]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #4046 from pilophae/ideapad500isk
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef
TG		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
eac684ef
TG		 4
5<!--
6 This file is part of systemd.
7
8 Copyright 2013 Tom Gundersen
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
24<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
25
798d3a52
ZJS		 26 <refentryinfo>
27 <title>systemd.network</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Tom</firstname>
34 <surname>Gundersen</surname>
35 <email>teg@jklm.no</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.netdev</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.netdev</refname>
47 <refpurpose>Virtual Network Device configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
57 <para>Network setup is performed by
58 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
59 </para>
60
61 <para>Virtual Network Device files must have the extension
62 <filename>.netdev</filename>; other extensions are ignored.
63 Virtual network devices are created as soon as networkd is
64 started. If a netdev with the specified name already exists,
65 networkd will use that as-is rather than create its own. Note that
66 the settings of the pre-existing netdev will not be changed by
67 networkd.</para>
68
69 <para>The <filename>.netdev</filename> files are read from the
70 files located in the system network directory
12b42c76 71 <filename>/usr/lib/systemd/network</filename>, the volatile
798d3a52
ZJS		 72 runtime network directory
73 <filename>/run/systemd/network</filename> and the local
74 administration network directory
12b42c76 75 <filename>/etc/systemd/network</filename>. All configuration files
798d3a52
ZJS		 76 are collectively sorted and processed in lexical order, regardless
77 of the directories in which they live. However, files with
78 identical filenames replace each other. Files in
79 <filename>/etc</filename> have the highest priority, files in
80 <filename>/run</filename> take precedence over files with the same
12b42c76 81 name in <filename>/usr/lib</filename>. This can be used to
798d3a52 82 override a system-supplied configuration file with a local file if
57e27ec0 83 needed. As a special case, an empty file (file size 0) or symlink
b938cb90 84 with the same name pointing to <filename>/dev/null</filename>
a8eaaee7 85 disables the configuration file entirely (it is "masked").</para>
798d3a52
ZJS		 86 </refsect1>
87
88 <refsect1>
89 <title>Supported netdev kinds</title>
90
91 <para>The following kinds of virtual network devices may be
92 configured in <filename>.netdev</filename> files:</para>
93
94 <table>
95 <title>Supported kinds of virtual network devices</title>
96
97 <tgroup cols='2'>
98 <colspec colname='kind' />
99 <colspec colname='explanation' />
100 <thead><row>
101 <entry>Kind</entry>
102 <entry>Description</entry>
103 </row></thead>
104 <tbody>
105 <row><entry><varname>bond</varname></entry>
106 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
107
108 <row><entry><varname>bridge</varname></entry>
a8eaaee7 109 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 110
111 <row><entry><varname>dummy</varname></entry>
112 <entry>A dummy device drops all packets sent to it.</entry></row>
113
114 <row><entry><varname>gre</varname></entry>
115 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
116
117 <row><entry><varname>gretap</varname></entry>
118 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
119
120 <row><entry><varname>ip6gre</varname></entry>
121 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
122
123 <row><entry><varname>ip6tnl</varname></entry>
124 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
125
126 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 127 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 128
129 <row><entry><varname>ipip</varname></entry>
130 <entry>An IPv4 over IPv4 tunnel.</entry></row>
131
132 <row><entry><varname>ipvlan</varname></entry>
133 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
134
135 <row><entry><varname>macvlan</varname></entry>
136 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
137
0371f2df
SS		 138 <row><entry><varname>macvtap</varname></entry>
139 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
140
798d3a52
ZJS		 141 <row><entry><varname>sit</varname></entry>
142 <entry>An IPv6 over IPv4 tunnel.</entry></row>
143
144 <row><entry><varname>tap</varname></entry>
145 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
146
147 <row><entry><varname>tun</varname></entry>
148 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
149
150 <row><entry><varname>veth</varname></entry>
a8eaaee7 151 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 152
153 <row><entry><varname>vlan</varname></entry>
154 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
155
156 <row><entry><varname>vti</varname></entry>
157 <entry>An IPv4 over IPSec tunnel.</entry></row>
158
5cc0748e
SS		 159 <row><entry><varname>vti6</varname></entry>
160 <entry>An IPv6 over IPSec tunnel.</entry></row>
161
798d3a52
ZJS		 162 <row><entry><varname>vxlan</varname></entry>
163 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d
AR		 164
165 <row><entry><varname>vrf</varname></entry>
6dd6a9c4 166 <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
20897a0d 167
798d3a52
ZJS		 168 </tbody>
169 </tgroup>
170 </table>
171
172 </refsect1>
173
174 <refsect1>
175 <title>[Match] Section Options</title>
176
177 <para>A virtual network device is only created if the
178 <literal>[Match]</literal> section matches the current
179 environment, or if the section is empty. The following keys are
180 accepted:</para>
181
182 <variablelist class='network-directives'>
183 <varlistentry>
184 <term><varname>Host=</varname></term>
185 <listitem>
186 <para>Matches against the hostname or machine ID of the
187 host. See <literal>ConditionHost=</literal> in
188 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
189 for details.
