]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd-netlink: add generic netlink support
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef
TG		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
eac684ef
TG		 4
5<!--
572eb058
ZJS		 6 SPDX-License-Identifier: LGPL-2.1+
7
eac684ef
TG		 8 This file is part of systemd.
9
10 Copyright 2013 Tom Gundersen
11
12 systemd is free software; you can redistribute it and/or modify it
13 under the terms of the GNU Lesser General Public License as published by
14 the Free Software Foundation; either version 2.1 of the License, or
15 (at your option) any later version.
16
17 systemd is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
21
22 You should have received a copy of the GNU Lesser General Public License
23 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24-->
25
26<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
27
798d3a52
ZJS		 28 <refentryinfo>
29 <title>systemd.network</title>
30 <productname>systemd</productname>
31
32 <authorgroup>
33 <author>
34 <contrib>Developer</contrib>
35 <firstname>Tom</firstname>
36 <surname>Gundersen</surname>
37 <email>teg@jklm.no</email>
38 </author>
39 </authorgroup>
40 </refentryinfo>
41
42 <refmeta>
43 <refentrytitle>systemd.netdev</refentrytitle>
44 <manvolnum>5</manvolnum>
45 </refmeta>
46
47 <refnamediv>
48 <refname>systemd.netdev</refname>
49 <refpurpose>Virtual Network Device configuration</refpurpose>
50 </refnamediv>
51
52 <refsynopsisdiv>
53 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
54 </refsynopsisdiv>
55
56 <refsect1>
57 <title>Description</title>
58
59 <para>Network setup is performed by
60 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
61 </para>
62
bac150e9
ZJS		 63 <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
64 other extensions are ignored. Virtual network devices are created as soon as networkd is
65 started. If a netdev with the specified name already exists, networkd will use that as-is rather
66 than create its own. Note that the settings of the pre-existing netdev will not be changed by
798d3a52
ZJS		 67 networkd.</para>
68
bac150e9
ZJS		 69 <para>The <filename>.netdev</filename> files are read from the files located in the system
70 network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network
71 directory <filename>/run/systemd/network</filename> and the local administration network
72 directory <filename>/etc/systemd/network</filename>. All configuration files are collectively
73 sorted and processed in lexical order, regardless of the directories in which they live.
74 However, files with identical filenames replace each other. Files in <filename>/etc</filename>
75 have the highest priority, files in <filename>/run</filename> take precedence over files with
76 the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied
77 configuration file with a local file if needed. As a special case, an empty file (file size 0)
78 or symlink with the same name pointing to <filename>/dev/null</filename> disables the
79 configuration file entirely (it is "masked").</para>
80
81 <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
82 <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
83 from this directory will be parsed after the file itself is parsed. This is useful to alter or
84 add configuration settings, without having to modify the main configuration file. Each drop-in
85 file must have appropriate section headers.</para>
86
87 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
88 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
89 <filename>/run/systemd/network</filename> directories. Drop-in files in
90 <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn
91 take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these
92 directories take precedence over the main netdev file wherever located. (Of course, since
93 <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is
94 unlikely drop-ins should be used in either of those places.)</para>
798d3a52
ZJS		 95 </refsect1>
96
97 <refsect1>
98 <title>Supported netdev kinds</title>
99
100 <para>The following kinds of virtual network devices may be
101 configured in <filename>.netdev</filename> files:</para>
102
103 <table>
104 <title>Supported kinds of virtual network devices</title>
105
106 <tgroup cols='2'>
107 <colspec colname='kind' />
108 <colspec colname='explanation' />
109 <thead><row>
110 <entry>Kind</entry>
111 <entry>Description</entry>
112 </row></thead>
113 <tbody>
114 <row><entry><varname>bond</varname></entry>
115 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
116
117 <row><entry><varname>bridge</varname></entry>
a8eaaee7 118 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 119
120 <row><entry><varname>dummy</varname></entry>
121 <entry>A dummy device drops all packets sent to it.</entry></row>
122
123 <row><entry><varname>gre</varname></entry>
124 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
125
126 <row><entry><varname>gretap</varname></entry>
127 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
128
129 <row><entry><varname>ip6gre</varname></entry>
130 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
131
132 <row><entry><varname>ip6tnl</varname></entry>
133 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
134
135 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 136 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 137
138 <row><entry><varname>ipip</varname></entry>
139 <entry>An IPv4 over IPv4 tunnel.</entry></row>
140
141 <row><entry><varname>ipvlan</varname></entry>
142 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
143
144 <row><entry><varname>macvlan</varname></entry>
145 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
146
0371f2df
SS		 147 <row><entry><varname>macvtap</varname></entry>
148 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
149
798d3a52
ZJS		 150 <row><entry><varname>sit</varname></entry>
151 <entry>An IPv6 over IPv4 tunnel.</entry></row>
152
153 <row><entry><varname>tap</varname></entry>
154 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
155
156 <row><entry><varname>tun</varname></entry>
157 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
158
159 <row><entry><varname>veth</varname></entry>
a8eaaee7 160 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 161
162 <row><entry><varname>vlan</varname></entry>
163 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
164
165 <row><entry><varname>vti</varname></entry>
166 <entry>An IPv4 over IPSec tunnel.</entry></row>
167
5cc0748e
SS		 168 <row><entry><varname>vti6</varname></entry>
169 <entry>An IPv6 over IPSec tunnel.</entry></row>
170
798d3a52
ZJS		 171 <row><entry><varname>vxlan</varname></entry>
172 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d 173
6598e046
SS		 174 <row><entry><varname>geneve</varname></entry>
175 <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row>
176
20897a0d 177 <row><entry><varname>vrf</varname></entry>
92c918b0
SS		 178 <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
179
180 <row><entry><varname>vcan</varname></entry>
ba9fa3bc 181 <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
20897a0d 182
d6df583c
SS		 183 <row><entry><varname>vxcan</varname></entry>
184 <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication.
