]>
Commit | Line | Data |
---|---|---|
eac684ef TG |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
eac684ef TG |
4 | |
5 | <!-- | |
572eb058 ZJS |
6 | SPDX-License-Identifier: LGPL-2.1+ |
7 | ||
eac684ef TG |
8 | This file is part of systemd. |
9 | ||
10 | Copyright 2013 Tom Gundersen | |
11 | ||
12 | systemd is free software; you can redistribute it and/or modify it | |
13 | under the terms of the GNU Lesser General Public License as published by | |
14 | the Free Software Foundation; either version 2.1 of the License, or | |
15 | (at your option) any later version. | |
16 | ||
17 | systemd is distributed in the hope that it will be useful, but | |
18 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
20 | Lesser General Public License for more details. | |
21 | ||
22 | You should have received a copy of the GNU Lesser General Public License | |
23 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
24 | --> | |
25 | ||
26 | <refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'> | |
27 | ||
798d3a52 ZJS |
28 | <refentryinfo> |
29 | <title>systemd.network</title> | |
30 | <productname>systemd</productname> | |
31 | ||
32 | <authorgroup> | |
33 | <author> | |
34 | <contrib>Developer</contrib> | |
35 | <firstname>Tom</firstname> | |
36 | <surname>Gundersen</surname> | |
37 | <email>teg@jklm.no</email> | |
38 | </author> | |
39 | </authorgroup> | |
40 | </refentryinfo> | |
41 | ||
42 | <refmeta> | |
43 | <refentrytitle>systemd.netdev</refentrytitle> | |
44 | <manvolnum>5</manvolnum> | |
45 | </refmeta> | |
46 | ||
47 | <refnamediv> | |
48 | <refname>systemd.netdev</refname> | |
49 | <refpurpose>Virtual Network Device configuration</refpurpose> | |
50 | </refnamediv> | |
51 | ||
52 | <refsynopsisdiv> | |
53 | <para><filename><replaceable>netdev</replaceable>.netdev</filename></para> | |
54 | </refsynopsisdiv> | |
55 | ||
56 | <refsect1> | |
57 | <title>Description</title> | |
58 | ||
59 | <para>Network setup is performed by | |
60 | <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
61 | </para> | |
62 | ||
bac150e9 ZJS |
63 | <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>; |
64 | other extensions are ignored. Virtual network devices are created as soon as networkd is | |
65 | started. If a netdev with the specified name already exists, networkd will use that as-is rather | |
66 | than create its own. Note that the settings of the pre-existing netdev will not be changed by | |
798d3a52 ZJS |
67 | networkd.</para> |
68 | ||
bac150e9 ZJS |
69 | <para>The <filename>.netdev</filename> files are read from the files located in the system |
70 | network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network | |
71 | directory <filename>/run/systemd/network</filename> and the local administration network | |
72 | directory <filename>/etc/systemd/network</filename>. All configuration files are collectively | |
73 | sorted and processed in lexical order, regardless of the directories in which they live. | |
74 | However, files with identical filenames replace each other. Files in <filename>/etc</filename> | |
75 | have the highest priority, files in <filename>/run</filename> take precedence over files with | |
76 | the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied | |
77 | configuration file with a local file if needed. As a special case, an empty file (file size 0) | |
78 | or symlink with the same name pointing to <filename>/dev/null</filename> disables the | |
79 | configuration file entirely (it is "masked").</para> | |
80 | ||
81 | <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory | |
82 | <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal> | |
83 | from this directory will be parsed after the file itself is parsed. This is useful to alter or | |
84 | add configuration settings, without having to modify the main configuration file. Each drop-in | |
85 | file must have appropriate section headers.</para> | |
86 | ||
87 | <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal> | |
88 | directories can be placed in <filename>/usr/lib/systemd/network</filename> or | |
89 | <filename>/run/systemd/network</filename> directories. Drop-in files in | |
90 | <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn | |
91 | take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these | |
92 | directories take precedence over the main netdev file wherever located. (Of course, since | |
93 | <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is | |
94 | unlikely drop-ins should be used in either of those places.)</para> | |
798d3a52 ZJS |
95 | </refsect1> |
96 | ||
97 | <refsect1> | |
98 | <title>Supported netdev kinds</title> | |
99 | ||
100 | <para>The following kinds of virtual network devices may be | |
101 | configured in <filename>.netdev</filename> files:</para> | |
102 | ||
103 | <table> | |
104 | <title>Supported kinds of virtual network devices</title> | |
105 | ||
106 | <tgroup cols='2'> | |
107 | <colspec colname='kind' /> | |
108 | <colspec colname='explanation' /> | |
109 | <thead><row> | |
110 | <entry>Kind</entry> | |
111 | <entry>Description</entry> | |
112 | </row></thead> | |
113 | <tbody> | |
114 | <row><entry><varname>bond</varname></entry> | |
115 | <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row> | |
116 | ||
117 | <row><entry><varname>bridge</varname></entry> | |
a8eaaee7 | 118 | <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row> |
798d3a52 ZJS |
119 | |
120 | <row><entry><varname>dummy</varname></entry> | |
121 | <entry>A dummy device drops all packets sent to it.</entry></row> | |
122 | ||
123 | <row><entry><varname>gre</varname></entry> | |
124 | <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row> | |
125 | ||
126 | <row><entry><varname>gretap</varname></entry> | |
127 | <entry>A Level 2 GRE tunnel over IPv4.</entry></row> | |
128 | ||
129 | <row><entry><varname>ip6gre</varname></entry> | |
130 | <entry>A Level 3 GRE tunnel over IPv6.</entry></row> | |
131 | ||
132 | <row><entry><varname>ip6tnl</varname></entry> | |
133 | <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row> | |
134 | ||
135 | <row><entry><varname>ip6gretap</varname></entry> | |
037a3ded | 136 | <entry>A Level 2 GRE tunnel over IPv6.</entry></row> |
798d3a52 ZJS |
137 | |
138 | <row><entry><varname>ipip</varname></entry> | |
139 | <entry>An IPv4 over IPv4 tunnel.</entry></row> | |
140 | ||
141 | <row><entry><varname>ipvlan</varname></entry> | |
142 | <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row> | |
143 | ||
144 | <row><entry><varname>macvlan</varname></entry> | |
145 | <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> | |
146 | ||
0371f2df SS |
147 | <row><entry><varname>macvtap</varname></entry> |
148 | <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row> | |
149 | ||
798d3a52 ZJS |
150 | <row><entry><varname>sit</varname></entry> |
151 | <entry>An IPv6 over IPv4 tunnel.</entry></row> | |
152 | ||
153 | <row><entry><varname>tap</varname></entry> | |
154 | <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row> | |
155 | ||
156 | <row><entry><varname>tun</varname></entry> | |
157 | <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row> | |
158 | ||
159 | <row><entry><varname>veth</varname></entry> | |
a8eaaee7 | 160 | <entry>An Ethernet tunnel between a pair of network devices.</entry></row> |