190 </para>
191 </listitem>
192 </varlistentry>
193 <varlistentry>
194 <term><varname>Virtualization=</varname></term>
195 <listitem>
196 <para>Checks whether the system is executed in a virtualized
197 environment and optionally test whether it is a specific
198 implementation. See
199 <literal>ConditionVirtualization=</literal> in
200 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
201 for details.
202 </para>
203 </listitem>
204 </varlistentry>
205 <varlistentry>
206 <term><varname>KernelCommandLine=</varname></term>
207 <listitem>
208 <para>Checks whether a specific kernel command line option
209 is set (or if prefixed with the exclamation mark unset). See
210 <literal>ConditionKernelCommandLine=</literal> in
211 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
212 for details.
213 </para>
214 </listitem>
215 </varlistentry>
216 <varlistentry>
217 <term><varname>Architecture=</varname></term>
218 <listitem>
219 <para>Checks whether the system is running on a specific
220 architecture. See <literal>ConditionArchitecture=</literal> in
221 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
222 for details.
223 </para>
224 </listitem>
225 </varlistentry>
226 </variablelist>
227
228 </refsect1>
229
230 <refsect1>
231 <title>[NetDev] Section Options</title>
232
233 <para>The <literal>[NetDev]</literal> section accepts the
234 following keys:</para>
235
236 <variablelist class='network-directives'>
237 <varlistentry>
238 <term><varname>Description=</varname></term>
239 <listitem>
240 <para>A free-form description of the netdev.</para>
241 </listitem>
242 </varlistentry>
243 <varlistentry>
244 <term><varname>Name=</varname></term>
245 <listitem>
246 <para>The interface name used when creating the netdev.
247 This option is compulsory.</para>
248 </listitem>
249 </varlistentry>
250 <varlistentry>
251 <term><varname>Kind=</varname></term>
252 <listitem>
253 <para>The netdev kind. This option is compulsory. See the
254 <literal>Supported netdev kinds</literal> section for the
255 valid keys.</para>
256 </listitem>
257 </varlistentry>
258 <varlistentry>
259 <term><varname>MTUBytes=</varname></term>
260 <listitem>
261 <para>The maximum transmission unit in bytes to set for
262 the device. The usual suffixes K, M, G, are supported and
263 are understood to the base of 1024. This key is not
ff9b60f3 264 currently supported for <literal>tun</literal> or
798d3a52
ZJS		 265 <literal>tap</literal> devices.
266 </para>
267 </listitem>
268 </varlistentry>
269 <varlistentry>
270 <term><varname>MACAddress=</varname></term>
271 <listitem>
272 <para>The MAC address to use for the device. If none is
273 given, one is generated based on the interface name and
274 the
275 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
ff9b60f3 276 This key is not currently supported for
798d3a52
ZJS		 277 <literal>tun</literal> or <literal>tap</literal> devices.
278 </para>
279 </listitem>
280 </varlistentry>
281 </variablelist>
282 </refsect1>
283
3428fe07
SS		 284 <refsect1>
285 <title>[Bridge] Section Options</title>
286
287 <para>The <literal>[Bridge]</literal> section only applies for
288 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 289 following keys:</para>
3428fe07
SS		 290
291 <variablelist class='network-directives'>
292 <varlistentry>
293 <term><varname>HelloTimeSec=</varname></term>
294 <listitem>
a8eaaee7 295 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 296 sent out by the root bridge and the designated bridges. Hello packets are
297 used to communicate information about the topology throughout the entire
298 bridged local area network.</para>
299 </listitem>
300 </varlistentry>
301 <varlistentry>
302 <term><varname>MaxAgeSec=</varname></term>
303 <listitem>
304 <para>MaxAgeSec specifies the number of seconds of maximum message age.
305 If the last seen (received) hello packet is more than this number of
306 seconds old, the bridge in question will start the takeover procedure
307 in attempt to become the Root Bridge itself.</para>
308 </listitem>
309 </varlistentry>
310 <varlistentry>
311 <term><varname>ForwardDelaySec=</varname></term>
312 <listitem>
313 <para>ForwardDelaySec specifies the number of seconds spent in each
314 of the Listening and Learning states before the Forwarding state is entered.</para>
315 </listitem>
316 </varlistentry>
3fef7a3f
SS		 317 <varlistentry>
318 <term><varname>MulticastQuerier=</varname></term>
319 <listitem>
320 <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
321 If enabled, the kernel will send general ICMP queries from a zero source address.
322 This feature should allow faster convergence on startup, but it causes some
323 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
324 When unset, the kernel's default setting applies.
325 </para>
326 </listitem>
327 </varlistentry>
6df6d898
SS		 328 <varlistentry>
329 <term><varname>MulticastSnooping=</varname></term>
330 <listitem>
331 <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
332 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
333 between hosts and multicast routers. When unset, the kernel's default setting applies.
