]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
busctl: use Monitoring interface (#3245)
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef
TG		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
eac684ef
TG		 4
5<!--
6 This file is part of systemd.
7
8 Copyright 2013 Tom Gundersen
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
24<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
25
798d3a52
ZJS		 26 <refentryinfo>
27 <title>systemd.network</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Tom</firstname>
34 <surname>Gundersen</surname>
35 <email>teg@jklm.no</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.netdev</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.netdev</refname>
47 <refpurpose>Virtual Network Device configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
57 <para>Network setup is performed by
58 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
59 </para>
60
61 <para>Virtual Network Device files must have the extension
62 <filename>.netdev</filename>; other extensions are ignored.
63 Virtual network devices are created as soon as networkd is
64 started. If a netdev with the specified name already exists,
65 networkd will use that as-is rather than create its own. Note that
66 the settings of the pre-existing netdev will not be changed by
67 networkd.</para>
68
69 <para>The <filename>.netdev</filename> files are read from the
70 files located in the system network directory
12b42c76 71 <filename>/usr/lib/systemd/network</filename>, the volatile
798d3a52
ZJS		 72 runtime network directory
73 <filename>/run/systemd/network</filename> and the local
74 administration network directory
12b42c76 75 <filename>/etc/systemd/network</filename>. All configuration files
798d3a52
ZJS		 76 are collectively sorted and processed in lexical order, regardless
77 of the directories in which they live. However, files with
78 identical filenames replace each other. Files in
79 <filename>/etc</filename> have the highest priority, files in
80 <filename>/run</filename> take precedence over files with the same
12b42c76 81 name in <filename>/usr/lib</filename>. This can be used to
798d3a52 82 override a system-supplied configuration file with a local file if
57e27ec0 83 needed. As a special case, an empty file (file size 0) or symlink
b938cb90 84 with the same name pointing to <filename>/dev/null</filename>
a8eaaee7 85 disables the configuration file entirely (it is "masked").</para>
798d3a52
ZJS		 86 </refsect1>
87
88 <refsect1>
89 <title>Supported netdev kinds</title>
90
91 <para>The following kinds of virtual network devices may be
92 configured in <filename>.netdev</filename> files:</para>
93
94 <table>
95 <title>Supported kinds of virtual network devices</title>
96
97 <tgroup cols='2'>
98 <colspec colname='kind' />
99 <colspec colname='explanation' />
100 <thead><row>
101 <entry>Kind</entry>
102 <entry>Description</entry>
103 </row></thead>
104 <tbody>
105 <row><entry><varname>bond</varname></entry>
106 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
107
108 <row><entry><varname>bridge</varname></entry>
a8eaaee7 109 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 110
111 <row><entry><varname>dummy</varname></entry>
112 <entry>A dummy device drops all packets sent to it.</entry></row>
113
114 <row><entry><varname>gre</varname></entry>
115 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
116
117 <row><entry><varname>gretap</varname></entry>
118 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
119
120 <row><entry><varname>ip6gre</varname></entry>
121 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
122
123 <row><entry><varname>ip6tnl</varname></entry>
124 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
125
126 <row><entry><varname>ip6gretap</varname></entry>
127 <entry>An Level 2 GRE tunnel over IPv6.</entry></row>
128
129 <row><entry><varname>ipip</varname></entry>
130 <entry>An IPv4 over IPv4 tunnel.</entry></row>
131
132 <row><entry><varname>ipvlan</varname></entry>
133 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
134
135 <row><entry><varname>macvlan</varname></entry>
136 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
137
0371f2df
SS		 138 <row><entry><varname>macvtap</varname></entry>
139 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
140
798d3a52
ZJS		 141 <row><entry><varname>sit</varname></entry>
142 <entry>An IPv6 over IPv4 tunnel.</entry></row>
143
144 <row><entry><varname>tap</varname></entry>
145 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
146
147 <row><entry><varname>tun</varname></entry>
148 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
149
150 <row><entry><varname>veth</varname></entry>
a8eaaee7 151 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 152
153 <row><entry><varname>vlan</varname></entry>
154 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
155
156 <row><entry><varname>vti</varname></entry>
157 <entry>An IPv4 over IPSec tunnel.</entry></row>
158
5cc0748e
SS		 159 <row><entry><varname>vti6</varname></entry>
160 <entry>An IPv6 over IPSec tunnel.</entry></row>
161
798d3a52
ZJS		 162 <row><entry><varname>vxlan</varname></entry>
163 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
164 </tbody>
165 </tgroup>
166 </table>
167
168 </refsect1>
169
170 <refsect1>
171 <title>[Match] Section Options</title>
172
173 <para>A virtual network device is only created if the
174 <literal>[Match]</literal> section matches the current
175 environment, or if the section is empty. The following keys are
176 accepted:</para>
177
178 <variablelist class='network-directives'>
179 <varlistentry>
180 <term><varname>Host=</varname></term>
181 <listitem>
182 <para>Matches against the hostname or machine ID of the
183 host. See <literal>ConditionHost=</literal> in
184 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
185 for details.