798d3a52 ZJS |
161 | |
162 | <row><entry><varname>vlan</varname></entry> | |
163 | <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row> | |
164 | ||
165 | <row><entry><varname>vti</varname></entry> | |
166 | <entry>An IPv4 over IPSec tunnel.</entry></row> | |
167 | ||
5cc0748e SS |
168 | <row><entry><varname>vti6</varname></entry> |
169 | <entry>An IPv6 over IPSec tunnel.</entry></row> | |
170 | ||
798d3a52 ZJS |
171 | <row><entry><varname>vxlan</varname></entry> |
172 | <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row> | |
20897a0d | 173 | |
6598e046 SS |
174 | <row><entry><varname>geneve</varname></entry> |
175 | <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row> | |
176 | ||
20897a0d | 177 | <row><entry><varname>vrf</varname></entry> |
92c918b0 SS |
178 | <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row> |
179 | ||
180 | <row><entry><varname>vcan</varname></entry> | |
ba9fa3bc | 181 | <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row> |
20897a0d | 182 | |
d6df583c SS |
183 | <row><entry><varname>vxcan</varname></entry> |
184 | <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication. | |
185 | </entry></row> | |
186 | ||
798d3a52 ZJS |
187 | </tbody> |
188 | </tgroup> | |
189 | </table> | |
190 | ||
191 | </refsect1> | |
192 | ||
193 | <refsect1> | |
194 | <title>[Match] Section Options</title> | |
195 | ||
196 | <para>A virtual network device is only created if the | |
197 | <literal>[Match]</literal> section matches the current | |
198 | environment, or if the section is empty. The following keys are | |
199 | accepted:</para> | |
200 | ||
201 | <variablelist class='network-directives'> | |
202 | <varlistentry> | |
203 | <term><varname>Host=</varname></term> | |
204 | <listitem> | |
205 | <para>Matches against the hostname or machine ID of the | |
206 | host. See <literal>ConditionHost=</literal> in | |
207 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
208 | for details. | |
209 | </para> | |
210 | </listitem> | |
211 | </varlistentry> | |
212 | <varlistentry> | |
213 | <term><varname>Virtualization=</varname></term> | |
214 | <listitem> | |
215 | <para>Checks whether the system is executed in a virtualized | |
216 | environment and optionally test whether it is a specific | |
217 | implementation. See | |
218 | <literal>ConditionVirtualization=</literal> in | |
219 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
220 | for details. | |
221 | </para> | |
222 | </listitem> | |
223 | </varlistentry> | |
224 | <varlistentry> | |
225 | <term><varname>KernelCommandLine=</varname></term> | |
226 | <listitem> | |
227 | <para>Checks whether a specific kernel command line option | |
228 | is set (or if prefixed with the exclamation mark unset). See | |
229 | <literal>ConditionKernelCommandLine=</literal> in | |
230 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
231 | for details. | |
232 | </para> | |
233 | </listitem> | |
234 | </varlistentry> | |
235 | <varlistentry> | |
236 | <term><varname>Architecture=</varname></term> | |
237 | <listitem> | |
238 | <para>Checks whether the system is running on a specific | |
239 | architecture. See <literal>ConditionArchitecture=</literal> in | |
240 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
241 | for details. | |
242 | </para> | |
243 | </listitem> | |
244 | </varlistentry> | |
245 | </variablelist> | |
246 | ||
247 | </refsect1> | |
248 | ||
249 | <refsect1> | |
250 | <title>[NetDev] Section Options</title> | |
251 | ||
252 | <para>The <literal>[NetDev]</literal> section accepts the | |
253 | following keys:</para> | |
254 | ||
255 | <variablelist class='network-directives'> | |
256 | <varlistentry> | |
257 | <term><varname>Description=</varname></term> | |
258 | <listitem> | |
259 | <para>A free-form description of the netdev.</para> | |
260 | </listitem> | |
261 | </varlistentry> | |
262 | <varlistentry> | |
263 | <term><varname>Name=</varname></term> | |
264 | <listitem> | |
265 | <para>The interface name used when creating the netdev. | |
266 | This option is compulsory.</para> | |
267 | </listitem> | |
268 | </varlistentry> | |
269 | <varlistentry> | |
270 | <term><varname>Kind=</varname></term> | |
271 | <listitem> | |
272 | <para>The netdev kind. This option is compulsory. See the | |
273 | <literal>Supported netdev kinds</literal> section for the | |
274 | valid keys.</para> | |
275 | </listitem> | |
276 | </varlistentry> | |
277 | <varlistentry> | |
278 | <term><varname>MTUBytes=</varname></term> | |
279 | <listitem> | |
280 | <para>The maximum transmission unit in bytes to set for | |
281 | the device. The usual suffixes K, M, G, are supported and | |
282 | are understood to the base of 1024. This key is not | |
ff9b60f3 | 283 | currently supported for <literal>tun</literal> or |
798d3a52 ZJS |
284 | <literal>tap</literal> devices. |
285 | </para> | |
286 | </listitem> | |
287 | </varlistentry> | |
288 | <varlistentry> | |
289 | <term><varname>MACAddress=</varname></term> | |
290 | <listitem> | |
291 | <para>The MAC address to use for the device. If none is | |
292 | given, one is generated based on the interface name and | |
293 | the | |
294 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. | |
ff9b60f3 | 295 | This key is not currently supported for |
798d3a52 ZJS |
296 | <literal>tun</literal> or <literal>tap</literal> devices. |
297 | </para> | |
298 | </listitem> | |
299 | </varlistentry> | |
300 | </variablelist> | |
301 | </refsect1> | |
302 | ||
3428fe07 SS |
303 | <refsect1> |
304 | <title>[Bridge] Section Options</title> | |
305 | ||
306 | <para>The <literal>[Bridge]</literal> section only applies for | |
307 | netdevs of kind <literal>bridge</literal>, and accepts the | |
a8eaaee7 | 308 | following keys:</para> |
3428fe07 SS |
309 | |
310 | <variablelist class='network-directives'> | |
311 | <varlistentry> | |
312 | <term><varname>HelloTimeSec=</varname></term> | |
313 | <listitem> | |
a8eaaee7 | 314 | <para>HelloTimeSec specifies the number of seconds between two hello packets |
3428fe07 SS |
315 | sent out by the root bridge and the designated bridges. Hello packets are |
316 | used to communicate information about the topology throughout the entire | |
317 | bridged local area network.</para> | |
318 | </listitem> | |
319 | </varlistentry> | |
320 | <varlistentry> | |
321 | <term><varname>MaxAgeSec=</varname></term> | |
322 | <listitem> | |
323 | <para>MaxAgeSec specifies the number of seconds of maximum message age. | |
324 | If the last seen (received) hello packet is more than this number of | |
325 | seconds old, the bridge in question will start the takeover procedure | |
326 | in attempt to become the Root Bridge itself.</para> | |
327 | </listitem> | |
328 | </varlistentry> | |
329 | <varlistentry> | |
330 | <term><varname>ForwardDelaySec=</varname></term> | |
331 | <listitem> | |
332 | <para>ForwardDelaySec specifies the number of seconds spent in each | |
333 | of the Listening and Learning states before the Forwarding state is entered.</para> | |
334 | </listitem> | |
335 | </varlistentry> | |
c7440e74 TJ |
336 | <varlistentry> |
337 | <term><varname>AgeingTimeSec=</varname></term> | |
338 | <listitem> | |
339 | <para>This specifies the number of seconds a MAC Address will be kept in | |
