whether |
81bd37a8 SS |
1472 | non-ARP traffic should be filtered (disregarded) for link |
1473 | monitoring purposes. Possible values are | |
1474 | <literal>none</literal>, | |
1475 | <literal>active</literal>, | |
a8eaaee7 JE |
1476 | <literal>backup</literal> and |
1477 | <literal>all</literal>. | |
81bd37a8 SS |
1478 | </para> |
1479 | </listitem> | |
1480 | </varlistentry> | |
1481 | ||
1482 | <varlistentry> | |
38422da7 | 1483 | <term><varname>ARPIntervalSec=</varname></term> |
81bd37a8 SS |
1484 | <listitem> |
1485 | <para>Specifies the ARP link monitoring frequency in milliseconds. | |
1486 | A value of 0 disables ARP monitoring. The default value is 0. | |
1487 | </para> | |
1488 | </listitem> | |
1489 | </varlistentry> | |
1490 | ||
1491 | <varlistentry> | |
38422da7 | 1492 | <term><varname>ARPIPTargets=</varname></term> |
81bd37a8 SS |
1493 | <listitem> |
1494 | <para>Specifies the IP addresses to use as ARP monitoring peers when | |
38422da7 | 1495 | ARPIntervalSec is greater than 0. These are the targets of the ARP request |
81bd37a8 | 1496 | sent to determine the health of the link to the targets. |
a8eaaee7 | 1497 | Specify these values in IPv4 dotted decimal format. At least one IP |
81bd37a8 SS |
1498 | address must be given for ARP monitoring to function. The |
1499 | maximum number of targets that can be specified is 16. The | |
1500 | default value is no IP addresses. | |
1501 | </para> | |
1502 | </listitem> | |
1503 | </varlistentry> | |
1504 | ||
1505 | <varlistentry> | |
38422da7 | 1506 | <term><varname>ARPAllTargets=</varname></term> |
81bd37a8 | 1507 | <listitem> |
38422da7 | 1508 | <para>Specifies the quantity of ARPIPTargets that must be reachable |
81bd37a8 SS |
1509 | in order for the ARP monitor to consider a slave as being up. |
1510 | This option affects only active-backup mode for slaves with | |
38422da7 | 1511 | ARPValidate enabled. Possible values are |
a8eaaee7 JE |
1512 | <literal>any</literal> and |
1513 | <literal>all</literal>. | |
81bd37a8 SS |
1514 | </para> |
1515 | </listitem> | |
1516 | </varlistentry> | |
1517 | ||
1518 | <varlistentry> | |
38422da7 | 1519 | <term><varname>PrimaryReselectPolicy=</varname></term> |
81bd37a8 SS |
1520 | <listitem> |
1521 | <para>Specifies the reselection policy for the primary slave. This | |
1522 | affects how the primary slave is chosen to become the active slave | |
1523 | when failure of the active slave or recovery of the primary slave | |
1524 | occurs. This option is designed to prevent flip-flopping between | |
1525 | the primary slave and other slaves. Possible values are | |
1526 | <literal>always</literal>, | |
a8eaaee7 JE |
1527 | <literal>better</literal> and |
1528 | <literal>failure</literal>. | |
81bd37a8 SS |
1529 | </para> |
1530 | </listitem> | |
1531 | </varlistentry> | |
1532 | ||
1533 | <varlistentry> | |
1534 | <term><varname>ResendIGMP=</varname></term> | |
1535 | <listitem> | |
1536 | <para>Specifies the number of IGMP membership reports to be issued after | |
1537 | a failover event. One membership report is issued immediately after | |
1538 | the failover, subsequent packets are sent in each 200ms interval. | |
b938cb90 | 1539 | The valid range is 0–255. Defaults to 1. A value of 0 |