186 </para>
187 </listitem>
188 </varlistentry>
189 <varlistentry>
190 <term><varname>Virtualization=</varname></term>
191 <listitem>
192 <para>Checks whether the system is executed in a virtualized
193 environment and optionally test whether it is a specific
194 implementation. See
195 <literal>ConditionVirtualization=</literal> in
196 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
197 for details.
198 </para>
199 </listitem>
200 </varlistentry>
201 <varlistentry>
202 <term><varname>KernelCommandLine=</varname></term>
203 <listitem>
204 <para>Checks whether a specific kernel command line option
205 is set (or if prefixed with the exclamation mark unset). See
206 <literal>ConditionKernelCommandLine=</literal> in
207 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
208 for details.
209 </para>
210 </listitem>
211 </varlistentry>
212 <varlistentry>
213 <term><varname>Architecture=</varname></term>
214 <listitem>
215 <para>Checks whether the system is running on a specific
216 architecture. See <literal>ConditionArchitecture=</literal> in
217 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
218 for details.
219 </para>
220 </listitem>
221 </varlistentry>
222 </variablelist>
223
224 </refsect1>
225
226 <refsect1>
227 <title>[NetDev] Section Options</title>
228
229 <para>The <literal>[NetDev]</literal> section accepts the
230 following keys:</para>
231
232 <variablelist class='network-directives'>
233 <varlistentry>
234 <term><varname>Description=</varname></term>
235 <listitem>
236 <para>A free-form description of the netdev.</para>
237 </listitem>
238 </varlistentry>
239 <varlistentry>
240 <term><varname>Name=</varname></term>
241 <listitem>
242 <para>The interface name used when creating the netdev.
243 This option is compulsory.</para>
244 </listitem>
245 </varlistentry>
246 <varlistentry>
247 <term><varname>Kind=</varname></term>
248 <listitem>
249 <para>The netdev kind. This option is compulsory. See the
250 <literal>Supported netdev kinds</literal> section for the
251 valid keys.</para>
252 </listitem>
253 </varlistentry>
254 <varlistentry>
255 <term><varname>MTUBytes=</varname></term>
256 <listitem>
257 <para>The maximum transmission unit in bytes to set for
258 the device. The usual suffixes K, M, G, are supported and
259 are understood to the base of 1024. This key is not
ff9b60f3 260 currently supported for <literal>tun</literal> or
798d3a52
ZJS		 261 <literal>tap</literal> devices.
262 </para>
263 </listitem>
264 </varlistentry>
265 <varlistentry>
266 <term><varname>MACAddress=</varname></term>
267 <listitem>
268 <para>The MAC address to use for the device. If none is
269 given, one is generated based on the interface name and
270 the
271 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
ff9b60f3 272 This key is not currently supported for
798d3a52
ZJS		 273 <literal>tun</literal> or <literal>tap</literal> devices.
274 </para>
275 </listitem>
276 </varlistentry>
277 </variablelist>
278 </refsect1>
279
3428fe07
SS		 280 <refsect1>
281 <title>[Bridge] Section Options</title>
282
283 <para>The <literal>[Bridge]</literal> section only applies for
284 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 285 following keys:</para>
3428fe07
SS		 286
287 <variablelist class='network-directives'>
288 <varlistentry>
289 <term><varname>HelloTimeSec=</varname></term>
290 <listitem>
a8eaaee7 291 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 292 sent out by the root bridge and the designated bridges. Hello packets are
293 used to communicate information about the topology throughout the entire
294 bridged local area network.</para>
295 </listitem>
296 </varlistentry>
297 <varlistentry>
298 <term><varname>MaxAgeSec=</varname></term>
299 <listitem>
300 <para>MaxAgeSec specifies the number of seconds of maximum message age.