d23a0044 | 340 | the forwarding database after having a packet received from this MAC Address.</para> |
c7440e74 TJ |
341 | </listitem> |
342 | </varlistentry> | |
343 | <varlistentry> | |
344 | <term><varname>Priority=</varname></term> | |
345 | <listitem> | |
346 | <para>The priority of the bridge. An integer between 0 and 65535. A lower value | |
347 | means higher priority. The bridge having the lowest priority will be elected as root bridge.</para> | |
348 | </listitem> | |
349 | </varlistentry> | |
c4819961 JC |
350 | <varlistentry> |
351 | <term><varname>GroupForwardMask=</varname></term> | |
352 | <listitem> | |
353 | <para>A 16-bit bitmask represented as an integer which allows forwarding of link | |
354 | local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND | |
355 | is performed between the specified bitmask and the exponentiation of 2^X, the | |
356 | lower nibble of the last octet of the MAC address. For example, a value of 8 | |
357 | would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para> | |
358 | </listitem> | |
359 | </varlistentry> | |
c7440e74 TJ |
360 | <varlistentry> |
361 | <term><varname>DefaultPVID=</varname></term> | |
362 | <listitem> | |
0d6c68eb TJ |
363 | <para>This specifies the default port VLAN ID of a newly attached bridge port. |
364 | Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para> | |
c7440e74 TJ |
365 | </listitem> |
366 | </varlistentry> | |
3fef7a3f SS |
367 | <varlistentry> |
368 | <term><varname>MulticastQuerier=</varname></term> | |
369 | <listitem> | |
370 | <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel. | |
371 | If enabled, the kernel will send general ICMP queries from a zero source address. | |
372 | This feature should allow faster convergence on startup, but it causes some | |
373 | multicast-aware switches to misbehave and disrupt forwarding of multicast packets. | |
374 | When unset, the kernel's default setting applies. | |
375 | </para> | |
376 | </listitem> | |
377 | </varlistentry> | |
6df6d898 SS |
378 | <varlistentry> |
379 | <term><varname>MulticastSnooping=</varname></term> | |
380 | <listitem> | |
381 | <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel. | |
382 | If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic | |
383 | between hosts and multicast routers. When unset, the kernel's default setting applies. | |
384 | </para> | |
385 | </listitem> | |
386 | </varlistentry> | |
c6f8d17d TJ |
387 | <varlistentry> |
388 | <term><varname>VLANFiltering=</varname></term> | |
389 | <listitem> | |
390 | <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel. | |
391 | If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's | |
392 | default setting applies. | |
393 | </para> | |
394 | </listitem> | |
395 | </varlistentry> | |
b760a9af SS |
396 | <varlistentry> |
397 | <term><varname>STP=</varname></term> | |
398 | <listitem> | |
399 | <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset, | |
400 | the kernel's default setting applies. | |
401 | </para> | |
402 | </listitem> | |
403 | </varlistentry> | |
3428fe07 | 404 | </variablelist> |
3428fe07 SS |
405 | </refsect1> |
406 | ||
798d3a52 ZJS |
407 | <refsect1> |
408 | <title>[VLAN] Section Options</title> | |
409 | ||
410 | <para>The <literal>[VLAN]</literal> section only applies for | |
411 | netdevs of kind <literal>vlan</literal>, and accepts the | |
412 | following key:</para> | |
413 | ||
414 | <variablelist class='network-directives'> | |
415 | <varlistentry> | |
416 | <term><varname>Id=</varname></term> | |
417 | <listitem> | |
418 | <para>The VLAN ID to use. An integer in the range 0–4094. | |
419 | This option is compulsory.</para> | |
420 | </listitem> | |
421 | </varlistentry> | |
c8b21184 SS |
422 | <varlistentry> |
423 | <term><varname>GVRP=</varname></term> | |
424 | <listitem> | |
425 | <para>The Generic VLAN Registration Protocol (GVRP) is a protocol that | |
426 | allows automatic learning of VLANs on a network. A boolean. When unset, | |
427 | the kernel's default setting applies.</para> | |
428 | </listitem> | |
429 | </varlistentry> | |
6c1ff21b SS |
430 | <varlistentry> |
431 | <term><varname>MVRP=</varname></term> | |
432 | <listitem> | |
433 | <para>Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN | |
434 | Registration Protocol (GVRP) is a standards-based Layer 2 network protocol, | |
435 | for automatic configuration of VLAN information on switches. It was defined | |
436 | in the 802.1ak amendment to 802.1Q-2005. A boolean. When unset, the kernel's | |
437 | default setting applies.</para> | |
438 | </listitem> | |
439 | </varlistentry> | |
440 | <varlistentry> | |
441 | <term><varname>LooseBinding=</varname></term> | |
442 | <listitem> | |
443 | <para>The VLAN loose binding mode, in which only the operational state is passed | |
444 | from the parent to the associated VLANs, but the VLAN device state is not changed. | |
445 | A boolean. When unset, the kernel's default setting applies.</para> | |
446 | </listitem> | |
447 | </varlistentry> | |
448 | <varlistentry> | |
449 | <term><varname>ReorderHeader=</varname></term> | |
450 | <listitem> | |
451 | <para>The VLAN reorder header is set VLAN interfaces behave like physical interfaces. | |
452 | A boolean. When unset, the kernel's default setting applies.</para> | |
453 | </listitem> | |
454 | </varlistentry> | |
798d3a52 | 455 | </variablelist> |
798d3a52 ZJS |
456 | </refsect1> |
457 | ||
458 | <refsect1> | |
459 | <title>[MACVLAN] Section Options</title> | |
460 | ||
461 | <para>The <literal>[MACVLAN]</literal> section only applies for | |
462 | netdevs of kind <literal>macvlan</literal>, and accepts the | |
463 | following key:</para> | |
464 | ||
465 | <variablelist class='network-directives'> | |
466 | <varlistentry> | |
467 | <term><varname>Mode=</varname></term> | |
468 | <listitem> | |
469 | <para>The MACVLAN mode to use. The supported options are | |
470 | <literal>private</literal>, | |
471 | <literal>vepa</literal>, | |
472 | <literal>bridge</literal>, and | |
473 | <literal>passthru</literal>. | |
474 | </para> | |
475 | </listitem> | |
476 | </varlistentry> | |
477 | </variablelist> | |
478 | ||
479 | </refsect1> | |
480 | ||
0371f2df SS |
481 | <refsect1> |
482 | <title>[MACVTAP] Section Options</title> | |
483 | ||
484 | <para>The <literal>[MACVTAP]</literal> section applies for | |
485 | netdevs of kind <literal>macvtap</literal> and accepts the | |
96d49011 | 486 | same key as <literal>[MACVLAN]</literal>.</para> |
0371f2df SS |
487 | |
488 | </refsect1> | |
489 | ||
798d3a52 ZJS |
490 | <refsect1> |
491 | <title>[IPVLAN] Section Options</title> | |
492 | ||
493 | <para>The <literal>[IPVLAN]</literal> section only applies for | |
494 | netdevs of kind <literal>ipvlan</literal>, and accepts the | |
495 | following key:</para> | |
496 | ||
497 | <variablelist class='network-directives'> | |
498 | <varlistentry> | |
499 | <term><varname>Mode=</varname></term> | |
500 | <listitem> | |
501 | <para>The IPVLAN mode to use. The supported options are | |
d384826f SS |
502 | <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>. |
503 | </para> | |
504 | </listitem> | |
505 | </varlistentry> | |
506 | <varlistentry> | |
507 | <term><varname>Flags=</varname></term> | |
508 | <listitem> | |
509 | <para>The IPVLAN flags to use. The supported options are | |