185 </entry></row>
186
798d3a52
ZJS		 187 </tbody>
188 </tgroup>
189 </table>
190
191 </refsect1>
192
193 <refsect1>
194 <title>[Match] Section Options</title>
195
196 <para>A virtual network device is only created if the
197 <literal>[Match]</literal> section matches the current
198 environment, or if the section is empty. The following keys are
199 accepted:</para>
200
201 <variablelist class='network-directives'>
202 <varlistentry>
203 <term><varname>Host=</varname></term>
204 <listitem>
205 <para>Matches against the hostname or machine ID of the
206 host. See <literal>ConditionHost=</literal> in
207 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
208 for details.
209 </para>
210 </listitem>
211 </varlistentry>
212 <varlistentry>
213 <term><varname>Virtualization=</varname></term>
214 <listitem>
215 <para>Checks whether the system is executed in a virtualized
216 environment and optionally test whether it is a specific
217 implementation. See
218 <literal>ConditionVirtualization=</literal> in
219 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
220 for details.
221 </para>
222 </listitem>
223 </varlistentry>
224 <varlistentry>
225 <term><varname>KernelCommandLine=</varname></term>
226 <listitem>
227 <para>Checks whether a specific kernel command line option
228 is set (or if prefixed with the exclamation mark unset). See
229 <literal>ConditionKernelCommandLine=</literal> in
230 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
231 for details.
232 </para>
233 </listitem>
234 </varlistentry>
5022f08a
LP		 235 <varlistentry>
236 <term><varname>KernelVersion=</varname></term>
237 <listitem>
238 <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain
239 expression (or if prefixed with the exclamation mark does not match it). See
240 <literal>ConditionKernelVersion=</literal> in
241 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.
242 </para>
243 </listitem>
244 </varlistentry>
798d3a52
ZJS		 245 <varlistentry>
246 <term><varname>Architecture=</varname></term>
247 <listitem>
248 <para>Checks whether the system is running on a specific
249 architecture. See <literal>ConditionArchitecture=</literal> in
250 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
251 for details.
252 </para>
253 </listitem>
254 </varlistentry>
255 </variablelist>
256
257 </refsect1>
258
259 <refsect1>
260 <title>[NetDev] Section Options</title>
261
262 <para>The <literal>[NetDev]</literal> section accepts the
263 following keys:</para>
264
265 <variablelist class='network-directives'>
266 <varlistentry>
267 <term><varname>Description=</varname></term>
268 <listitem>
269 <para>A free-form description of the netdev.</para>
270 </listitem>
271 </varlistentry>
272 <varlistentry>
273 <term><varname>Name=</varname></term>
274 <listitem>
275 <para>The interface name used when creating the netdev.
276 This option is compulsory.</para>
277 </listitem>
278 </varlistentry>
279 <varlistentry>
280 <term><varname>Kind=</varname></term>
281 <listitem>
282 <para>The netdev kind. This option is compulsory. See the
283 <literal>Supported netdev kinds</literal> section for the
284 valid keys.</para>
285 </listitem>
286 </varlistentry>
287 <varlistentry>
288 <term><varname>MTUBytes=</varname></term>
289 <listitem>
290 <para>The maximum transmission unit in bytes to set for
291 the device. The usual suffixes K, M, G, are supported and
292 are understood to the base of 1024. This key is not
ff9b60f3 293 currently supported for <literal>tun</literal> or
798d3a52
ZJS		 294 <literal>tap</literal> devices.
295 </para>
296 </listitem>
297 </varlistentry>
298 <varlistentry>
299 <term><varname>MACAddress=</varname></term>
300 <listitem>
301 <para>The MAC address to use for the device. If none is
302 given, one is generated based on the interface name and
303 the
304 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
ff9b60f3 305 This key is not currently supported for
798d3a52
ZJS		 306 <literal>tun</literal> or <literal>tap</literal> devices.
307 </para>
308 </listitem>
309 </varlistentry>
310 </variablelist>
311 </refsect1>
312
3428fe07
SS		 313 <refsect1>
314 <title>[Bridge] Section Options</title>
315
316 <para>The <literal>[Bridge]</literal> section only applies for
317 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 318 following keys:</para>
3428fe07
SS		 319
320 <variablelist class='network-directives'>
321 <varlistentry>
322 <term><varname>HelloTimeSec=</varname></term>
323 <listitem>
a8eaaee7 324 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 325 sent out by the root bridge and the designated bridges. Hello packets are
326 used to communicate information about the topology throughout the entire
327 bridged local area network.</para>
328 </listitem>
329 </varlistentry>
330 <varlistentry>
331 <term><varname>MaxAgeSec=</varname></term>
332 <listitem>
333 <para>MaxAgeSec specifies the number of seconds of maximum message age.
334 If the last seen (received) hello packet is more than this number of
335 seconds old, the bridge in question will start the takeover procedure
336 in attempt to become the Root Bridge itself.</para>
337 </listitem>
338 </varlistentry>
339 <varlistentry>
340 <term><varname>ForwardDelaySec=</varname></term>
341 <listitem>
342 <para>ForwardDelaySec specifies the number of seconds spent in each
343 of the Listening and Learning states before the Forwarding state is entered.</para>
344 </listitem>
345 </varlistentry>
c7440e74
TJ		 346 <varlistentry>
347 <term><varname>AgeingTimeSec=</varname></term>
348 <listitem>
349 <para>This specifies the number of seconds a MAC Address will be kept in
d23a0044 350 the forwarding database after having a packet received from this MAC Address.</para>
c7440e74
TJ		 351 </listitem>
352 </varlistentry>
353 <varlistentry>
354 <term><varname>Priority=</varname></term>
355 <listitem>
356 <para>The priority of the bridge. An integer between 0 and 65535. A lower value
357 means higher priority. The bridge having the lowest priority will be elected as root bridge.</para>
358 </listitem>
359 </varlistentry>
c4819961
JC		 360 <varlistentry>
361 <term><varname>GroupForwardMask=</varname></term>
362 <listitem>
363 <para>A 16-bit bitmask represented as an integer which allows forwarding of link
364 local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND
365 is performed between the specified bitmask and the exponentiation of 2^X, the
366 lower nibble of the last octet of the MAC address. For example, a value of 8
367 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para>
368 </listitem>
369 </varlistentry>
c7440e74
TJ		 370 <varlistentry>
371 <term><varname>DefaultPVID=</varname></term>
372 <listitem>
0d6c68eb
TJ		 373 <para>This specifies the default port VLAN ID of a newly attached bridge port.