301 If the last seen (received) hello packet is more than this number of
302 seconds old, the bridge in question will start the takeover procedure
303 in attempt to become the Root Bridge itself.</para>
304 </listitem>
305 </varlistentry>
306 <varlistentry>
307 <term><varname>ForwardDelaySec=</varname></term>
308 <listitem>
309 <para>ForwardDelaySec specifies the number of seconds spent in each
310 of the Listening and Learning states before the Forwarding state is entered.</para>
311 </listitem>
312 </varlistentry>
3fef7a3f
SS		 313 <varlistentry>
314 <term><varname>MulticastQuerier=</varname></term>
315 <listitem>
316 <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
317 If enabled, the kernel will send general ICMP queries from a zero source address.
318 This feature should allow faster convergence on startup, but it causes some
319 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
320 When unset, the kernel's default setting applies.
321 </para>
322 </listitem>
323 </varlistentry>
3428fe07
SS		 324 </variablelist>
325
326 </refsect1>
327
798d3a52
ZJS		 328 <refsect1>
329 <title>[VLAN] Section Options</title>
330
331 <para>The <literal>[VLAN]</literal> section only applies for
332 netdevs of kind <literal>vlan</literal>, and accepts the
333 following key:</para>
334
335 <variablelist class='network-directives'>
336 <varlistentry>
337 <term><varname>Id=</varname></term>
338 <listitem>
339 <para>The VLAN ID to use. An integer in the range 0–4094.
340 This option is compulsory.</para>
341 </listitem>
342 </varlistentry>
343 </variablelist>
344
345 </refsect1>
346
347 <refsect1>
348 <title>[MACVLAN] Section Options</title>
349
350 <para>The <literal>[MACVLAN]</literal> section only applies for
351 netdevs of kind <literal>macvlan</literal>, and accepts the
352 following key:</para>
353
354 <variablelist class='network-directives'>
355 <varlistentry>
356 <term><varname>Mode=</varname></term>
357 <listitem>
358 <para>The MACVLAN mode to use. The supported options are
359 <literal>private</literal>,
360 <literal>vepa</literal>,
361 <literal>bridge</literal>, and
362 <literal>passthru</literal>.
363 </para>
364 </listitem>
365 </varlistentry>
366 </variablelist>
367
368 </refsect1>
369
0371f2df
SS		 370 <refsect1>
371 <title>[MACVTAP] Section Options</title>
372
373 <para>The <literal>[MACVTAP]</literal> section applies for
374 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 375 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 376
377 </refsect1>
378
798d3a52
ZJS		 379 <refsect1>
380 <title>[IPVLAN] Section Options</title>
381
382 <para>The <literal>[IPVLAN]</literal> section only applies for
383 netdevs of kind <literal>ipvlan</literal>, and accepts the
384 following key:</para>
385
386 <variablelist class='network-directives'>
387 <varlistentry>
388 <term><varname>Mode=</varname></term>
389 <listitem>
390 <para>The IPVLAN mode to use. The supported options are
391 <literal>L2</literal> and <literal>L3</literal>.
392 </para>
393 </listitem>
394 </varlistentry>
395 </variablelist>
396
397 </refsect1>
398
399 <refsect1>
400 <title>[VXLAN] Section Options</title>
401 <para>The <literal>[VXLAN]</literal> section only applies for
402 netdevs of kind <literal>vxlan</literal>, and accepts the
403 following keys:</para>
404
405 <variablelist class='network-directives'>
406 <varlistentry>
407 <term><varname>Id=</varname></term>
408 <listitem>
409 <para>The VXLAN ID to use.</para>
410 </listitem>
411 </varlistentry>
412 <varlistentry>
413 <term><varname>Group=</varname></term>
414 <listitem>
415 <para>An assigned multicast group IP address.</para>
416 </listitem>
417 </varlistentry>
418 <varlistentry>
419 <term><varname>TOS=</varname></term>
420 <listitem>
421 <para>The Type Of Service byte value for a vxlan interface.</para>
422 </listitem>
423 </varlistentry>
424 <varlistentry>
425 <term><varname>TTL=</varname></term>
426 <listitem>
427 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 428 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 429 is a special value meaning that packets inherit the TTL
430 value.</para>
431 </listitem>
432 </varlistentry>
433 <varlistentry>
434 <term><varname>MacLearning=</varname></term>
435 <listitem>
436 <para>A boolean. When true, enables dynamic MAC learning
437 to discover remote MAC addresses.</para>