510 | <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>. | |
798d3a52 ZJS |
511 | </para> |
512 | </listitem> | |
513 | </varlistentry> | |
514 | </variablelist> | |
515 | ||
516 | </refsect1> | |
517 | ||
518 | <refsect1> | |
519 | <title>[VXLAN] Section Options</title> | |
520 | <para>The <literal>[VXLAN]</literal> section only applies for | |
521 | netdevs of kind <literal>vxlan</literal>, and accepts the | |
522 | following keys:</para> | |
523 | ||
524 | <variablelist class='network-directives'> | |
525 | <varlistentry> | |
526 | <term><varname>Id=</varname></term> | |
527 | <listitem> | |
528 | <para>The VXLAN ID to use.</para> | |
529 | </listitem> | |
530 | </varlistentry> | |
531 | <varlistentry> | |
d35e5d37 | 532 | <term><varname>Remote=</varname></term> |
798d3a52 | 533 | <listitem> |
d35e5d37 | 534 | <para>Configures destination multicast group IP address.</para> |
798d3a52 ZJS |
535 | </listitem> |
536 | </varlistentry> | |
537 | <varlistentry> | |
d35e5d37 SS |
538 | <term><varname>Local=</varname></term> |
539 | <listitem> | |
540 | <para>Configures local IP address.</para> | |
541 | </listitem> | |
542 | </varlistentry> | |
543 | <varlistentry> | |
798d3a52 ZJS |
544 | <term><varname>TOS=</varname></term> |
545 | <listitem> | |
546 | <para>The Type Of Service byte value for a vxlan interface.</para> | |
547 | </listitem> | |
548 | </varlistentry> | |
549 | <varlistentry> | |
550 | <term><varname>TTL=</varname></term> | |
551 | <listitem> | |
552 | <para>A fixed Time To Live N on Virtual eXtensible Local | |
b938cb90 | 553 | Area Network packets. N is a number in the range 1–255. 0 |
798d3a52 ZJS |
554 | is a special value meaning that packets inherit the TTL |
555 | value.</para> | |
556 | </listitem> | |
557 | </varlistentry> | |
558 | <varlistentry> | |
559 | <term><varname>MacLearning=</varname></term> | |
560 | <listitem> | |
561 | <para>A boolean. When true, enables dynamic MAC learning | |
562 | to discover remote MAC addresses.</para> | |
563 | </listitem> | |
564 | </varlistentry> | |
565 | <varlistentry> | |
566 | <term><varname>FDBAgeingSec=</varname></term> | |
567 | <listitem> | |
568 | <para>The lifetime of Forwarding Database entry learnt by | |
b938cb90 | 569 | the kernel, in seconds.</para> |
798d3a52 ZJS |
570 | </listitem> |
571 | </varlistentry> | |
572 | <varlistentry> | |
3d276dd2 SS |
573 | <term><varname>MaximumFDBEntries=</varname></term> |
574 | <listitem> | |
575 | <para>Configures maximum number of FDB entries.</para> | |
576 | </listitem> | |
577 | </varlistentry> | |
798d3a52 | 578 | <varlistentry> |
7dd6974c | 579 | <term><varname>ReduceARPProxy=</varname></term> |
798d3a52 | 580 | <listitem> |
7dd6974c SS |
581 | <para>A boolean. When true, bridge-connected VXLAN tunnel |
582 | endpoint answers ARP requests from the local bridge on behalf | |
583 | of remote Distributed Overlay Virtual Ethernet | |
584 | <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet"> | |
585 | (DVOE)</ulink> clients. Defaults to false.</para> | |
798d3a52 ZJS |
586 | </listitem> |
587 | </varlistentry> | |
588 | <varlistentry> | |
589 | <term><varname>L2MissNotification=</varname></term> | |
590 | <listitem> | |
591 | <para>A boolean. When true, enables netlink LLADDR miss | |
592 | notifications.</para> | |
593 | </listitem> | |
594 | </varlistentry> | |
595 | <varlistentry> | |
596 | <term><varname>L3MissNotification=</varname></term> | |
597 | <listitem> | |
a8eaaee7 | 598 | <para>A boolean. When true, enables netlink IP address miss |
798d3a52 ZJS |
599 | notifications.</para> |
600 | </listitem> | |
601 | </varlistentry> | |
602 | <varlistentry> | |
603 | <term><varname>RouteShortCircuit=</varname></term> | |
604 | <listitem> | |
a8eaaee7 | 605 | <para>A boolean. When true, route short circuiting is turned |
798d3a52 ZJS |
606 | on.</para> |
607 | </listitem> | |
608 | </varlistentry> | |
cffacc74 | 609 | <varlistentry> |
53c06862 | 610 | <term><varname>UDPChecksum=</varname></term> |
cffacc74 | 611 | <listitem> |
b938cb90 | 612 | <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para> |
cffacc74 SS |
613 | </listitem> |
614 | </varlistentry> | |
615 | <varlistentry> | |
616 | <term><varname>UDP6ZeroChecksumTx=</varname></term> | |
617 | <listitem> | |
b938cb90 | 618 | <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para> |
cffacc74 SS |
619 | </listitem> |
620 | </varlistentry> | |
621 | <varlistentry> | |
53c06862 | 622 | <term><varname>UDP6ZeroChecksumRx=</varname></term> |
cffacc74 | 623 | <listitem> |
b938cb90 | 624 | <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para> |
16441027 SS |
625 | </listitem> |
626 | </varlistentry> | |
627 | <varlistentry> | |
53c06862 | 628 | <term><varname>RemoteChecksumTx=</varname></term> |
16441027 SS |
629 | <listitem> |
630 | <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para> | |
631 | </listitem> | |
632 | </varlistentry> | |
633 | <varlistentry> | |
53c06862 | 634 | <term><varname>RemoteChecksumRx=</varname></term> |
16441027 SS |
635 | <listitem> |
636 | <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para> | |
cffacc74 SS |
637 | </listitem> |
638 | </varlistentry> | |
8b414e52 SS |
639 | <varlistentry> |
640 | <term><varname>GroupPolicyExtension=</varname></term> | |
641 | <listitem> | |
b938cb90 JE |
642 | <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism |
643 | across network peers based on VXLAN. For details about the Group Policy VXLAN, see the | |
8b414e52 SS |
644 | <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy"> |
645 | VXLAN Group Policy </ulink> document. Defaults to false.</para> | |
646 | </listitem> | |
647 | </varlistentry> | |
ea0288d1 SS |
648 | <varlistentry> |
649 | <term><varname>DestinationPort=</varname></term> | |
650 | <listitem> | |
651 | <para>Configures the default destination UDP port on a per-device basis. | |
652 | If destination port is not specified then Linux kernel default will be used. | |
98616735 SS |
653 | Set destination port 4789 to get the IANA assigned value. If not set or if the |
654 | destination port is assigned the empty string the default port of 4789 is used.</para> | |
ea0288d1 SS |
655 | </listitem> |
656 | </varlistentry> | |
657 | <varlistentry> | |
658 | <term><varname>PortRange=</varname></term> | |
659 | <listitem> | |
660 | <para>Configures VXLAN port range. VXLAN bases source | |
661 | UDP port based on flow to help the receiver to be able | |
662 | to load balance based on outer header flow. It | |
663 | restricts the port range to the normal UDP local | |
664 | ports, and allows overriding via configuration.</para> | |
665 | </listitem> | |
666 | </varlistentry> | |
d8653945 SS |
667 | <varlistentry> |
668 | <term><varname>FlowLabel=</varname></term> | |
669 | <listitem> | |
670 | <para>Specifies the flow label to use in outgoing packets. | |
671 | The valid range is 0-1048575. | |
672 | </para> | |
673 | </listitem> | |
674 | </varlistentry> | |
798d3a52 ZJS |
675 | </variablelist> |
676 | </refsect1> | |
6598e046 SS |
677 | <refsect1> |
678 | <title>[GENEVE] Section Options</title> | |
679 | <para>The <literal>[GENEVE]</literal> section only applies for | |
680 | netdevs of kind <literal>geneve</literal>, and accepts the | |
681 | following keys:</para> | |
682 | ||