81bd37a8 SS |
1540 | prevents the IGMP membership report from being issued in response |
1541 | to the failover event. | |
1542 | </para> | |
1543 | </listitem> | |
1544 | </varlistentry> | |
1545 | ||
1546 | <varlistentry> | |
1547 | <term><varname>PacketsPerSlave=</varname></term> | |
1548 | <listitem> | |
b938cb90 JE |
1549 | <para>Specify the number of packets to transmit through a slave before |
1550 | moving to the next one. When set to 0, then a slave is chosen at | |
1551 | random. The valid range is 0–65535. Defaults to 1. This option | |
a8eaaee7 | 1552 | only has effect when in balance-rr mode. |
81bd37a8 SS |
1553 | </para> |
1554 | </listitem> | |
1555 | </varlistentry> | |
1556 | ||
1557 | <varlistentry> | |
38422da7 | 1558 | <term><varname>GratuitousARP=</varname></term> |
81bd37a8 SS |
1559 | <listitem> |
1560 | <para>Specify the number of peer notifications (gratuitous ARPs and | |
1561 | unsolicited IPv6 Neighbor Advertisements) to be issued after a | |
b938cb90 | 1562 | failover event. As soon as the link is up on the new slave, |
81bd37a8 SS |
1563 | a peer notification is sent on the bonding device and each |
1564 | VLAN sub-device. This is repeated at each link monitor interval | |
38422da7 | 1565 | (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is |
a8eaaee7 | 1566 | greater than 1. The valid range is 0–255. The default value is 1. |
38422da7 | 1567 | These options affect only the active-backup mode. |
81bd37a8 SS |
1568 | </para> |
1569 | </listitem> | |
1570 | </varlistentry> | |
1571 | ||
1572 | <varlistentry> | |
1573 | <term><varname>AllSlavesActive=</varname></term> | |
1574 | <listitem> | |
9b6ffef3 | 1575 | <para>Takes a boolean. Specifies that duplicate frames (received on inactive ports) |
a8eaaee7 | 1576 | should be dropped when false, or delivered when true. Normally, bonding will drop |
81bd37a8 SS |
1577 | duplicate frames (received on inactive ports), which is desirable for |
1578 | most users. But there are some times it is nice to allow duplicate | |
1579 | frames to be delivered. The default value is false (drop duplicate frames | |
1580 | received on inactive ports). | |
1581 | </para> | |
1582 | </listitem> | |
1583 | </varlistentry> | |
1584 | ||
fde60a42 SS |
1585 | <varlistentry> |
1586 | <term><varname>DynamicTransmitLoadBalancing=</varname></term> | |
1587 | <listitem> | |
1588 | <para>Takes a boolean. Specifies if dynamic shuffling of flows is enabled. Applies only | |
1589 | for balance-tlb mode. Defaults to unset. | |
1590 | </para> | |
1591 | </listitem> | |
1592 | </varlistentry> | |
1593 | ||
81bd37a8 SS |
1594 | <varlistentry> |
1595 | <term><varname>MinLinks=</varname></term> | |
1596 | <listitem> | |
1597 | <para>Specifies the minimum number of links that must be active before | |
1598 | asserting carrier. The default value is 0. | |
1599 | </para> | |
1600 | </listitem> | |
1601 | </varlistentry> | |
798d3a52 | 1602 | </variablelist> |
81bd37a8 SS |
1603 | |
1604 | <para>For more detail information see | |
1605 | <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt"> | |
1606 | Linux Ethernet Bonding Driver HOWTO</ulink></para> | |
1607 | ||
798d3a52 ZJS |
1608 | </refsect1> |
1609 | ||