334 </para>
335 </listitem>
336 </varlistentry>
c6f8d17d
TJ		 337 <varlistentry>
338 <term><varname>VLANFiltering=</varname></term>
339 <listitem>
340 <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
341 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's
342 default setting applies.
343 </para>
344 </listitem>
345 </varlistentry>
b760a9af
SS		 346 <varlistentry>
347 <term><varname>STP=</varname></term>
348 <listitem>
349 <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset,
350 the kernel's default setting applies.
351 </para>
352 </listitem>
353 </varlistentry>
3428fe07 354 </variablelist>
3428fe07
SS		 355 </refsect1>
356
798d3a52
ZJS		 357 <refsect1>
358 <title>[VLAN] Section Options</title>
359
360 <para>The <literal>[VLAN]</literal> section only applies for
361 netdevs of kind <literal>vlan</literal>, and accepts the
362 following key:</para>
363
364 <variablelist class='network-directives'>
365 <varlistentry>
366 <term><varname>Id=</varname></term>
367 <listitem>
368 <para>The VLAN ID to use. An integer in the range 0–4094.
369 This option is compulsory.</para>
370 </listitem>
371 </varlistentry>
372 </variablelist>
373
374 </refsect1>
375
376 <refsect1>
377 <title>[MACVLAN] Section Options</title>
378
379 <para>The <literal>[MACVLAN]</literal> section only applies for
380 netdevs of kind <literal>macvlan</literal>, and accepts the
381 following key:</para>
382
383 <variablelist class='network-directives'>
384 <varlistentry>
385 <term><varname>Mode=</varname></term>
386 <listitem>
387 <para>The MACVLAN mode to use. The supported options are
388 <literal>private</literal>,
389 <literal>vepa</literal>,
390 <literal>bridge</literal>, and
391 <literal>passthru</literal>.
392 </para>
393 </listitem>
394 </varlistentry>
395 </variablelist>
396
397 </refsect1>
398
0371f2df
SS		 399 <refsect1>
400 <title>[MACVTAP] Section Options</title>
401
402 <para>The <literal>[MACVTAP]</literal> section applies for
403 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 404 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 405
406 </refsect1>
407
798d3a52
ZJS		 408 <refsect1>
409 <title>[IPVLAN] Section Options</title>
410
411 <para>The <literal>[IPVLAN]</literal> section only applies for
412 netdevs of kind <literal>ipvlan</literal>, and accepts the
413 following key:</para>
414
415 <variablelist class='network-directives'>
416 <varlistentry>
417 <term><varname>Mode=</varname></term>
418 <listitem>
419 <para>The IPVLAN mode to use. The supported options are
420 <literal>L2</literal> and <literal>L3</literal>.
421 </para>
422 </listitem>
423 </varlistentry>
424 </variablelist>
425
426 </refsect1>
427
428 <refsect1>
429 <title>[VXLAN] Section Options</title>
430 <para>The <literal>[VXLAN]</literal> section only applies for
431 netdevs of kind <literal>vxlan</literal>, and accepts the
432 following keys:</para>
433
434 <variablelist class='network-directives'>
435 <varlistentry>
436 <term><varname>Id=</varname></term>
437 <listitem>
438 <para>The VXLAN ID to use.</para>
439 </listitem>
440 </varlistentry>
441 <varlistentry>
442 <term><varname>Group=</varname></term>
443 <listitem>
444 <para>An assigned multicast group IP address.</para>
445 </listitem>
446 </varlistentry>
447 <varlistentry>
448 <term><varname>TOS=</varname></term>
449 <listitem>
450 <para>The Type Of Service byte value for a vxlan interface.</para>
451 </listitem>
452 </varlistentry>
453 <varlistentry>
454 <term><varname>TTL=</varname></term>
455 <listitem>
456 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 457 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 458 is a special value meaning that packets inherit the TTL
459 value.</para>
460 </listitem>
461 </varlistentry>
462 <varlistentry>
463 <term><varname>MacLearning=</varname></term>
464 <listitem>
465 <para>A boolean. When true, enables dynamic MAC learning
466 to discover remote MAC addresses.</para>
467 </listitem>
468 </varlistentry>
469 <varlistentry>
470 <term><varname>FDBAgeingSec=</varname></term>
471 <listitem>
472 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 473 the kernel, in seconds.</para>
798d3a52
ZJS		 474 </listitem>
475 </varlistentry>
476 <varlistentry>
3d276dd2
SS		 477 <term><varname>MaximumFDBEntries=</varname></term>
478 <listitem>
479 <para>Configures maximum number of FDB entries.</para>
480 </listitem>
481 </varlistentry>
798d3a52
ZJS		 482 <varlistentry>
483 <term><varname>ARPProxy=</varname></term>
484 <listitem>
a8eaaee7 485 <para>A boolean. When true, enables ARP proxying.</para>
798d3a52
ZJS		 486 </listitem>
487 </varlistentry>
488 <varlistentry>
489 <term><varname>L2MissNotification=</varname></term>