683 | <variablelist class='network-directives'> | |
684 | <varlistentry> | |
685 | <term><varname>Id=</varname></term> | |
686 | <listitem> | |
785889e5 | 687 | <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para> |
6598e046 SS |
688 | </listitem> |
689 | </varlistentry> | |
690 | <varlistentry> | |
691 | <term><varname>Remote=</varname></term> | |
692 | <listitem> | |
693 | <para>Specifies the unicast destination IP address to use in outgoing packets.</para> | |
694 | </listitem> | |
695 | </varlistentry> | |
696 | <varlistentry> | |
697 | <term><varname>TOS=</varname></term> | |
698 | <listitem> | |
98616735 | 699 | <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para> |
6598e046 SS |
700 | </listitem> |
701 | </varlistentry> | |
702 | <varlistentry> | |
703 | <term><varname>TTL=</varname></term> | |
704 | <listitem> | |
98616735 | 705 | <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para> |
6598e046 SS |
706 | </listitem> |
707 | </varlistentry> | |
708 | <varlistentry> | |
709 | <term><varname>UDPChecksum=</varname></term> | |
710 | <listitem> | |
711 | <para>A boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para> | |
712 | </listitem> | |
713 | </varlistentry> | |
714 | <varlistentry> | |
715 | <term><varname>UDP6ZeroChecksumTx=</varname></term> | |
716 | <listitem> | |
717 | <para>A boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para> | |
718 | </listitem> | |
719 | </varlistentry> | |
720 | <varlistentry> | |
721 | <term><varname>UDP6ZeroChecksumRx=</varname></term> | |
722 | <listitem> | |
723 | <para>A boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para> | |
724 | </listitem> | |
725 | </varlistentry> | |
726 | <varlistentry> | |
727 | <term><varname>DestinationPort=</varname></term> | |
728 | <listitem> | |
98616735 SS |
729 | <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default |
730 | port of 6081 is used.</para> | |
6598e046 SS |
731 | </listitem> |
732 | </varlistentry> | |
733 | <varlistentry> | |
734 | <term><varname>FlowLabel=</varname></term> | |
735 | <listitem> | |
736 | <para>Specifies the flow label to use in outgoing packets.</para> | |
737 | </listitem> | |
738 | </varlistentry> | |
739 | </variablelist> | |
740 | </refsect1> | |
798d3a52 ZJS |
741 | <refsect1> |
742 | <title>[Tunnel] Section Options</title> | |
743 | ||
744 | <para>The <literal>[Tunnel]</literal> section only applies for | |
745 | netdevs of kind | |
746 | <literal>ipip</literal>, | |
747 | <literal>sit</literal>, | |
748 | <literal>gre</literal>, | |
749 | <literal>gretap</literal>, | |
750 | <literal>ip6gre</literal>, | |
751 | <literal>ip6gretap</literal>, | |
5cc0748e SS |
752 | <literal>vti</literal>, |
753 | <literal>vti6</literal>, and | |
798d3a52 ZJS |
754 | <literal>ip6tnl</literal> and accepts |
755 | the following keys:</para> | |
756 | ||
757 | <variablelist class='network-directives'> | |
758 | <varlistentry> | |
759 | <term><varname>Local=</varname></term> | |
760 | <listitem> | |
761 | <para>A static local address for tunneled packets. It must | |
762 | be an address on another interface of this host.</para> | |
763 | </listitem> | |
764 | </varlistentry> | |
765 | <varlistentry> | |
766 | <term><varname>Remote=</varname></term> | |
767 | <listitem> | |
768 | <para>The remote endpoint of the tunnel.</para> | |
769 | </listitem> | |
770 | </varlistentry> | |
771 | <varlistentry> | |
772 | <term><varname>TOS=</varname></term> | |
773 | <listitem> | |
774 | <para>The Type Of Service byte value for a tunnel interface. | |
b938cb90 | 775 | For details about the TOS, see the |
798d3a52 ZJS |
776 | <ulink url="http://tools.ietf.org/html/rfc1349"> Type of |
777 | Service in the Internet Protocol Suite </ulink> document. | |
778 | </para> | |
779 | </listitem> | |
780 | </varlistentry> | |
781 | <varlistentry> | |
782 | <term><varname>TTL=</varname></term> | |
783 | <listitem> | |
784 | <para>A fixed Time To Live N on tunneled packets. N is a | |
b938cb90 | 785 | number in the range 1–255. 0 is a special value meaning that |
798d3a52 | 786 | packets inherit the TTL value. The default value for IPv4 |
b938cb90 | 787 | tunnels is: inherit. The default value for IPv6 tunnels is |
798d3a52 ZJS |
788 | 64.</para> |
789 | </listitem> | |
790 | </varlistentry> | |
791 | <varlistentry> | |
792 | <term><varname>DiscoverPathMTU=</varname></term> | |
793 | <listitem> | |
794 | <para>A boolean. When true, enables Path MTU Discovery on | |
795 | the tunnel.</para> | |
796 | </listitem> | |
797 | </varlistentry> | |
276de526 SS |
798 | <varlistentry> |
799 | <term><varname>IPv6FlowLabel=</varname></term> | |
800 | <listitem> | |
a8eaaee7 | 801 | <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437"> |
276de526 | 802 | RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460"> |
a8eaaee7 JE |
803 | RFC 2460</ulink>), which is used by a node to label packets of a flow. |
804 | It is only used for IPv6 tunnels. | |
805 | A flow label of zero is used to indicate packets that have | |
806 | not been labeled. | |
807 | It can be configured to a value in the range 0–0xFFFFF, or be | |
808 | set to <literal>inherit</literal>, in which case the original flowlabel is used.</para> | |
276de526 SS |
809 | </listitem> |
810 | </varlistentry> | |
9b0ca30a | 811 | <varlistentry> |
a9b70f9d | 812 | <term><varname>CopyDSCP=</varname></term> |
9b0ca30a | 813 | <listitem> |
3cf4bcab ZJS |
814 | <para>A boolean. When true, the Differentiated Service Code |
815 | Point (DSCP) field will be copied to the inner header from | |
a9b70f9d | 816 | outer header during the decapsulation of an IPv6 tunnel |
3cf4bcab ZJS |
817 | packet. DSCP is a field in an IP packet that enables different |
818 | levels of service to be assigned to network traffic. | |
819 | Defaults to <literal>no</literal>. | |
9b0ca30a SS |
820 | </para> |
821 | </listitem> | |
822 | </varlistentry> | |
dae398a8 SS |
823 | <varlistentry> |
824 | <term><varname>EncapsulationLimit=</varname></term> | |
825 | <listitem> | |
826 | <para>The Tunnel Encapsulation Limit option specifies how many additional | |
827 | levels of encapsulation are permitted to be prepended to the packet. | |
828 | For example, a Tunnel Encapsulation Limit option containing a limit | |
829 | value of zero means that a packet carrying that option may not enter | |
830 | another tunnel before exiting the current tunnel. | |
831 | (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>). | |
b938cb90 | 832 | The valid range is 0–255 and <literal>none</literal>. Defaults to 4. |
dae398a8 SS |
833 | </para> |
834 | </listitem> | |
835 | </varlistentry> | |
1d710029 SS |
836 | <varlistentry> |
837 | <term><varname>Key=</varname></term> | |
838 | <listitem> | |
839 | <para>The <varname>Key=</varname> parameter specifies the same key to use in | |
840 | both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>). | |
841 | The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad. | |
842 | It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data | |
843 | and control path) in ip xfrm (framework used to implement IPsec protocol). | |
844 | See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html"> | |
e306f2df | 845 | ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6 |
1d710029 SS |
846 | tunnels.</para> |
847 | </listitem> | |