438 </listitem>
439 </varlistentry>
440 <varlistentry>
441 <term><varname>FDBAgeingSec=</varname></term>
442 <listitem>
443 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 444 the kernel, in seconds.</para>
798d3a52
ZJS		 445 </listitem>
446 </varlistentry>
447 <varlistentry>
3d276dd2
SS		 448 <term><varname>MaximumFDBEntries=</varname></term>
449 <listitem>
450 <para>Configures maximum number of FDB entries.</para>
451 </listitem>
452 </varlistentry>
798d3a52
ZJS		 453 <varlistentry>
454 <term><varname>ARPProxy=</varname></term>
455 <listitem>
a8eaaee7 456 <para>A boolean. When true, enables ARP proxying.</para>
798d3a52
ZJS		 457 </listitem>
458 </varlistentry>
459 <varlistentry>
460 <term><varname>L2MissNotification=</varname></term>
461 <listitem>
462 <para>A boolean. When true, enables netlink LLADDR miss
463 notifications.</para>
464 </listitem>
465 </varlistentry>
466 <varlistentry>
467 <term><varname>L3MissNotification=</varname></term>
468 <listitem>
a8eaaee7 469 <para>A boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 470 notifications.</para>
471 </listitem>
472 </varlistentry>
473 <varlistentry>
474 <term><varname>RouteShortCircuit=</varname></term>
475 <listitem>
a8eaaee7 476 <para>A boolean. When true, route short circuiting is turned
798d3a52
ZJS		 477 on.</para>
478 </listitem>
479 </varlistentry>
cffacc74
SS		 480 <varlistentry>
481 <term><varname>UDPCheckSum=</varname></term>
482 <listitem>
b938cb90 483 <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 484 </listitem>
485 </varlistentry>
486 <varlistentry>
487 <term><varname>UDP6ZeroChecksumTx=</varname></term>
488 <listitem>
b938cb90 489 <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 490 </listitem>
491 </varlistentry>
492 <varlistentry>
493 <term><varname>UDP6ZeroCheckSumRx=</varname></term>
494 <listitem>
b938cb90 495 <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 496 </listitem>
497 </varlistentry>
8b414e52
SS		 498 <varlistentry>
499 <term><varname>GroupPolicyExtension=</varname></term>
500 <listitem>
b938cb90
JE		 501 <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
502 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 503 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
504 VXLAN Group Policy </ulink> document. Defaults to false.</para>
505 </listitem>
506 </varlistentry>
ea0288d1
SS		 507 <varlistentry>
508 <term><varname>DestinationPort=</varname></term>
509 <listitem>
510 <para>Configures the default destination UDP port on a per-device basis.
511 If destination port is not specified then Linux kernel default will be used.
512 Set destination port 4789 to get the IANA assigned value,
513 and destination port 0 to get default values.</para>
514 </listitem>
515 </varlistentry>
516 <varlistentry>
517 <term><varname>PortRange=</varname></term>
518 <listitem>
519 <para>Configures VXLAN port range. VXLAN bases source
520 UDP port based on flow to help the receiver to be able
521 to load balance based on outer header flow. It
522 restricts the port range to the normal UDP local
523 ports, and allows overriding via configuration.</para>
524 </listitem>
525 </varlistentry>
798d3a52
ZJS		 526 </variablelist>
527 </refsect1>
528 <refsect1>
529 <title>[Tunnel] Section Options</title>
530
531 <para>The <literal>[Tunnel]</literal> section only applies for
532 netdevs of kind
533 <literal>ipip</literal>,
534 <literal>sit</literal>,
535 <literal>gre</literal>,
536 <literal>gretap</literal>,
537 <literal>ip6gre</literal>,
538 <literal>ip6gretap</literal>,
5cc0748e
SS		 539 <literal>vti</literal>,
540 <literal>vti6</literal>, and
798d3a52
ZJS		 541 <literal>ip6tnl</literal> and accepts
542 the following keys:</para>
543
544 <variablelist class='network-directives'>
545 <varlistentry>
546 <term><varname>Local=</varname></term>
547 <listitem>
548 <para>A static local address for tunneled packets. It must
549 be an address on another interface of this host.</para>
550 </listitem>
551 </varlistentry>
552 <varlistentry>
553 <term><varname>Remote=</varname></term>
554 <listitem>
555 <para>The remote endpoint of the tunnel.</para>
556 </listitem>
557 </varlistentry>
558 <varlistentry>
559 <term><varname>TOS=</varname></term>
560 <listitem>
561 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 562 For details about the TOS, see the