374 Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para>
c7440e74
TJ		 375 </listitem>
376 </varlistentry>
3fef7a3f
SS		 377 <varlistentry>
378 <term><varname>MulticastQuerier=</varname></term>
379 <listitem>
380 <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
381 If enabled, the kernel will send general ICMP queries from a zero source address.
382 This feature should allow faster convergence on startup, but it causes some
383 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
384 When unset, the kernel's default setting applies.
385 </para>
386 </listitem>
387 </varlistentry>
6df6d898
SS		 388 <varlistentry>
389 <term><varname>MulticastSnooping=</varname></term>
390 <listitem>
391 <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
392 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
393 between hosts and multicast routers. When unset, the kernel's default setting applies.
394 </para>
395 </listitem>
396 </varlistentry>
c6f8d17d
TJ		 397 <varlistentry>
398 <term><varname>VLANFiltering=</varname></term>
399 <listitem>
400 <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
401 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's
402 default setting applies.
403 </para>
404 </listitem>
405 </varlistentry>
b760a9af
SS		 406 <varlistentry>
407 <term><varname>STP=</varname></term>
408 <listitem>
409 <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset,
410 the kernel's default setting applies.
411 </para>
412 </listitem>
413 </varlistentry>
3428fe07 414 </variablelist>
3428fe07
SS		 415 </refsect1>
416
798d3a52
ZJS		 417 <refsect1>
418 <title>[VLAN] Section Options</title>
419
420 <para>The <literal>[VLAN]</literal> section only applies for
421 netdevs of kind <literal>vlan</literal>, and accepts the
422 following key:</para>
423
424 <variablelist class='network-directives'>
425 <varlistentry>
426 <term><varname>Id=</varname></term>
427 <listitem>
428 <para>The VLAN ID to use. An integer in the range 0–4094.
429 This option is compulsory.</para>
430 </listitem>
431 </varlistentry>
c8b21184
SS		 432 <varlistentry>
433 <term><varname>GVRP=</varname></term>
434 <listitem>
435 <para>The Generic VLAN Registration Protocol (GVRP) is a protocol that
436 allows automatic learning of VLANs on a network. A boolean. When unset,
437 the kernel's default setting applies.</para>
438 </listitem>
439 </varlistentry>
6c1ff21b
SS		 440 <varlistentry>
441 <term><varname>MVRP=</varname></term>
442 <listitem>
443 <para>Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN
444 Registration Protocol (GVRP) is a standards-based Layer 2 network protocol,
445 for automatic configuration of VLAN information on switches. It was defined
446 in the 802.1ak amendment to 802.1Q-2005. A boolean. When unset, the kernel's
447 default setting applies.</para>
448 </listitem>
449 </varlistentry>
450 <varlistentry>
451 <term><varname>LooseBinding=</varname></term>
452 <listitem>
453 <para>The VLAN loose binding mode, in which only the operational state is passed
454 from the parent to the associated VLANs, but the VLAN device state is not changed.
455 A boolean. When unset, the kernel's default setting applies.</para>
456 </listitem>
457 </varlistentry>
458 <varlistentry>
459 <term><varname>ReorderHeader=</varname></term>
460 <listitem>
461 <para>The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
462 A boolean. When unset, the kernel's default setting applies.</para>
463 </listitem>
464 </varlistentry>
798d3a52 465 </variablelist>
798d3a52
ZJS		 466 </refsect1>
467
468 <refsect1>
469 <title>[MACVLAN] Section Options</title>
470
471 <para>The <literal>[MACVLAN]</literal> section only applies for
472 netdevs of kind <literal>macvlan</literal>, and accepts the
473 following key:</para>
474
475 <variablelist class='network-directives'>
476 <varlistentry>
477 <term><varname>Mode=</varname></term>
478 <listitem>
479 <para>The MACVLAN mode to use. The supported options are
480 <literal>private</literal>,
481 <literal>vepa</literal>,
482 <literal>bridge</literal>, and
483 <literal>passthru</literal>.
484 </para>
485 </listitem>
486 </varlistentry>
487 </variablelist>
488
489 </refsect1>
490
0371f2df
SS		 491 <refsect1>
492 <title>[MACVTAP] Section Options</title>
493
494 <para>The <literal>[MACVTAP]</literal> section applies for
495 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 496 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 497
498 </refsect1>
499
798d3a52
ZJS		 500 <refsect1>
501 <title>[IPVLAN] Section Options</title>
502
503 <para>The <literal>[IPVLAN]</literal> section only applies for
504 netdevs of kind <literal>ipvlan</literal>, and accepts the
505 following key:</para>
506
507 <variablelist class='network-directives'>
508 <varlistentry>
509 <term><varname>Mode=</varname></term>
510 <listitem>
511 <para>The IPVLAN mode to use. The supported options are
d384826f
SS		 512 <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>.
513 </para>
514 </listitem>
515 </varlistentry>
516 <varlistentry>
517 <term><varname>Flags=</varname></term>
518 <listitem>
519 <para>The IPVLAN flags to use. The supported options are
520 <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>.