490 <listitem>
491 <para>A boolean. When true, enables netlink LLADDR miss
492 notifications.</para>
493 </listitem>
494 </varlistentry>
495 <varlistentry>
496 <term><varname>L3MissNotification=</varname></term>
497 <listitem>
a8eaaee7 498 <para>A boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 499 notifications.</para>
500 </listitem>
501 </varlistentry>
502 <varlistentry>
503 <term><varname>RouteShortCircuit=</varname></term>
504 <listitem>
a8eaaee7 505 <para>A boolean. When true, route short circuiting is turned
798d3a52
ZJS		 506 on.</para>
507 </listitem>
508 </varlistentry>
cffacc74
SS		 509 <varlistentry>
510 <term><varname>UDPCheckSum=</varname></term>
511 <listitem>
b938cb90 512 <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 513 </listitem>
514 </varlistentry>
515 <varlistentry>
516 <term><varname>UDP6ZeroChecksumTx=</varname></term>
517 <listitem>
b938cb90 518 <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 519 </listitem>
520 </varlistentry>
521 <varlistentry>
522 <term><varname>UDP6ZeroCheckSumRx=</varname></term>
523 <listitem>
b938cb90 524 <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 525 </listitem>
526 </varlistentry>
8b414e52
SS		 527 <varlistentry>
528 <term><varname>GroupPolicyExtension=</varname></term>
529 <listitem>
b938cb90
JE		 530 <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
531 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 532 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
533 VXLAN Group Policy </ulink> document. Defaults to false.</para>
534 </listitem>
535 </varlistentry>
ea0288d1
SS		 536 <varlistentry>
537 <term><varname>DestinationPort=</varname></term>
538 <listitem>
539 <para>Configures the default destination UDP port on a per-device basis.
540 If destination port is not specified then Linux kernel default will be used.
541 Set destination port 4789 to get the IANA assigned value,
542 and destination port 0 to get default values.</para>
543 </listitem>
544 </varlistentry>
545 <varlistentry>
546 <term><varname>PortRange=</varname></term>
547 <listitem>
548 <para>Configures VXLAN port range. VXLAN bases source
549 UDP port based on flow to help the receiver to be able
550 to load balance based on outer header flow. It
551 restricts the port range to the normal UDP local
552 ports, and allows overriding via configuration.</para>
553 </listitem>
554 </varlistentry>
798d3a52
ZJS		 555 </variablelist>
556 </refsect1>
557 <refsect1>
558 <title>[Tunnel] Section Options</title>
559
560 <para>The <literal>[Tunnel]</literal> section only applies for
561 netdevs of kind
562 <literal>ipip</literal>,
563 <literal>sit</literal>,
564 <literal>gre</literal>,
565 <literal>gretap</literal>,
566 <literal>ip6gre</literal>,
567 <literal>ip6gretap</literal>,
5cc0748e
SS		 568 <literal>vti</literal>,
569 <literal>vti6</literal>, and
798d3a52
ZJS		 570 <literal>ip6tnl</literal> and accepts
571 the following keys:</para>
572
573 <variablelist class='network-directives'>
574 <varlistentry>
575 <term><varname>Local=</varname></term>
576 <listitem>
577 <para>A static local address for tunneled packets. It must
578 be an address on another interface of this host.</para>
579 </listitem>
580 </varlistentry>
581 <varlistentry>
582 <term><varname>Remote=</varname></term>
583 <listitem>
584 <para>The remote endpoint of the tunnel.</para>
585 </listitem>
586 </varlistentry>
587 <varlistentry>
588 <term><varname>TOS=</varname></term>
589 <listitem>
590 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 591 For details about the TOS, see the
798d3a52
ZJS		 592 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
593 Service in the Internet Protocol Suite </ulink> document.
594 </para>
595 </listitem>
596 </varlistentry>
597 <varlistentry>
598 <term><varname>TTL=</varname></term>
599 <listitem>
600 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 601 number in the range 1–255. 0 is a special value meaning that
798d3a52 602 packets inherit the TTL value. The default value for IPv4
b938cb90 603 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 604 64.</para>
605 </listitem>
606 </varlistentry>
607 <varlistentry>
608 <term><varname>DiscoverPathMTU=</varname></term>
609 <listitem>
610 <para>A boolean. When true, enables Path MTU Discovery on
611 the tunnel.</para>
612 </listitem>
613 </varlistentry>
276de526
SS		 614 <varlistentry>
615 <term><varname>IPv6FlowLabel=</varname></term>
616 <listitem>
a8eaaee7 617 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 618 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 619 RFC 2460</ulink>), which is used by a node to label packets of a flow.