798d3a52
ZJS		 563 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
564 Service in the Internet Protocol Suite </ulink> document.
565 </para>
566 </listitem>
567 </varlistentry>
568 <varlistentry>
569 <term><varname>TTL=</varname></term>
570 <listitem>
571 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 572 number in the range 1–255. 0 is a special value meaning that
798d3a52 573 packets inherit the TTL value. The default value for IPv4
b938cb90 574 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 575 64.</para>
576 </listitem>
577 </varlistentry>
578 <varlistentry>
579 <term><varname>DiscoverPathMTU=</varname></term>
580 <listitem>
581 <para>A boolean. When true, enables Path MTU Discovery on
582 the tunnel.</para>
583 </listitem>
584 </varlistentry>
276de526
SS		 585 <varlistentry>
586 <term><varname>IPv6FlowLabel=</varname></term>
587 <listitem>
a8eaaee7 588 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 589 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 590 RFC 2460</ulink>), which is used by a node to label packets of a flow.
591 It is only used for IPv6 tunnels.
592 A flow label of zero is used to indicate packets that have
593 not been labeled.
594 It can be configured to a value in the range 0–0xFFFFF, or be
595 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 596 </listitem>
597 </varlistentry>
9b0ca30a 598 <varlistentry>
a9b70f9d 599 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 600 <listitem>
3cf4bcab
ZJS		 601 <para>A boolean. When true, the Differentiated Service Code
602 Point (DSCP) field will be copied to the inner header from
a9b70f9d 603 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 604 packet. DSCP is a field in an IP packet that enables different
605 levels of service to be assigned to network traffic.
606 Defaults to <literal>no</literal>.
9b0ca30a
SS		 607 </para>
608 </listitem>
609 </varlistentry>
dae398a8
SS		 610 <varlistentry>
611 <term><varname>EncapsulationLimit=</varname></term>
612 <listitem>
613 <para>The Tunnel Encapsulation Limit option specifies how many additional
614 levels of encapsulation are permitted to be prepended to the packet.
615 For example, a Tunnel Encapsulation Limit option containing a limit
616 value of zero means that a packet carrying that option may not enter
617 another tunnel before exiting the current tunnel.
618 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 619 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 620 </para>
621 </listitem>
622 </varlistentry>
798d3a52
ZJS		 623 <varlistentry>
624 <term><varname>Mode=</varname></term>
625 <listitem>
a8eaaee7 626 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 627 modes
628 <literal>ip6ip6</literal> for IPv6 over IPv6,
629 <literal>ipip6</literal> for IPv4 over IPv6 or
630 <literal>any</literal> for either.
631 </para>
632 </listitem>
633 </varlistentry>
634 </variablelist>
635 </refsect1>
636 <refsect1>
637 <title>[Peer] Section Options</title>
638
639 <para>The <literal>[Peer]</literal> section only applies for
640 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 641 following keys:</para>
798d3a52
ZJS		 642
643 <variablelist class='network-directives'>
644 <varlistentry>
645 <term><varname>Name=</varname></term>
646 <listitem>
647 <para>The interface name used when creating the netdev.
648 This option is compulsory.</para>
649 </listitem>
650 </varlistentry>
651 <varlistentry>
652 <term><varname>MACAddress=</varname></term>
653 <listitem>
b938cb90 654 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 655 the same way as the MAC address of the main
656 interface.</para>
657 </listitem>
658 </varlistentry>
659 </variablelist>
660 </refsect1>
661 <refsect1>
662 <title>[Tun] Section Options</title>
663
664 <para>The <literal>[Tun]</literal> section only applies for
665 netdevs of kind <literal>tun</literal>, and accepts the following
666 keys:</para>
667
668 <variablelist class='network-directives'>
669 <varlistentry>
670 <term><varname>OneQueue=</varname></term>
671 <listitem><para>Takes a boolean argument. Configures whether
672 all packets are queued at the device (enabled), or a fixed
673 number of packets are queued at the device and the rest at the
674 <literal>qdisc</literal>. Defaults to
675 <literal>no</literal>.</para>
676 </listitem>
677 </varlistentry>
678 <varlistentry>
679 <term><varname>MultiQueue=</varname></term>
680 <listitem><para>Takes a boolean argument. Configures whether
681 to use multiple file descriptors (queues) to parallelize
682 packets sending and receiving. Defaults to
683 <literal>no</literal>.</para>
684 </listitem>
685 </varlistentry>
686 <varlistentry>
687 <term><varname>PacketInfo=</varname></term>
688 <listitem><para>Takes a boolean argument. Configures whether
ff9b60f3 689 packets should be prepended with four extra bytes (two flag
b938cb90 690 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 691 the packets will be pure IP packets. Defaults to
692 <literal>no</literal>.</para>
693 </listitem>
694 </varlistentry>
43f78da4 695 <varlistentry>
2aba142e 696 <term><varname>VNetHeader=</varname></term>
43f78da4
SS		 697 <listitem><para>Takes a boolean argument. Configures
698 IFF_VNET_HDR flag for a tap device. It allows sending
699 and receiving larger Generic Segmentation Offload (GSO)
700 packets. This may increase throughput significantly.