798d3a52
ZJS		 521 </para>
522 </listitem>
523 </varlistentry>
524 </variablelist>
525
526 </refsect1>
527
528 <refsect1>
529 <title>[VXLAN] Section Options</title>
530 <para>The <literal>[VXLAN]</literal> section only applies for
531 netdevs of kind <literal>vxlan</literal>, and accepts the
532 following keys:</para>
533
534 <variablelist class='network-directives'>
535 <varlistentry>
536 <term><varname>Id=</varname></term>
537 <listitem>
538 <para>The VXLAN ID to use.</para>
539 </listitem>
540 </varlistentry>
541 <varlistentry>
d35e5d37 542 <term><varname>Remote=</varname></term>
798d3a52 543 <listitem>
d35e5d37 544 <para>Configures destination multicast group IP address.</para>
798d3a52
ZJS		 545 </listitem>
546 </varlistentry>
547 <varlistentry>
d35e5d37
SS		 548 <term><varname>Local=</varname></term>
549 <listitem>
550 <para>Configures local IP address.</para>
551 </listitem>
552 </varlistentry>
553 <varlistentry>
798d3a52
ZJS		 554 <term><varname>TOS=</varname></term>
555 <listitem>
556 <para>The Type Of Service byte value for a vxlan interface.</para>
557 </listitem>
558 </varlistentry>
559 <varlistentry>
560 <term><varname>TTL=</varname></term>
561 <listitem>
562 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 563 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 564 is a special value meaning that packets inherit the TTL
565 value.</para>
566 </listitem>
567 </varlistentry>
568 <varlistentry>
569 <term><varname>MacLearning=</varname></term>
570 <listitem>
571 <para>A boolean. When true, enables dynamic MAC learning
572 to discover remote MAC addresses.</para>
573 </listitem>
574 </varlistentry>
575 <varlistentry>
576 <term><varname>FDBAgeingSec=</varname></term>
577 <listitem>
578 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 579 the kernel, in seconds.</para>
798d3a52
ZJS		 580 </listitem>
581 </varlistentry>
582 <varlistentry>
3d276dd2
SS		 583 <term><varname>MaximumFDBEntries=</varname></term>
584 <listitem>
585 <para>Configures maximum number of FDB entries.</para>
586 </listitem>
587 </varlistentry>
798d3a52 588 <varlistentry>
7dd6974c 589 <term><varname>ReduceARPProxy=</varname></term>
798d3a52 590 <listitem>
7dd6974c
SS		 591 <para>A boolean. When true, bridge-connected VXLAN tunnel
592 endpoint answers ARP requests from the local bridge on behalf
593 of remote Distributed Overlay Virtual Ethernet
594 <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet">
595 (DVOE)</ulink> clients. Defaults to false.</para>
798d3a52
ZJS		 596 </listitem>
597 </varlistentry>
598 <varlistentry>
599 <term><varname>L2MissNotification=</varname></term>
600 <listitem>
601 <para>A boolean. When true, enables netlink LLADDR miss
602 notifications.</para>
603 </listitem>
604 </varlistentry>
605 <varlistentry>
606 <term><varname>L3MissNotification=</varname></term>
607 <listitem>
a8eaaee7 608 <para>A boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 609 notifications.</para>
610 </listitem>
611 </varlistentry>
612 <varlistentry>
613 <term><varname>RouteShortCircuit=</varname></term>
614 <listitem>
a8eaaee7 615 <para>A boolean. When true, route short circuiting is turned
798d3a52
ZJS		 616 on.</para>
617 </listitem>
618 </varlistentry>
cffacc74 619 <varlistentry>
53c06862 620 <term><varname>UDPChecksum=</varname></term>
cffacc74 621 <listitem>
b938cb90 622 <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 623 </listitem>
624 </varlistentry>
625 <varlistentry>
626 <term><varname>UDP6ZeroChecksumTx=</varname></term>
627 <listitem>
b938cb90 628 <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 629 </listitem>
630 </varlistentry>
631 <varlistentry>
53c06862 632 <term><varname>UDP6ZeroChecksumRx=</varname></term>
cffacc74 633 <listitem>
b938cb90 634 <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
16441027
SS		 635 </listitem>
636 </varlistentry>
637 <varlistentry>
53c06862 638 <term><varname>RemoteChecksumTx=</varname></term>
16441027
SS		 639 <listitem>
640 <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
641 </listitem>
642 </varlistentry>
643 <varlistentry>
53c06862 644 <term><varname>RemoteChecksumRx=</varname></term>
16441027
SS		 645 <listitem>
646 <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
cffacc74
SS		 647 </listitem>
648 </varlistentry>
8b414e52
SS		 649 <varlistentry>
650 <term><varname>GroupPolicyExtension=</varname></term>
651 <listitem>
b938cb90
JE		 652 <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
653 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 654 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
655 VXLAN Group Policy </ulink> document. Defaults to false.</para>
656 </listitem>
657 </varlistentry>
ea0288d1
SS		 658 <varlistentry>
659 <term><varname>DestinationPort=</varname></term>
660 <listitem>
661 <para>Configures the default destination UDP port on a per-device basis.
662 If destination port is not specified then Linux kernel default will be used.
98616735
SS		 663 Set destination port 4789 to get the IANA assigned value. If not set or if the
664 destination port is assigned the empty string the default port of 4789 is used.</para>
ea0288d1
SS		 665 </listitem>
666 </varlistentry>
667 <varlistentry>
668 <term><varname>PortRange=</varname></term>
669 <listitem>
670 <para>Configures VXLAN port range. VXLAN bases source
671 UDP port based on flow to help the receiver to be able
672 to load balance based on outer header flow. It
673 restricts the port range to the normal UDP local
674 ports, and allows overriding via configuration.</para>
675 </listitem>
676 </varlistentry>
d8653945
SS		 677 <varlistentry>
678 <term><varname>FlowLabel=</varname></term>
679 <listitem>
680 <para>Specifies the flow label to use in outgoing packets.