620 It is only used for IPv6 tunnels.
621 A flow label of zero is used to indicate packets that have
622 not been labeled.
623 It can be configured to a value in the range 0–0xFFFFF, or be
624 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 625 </listitem>
626 </varlistentry>
9b0ca30a 627 <varlistentry>
a9b70f9d 628 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 629 <listitem>
3cf4bcab
ZJS		 630 <para>A boolean. When true, the Differentiated Service Code
631 Point (DSCP) field will be copied to the inner header from
a9b70f9d 632 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 633 packet. DSCP is a field in an IP packet that enables different
634 levels of service to be assigned to network traffic.
635 Defaults to <literal>no</literal>.
9b0ca30a
SS		 636 </para>
637 </listitem>
638 </varlistentry>
dae398a8
SS		 639 <varlistentry>
640 <term><varname>EncapsulationLimit=</varname></term>
641 <listitem>
642 <para>The Tunnel Encapsulation Limit option specifies how many additional
643 levels of encapsulation are permitted to be prepended to the packet.
644 For example, a Tunnel Encapsulation Limit option containing a limit
645 value of zero means that a packet carrying that option may not enter
646 another tunnel before exiting the current tunnel.
647 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 648 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 649 </para>
650 </listitem>
651 </varlistentry>
1d710029
SS		 652 <varlistentry>
653 <term><varname>Key=</varname></term>
654 <listitem>
655 <para>The <varname>Key=</varname> parameter specifies the same key to use in
656 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
657 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
658 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
659 and control path) in ip xfrm (framework used to implement IPsec protocol).
660 See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
e306f2df 661 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
1d710029
SS		 662 tunnels.</para>
663 </listitem>
664 </varlistentry>
665 <varlistentry>
666 <term><varname>InputKey=</varname></term>
667 <listitem>
668 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
669 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
670 </listitem>
671 </varlistentry>
672 <varlistentry>
673 <term><varname>OutputKey=</varname></term>
674 <listitem>
675 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
676 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
677 </listitem>
678 </varlistentry>
798d3a52
ZJS		 679 <varlistentry>
680 <term><varname>Mode=</varname></term>
681 <listitem>
a8eaaee7 682 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 683 modes
684 <literal>ip6ip6</literal> for IPv6 over IPv6,
685 <literal>ipip6</literal> for IPv4 over IPv6 or
686 <literal>any</literal> for either.
687 </para>
688 </listitem>
689 </varlistentry>
690 </variablelist>
691 </refsect1>
692 <refsect1>
693 <title>[Peer] Section Options</title>
694
695 <para>The <literal>[Peer]</literal> section only applies for
696 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 697 following keys:</para>
798d3a52
ZJS		 698
699 <variablelist class='network-directives'>
700 <varlistentry>
701 <term><varname>Name=</varname></term>
702 <listitem>
703 <para>The interface name used when creating the netdev.
704 This option is compulsory.</para>
705 </listitem>
706 </varlistentry>
707 <varlistentry>
708 <term><varname>MACAddress=</varname></term>
709 <listitem>
b938cb90 710 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 711 the same way as the MAC address of the main
712 interface.</para>
713 </listitem>
714 </varlistentry>
715 </variablelist>
716 </refsect1>
717 <refsect1>
718 <title>[Tun] Section Options</title>
719
720 <para>The <literal>[Tun]</literal> section only applies for
721 netdevs of kind <literal>tun</literal>, and accepts the following
722 keys:</para>
723
724 <variablelist class='network-directives'>
725 <varlistentry>
726 <term><varname>OneQueue=</varname></term>
727 <listitem><para>Takes a boolean argument. Configures whether
728 all packets are queued at the device (enabled), or a fixed
729 number of packets are queued at the device and the rest at the
730 <literal>qdisc</literal>. Defaults to
731 <literal>no</literal>.</para>
732 </listitem>
733 </varlistentry>
734 <varlistentry>
735 <term><varname>MultiQueue=</varname></term>
736 <listitem><para>Takes a boolean argument. Configures whether
737 to use multiple file descriptors (queues) to parallelize
738 packets sending and receiving. Defaults to
739 <literal>no</literal>.</para>
740 </listitem>
741 </varlistentry>
742 <varlistentry>
743 <term><varname>PacketInfo=</varname></term>
744 <listitem><para>Takes a boolean argument. Configures whether
ff9b60f3 745 packets should be prepended with four extra bytes (two flag
b938cb90 746 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 747 the packets will be pure IP packets. Defaults to
748 <literal>no</literal>.</para>
749 </listitem>
750 </varlistentry>
43f78da4 751 <varlistentry>
2aba142e 752 <term><varname>VNetHeader=</varname></term>
43f78da4
SS		 753 <listitem><para>Takes a boolean argument. Configures
754 IFF_VNET_HDR flag for a tap device. It allows sending
755 and receiving larger Generic Segmentation Offload (GSO)
756 packets. This may increase throughput significantly.