701 Defaults to
702 <literal>no</literal>.</para>
703 </listitem>
704 </varlistentry>
798d3a52
ZJS		 705 <varlistentry>
706 <term><varname>User=</varname></term>
707 <listitem><para>User to grant access to the
708 <filename>/dev/net/tun</filename> device.</para>
709 </listitem>
710 </varlistentry>
711 <varlistentry>
712 <term><varname>Group=</varname></term>
713 <listitem><para>Group to grant access to the
714 <filename>/dev/net/tun</filename> device.</para>
715 </listitem>
716 </varlistentry>
717
718 </variablelist>
719
720 </refsect1>
721
722 <refsect1>
723 <title>[Tap] Section Options</title>
724
725 <para>The <literal>[Tap]</literal> section only applies for
726 netdevs of kind <literal>tap</literal>, and accepts the same keys
727 as the <literal>[Tun]</literal> section.</para>
728 </refsect1>
729
730 <refsect1>
731 <title>[Bond] Section Options</title>
732
733 <para>The <literal>[Bond]</literal> section accepts the following
734 key:</para>
735
736 <variablelist class='network-directives'>
737 <varlistentry>
738 <term><varname>Mode=</varname></term>
739 <listitem>
740 <para>Specifies one of the bonding policies. The default is
741 <literal>balance-rr</literal> (round robin). Possible values are
742 <literal>balance-rr</literal>,
743 <literal>active-backup</literal>,
744 <literal>balance-xor</literal>,
745 <literal>broadcast</literal>,
746 <literal>802.3ad</literal>,
747 <literal>balance-tlb</literal>, and
748 <literal>balance-alb</literal>.
749 </para>
750 </listitem>
751 </varlistentry>
752
753 <varlistentry>
754 <term><varname>TransmitHashPolicy=</varname></term>
755 <listitem>
756 <para>Selects the transmit hash policy to use for slave
757 selection in balance-xor, 802.3ad, and tlb modes. Possible
758 values are
759 <literal>layer2</literal>,
760 <literal>layer3+4</literal>,
761 <literal>layer2+3</literal>,
762 <literal>encap2+3</literal>,
763 <literal>802.3ad</literal>, and
764 <literal>encap3+4</literal>.
765 </para>
766 </listitem>
767 </varlistentry>
768
769 <varlistentry>
770 <term><varname>LACPTransmitRate=</varname></term>
771 <listitem>
772 <para>Specifies the rate with which link partner transmits
773 Link Aggregation Control Protocol Data Unit packets in
774 802.3ad mode. Possible values are <literal>slow</literal>,
775 which requests partner to transmit LACPDUs every 30 seconds,
776 and <literal>fast</literal>, which requests partner to
777 transmit LACPDUs every second. The default value is
778 <literal>slow</literal>.</para>
779 </listitem>
780 </varlistentry>
781
782 <varlistentry>
783 <term><varname>MIIMonitorSec=</varname></term>
784 <listitem>
785 <para>Specifies the frequency that Media Independent
786 Interface link monitoring will occur. A value of zero
dd2b607b 787 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 788 the nearest millisecond. The default value is 0.</para>
789 </listitem>
790 </varlistentry>
791
792 <varlistentry>
793 <term><varname>UpDelaySec=</varname></term>
794 <listitem>
795 <para>Specifies the delay before a link is enabled after a
796 link up status has been detected. This value is rounded down
797 to a multiple of MIIMonitorSec. The default value is
798 0.</para>
799 </listitem>
800 </varlistentry>
801
802 <varlistentry>
803 <term><varname>DownDelaySec=</varname></term>
804 <listitem>
805 <para>Specifies the delay before a link is disabled after a
806 link down status has been detected. This value is rounded
807 down to a multiple of MIIMonitorSec. The default value is
808 0.</para>
809 </listitem>
810 </varlistentry>
811
81bd37a8 812 <varlistentry>
38422da7 813 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 814 <listitem>
815 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 816 driver sends learning packets to each slave peer switch.