1610 | <refsect1> | |
48847676 | 1611 | <title>Examples</title> |
798d3a52 | 1612 | <example> |
6c1695be | 1613 | <title>/etc/systemd/network/25-bridge.netdev</title> |
798d3a52 ZJS |
1614 | |
1615 | <programlisting>[NetDev] | |
eac684ef TG |
1616 | Name=bridge0 |
1617 | Kind=bridge</programlisting> | |
798d3a52 | 1618 | </example> |
eac684ef | 1619 | |
798d3a52 | 1620 | <example> |
6c1695be | 1621 | <title>/etc/systemd/network/25-vlan1.netdev</title> |
eac684ef | 1622 | |
798d3a52 | 1623 | <programlisting>[Match] |
eac684ef TG |
1624 | Virtualization=no |
1625 | ||
1626 | [NetDev] | |
1627 | Name=vlan1 | |
1628 | Kind=vlan | |
1629 | ||
1630 | [VLAN] | |
1631 | Id=1</programlisting> | |
798d3a52 ZJS |
1632 | </example> |
1633 | <example> | |
6c1695be | 1634 | <title>/etc/systemd/network/25-ipip.netdev</title> |
798d3a52 | 1635 | <programlisting>[NetDev] |
b35a2909 TG |
1636 | Name=ipip-tun |
1637 | Kind=ipip | |
1638 | MTUBytes=1480 | |
1639 | ||
1640 | [Tunnel] | |
1641 | Local=192.168.223.238 | |
1642 | Remote=192.169.224.239 | |
1643 | TTL=64</programlisting> | |
798d3a52 | 1644 | </example> |
53cb501a SS |
1645 | <example> |
1646 | <title>/etc/systemd/network/1-fou-tunnel.netdev</title> | |
1647 | <programlisting>[NetDev] | |
1648 | Name=fou-tun | |
1649 | Kind=fou | |
1650 | ||
1651 | [FooOverUDP] | |
1652 | Port=5555 | |
1653 | Protocol=4 | |
1654 | </programlisting> | |
1655 | </example> | |
1656 | <example> | |
1657 | <title>/etc/systemd/network/25-fou-ipip.netdev</title> | |
1658 | <programlisting>[NetDev] | |
53cb501a SS |
1659 | Name=ipip-tun |
1660 | Kind=ipip | |
1661 | ||
1662 | [Tunnel] | |
964c4eda | 1663 | Independent=yes |
53cb501a SS |
1664 | Local=10.65.208.212 |
1665 | Remote=10.65.208.211 | |
964c4eda | 1666 | FooOverUDP=yes |
53cb501a SS |
1667 | FOUDestinationPort=5555 |
1668 | </programlisting> | |
1669 | </example> | |
798d3a52 | 1670 | <example> |
6c1695be | 1671 | <title>/etc/systemd/network/25-tap.netdev</title> |
798d3a52 | 1672 | <programlisting>[NetDev] |
30ae9dfd SS |
1673 | Name=tap-test |
1674 | Kind=tap | |
1675 | ||
1676 | [Tap] | |
964c4eda LP |
1677 | MultiQueue=yes |
1678 | PacketInfo=yes</programlisting> </example> | |
eac684ef | 1679 | |
798d3a52 | 1680 | <example> |
6c1695be | 1681 | <title>/etc/systemd/network/25-sit.netdev</title> |
798d3a52 | 1682 | <programlisting>[NetDev] |
b35a2909 TG |
1683 | Name=sit-tun |
1684 | Kind=sit | |
1685 | MTUBytes=1480 | |
1686 | ||
1687 | [Tunnel] | |
1688 | Local=10.65.223.238 | |
1689 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1690 | </example> |
eac684ef | 1691 | |
d067cab3 DA |
1692 | <example> |
1693 | <title>/etc/systemd/network/25-6rd.netdev</title> | |
1694 | <programlisting>[NetDev] | |
1695 | Name=6rd-tun | |
1696 | Kind=sit | |
1697 | MTUBytes=1480 | |
1698 | ||
1699 | [Tunnel] | |
1700 | Local=10.65.223.238 | |
1701 | IPv6RapidDeploymentPrefix=2602::/24</programlisting> | |
1702 | </example> | |
1703 | ||
798d3a52 | 1704 | <example> |
6c1695be | 1705 | <title>/etc/systemd/network/25-gre.netdev</title> |
798d3a52 | 1706 | <programlisting>[NetDev] |
b35a2909 TG |
1707 | Name=gre-tun |
1708 | Kind=gre | |
1709 | MTUBytes=1480 | |
1710 | ||
1711 | [Tunnel] | |
1712 | Local=10.65.223.238 | |