757 Defaults to
758 <literal>no</literal>.</para>
759 </listitem>
760 </varlistentry>
798d3a52
ZJS		 761 <varlistentry>
762 <term><varname>User=</varname></term>
763 <listitem><para>User to grant access to the
764 <filename>/dev/net/tun</filename> device.</para>
765 </listitem>
766 </varlistentry>
767 <varlistentry>
768 <term><varname>Group=</varname></term>
769 <listitem><para>Group to grant access to the
770 <filename>/dev/net/tun</filename> device.</para>
771 </listitem>
772 </varlistentry>
773
774 </variablelist>
775
776 </refsect1>
777
778 <refsect1>
779 <title>[Tap] Section Options</title>
780
781 <para>The <literal>[Tap]</literal> section only applies for
782 netdevs of kind <literal>tap</literal>, and accepts the same keys
783 as the <literal>[Tun]</literal> section.</para>
784 </refsect1>
785
786 <refsect1>
787 <title>[Bond] Section Options</title>
788
789 <para>The <literal>[Bond]</literal> section accepts the following
790 key:</para>
791
792 <variablelist class='network-directives'>
793 <varlistentry>
794 <term><varname>Mode=</varname></term>
795 <listitem>
796 <para>Specifies one of the bonding policies. The default is
797 <literal>balance-rr</literal> (round robin). Possible values are
798 <literal>balance-rr</literal>,
799 <literal>active-backup</literal>,
800 <literal>balance-xor</literal>,
801 <literal>broadcast</literal>,
802 <literal>802.3ad</literal>,
803 <literal>balance-tlb</literal>, and
804 <literal>balance-alb</literal>.
805 </para>
806 </listitem>
807 </varlistentry>
808
809 <varlistentry>
810 <term><varname>TransmitHashPolicy=</varname></term>
811 <listitem>
812 <para>Selects the transmit hash policy to use for slave
813 selection in balance-xor, 802.3ad, and tlb modes. Possible
814 values are
815 <literal>layer2</literal>,
816 <literal>layer3+4</literal>,
817 <literal>layer2+3</literal>,
4d89618a 818 <literal>encap2+3</literal>, and
798d3a52
ZJS		 819 <literal>encap3+4</literal>.
820 </para>
821 </listitem>
822 </varlistentry>
823
824 <varlistentry>
825 <term><varname>LACPTransmitRate=</varname></term>
826 <listitem>
827 <para>Specifies the rate with which link partner transmits
828 Link Aggregation Control Protocol Data Unit packets in
829 802.3ad mode. Possible values are <literal>slow</literal>,
830 which requests partner to transmit LACPDUs every 30 seconds,
831 and <literal>fast</literal>, which requests partner to
832 transmit LACPDUs every second. The default value is
833 <literal>slow</literal>.</para>
834 </listitem>
835 </varlistentry>
836
837 <varlistentry>
838 <term><varname>MIIMonitorSec=</varname></term>
839 <listitem>
840 <para>Specifies the frequency that Media Independent
841 Interface link monitoring will occur. A value of zero
dd2b607b 842 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 843 the nearest millisecond. The default value is 0.</para>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry>
848 <term><varname>UpDelaySec=</varname></term>
849 <listitem>
850 <para>Specifies the delay before a link is enabled after a
851 link up status has been detected. This value is rounded down
852 to a multiple of MIIMonitorSec. The default value is
853 0.</para>
854 </listitem>
855 </varlistentry>
856
857 <varlistentry>
858 <term><varname>DownDelaySec=</varname></term>
859 <listitem>
860 <para>Specifies the delay before a link is disabled after a
861 link down status has been detected. This value is rounded
862 down to a multiple of MIIMonitorSec. The default value is
863 0.</para>
864 </listitem>
865 </varlistentry>
866
81bd37a8 867 <varlistentry>
38422da7 868 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 869 <listitem>
870 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 871 driver sends learning packets to each slave peer switch.