817 The valid range is 1–0x7fffffff; the default value is 1. This option
818 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 819 </listitem>
820 </varlistentry>
821
822 <varlistentry>
823 <term><varname>AdSelect=</varname></term>
824 <listitem>
825 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
826 <literal>stable</literal>,
a8eaaee7
JE		 827 <literal>bandwidth</literal> and
828 <literal>count</literal>.
81bd37a8
SS		 829 </para>
830 </listitem>
831 </varlistentry>
832
833 <varlistentry>
38422da7 834 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 835 <listitem>
a8eaaee7
JE		 836 <para>Specifies whether the active-backup mode should set all slaves to
837 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 838 bond's MAC address in accordance with the selected policy. The default policy is none.
839 Possible values are
840 <literal>none</literal>,
a8eaaee7
JE		 841 <literal>active</literal> and
842 <literal>follow</literal>.
81bd37a8
SS		 843 </para>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry>
38422da7 848 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 849 <listitem>
850 <para>Specifies whether or not ARP probes and replies should be
38422da7 851 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 852 non-ARP traffic should be filtered (disregarded) for link
853 monitoring purposes. Possible values are
854 <literal>none</literal>,
855 <literal>active</literal>,
a8eaaee7
JE		 856 <literal>backup</literal> and
857 <literal>all</literal>.
81bd37a8
SS		 858 </para>
859 </listitem>
860 </varlistentry>
861
862 <varlistentry>
38422da7 863 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 864 <listitem>
865 <para>Specifies the ARP link monitoring frequency in milliseconds.
866 A value of 0 disables ARP monitoring. The default value is 0.
867 </para>
868 </listitem>
869 </varlistentry>
870
871 <varlistentry>
38422da7 872 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 873 <listitem>
874 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 875 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 876 sent to determine the health of the link to the targets.
a8eaaee7 877 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 878 address must be given for ARP monitoring to function. The
879 maximum number of targets that can be specified is 16. The
880 default value is no IP addresses.
881 </para>
882 </listitem>
883 </varlistentry>
884
885 <varlistentry>
38422da7 886 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 887 <listitem>
38422da7 888 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 889 in order for the ARP monitor to consider a slave as being up.
890 This option affects only active-backup mode for slaves with
38422da7 891 ARPValidate enabled. Possible values are
a8eaaee7
JE		 892 <literal>any</literal> and
893 <literal>all</literal>.
81bd37a8
SS		 894 </para>
895 </listitem>
896 </varlistentry>
897
898 <varlistentry>
38422da7 899 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 900 <listitem>
901 <para>Specifies the reselection policy for the primary slave. This
902 affects how the primary slave is chosen to become the active slave
903 when failure of the active slave or recovery of the primary slave
904 occurs. This option is designed to prevent flip-flopping between
905 the primary slave and other slaves. Possible values are
906 <literal>always</literal>,
a8eaaee7
JE		 907 <literal>better</literal> and
908 <literal>failure</literal>.
81bd37a8
SS		 909 </para>
910 </listitem>
911 </varlistentry>
912
913 <varlistentry>
914 <term><varname>ResendIGMP=</varname></term>
915 <listitem>
916 <para>Specifies the number of IGMP membership reports to be issued after
917 a failover event. One membership report is issued immediately after
918 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 919 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 920 prevents the IGMP membership report from being issued in response
921 to the failover event.
922 </para>
923 </listitem>
924 </varlistentry>
925
926 <varlistentry>
927 <term><varname>PacketsPerSlave=</varname></term>
928 <listitem>
b938cb90
JE		 929 <para>Specify the number of packets to transmit through a slave before
930 moving to the next one. When set to 0, then a slave is chosen at
931 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 932 only has effect when in balance-rr mode.
81bd37a8
SS		 933 </para>
934 </listitem>
935 </varlistentry>
936
937 <varlistentry>
38422da7 938 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 939 <listitem>
940 <para>Specify the number of peer notifications (gratuitous ARPs and
941 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 942 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 943 a peer notification is sent on the bonding device and each
944 VLAN sub-device. This is repeated at each link monitor interval
38422da7 945 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 946 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 947 These options affect only the active-backup mode.