681 The valid range is 0-1048575.
682 </para>
683 </listitem>
684 </varlistentry>
798d3a52
ZJS		 685 </variablelist>
686 </refsect1>
6598e046
SS		 687 <refsect1>
688 <title>[GENEVE] Section Options</title>
689 <para>The <literal>[GENEVE]</literal> section only applies for
690 netdevs of kind <literal>geneve</literal>, and accepts the
691 following keys:</para>
692
693 <variablelist class='network-directives'>
694 <varlistentry>
695 <term><varname>Id=</varname></term>
696 <listitem>
785889e5 697 <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para>
6598e046
SS		 698 </listitem>
699 </varlistentry>
700 <varlistentry>
701 <term><varname>Remote=</varname></term>
702 <listitem>
703 <para>Specifies the unicast destination IP address to use in outgoing packets.</para>
704 </listitem>
705 </varlistentry>
706 <varlistentry>
707 <term><varname>TOS=</varname></term>
708 <listitem>
98616735 709 <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 710 </listitem>
711 </varlistentry>
712 <varlistentry>
713 <term><varname>TTL=</varname></term>
714 <listitem>
98616735 715 <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 716 </listitem>
717 </varlistentry>
718 <varlistentry>
719 <term><varname>UDPChecksum=</varname></term>
720 <listitem>
721 <para>A boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
722 </listitem>
723 </varlistentry>
724 <varlistentry>
725 <term><varname>UDP6ZeroChecksumTx=</varname></term>
726 <listitem>
727 <para>A boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
728 </listitem>
729 </varlistentry>
730 <varlistentry>
731 <term><varname>UDP6ZeroChecksumRx=</varname></term>
732 <listitem>
733 <para>A boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
734 </listitem>
735 </varlistentry>
736 <varlistentry>
737 <term><varname>DestinationPort=</varname></term>
738 <listitem>
98616735
SS		 739 <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default
740 port of 6081 is used.</para>
6598e046
SS		 741 </listitem>
742 </varlistentry>
743 <varlistentry>
744 <term><varname>FlowLabel=</varname></term>
745 <listitem>
746 <para>Specifies the flow label to use in outgoing packets.</para>
747 </listitem>
748 </varlistentry>
749 </variablelist>
750 </refsect1>
798d3a52
ZJS		 751 <refsect1>
752 <title>[Tunnel] Section Options</title>
753
754 <para>The <literal>[Tunnel]</literal> section only applies for
755 netdevs of kind
756 <literal>ipip</literal>,
757 <literal>sit</literal>,
758 <literal>gre</literal>,
759 <literal>gretap</literal>,
760 <literal>ip6gre</literal>,
761 <literal>ip6gretap</literal>,
5cc0748e
SS		 762 <literal>vti</literal>,
763 <literal>vti6</literal>, and
798d3a52
ZJS		 764 <literal>ip6tnl</literal> and accepts
765 the following keys:</para>
766
767 <variablelist class='network-directives'>
768 <varlistentry>
769 <term><varname>Local=</varname></term>
770 <listitem>
771 <para>A static local address for tunneled packets. It must
772 be an address on another interface of this host.</para>
773 </listitem>
774 </varlistentry>
775 <varlistentry>
776 <term><varname>Remote=</varname></term>
777 <listitem>
778 <para>The remote endpoint of the tunnel.</para>
779 </listitem>
780 </varlistentry>
781 <varlistentry>
782 <term><varname>TOS=</varname></term>
783 <listitem>
784 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 785 For details about the TOS, see the
798d3a52
ZJS		 786 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
787 Service in the Internet Protocol Suite </ulink> document.
788 </para>
789 </listitem>
790 </varlistentry>
791 <varlistentry>
792 <term><varname>TTL=</varname></term>
793 <listitem>
794 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 795 number in the range 1–255. 0 is a special value meaning that
798d3a52 796 packets inherit the TTL value. The default value for IPv4
b938cb90 797 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 798 64.</para>
799 </listitem>
800 </varlistentry>
801 <varlistentry>
802 <term><varname>DiscoverPathMTU=</varname></term>
803 <listitem>
804 <para>A boolean. When true, enables Path MTU Discovery on
805 the tunnel.</para>
806 </listitem>
807 </varlistentry>
276de526
SS		 808 <varlistentry>
809 <term><varname>IPv6FlowLabel=</varname></term>
810 <listitem>
a8eaaee7 811 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 812 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 813 RFC 2460</ulink>), which is used by a node to label packets of a flow.
814 It is only used for IPv6 tunnels.
815 A flow label of zero is used to indicate packets that have
816 not been labeled.
817 It can be configured to a value in the range 0–0xFFFFF, or be
818 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 819 </listitem>
820 </varlistentry>
9b0ca30a 821 <varlistentry>
a9b70f9d 822 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 823 <listitem>
3cf4bcab
ZJS		 824 <para>A boolean. When true, the Differentiated Service Code
825 Point (DSCP) field will be copied to the inner header from
a9b70f9d 826 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 827 packet. DSCP is a field in an IP packet that enables different
828 levels of service to be assigned to network traffic.
829 Defaults to <literal>no</literal>.
9b0ca30a
SS		 830 </para>
831 </listitem>
832 </varlistentry>
dae398a8
SS		 833 <varlistentry>
834 <term><varname>EncapsulationLimit=</varname></term>
835 <listitem>
836 <para>The Tunnel Encapsulation Limit option specifies how many additional
837 levels of encapsulation are permitted to be prepended to the packet.
838 For example, a Tunnel Encapsulation Limit option containing a limit
839 value of zero means that a packet carrying that option may not enter
840 another tunnel before exiting the current tunnel.
841 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 842 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 843 </para>
844 </listitem>
845 </varlistentry>
1d710029
SS		 846 <varlistentry>
847 <term><varname>Key=</varname></term>
848 <listitem>
849 <para>The <varname>Key=</varname> parameter specifies the same key to use in
850 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
851 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
852 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
853 and control path) in ip xfrm (framework used to implement IPsec protocol).
854 See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
e306f2df 855 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
1d710029
SS		 856 tunnels.</para>
857 </listitem>
858 </varlistentry>
859 <varlistentry>
860 <term><varname>InputKey=</varname></term>
861 <listitem>
862 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
863 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
864 </listitem>
865 </varlistentry>
866 <varlistentry>
867 <term><varname>OutputKey=</varname></term>
868 <listitem>
869 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
870 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
871 </listitem>
872 </varlistentry>
798d3a52
ZJS		 873 <varlistentry>
874 <term><varname>Mode=</varname></term>
875 <listitem>
a8eaaee7 876 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 877 modes
878 <literal>ip6ip6</literal> for IPv6 over IPv6,
879 <literal>ipip6</literal> for IPv4 over IPv6 or
880 <literal>any</literal> for either.