872 The valid range is 1–0x7fffffff; the default value is 1. This option
873 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 874 </listitem>
875 </varlistentry>
876
877 <varlistentry>
878 <term><varname>AdSelect=</varname></term>
879 <listitem>
880 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
881 <literal>stable</literal>,
a8eaaee7
JE		 882 <literal>bandwidth</literal> and
883 <literal>count</literal>.
81bd37a8
SS		 884 </para>
885 </listitem>
886 </varlistentry>
887
888 <varlistentry>
38422da7 889 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 890 <listitem>
a8eaaee7
JE		 891 <para>Specifies whether the active-backup mode should set all slaves to
892 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 893 bond's MAC address in accordance with the selected policy. The default policy is none.
894 Possible values are
895 <literal>none</literal>,
a8eaaee7
JE		 896 <literal>active</literal> and
897 <literal>follow</literal>.
81bd37a8
SS		 898 </para>
899 </listitem>
900 </varlistentry>
901
902 <varlistentry>
38422da7 903 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 904 <listitem>
905 <para>Specifies whether or not ARP probes and replies should be
38422da7 906 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 907 non-ARP traffic should be filtered (disregarded) for link
908 monitoring purposes. Possible values are
909 <literal>none</literal>,
910 <literal>active</literal>,
a8eaaee7
JE		 911 <literal>backup</literal> and
912 <literal>all</literal>.
81bd37a8
SS		 913 </para>
914 </listitem>
915 </varlistentry>
916
917 <varlistentry>
38422da7 918 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 919 <listitem>
920 <para>Specifies the ARP link monitoring frequency in milliseconds.
921 A value of 0 disables ARP monitoring. The default value is 0.
922 </para>
923 </listitem>
924 </varlistentry>
925
926 <varlistentry>
38422da7 927 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 928 <listitem>
929 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 930 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 931 sent to determine the health of the link to the targets.
a8eaaee7 932 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 933 address must be given for ARP monitoring to function. The
934 maximum number of targets that can be specified is 16. The
935 default value is no IP addresses.
936 </para>
937 </listitem>
938 </varlistentry>
939
940 <varlistentry>
38422da7 941 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 942 <listitem>
38422da7 943 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 944 in order for the ARP monitor to consider a slave as being up.
945 This option affects only active-backup mode for slaves with
38422da7 946 ARPValidate enabled. Possible values are
a8eaaee7
JE		 947 <literal>any</literal> and
948 <literal>all</literal>.
81bd37a8
SS		 949 </para>
950 </listitem>
951 </varlistentry>
952
953 <varlistentry>
38422da7 954 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 955 <listitem>
956 <para>Specifies the reselection policy for the primary slave. This
957 affects how the primary slave is chosen to become the active slave
958 when failure of the active slave or recovery of the primary slave
959 occurs. This option is designed to prevent flip-flopping between
960 the primary slave and other slaves. Possible values are
961 <literal>always</literal>,
a8eaaee7
JE		 962 <literal>better</literal> and
963 <literal>failure</literal>.
81bd37a8
SS		 964 </para>
965 </listitem>
966 </varlistentry>
967
968 <varlistentry>
969 <term><varname>ResendIGMP=</varname></term>
970 <listitem>
971 <para>Specifies the number of IGMP membership reports to be issued after
972 a failover event. One membership report is issued immediately after
973 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 974 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 975 prevents the IGMP membership report from being issued in response
976 to the failover event.
977 </para>
978 </listitem>
979 </varlistentry>
980
981 <varlistentry>
982 <term><varname>PacketsPerSlave=</varname></term>
983 <listitem>
b938cb90
JE		 984 <para>Specify the number of packets to transmit through a slave before
985 moving to the next one. When set to 0, then a slave is chosen at
986 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 987 only has effect when in balance-rr mode.
81bd37a8
SS		 988 </para>
989 </listitem>
990 </varlistentry>
991
992 <varlistentry>
38422da7 993 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 994 <listitem>
995 <para>Specify the number of peer notifications (gratuitous ARPs and
996 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 997 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 998 a peer notification is sent on the bonding device and each
999 VLAN sub-device. This is repeated at each link monitor interval
38422da7 1000 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 1001 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 1002 These options affect only the active-backup mode.
81bd37a8
SS		 1003 </para>
1004 </listitem>
1005 </varlistentry>
1006
1007 <varlistentry>
1008 <term><varname>AllSlavesActive=</varname></term>
1009 <listitem>
a8eaaee7
JE		 1010 <para>A boolean. Specifies that duplicate frames (received on inactive ports)
1011 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 1012 duplicate frames (received on inactive ports), which is desirable for
1013 most users. But there are some times it is nice to allow duplicate
1014 frames to be delivered. The default value is false (drop duplicate frames
1015 received on inactive ports).