81bd37a8
SS		 948 </para>
949 </listitem>
950 </varlistentry>
951
952 <varlistentry>
953 <term><varname>AllSlavesActive=</varname></term>
954 <listitem>
a8eaaee7
JE		 955 <para>A boolean. Specifies that duplicate frames (received on inactive ports)
956 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 957 duplicate frames (received on inactive ports), which is desirable for
958 most users. But there are some times it is nice to allow duplicate
959 frames to be delivered. The default value is false (drop duplicate frames
960 received on inactive ports).
961 </para>
962 </listitem>
963 </varlistentry>
964
965 <varlistentry>
966 <term><varname>MinLinks=</varname></term>
967 <listitem>
968 <para>Specifies the minimum number of links that must be active before
969 asserting carrier. The default value is 0.
970 </para>
971 </listitem>
972 </varlistentry>
973
798d3a52 974 </variablelist>
81bd37a8
SS		 975
976 <para>For more detail information see
977 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
978 Linux Ethernet Bonding Driver HOWTO</ulink></para>
979
798d3a52
ZJS		 980 </refsect1>
981
982 <refsect1>
983 <title>Example</title>
984 <example>
6c1695be 985 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 986
987 <programlisting>[NetDev]
eac684ef
TG		 988Name=bridge0
989Kind=bridge</programlisting>
798d3a52 990 </example>
eac684ef 991
798d3a52 992 <example>
6c1695be 993 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 994
798d3a52 995 <programlisting>[Match]
eac684ef
TG		 996Virtualization=no
997
998[NetDev]
999Name=vlan1
1000Kind=vlan
1001
1002[VLAN]
1003Id=1</programlisting>
798d3a52
ZJS		 1004 </example>
1005 <example>
6c1695be 1006 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1007 <programlisting>[NetDev]
b35a2909
TG		 1008Name=ipip-tun
1009Kind=ipip
1010MTUBytes=1480
1011
1012[Tunnel]
1013Local=192.168.223.238
1014Remote=192.169.224.239
1015TTL=64</programlisting>
798d3a52
ZJS		 1016 </example>
1017 <example>
6c1695be 1018 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1019 <programlisting>[NetDev]
30ae9dfd
SS		 1020Name=tap-test
1021Kind=tap
1022
1023[Tap]
1024MultiQueue=true
1025PacketInfo=true</programlisting> </example>
eac684ef 1026
798d3a52 1027 <example>
6c1695be 1028 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1029 <programlisting>[NetDev]
b35a2909
TG		 1030Name=sit-tun
1031Kind=sit
1032MTUBytes=1480
1033
1034[Tunnel]
1035Local=10.65.223.238
1036Remote=10.65.223.239</programlisting>
798d3a52 1037 </example>
eac684ef 1038
798d3a52 1039 <example>
6c1695be 1040 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1041 <programlisting>[NetDev]
b35a2909
TG		 1042Name=gre-tun
1043Kind=gre
1044MTUBytes=1480
1045
1046[Tunnel]
1047Local=10.65.223.238
1048Remote=10.65.223.239</programlisting>
798d3a52 1049 </example>
b35a2909 1050
798d3a52 1051 <example>
6c1695be 1052 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1053
798d3a52 1054 <programlisting>[NetDev]
b35a2909
TG		 1055Name=vti-tun
1056Kind=vti
1057MTUBytes=1480
1058
1059[Tunnel]
1060Local=10.65.223.238
1061Remote=10.65.223.239</programlisting>
798d3a52 1062 </example>
b35a2909 1063
798d3a52 1064 <example>
6c1695be 1065 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1066 <programlisting>[NetDev]
b35a2909
TG		 1067Name=veth-test
1068Kind=veth
1069
1070[Peer]
1071Name=veth-peer</programlisting>
798d3a52 1072 </example>
b35a2909 1073
d94facdc 1074 <example>
6c1695be 1075 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1076 <programlisting>[NetDev]
1077Name=bond1
1078Kind=bond
1079
1080[Bond]
1081Mode=802.3ad
1082TransmitHashPolicy=layer3+4
1083MIIMonitorSec=1s
1084LACPTransmitRate=fast
1085</programlisting>
1086 </example>
1087
798d3a52 1088 <example>
6c1695be 1089 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1090 <programlisting>[NetDev]
9e358851
TG		 1091Name=dummy-test
1092Kind=dummy
1093MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52
ZJS		 1094 </example>
1095
1096 </refsect1>
1097 <refsect1>
1098 <title>See Also</title>
1099 <para>
1100 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1101 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1102 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1103 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1104 </para>
1105 </refsect1>
eac684ef
TG		 1106
1107</refentry>
Unnamed repository; edit this file 'description' to name the repository.