881 </para>
882 </listitem>
883 </varlistentry>
4d7fa6de
SS		 884 <varlistentry>
885 <term><varname>Independent=</varname></term>
886 <listitem>
887 <para>A boolean. When true tunnel does not require .network file. Created as "tunnel@NONE".
888 Defaults to <literal>false</literal>.
889 </para>
890 </listitem>
891 </varlistentry>
3a4f3e42
SS		 892 <varlistentry>
893 <term><varname>AllowLocalRemote=</varname></term>
894 <listitem>
895 <para>A boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
896 Defaults to unset.
897 </para>
898 </listitem>
899 </varlistentry>
798d3a52
ZJS		 900 </variablelist>
901 </refsect1>
902 <refsect1>
903 <title>[Peer] Section Options</title>
904
905 <para>The <literal>[Peer]</literal> section only applies for
906 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 907 following keys:</para>
798d3a52
ZJS		 908
909 <variablelist class='network-directives'>
910 <varlistentry>
911 <term><varname>Name=</varname></term>
912 <listitem>
913 <para>The interface name used when creating the netdev.
914 This option is compulsory.</para>
915 </listitem>
916 </varlistentry>
917 <varlistentry>
918 <term><varname>MACAddress=</varname></term>
919 <listitem>
b938cb90 920 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 921 the same way as the MAC address of the main
922 interface.</para>
923 </listitem>
924 </varlistentry>
925 </variablelist>
926 </refsect1>
d6df583c
SS		 927 <refsect1>
928 <title>[VXCAN] Section Options</title>
929 <para>The <literal>[VXCAN]</literal> section only applies for
930 netdevs of kind <literal>vxcan</literal> and accepts the
931 following key:</para>
932
933 <variablelist class='network-directives'>
934 <varlistentry>
935 <term><varname>Peer=</varname></term>
936 <listitem>
937 <para>The peer interface name used when creating the netdev.
938 This option is compulsory.</para>
939 </listitem>
940 </varlistentry>
941 </variablelist>
942 </refsect1>
798d3a52
ZJS		 943 <refsect1>
944 <title>[Tun] Section Options</title>
945
946 <para>The <literal>[Tun]</literal> section only applies for
947 netdevs of kind <literal>tun</literal>, and accepts the following
948 keys:</para>
949
950 <variablelist class='network-directives'>
951 <varlistentry>
952 <term><varname>OneQueue=</varname></term>
953 <listitem><para>Takes a boolean argument. Configures whether
954 all packets are queued at the device (enabled), or a fixed
955 number of packets are queued at the device and the rest at the
956 <literal>qdisc</literal>. Defaults to
957 <literal>no</literal>.</para>
958 </listitem>
959 </varlistentry>
960 <varlistentry>
961 <term><varname>MultiQueue=</varname></term>
962 <listitem><para>Takes a boolean argument. Configures whether
963 to use multiple file descriptors (queues) to parallelize
964 packets sending and receiving. Defaults to
965 <literal>no</literal>.</para>
966 </listitem>
967 </varlistentry>
968 <varlistentry>
969 <term><varname>PacketInfo=</varname></term>
970 <listitem><para>Takes a boolean argument. Configures whether
ff9b60f3 971 packets should be prepended with four extra bytes (two flag
b938cb90 972 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 973 the packets will be pure IP packets. Defaults to
974 <literal>no</literal>.</para>
975 </listitem>
976 </varlistentry>
43f78da4 977 <varlistentry>
2aba142e 978 <term><varname>VNetHeader=</varname></term>
43f78da4
SS		 979 <listitem><para>Takes a boolean argument. Configures
980 IFF_VNET_HDR flag for a tap device. It allows sending
981 and receiving larger Generic Segmentation Offload (GSO)
982 packets. This may increase throughput significantly.
983 Defaults to
984 <literal>no</literal>.</para>
985 </listitem>
986 </varlistentry>
798d3a52
ZJS		 987 <varlistentry>
988 <term><varname>User=</varname></term>
989 <listitem><para>User to grant access to the
990 <filename>/dev/net/tun</filename> device.</para>
991 </listitem>
992 </varlistentry>
993 <varlistentry>
994 <term><varname>Group=</varname></term>
995 <listitem><para>Group to grant access to the
996 <filename>/dev/net/tun</filename> device.</para>
997 </listitem>
998 </varlistentry>
999
1000 </variablelist>
1001
1002 </refsect1>
1003
1004 <refsect1>
1005 <title>[Tap] Section Options</title>
1006
1007 <para>The <literal>[Tap]</literal> section only applies for
1008 netdevs of kind <literal>tap</literal>, and accepts the same keys
1009 as the <literal>[Tun]</literal> section.</para>
1010 </refsect1>
1011
1012 <refsect1>
1013 <title>[Bond] Section Options</title>
1014
1015 <para>The <literal>[Bond]</literal> section accepts the following
1016 key:</para>
1017
1018 <variablelist class='network-directives'>
1019 <varlistentry>
1020 <term><varname>Mode=</varname></term>
1021 <listitem>
1022 <para>Specifies one of the bonding policies. The default is
1023 <literal>balance-rr</literal> (round robin). Possible values are
1024 <literal>balance-rr</literal>,
1025 <literal>active-backup</literal>,
1026 <literal>balance-xor</literal>,
1027 <literal>broadcast</literal>,
1028 <literal>802.3ad</literal>,
1029 <literal>balance-tlb</literal>, and
1030 <literal>balance-alb</literal>.
1031 </para>
1032 </listitem>
1033 </varlistentry>
1034
1035 <varlistentry>
1036 <term><varname>TransmitHashPolicy=</varname></term>
1037 <listitem>
1038 <para>Selects the transmit hash policy to use for slave
1039 selection in balance-xor, 802.3ad, and tlb modes. Possible
1040 values are
1041 <literal>layer2</literal>,
1042 <literal>layer3+4</literal>,
1043 <literal>layer2+3</literal>,
4d89618a 1044 <literal>encap2+3</literal>, and
798d3a52
ZJS		 1045 <literal>encap3+4</literal>.