848 | </varlistentry> | |
849 | <varlistentry> | |
850 | <term><varname>InputKey=</varname></term> | |
851 | <listitem> | |
852 | <para>The <varname>InputKey=</varname> parameter specifies the key to use for input. | |
853 | The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> | |
854 | </listitem> | |
855 | </varlistentry> | |
856 | <varlistentry> | |
857 | <term><varname>OutputKey=</varname></term> | |
858 | <listitem> | |
859 | <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output. | |
860 | The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para> | |
861 | </listitem> | |
862 | </varlistentry> | |
798d3a52 ZJS |
863 | <varlistentry> |
864 | <term><varname>Mode=</varname></term> | |
865 | <listitem> | |
a8eaaee7 | 866 | <para>An <literal>ip6tnl</literal> tunnel can be in one of three |
798d3a52 ZJS |
867 | modes |
868 | <literal>ip6ip6</literal> for IPv6 over IPv6, | |
869 | <literal>ipip6</literal> for IPv4 over IPv6 or | |
870 | <literal>any</literal> for either. | |
871 | </para> | |
872 | </listitem> | |
873 | </varlistentry> | |
4d7fa6de SS |
874 | <varlistentry> |
875 | <term><varname>Independent=</varname></term> | |
876 | <listitem> | |
877 | <para>A boolean. When true tunnel does not require .network file. Created as "tunnel@NONE". | |
878 | Defaults to <literal>false</literal>. | |
879 | </para> | |
880 | </listitem> | |
881 | </varlistentry> | |
798d3a52 ZJS |
882 | </variablelist> |
883 | </refsect1> | |
884 | <refsect1> | |
885 | <title>[Peer] Section Options</title> | |
886 | ||
887 | <para>The <literal>[Peer]</literal> section only applies for | |
888 | netdevs of kind <literal>veth</literal> and accepts the | |
a8eaaee7 | 889 | following keys:</para> |
798d3a52 ZJS |
890 | |
891 | <variablelist class='network-directives'> | |
892 | <varlistentry> | |
893 | <term><varname>Name=</varname></term> | |
894 | <listitem> | |
895 | <para>The interface name used when creating the netdev. | |
896 | This option is compulsory.</para> | |
897 | </listitem> | |
898 | </varlistentry> | |
899 | <varlistentry> | |
900 | <term><varname>MACAddress=</varname></term> | |
901 | <listitem> | |
b938cb90 | 902 | <para>The peer MACAddress, if not set, it is generated in |
798d3a52 ZJS |
903 | the same way as the MAC address of the main |
904 | interface.</para> | |
905 | </listitem> | |
906 | </varlistentry> | |
907 | </variablelist> | |
908 | </refsect1> | |
d6df583c SS |
909 | <refsect1> |
910 | <title>[VXCAN] Section Options</title> | |
911 | <para>The <literal>[VXCAN]</literal> section only applies for | |
912 | netdevs of kind <literal>vxcan</literal> and accepts the | |
913 | following key:</para> | |
914 | ||
915 | <variablelist class='network-directives'> | |
916 | <varlistentry> | |
917 | <term><varname>Peer=</varname></term> | |
918 | <listitem> | |
919 | <para>The peer interface name used when creating the netdev. | |
920 | This option is compulsory.</para> | |
921 | </listitem> | |
922 | </varlistentry> | |
923 | </variablelist> | |
924 | </refsect1> | |
798d3a52 ZJS |
925 | <refsect1> |
926 | <title>[Tun] Section Options</title> | |
927 | ||
928 | <para>The <literal>[Tun]</literal> section only applies for | |
929 | netdevs of kind <literal>tun</literal>, and accepts the following | |
930 | keys:</para> | |
931 | ||
932 | <variablelist class='network-directives'> | |
933 | <varlistentry> | |
934 | <term><varname>OneQueue=</varname></term> | |
935 | <listitem><para>Takes a boolean argument. Configures whether | |
936 | all packets are queued at the device (enabled), or a fixed | |
937 | number of packets are queued at the device and the rest at the | |
938 | <literal>qdisc</literal>. Defaults to | |
939 | <literal>no</literal>.</para> | |
940 | </listitem> | |
941 | </varlistentry> | |
942 | <varlistentry> | |
943 | <term><varname>MultiQueue=</varname></term> | |
944 | <listitem><para>Takes a boolean argument. Configures whether | |
945 | to use multiple file descriptors (queues) to parallelize | |
946 | packets sending and receiving. Defaults to | |
947 | <literal>no</literal>.</para> | |
948 | </listitem> | |
949 | </varlistentry> | |
950 | <varlistentry> | |
951 | <term><varname>PacketInfo=</varname></term> | |
952 | <listitem><para>Takes a boolean argument. Configures whether | |
ff9b60f3 | 953 | packets should be prepended with four extra bytes (two flag |
b938cb90 | 954 | bytes and two protocol bytes). If disabled, it indicates that |
798d3a52 ZJS |
955 | the packets will be pure IP packets. Defaults to |
956 | <literal>no</literal>.</para> | |
957 | </listitem> | |
958 | </varlistentry> | |
43f78da4 | 959 | <varlistentry> |
2aba142e | 960 | <term><varname>VNetHeader=</varname></term> |
43f78da4 SS |
961 | <listitem><para>Takes a boolean argument. Configures |
962 | IFF_VNET_HDR flag for a tap device. It allows sending | |
963 | and receiving larger Generic Segmentation Offload (GSO) | |
964 | packets. This may increase throughput significantly. | |
965 | Defaults to | |
966 | <literal>no</literal>.</para> | |
967 | </listitem> | |
968 | </varlistentry> | |
798d3a52 ZJS |
969 | <varlistentry> |
970 | <term><varname>User=</varname></term> | |
971 | <listitem><para>User to grant access to the | |
972 | <filename>/dev/net/tun</filename> device.</para> | |
973 | </listitem> | |
974 | </varlistentry> | |
975 | <varlistentry> | |
976 | <term><varname>Group=</varname></term> | |
977 | <listitem><para>Group to grant access to the | |
978 | <filename>/dev/net/tun</filename> device.</para> | |
979 | </listitem> | |
980 | </varlistentry> | |
981 | ||
982 | </variablelist> | |
983 | ||
984 | </refsect1> | |
985 | ||
986 | <refsect1> | |
987 | <title>[Tap] Section Options</title> | |
988 | ||
989 | <para>The <literal>[Tap]</literal> section only applies for | |
990 | netdevs of kind <literal>tap</literal>, and accepts the same keys | |
991 | as the <literal>[Tun]</literal> section.</para> | |
992 | </refsect1> | |
993 | ||
994 | <refsect1> | |
995 | <title>[Bond] Section Options</title> | |
996 | ||
997 | <para>The <literal>[Bond]</literal> section accepts the following | |
998 | key:</para> | |
999 | ||
1000 | <variablelist class='network-directives'> | |
1001 | <varlistentry> | |
1002 | <term><varname>Mode=</varname></term> | |
1003 | <listitem> | |
1004 | <para>Specifies one of the bonding policies. The default is | |
1005 | <literal>balance-rr</literal> (round robin). Possible values are | |
1006 | <literal>balance-rr</literal>, | |
1007 | <literal>active-backup</literal>, | |
1008 | <literal>balance-xor</literal>, | |
1009 | <literal>broadcast</literal>, | |
1010 | <literal>802.3ad</literal>, | |
1011 | <literal>balance-tlb</literal>, and | |
1012 | <literal>balance-alb</literal>. | |
1013 | </para> | |
1014 | </listitem> | |
1015 | </varlistentry> | |
1016 | ||
1017 | <varlistentry> | |
1018 | <term><varname>TransmitHashPolicy=</varname></term> | |
1019 | <listitem> | |
1020 | <para>Selects the transmit hash policy to use for slave | |
1021 | selection in balance-xor, 802.3ad, and tlb modes. Possible | |
1022 | values are | |
1023 | <literal>layer2</literal>, | |
1024 | <literal>layer3+4</literal>, | |
1025 | <literal>layer2+3</literal>, | |
4d89618a | 1026 | <literal>encap2+3</literal>, and |
798d3a52 ZJS |
1027 | <literal>encap3+4</literal>. |
1028 | </para> | |