1713 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1714 | </example> |
b35a2909 | 1715 | |
798d3a52 | 1716 | <example> |
6c1695be | 1717 | <title>/etc/systemd/network/25-vti.netdev</title> |
b35a2909 | 1718 | |
798d3a52 | 1719 | <programlisting>[NetDev] |
b35a2909 TG |
1720 | Name=vti-tun |
1721 | Kind=vti | |
1722 | MTUBytes=1480 | |
1723 | ||
1724 | [Tunnel] | |
1725 | Local=10.65.223.238 | |
1726 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1727 | </example> |
b35a2909 | 1728 | |
798d3a52 | 1729 | <example> |
6c1695be | 1730 | <title>/etc/systemd/network/25-veth.netdev</title> |
798d3a52 | 1731 | <programlisting>[NetDev] |
b35a2909 TG |
1732 | Name=veth-test |
1733 | Kind=veth | |
1734 | ||
1735 | [Peer] | |
1736 | Name=veth-peer</programlisting> | |
798d3a52 | 1737 | </example> |
b35a2909 | 1738 | |
d94facdc | 1739 | <example> |
6c1695be | 1740 | <title>/etc/systemd/network/25-bond.netdev</title> |
d94facdc MH |
1741 | <programlisting>[NetDev] |
1742 | Name=bond1 | |
1743 | Kind=bond | |
1744 | ||
1745 | [Bond] | |
1746 | Mode=802.3ad | |
1747 | TransmitHashPolicy=layer3+4 | |
1748 | MIIMonitorSec=1s | |
1749 | LACPTransmitRate=fast | |
1750 | </programlisting> | |
1751 | </example> | |
1752 | ||
798d3a52 | 1753 | <example> |
6c1695be | 1754 | <title>/etc/systemd/network/25-dummy.netdev</title> |
798d3a52 | 1755 | <programlisting>[NetDev] |
9e358851 TG |
1756 | Name=dummy-test |
1757 | Kind=dummy | |
1758 | MACAddress=12:34:56:78:9a:bc</programlisting> | |
798d3a52 | 1759 | </example> |
20897a0d AR |
1760 | <example> |
1761 | <title>/etc/systemd/network/25-vrf.netdev</title> | |
037a3ded | 1762 | <para>Create a VRF interface with table 42.</para> |
20897a0d AR |
1763 | <programlisting>[NetDev] |
1764 | Name=vrf-test | |
1765 | Kind=vrf | |
798d3a52 | 1766 | |
20897a0d | 1767 | [VRF] |
362f6336 | 1768 | Table=42</programlisting> |
20897a0d | 1769 | </example> |
42125eda SS |
1770 | |
1771 | <example> | |
1772 | <title>/etc/systemd/network/25-macvtap.netdev</title> | |
1773 | <para>Create a MacVTap device.</para> | |
1774 | <programlisting>[NetDev] | |
1775 | Name=macvtap-test | |
1776 | Kind=macvtap | |
1777 | </programlisting> | |
1778 | </example> | |
e5719363 JT |
1779 | <example> |
1780 | <title>/etc/systemd/network/25-wireguard.netdev</title> | |
1781 | <programlisting>[NetDev] | |
1782 | Name=wg0 | |
1783 | Kind=wireguard | |
1784 | ||
1785 | [WireGuard] | |
1786 | PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong= | |
1787 | ListenPort=51820 | |
1788 | ||
1789 | [WireGuardPeer] | |
1790 | PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA= | |
1791 | AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24 | |
1792 | Endpoint=wireguard.example.com:51820</programlisting> | |
1793 | </example> | |
798d3a52 ZJS |
1794 | </refsect1> |
1795 | <refsect1> | |
1796 | <title>See Also</title> | |
1797 | <para> | |
1798 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1799 | <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
1800 | <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1801 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
1802 | </para> | |
1803 | </refsect1> | |
eac684ef TG |
1804 | |
1805 | </refentry> |