1046 </para>
1047 </listitem>
1048 </varlistentry>
1049
1050 <varlistentry>
1051 <term><varname>LACPTransmitRate=</varname></term>
1052 <listitem>
1053 <para>Specifies the rate with which link partner transmits
1054 Link Aggregation Control Protocol Data Unit packets in
1055 802.3ad mode. Possible values are <literal>slow</literal>,
1056 which requests partner to transmit LACPDUs every 30 seconds,
1057 and <literal>fast</literal>, which requests partner to
1058 transmit LACPDUs every second. The default value is
1059 <literal>slow</literal>.</para>
1060 </listitem>
1061 </varlistentry>
1062
1063 <varlistentry>
1064 <term><varname>MIIMonitorSec=</varname></term>
1065 <listitem>
1066 <para>Specifies the frequency that Media Independent
1067 Interface link monitoring will occur. A value of zero
dd2b607b 1068 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 1069 the nearest millisecond. The default value is 0.</para>
1070 </listitem>
1071 </varlistentry>
1072
1073 <varlistentry>
1074 <term><varname>UpDelaySec=</varname></term>
1075 <listitem>
1076 <para>Specifies the delay before a link is enabled after a
1077 link up status has been detected. This value is rounded down
1078 to a multiple of MIIMonitorSec. The default value is
1079 0.</para>
1080 </listitem>
1081 </varlistentry>
1082
1083 <varlistentry>
1084 <term><varname>DownDelaySec=</varname></term>
1085 <listitem>
1086 <para>Specifies the delay before a link is disabled after a
1087 link down status has been detected. This value is rounded
1088 down to a multiple of MIIMonitorSec. The default value is
1089 0.</para>
1090 </listitem>
1091 </varlistentry>
1092
81bd37a8 1093 <varlistentry>
38422da7 1094 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 1095 <listitem>
1096 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 1097 driver sends learning packets to each slave peer switch.
1098 The valid range is 1–0x7fffffff; the default value is 1. This option
1099 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 1100 </listitem>
1101 </varlistentry>
1102
1103 <varlistentry>
1104 <term><varname>AdSelect=</varname></term>
1105 <listitem>
1106 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
1107 <literal>stable</literal>,
a8eaaee7
JE		 1108 <literal>bandwidth</literal> and
1109 <literal>count</literal>.
81bd37a8
SS		 1110 </para>
1111 </listitem>
1112 </varlistentry>
1113
1114 <varlistentry>
38422da7 1115 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 1116 <listitem>
a8eaaee7
JE		 1117 <para>Specifies whether the active-backup mode should set all slaves to
1118 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 1119 bond's MAC address in accordance with the selected policy. The default policy is none.
1120 Possible values are
1121 <literal>none</literal>,
a8eaaee7
JE		 1122 <literal>active</literal> and
1123 <literal>follow</literal>.
81bd37a8
SS		 1124 </para>
1125 </listitem>
1126 </varlistentry>
1127
1128 <varlistentry>
38422da7 1129 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 1130 <listitem>
1131 <para>Specifies whether or not ARP probes and replies should be
38422da7 1132 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 1133 non-ARP traffic should be filtered (disregarded) for link
1134 monitoring purposes. Possible values are
1135 <literal>none</literal>,
1136 <literal>active</literal>,
a8eaaee7
JE		 1137 <literal>backup</literal> and
1138 <literal>all</literal>.
81bd37a8
SS		 1139 </para>
1140 </listitem>
1141 </varlistentry>
1142
1143 <varlistentry>
38422da7 1144 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 1145 <listitem>
1146 <para>Specifies the ARP link monitoring frequency in milliseconds.
1147 A value of 0 disables ARP monitoring. The default value is 0.
1148 </para>
1149 </listitem>
1150 </varlistentry>
1151
1152 <varlistentry>
38422da7 1153 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 1154 <listitem>
1155 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 1156 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 1157 sent to determine the health of the link to the targets.
a8eaaee7 1158 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 1159 address must be given for ARP monitoring to function. The
1160 maximum number of targets that can be specified is 16. The
1161 default value is no IP addresses.
1162 </para>
1163 </listitem>
1164 </varlistentry>
1165
1166 <varlistentry>
38422da7 1167 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 1168 <listitem>
38422da7 1169 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 1170 in order for the ARP monitor to consider a slave as being up.
1171 This option affects only active-backup mode for slaves with
38422da7 1172 ARPValidate enabled. Possible values are
a8eaaee7
JE		 1173 <literal>any</literal> and
1174 <literal>all</literal>.
81bd37a8
SS		 1175 </para>
1176 </listitem>
1177 </varlistentry>
1178
1179 <varlistentry>
38422da7 1180 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 1181 <listitem>
1182 <para>Specifies the reselection policy for the primary slave. This
1183 affects how the primary slave is chosen to become the active slave
1184 when failure of the active slave or recovery of the primary slave
1185 occurs. This option is designed to prevent flip-flopping between
1186 the primary slave and other slaves. Possible values are
1187 <literal>always</literal>,
a8eaaee7
JE		 1188 <literal>better</literal> and
1189 <literal>failure</literal>.
81bd37a8
SS		 1190 </para>
1191 </listitem>
1192 </varlistentry>
1193
1194 <varlistentry>
1195 <term><varname>ResendIGMP=</varname></term>
1196 <listitem>
1197 <para>Specifies the number of IGMP membership reports to be issued after
1198 a failover event. One membership report is issued immediately after
1199 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 1200 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 1201 prevents the IGMP membership report from being issued in response
1202 to the failover event.
1203 </para>
1204 </listitem>
1205 </varlistentry>
1206
1207 <varlistentry>
1208 <term><varname>PacketsPerSlave=</varname></term>
1209 <listitem>
b938cb90
JE		 1210 <para>Specify the number of packets to transmit through a slave before
1211 moving to the next one. When set to 0, then a slave is chosen at
1212 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 1213 only has effect when in balance-rr mode.