1029 | </listitem> | |
1030 | </varlistentry> | |
1031 | ||
1032 | <varlistentry> | |
1033 | <term><varname>LACPTransmitRate=</varname></term> | |
1034 | <listitem> | |
1035 | <para>Specifies the rate with which link partner transmits | |
1036 | Link Aggregation Control Protocol Data Unit packets in | |
1037 | 802.3ad mode. Possible values are <literal>slow</literal>, | |
1038 | which requests partner to transmit LACPDUs every 30 seconds, | |
1039 | and <literal>fast</literal>, which requests partner to | |
1040 | transmit LACPDUs every second. The default value is | |
1041 | <literal>slow</literal>.</para> | |
1042 | </listitem> | |
1043 | </varlistentry> | |
1044 | ||
1045 | <varlistentry> | |
1046 | <term><varname>MIIMonitorSec=</varname></term> | |
1047 | <listitem> | |
1048 | <para>Specifies the frequency that Media Independent | |
1049 | Interface link monitoring will occur. A value of zero | |
dd2b607b | 1050 | disables MII link monitoring. This value is rounded down to |
798d3a52 ZJS |
1051 | the nearest millisecond. The default value is 0.</para> |
1052 | </listitem> | |
1053 | </varlistentry> | |
1054 | ||
1055 | <varlistentry> | |
1056 | <term><varname>UpDelaySec=</varname></term> | |
1057 | <listitem> | |
1058 | <para>Specifies the delay before a link is enabled after a | |
1059 | link up status has been detected. This value is rounded down | |
1060 | to a multiple of MIIMonitorSec. The default value is | |
1061 | 0.</para> | |
1062 | </listitem> | |
1063 | </varlistentry> | |
1064 | ||
1065 | <varlistentry> | |
1066 | <term><varname>DownDelaySec=</varname></term> | |
1067 | <listitem> | |
1068 | <para>Specifies the delay before a link is disabled after a | |
1069 | link down status has been detected. This value is rounded | |
1070 | down to a multiple of MIIMonitorSec. The default value is | |
1071 | 0.</para> | |
1072 | </listitem> | |
1073 | </varlistentry> | |
1074 | ||
81bd37a8 | 1075 | <varlistentry> |
38422da7 | 1076 | <term><varname>LearnPacketIntervalSec=</varname></term> |
81bd37a8 SS |
1077 | <listitem> |
1078 | <para>Specifies the number of seconds between instances where the bonding | |
a8eaaee7 JE |
1079 | driver sends learning packets to each slave peer switch. |
1080 | The valid range is 1–0x7fffffff; the default value is 1. This option | |
1081 | has an effect only for the balance-tlb and balance-alb modes.</para> | |
81bd37a8 SS |
1082 | </listitem> |
1083 | </varlistentry> | |
1084 | ||
1085 | <varlistentry> | |
1086 | <term><varname>AdSelect=</varname></term> | |
1087 | <listitem> | |
1088 | <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are | |
1089 | <literal>stable</literal>, | |
a8eaaee7 JE |
1090 | <literal>bandwidth</literal> and |
1091 | <literal>count</literal>. | |
81bd37a8 SS |
1092 | </para> |
1093 | </listitem> | |
1094 | </varlistentry> | |
1095 | ||
1096 | <varlistentry> | |
38422da7 | 1097 | <term><varname>FailOverMACPolicy=</varname></term> |
81bd37a8 | 1098 | <listitem> |
a8eaaee7 JE |
1099 | <para>Specifies whether the active-backup mode should set all slaves to |
1100 | the same MAC address at the time of enslavement or, when enabled, to perform special handling of the | |
81bd37a8 SS |
1101 | bond's MAC address in accordance with the selected policy. The default policy is none. |
1102 | Possible values are | |
1103 | <literal>none</literal>, | |
a8eaaee7 JE |
1104 | <literal>active</literal> and |
1105 | <literal>follow</literal>. | |
81bd37a8 SS |
1106 | </para> |
1107 | </listitem> | |
1108 | </varlistentry> | |
1109 | ||
1110 | <varlistentry> | |
38422da7 | 1111 | <term><varname>ARPValidate=</varname></term> |
81bd37a8 SS |
1112 | <listitem> |
1113 | <para>Specifies whether or not ARP probes and replies should be | |
38422da7 | 1114 | validated in any mode that supports ARP monitoring, or whether |
81bd37a8 SS |
1115 | non-ARP traffic should be filtered (disregarded) for link |
1116 | monitoring purposes. Possible values are | |
1117 | <literal>none</literal>, | |
1118 | <literal>active</literal>, | |
a8eaaee7 JE |
1119 | <literal>backup</literal> and |
1120 | <literal>all</literal>. | |
81bd37a8 SS |
1121 | </para> |
1122 | </listitem> | |
1123 | </varlistentry> | |
1124 | ||
1125 | <varlistentry> | |
38422da7 | 1126 | <term><varname>ARPIntervalSec=</varname></term> |
81bd37a8 SS |
1127 | <listitem> |
1128 | <para>Specifies the ARP link monitoring frequency in milliseconds. | |
1129 | A value of 0 disables ARP monitoring. The default value is 0. | |
1130 | </para> | |
1131 | </listitem> | |
1132 | </varlistentry> | |
1133 | ||
1134 | <varlistentry> | |
38422da7 | 1135 | <term><varname>ARPIPTargets=</varname></term> |
81bd37a8 SS |
1136 | <listitem> |
1137 | <para>Specifies the IP addresses to use as ARP monitoring peers when | |
38422da7 | 1138 | ARPIntervalSec is greater than 0. These are the targets of the ARP request |
81bd37a8 | 1139 | sent to determine the health of the link to the targets. |
a8eaaee7 | 1140 | Specify these values in IPv4 dotted decimal format. At least one IP |
81bd37a8 SS |
1141 | address must be given for ARP monitoring to function. The |
1142 | maximum number of targets that can be specified is 16. The | |
1143 | default value is no IP addresses. | |
1144 | </para> | |
1145 | </listitem> | |
1146 | </varlistentry> | |
1147 | ||
1148 | <varlistentry> | |
38422da7 | 1149 | <term><varname>ARPAllTargets=</varname></term> |
81bd37a8 | 1150 | <listitem> |
38422da7 | 1151 | <para>Specifies the quantity of ARPIPTargets that must be reachable |
81bd37a8 SS |
1152 | in order for the ARP monitor to consider a slave as being up. |
1153 | This option affects only active-backup mode for slaves with | |
38422da7 | 1154 | ARPValidate enabled. Possible values are |
a8eaaee7 JE |
1155 | <literal>any</literal> and |
1156 | <literal>all</literal>. | |
81bd37a8 SS |
1157 | </para> |
1158 | </listitem> | |
1159 | </varlistentry> | |
1160 | ||
1161 | <varlistentry> | |
38422da7 | 1162 | <term><varname>PrimaryReselectPolicy=</varname></term> |
81bd37a8 SS |
1163 | <listitem> |
1164 | <para>Specifies the reselection policy for the primary slave. This | |
1165 | affects how the primary slave is chosen to become the active slave | |
1166 | when failure of the active slave or recovery of the primary slave | |
1167 | occurs. This option is designed to prevent flip-flopping between | |
1168 | the primary slave and other slaves. Possible values are | |
1169 | <literal>always</literal>, | |
a8eaaee7 JE |
1170 | <literal>better</literal> and |
1171 | <literal>failure</literal>. | |
81bd37a8 SS |
1172 | </para> |
1173 | </listitem> | |
1174 | </varlistentry> | |
1175 | ||
1176 | <varlistentry> | |
1177 | <term><varname>ResendIGMP=</varname></term> | |
1178 | <listitem> | |
1179 | <para>Specifies the number of IGMP membership reports to be issued after | |
1180 | a failover event. One membership report is issued immediately after | |
1181 | the failover, subsequent packets are sent in each 200ms interval. | |
b938cb90 | 1182 | The valid range is 0–255. Defaults to 1. A value of 0 |
81bd37a8 SS |
1183 | prevents the IGMP membership report from being issued in response |
1184 | to the failover event. | |
1185 | </para> | |
1186 | </listitem> | |
1187 | </varlistentry> | |
1188 | ||
1189 | <varlistentry> | |