1016 </para>
1017 </listitem>
1018 </varlistentry>
1019
1020 <varlistentry>
1021 <term><varname>MinLinks=</varname></term>
1022 <listitem>
1023 <para>Specifies the minimum number of links that must be active before
1024 asserting carrier. The default value is 0.
1025 </para>
1026 </listitem>
1027 </varlistentry>
1028
798d3a52 1029 </variablelist>
81bd37a8
SS		 1030
1031 <para>For more detail information see
1032 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
1033 Linux Ethernet Bonding Driver HOWTO</ulink></para>
1034
798d3a52
ZJS		 1035 </refsect1>
1036
1037 <refsect1>
1038 <title>Example</title>
1039 <example>
6c1695be 1040 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 1041
1042 <programlisting>[NetDev]
eac684ef
TG		 1043Name=bridge0
1044Kind=bridge</programlisting>
798d3a52 1045 </example>
eac684ef 1046
798d3a52 1047 <example>
6c1695be 1048 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 1049
798d3a52 1050 <programlisting>[Match]
eac684ef
TG		 1051Virtualization=no
1052
1053[NetDev]
1054Name=vlan1
1055Kind=vlan
1056
1057[VLAN]
1058Id=1</programlisting>
798d3a52
ZJS		 1059 </example>
1060 <example>
6c1695be 1061 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1062 <programlisting>[NetDev]
b35a2909
TG		 1063Name=ipip-tun
1064Kind=ipip
1065MTUBytes=1480
1066
1067[Tunnel]
1068Local=192.168.223.238
1069Remote=192.169.224.239
1070TTL=64</programlisting>
798d3a52
ZJS		 1071 </example>
1072 <example>
6c1695be 1073 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1074 <programlisting>[NetDev]
30ae9dfd
SS		 1075Name=tap-test
1076Kind=tap
1077
1078[Tap]
1079MultiQueue=true
1080PacketInfo=true</programlisting> </example>
eac684ef 1081
798d3a52 1082 <example>
6c1695be 1083 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1084 <programlisting>[NetDev]
b35a2909
TG		 1085Name=sit-tun
1086Kind=sit
1087MTUBytes=1480
1088
1089[Tunnel]
1090Local=10.65.223.238
1091Remote=10.65.223.239</programlisting>
798d3a52 1092 </example>
eac684ef 1093
798d3a52 1094 <example>
6c1695be 1095 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1096 <programlisting>[NetDev]
b35a2909
TG		 1097Name=gre-tun
1098Kind=gre
1099MTUBytes=1480
1100
1101[Tunnel]
1102Local=10.65.223.238
1103Remote=10.65.223.239</programlisting>
798d3a52 1104 </example>
b35a2909 1105
798d3a52 1106 <example>
6c1695be 1107 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1108
798d3a52 1109 <programlisting>[NetDev]
b35a2909
TG		 1110Name=vti-tun
1111Kind=vti
1112MTUBytes=1480
1113
1114[Tunnel]
1115Local=10.65.223.238
1116Remote=10.65.223.239</programlisting>
798d3a52 1117 </example>
b35a2909 1118
798d3a52 1119 <example>
6c1695be 1120 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1121 <programlisting>[NetDev]
b35a2909
TG		 1122Name=veth-test
1123Kind=veth
1124
1125[Peer]
1126Name=veth-peer</programlisting>
798d3a52 1127 </example>
b35a2909 1128
d94facdc 1129 <example>
6c1695be 1130 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1131 <programlisting>[NetDev]
1132Name=bond1
1133Kind=bond
1134
1135[Bond]
1136Mode=802.3ad
1137TransmitHashPolicy=layer3+4
1138MIIMonitorSec=1s
1139LACPTransmitRate=fast
1140</programlisting>
1141 </example>
1142
798d3a52 1143 <example>
6c1695be 1144 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1145 <programlisting>[NetDev]
9e358851
TG		 1146Name=dummy-test
1147Kind=dummy
1148MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 1149 </example>
20897a0d
AR		 1150 <example>
1151 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 1152 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 1153 <programlisting>[NetDev]
1154Name=vrf-test
1155Kind=vrf
798d3a52 1156
20897a0d
AR		 1157[VRF]
1158TableId=42</programlisting>
1159 </example>
798d3a52
ZJS		 1160 </refsect1>
1161 <refsect1>
1162 <title>See Also</title>
1163 <para>
1164 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1165 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1166 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1167 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1168 </para>
1169 </refsect1>
eac684ef
TG		 1170
1171</refentry>
Unnamed repository; edit this file 'description' to name the repository.