81bd37a8
SS		 1214 </para>
1215 </listitem>
1216 </varlistentry>
1217
1218 <varlistentry>
38422da7 1219 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 1220 <listitem>
1221 <para>Specify the number of peer notifications (gratuitous ARPs and
1222 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 1223 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 1224 a peer notification is sent on the bonding device and each
1225 VLAN sub-device. This is repeated at each link monitor interval
38422da7 1226 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 1227 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 1228 These options affect only the active-backup mode.
81bd37a8
SS		 1229 </para>
1230 </listitem>
1231 </varlistentry>
1232
1233 <varlistentry>
1234 <term><varname>AllSlavesActive=</varname></term>
1235 <listitem>
a8eaaee7
JE		 1236 <para>A boolean. Specifies that duplicate frames (received on inactive ports)
1237 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 1238 duplicate frames (received on inactive ports), which is desirable for
1239 most users. But there are some times it is nice to allow duplicate
1240 frames to be delivered. The default value is false (drop duplicate frames
1241 received on inactive ports).
1242 </para>
1243 </listitem>
1244 </varlistentry>
1245
1246 <varlistentry>
1247 <term><varname>MinLinks=</varname></term>
1248 <listitem>
1249 <para>Specifies the minimum number of links that must be active before
1250 asserting carrier. The default value is 0.
1251 </para>
1252 </listitem>
1253 </varlistentry>
798d3a52 1254 </variablelist>
81bd37a8
SS		 1255
1256 <para>For more detail information see
1257 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
1258 Linux Ethernet Bonding Driver HOWTO</ulink></para>
1259
798d3a52
ZJS		 1260 </refsect1>
1261
1262 <refsect1>
1263 <title>Example</title>
1264 <example>
6c1695be 1265 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 1266
1267 <programlisting>[NetDev]
eac684ef
TG		 1268Name=bridge0
1269Kind=bridge</programlisting>
798d3a52 1270 </example>
eac684ef 1271
798d3a52 1272 <example>
6c1695be 1273 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 1274
798d3a52 1275 <programlisting>[Match]
eac684ef
TG		 1276Virtualization=no
1277
1278[NetDev]
1279Name=vlan1
1280Kind=vlan
1281
1282[VLAN]
1283Id=1</programlisting>
798d3a52
ZJS		 1284 </example>
1285 <example>
6c1695be 1286 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1287 <programlisting>[NetDev]
b35a2909
TG		 1288Name=ipip-tun
1289Kind=ipip
1290MTUBytes=1480
1291
1292[Tunnel]
1293Local=192.168.223.238
1294Remote=192.169.224.239
1295TTL=64</programlisting>
798d3a52
ZJS		 1296 </example>
1297 <example>
6c1695be 1298 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1299 <programlisting>[NetDev]
30ae9dfd
SS		 1300Name=tap-test
1301Kind=tap
1302
1303[Tap]
1304MultiQueue=true
1305PacketInfo=true</programlisting> </example>
eac684ef 1306
798d3a52 1307 <example>
6c1695be 1308 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1309 <programlisting>[NetDev]
b35a2909
TG		 1310Name=sit-tun
1311Kind=sit
1312MTUBytes=1480
1313
1314[Tunnel]
1315Local=10.65.223.238
1316Remote=10.65.223.239</programlisting>
798d3a52 1317 </example>
eac684ef 1318
798d3a52 1319 <example>
6c1695be 1320 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1321 <programlisting>[NetDev]
b35a2909
TG		 1322Name=gre-tun
1323Kind=gre
1324MTUBytes=1480
1325
1326[Tunnel]
1327Local=10.65.223.238
1328Remote=10.65.223.239</programlisting>
798d3a52 1329 </example>
b35a2909 1330
798d3a52 1331 <example>
6c1695be 1332 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1333
798d3a52 1334 <programlisting>[NetDev]
b35a2909
TG		 1335Name=vti-tun
1336Kind=vti
1337MTUBytes=1480
1338
1339[Tunnel]
1340Local=10.65.223.238
1341Remote=10.65.223.239</programlisting>
798d3a52 1342 </example>
b35a2909 1343
798d3a52 1344 <example>
6c1695be 1345 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1346 <programlisting>[NetDev]
b35a2909
TG		 1347Name=veth-test
1348Kind=veth
1349
1350[Peer]
1351Name=veth-peer</programlisting>
798d3a52 1352 </example>
b35a2909 1353
d94facdc 1354 <example>
6c1695be 1355 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1356 <programlisting>[NetDev]
1357Name=bond1
1358Kind=bond
1359
1360[Bond]
1361Mode=802.3ad
1362TransmitHashPolicy=layer3+4
1363MIIMonitorSec=1s
1364LACPTransmitRate=fast
1365</programlisting>
1366 </example>
1367
798d3a52 1368 <example>
6c1695be 1369 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1370 <programlisting>[NetDev]
9e358851
TG		 1371Name=dummy-test
1372Kind=dummy
1373MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 1374 </example>
20897a0d
AR		 1375 <example>
1376 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 1377 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 1378 <programlisting>[NetDev]
1379Name=vrf-test
1380Kind=vrf
798d3a52 1381
20897a0d 1382[VRF]
362f6336 1383Table=42</programlisting>
20897a0d 1384 </example>
42125eda
SS		 1385
1386 <example>
1387 <title>/etc/systemd/network/25-macvtap.netdev</title>
1388 <para>Create a MacVTap device.</para>
1389 <programlisting>[NetDev]
1390Name=macvtap-test
1391Kind=macvtap
1392 </programlisting>
1393 </example>
798d3a52
ZJS		 1394 </refsect1>
1395 <refsect1>
1396 <title>See Also</title>
1397 <para>
1398 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1399 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1400 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1401 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1402 </para>
1403 </refsect1>
eac684ef
TG		 1404
1405</refentry>
Unnamed repository; edit this file 'description' to name the repository.