1190 | <term><varname>PacketsPerSlave=</varname></term> | |
1191 | <listitem> | |
b938cb90 JE |
1192 | <para>Specify the number of packets to transmit through a slave before |
1193 | moving to the next one. When set to 0, then a slave is chosen at | |
1194 | random. The valid range is 0–65535. Defaults to 1. This option | |
a8eaaee7 | 1195 | only has effect when in balance-rr mode. |
81bd37a8 SS |
1196 | </para> |
1197 | </listitem> | |
1198 | </varlistentry> | |
1199 | ||
1200 | <varlistentry> | |
38422da7 | 1201 | <term><varname>GratuitousARP=</varname></term> |
81bd37a8 SS |
1202 | <listitem> |
1203 | <para>Specify the number of peer notifications (gratuitous ARPs and | |
1204 | unsolicited IPv6 Neighbor Advertisements) to be issued after a | |
b938cb90 | 1205 | failover event. As soon as the link is up on the new slave, |
81bd37a8 SS |
1206 | a peer notification is sent on the bonding device and each |
1207 | VLAN sub-device. This is repeated at each link monitor interval | |
38422da7 | 1208 | (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is |
a8eaaee7 | 1209 | greater than 1. The valid range is 0–255. The default value is 1. |
38422da7 | 1210 | These options affect only the active-backup mode. |
81bd37a8 SS |
1211 | </para> |
1212 | </listitem> | |
1213 | </varlistentry> | |
1214 | ||
1215 | <varlistentry> | |
1216 | <term><varname>AllSlavesActive=</varname></term> | |
1217 | <listitem> | |
a8eaaee7 JE |
1218 | <para>A boolean. Specifies that duplicate frames (received on inactive ports) |
1219 | should be dropped when false, or delivered when true. Normally, bonding will drop | |
81bd37a8 SS |
1220 | duplicate frames (received on inactive ports), which is desirable for |
1221 | most users. But there are some times it is nice to allow duplicate | |
1222 | frames to be delivered. The default value is false (drop duplicate frames | |
1223 | received on inactive ports). | |
1224 | </para> | |
1225 | </listitem> | |
1226 | </varlistentry> | |
1227 | ||
1228 | <varlistentry> | |
1229 | <term><varname>MinLinks=</varname></term> | |
1230 | <listitem> | |
1231 | <para>Specifies the minimum number of links that must be active before | |
1232 | asserting carrier. The default value is 0. | |
1233 | </para> | |
1234 | </listitem> | |
1235 | </varlistentry> | |
798d3a52 | 1236 | </variablelist> |
81bd37a8 SS |
1237 | |
1238 | <para>For more detail information see | |
1239 | <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt"> | |
1240 | Linux Ethernet Bonding Driver HOWTO</ulink></para> | |
1241 | ||
798d3a52 ZJS |
1242 | </refsect1> |
1243 | ||
1244 | <refsect1> | |
1245 | <title>Example</title> | |
1246 | <example> | |
6c1695be | 1247 | <title>/etc/systemd/network/25-bridge.netdev</title> |
798d3a52 ZJS |
1248 | |
1249 | <programlisting>[NetDev] | |
eac684ef TG |
1250 | Name=bridge0 |
1251 | Kind=bridge</programlisting> | |
798d3a52 | 1252 | </example> |
eac684ef | 1253 | |
798d3a52 | 1254 | <example> |
6c1695be | 1255 | <title>/etc/systemd/network/25-vlan1.netdev</title> |
eac684ef | 1256 | |
798d3a52 | 1257 | <programlisting>[Match] |
eac684ef TG |
1258 | Virtualization=no |
1259 | ||
1260 | [NetDev] | |
1261 | Name=vlan1 | |
1262 | Kind=vlan | |
1263 | ||
1264 | [VLAN] | |
1265 | Id=1</programlisting> | |
798d3a52 ZJS |
1266 | </example> |
1267 | <example> | |
6c1695be | 1268 | <title>/etc/systemd/network/25-ipip.netdev</title> |
798d3a52 | 1269 | <programlisting>[NetDev] |
b35a2909 TG |
1270 | Name=ipip-tun |
1271 | Kind=ipip | |
1272 | MTUBytes=1480 | |
1273 | ||
1274 | [Tunnel] | |
1275 | Local=192.168.223.238 | |
1276 | Remote=192.169.224.239 | |
1277 | TTL=64</programlisting> | |
798d3a52 ZJS |
1278 | </example> |
1279 | <example> | |
6c1695be | 1280 | <title>/etc/systemd/network/25-tap.netdev</title> |
798d3a52 | 1281 | <programlisting>[NetDev] |
30ae9dfd SS |
1282 | Name=tap-test |
1283 | Kind=tap | |
1284 | ||
1285 | [Tap] | |
1286 | MultiQueue=true | |
1287 | PacketInfo=true</programlisting> </example> | |
eac684ef | 1288 | |
798d3a52 | 1289 | <example> |
6c1695be | 1290 | <title>/etc/systemd/network/25-sit.netdev</title> |
798d3a52 | 1291 | <programlisting>[NetDev] |
b35a2909 TG |
1292 | Name=sit-tun |
1293 | Kind=sit | |
1294 | MTUBytes=1480 | |
1295 | ||
1296 | [Tunnel] | |
1297 | Local=10.65.223.238 | |
1298 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1299 | </example> |
eac684ef | 1300 | |
798d3a52 | 1301 | <example> |
6c1695be | 1302 | <title>/etc/systemd/network/25-gre.netdev</title> |
798d3a52 | 1303 | <programlisting>[NetDev] |
b35a2909 TG |
1304 | Name=gre-tun |
1305 | Kind=gre | |
1306 | MTUBytes=1480 | |
1307 | ||
1308 | [Tunnel] | |
1309 | Local=10.65.223.238 | |
1310 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1311 | </example> |
b35a2909 | 1312 | |
798d3a52 | 1313 | <example> |
6c1695be | 1314 | <title>/etc/systemd/network/25-vti.netdev</title> |
b35a2909 | 1315 | |
798d3a52 | 1316 | <programlisting>[NetDev] |
b35a2909 TG |
1317 | Name=vti-tun |
1318 | Kind=vti | |
1319 | MTUBytes=1480 | |
1320 | ||
1321 | [Tunnel] | |
1322 | Local=10.65.223.238 | |
1323 | Remote=10.65.223.239</programlisting> | |
798d3a52 | 1324 | </example> |
b35a2909 | 1325 | |
798d3a52 | 1326 | <example> |
6c1695be | 1327 | <title>/etc/systemd/network/25-veth.netdev</title> |
798d3a52 | 1328 | <programlisting>[NetDev] |
b35a2909 TG |
1329 | Name=veth-test |
1330 | Kind=veth | |
1331 | ||
1332 | [Peer] | |
1333 | Name=veth-peer</programlisting> | |
798d3a52 | 1334 | </example> |
b35a2909 | 1335 | |
d94facdc | 1336 | <example> |
6c1695be | 1337 | <title>/etc/systemd/network/25-bond.netdev</title> |
d94facdc MH |
1338 | <programlisting>[NetDev] |
1339 | Name=bond1 | |
1340 | Kind=bond | |
1341 | ||
1342 | [Bond] | |
1343 | Mode=802.3ad | |
1344 | TransmitHashPolicy=layer3+4 | |
1345 | MIIMonitorSec=1s | |
1346 | LACPTransmitRate=fast | |
1347 | </programlisting> | |
1348 | </example> | |
1349 | ||
798d3a52 | 1350 | <example> |
6c1695be | 1351 | <title>/etc/systemd/network/25-dummy.netdev</title> |
798d3a52 | 1352 | <programlisting>[NetDev] |
9e358851 TG |
1353 | Name=dummy-test |
1354 | Kind=dummy | |
1355 | MACAddress=12:34:56:78:9a:bc</programlisting> | |
798d3a52 | 1356 | </example> |
20897a0d AR |
1357 | <example> |
1358 | <title>/etc/systemd/network/25-vrf.netdev</title> | |
037a3ded | 1359 | <para>Create a VRF interface with table 42.</para> |
20897a0d AR |
1360 | <programlisting>[NetDev] |
1361 | Name=vrf-test | |
1362 | Kind=vrf | |
798d3a52 | 1363 | |
20897a0d | 1364 | [VRF] |
362f6336 | 1365 | Table=42</programlisting> |
20897a0d | 1366 | </example> |
42125eda SS |
1367 | |
1368 | <example> | |
1369 | <title>/etc/systemd/network/25-macvtap.netdev</title> | |
1370 | <para>Create a MacVTap device.</para> | |
1371 | <programlisting>[NetDev] | |
1372 | Name=macvtap-test | |
1373 | Kind=macvtap | |
1374 | </programlisting> | |
1375 | </example> | |
798d3a52 ZJS |
1376 | </refsect1> |
1377 | <refsect1> | |
1378 | <title>See Also</title> | |
1379 | <para> | |
1380 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
1381 | <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
1382 | <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1383 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
1384 | </para> | |
1385 | </refsect1> | |
eac684ef TG |
1386 | |
1387 | </refentry> |