]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
networkd: Add support for ipvlan L3s and flags (#7726)
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef
TG		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
eac684ef
TG		 4
5<!--
572eb058
ZJS		 6 SPDX-License-Identifier: LGPL-2.1+
7
eac684ef
TG		 8 This file is part of systemd.
9
10 Copyright 2013 Tom Gundersen
11
12 systemd is free software; you can redistribute it and/or modify it
13 under the terms of the GNU Lesser General Public License as published by
14 the Free Software Foundation; either version 2.1 of the License, or
15 (at your option) any later version.
16
17 systemd is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
21
22 You should have received a copy of the GNU Lesser General Public License
23 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24-->
25
26<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
27
798d3a52
ZJS		 28 <refentryinfo>
29 <title>systemd.network</title>
30 <productname>systemd</productname>
31
32 <authorgroup>
33 <author>
34 <contrib>Developer</contrib>
35 <firstname>Tom</firstname>
36 <surname>Gundersen</surname>
37 <email>teg@jklm.no</email>
38 </author>
39 </authorgroup>
40 </refentryinfo>
41
42 <refmeta>
43 <refentrytitle>systemd.netdev</refentrytitle>
44 <manvolnum>5</manvolnum>
45 </refmeta>
46
47 <refnamediv>
48 <refname>systemd.netdev</refname>
49 <refpurpose>Virtual Network Device configuration</refpurpose>
50 </refnamediv>
51
52 <refsynopsisdiv>
53 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
54 </refsynopsisdiv>
55
56 <refsect1>
57 <title>Description</title>
58
59 <para>Network setup is performed by
60 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
61 </para>
62
bac150e9
ZJS		 63 <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
64 other extensions are ignored. Virtual network devices are created as soon as networkd is
65 started. If a netdev with the specified name already exists, networkd will use that as-is rather
66 than create its own. Note that the settings of the pre-existing netdev will not be changed by
798d3a52
ZJS		 67 networkd.</para>
68
bac150e9
ZJS		 69 <para>The <filename>.netdev</filename> files are read from the files located in the system
70 network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network
71 directory <filename>/run/systemd/network</filename> and the local administration network
72 directory <filename>/etc/systemd/network</filename>. All configuration files are collectively
73 sorted and processed in lexical order, regardless of the directories in which they live.
74 However, files with identical filenames replace each other. Files in <filename>/etc</filename>
75 have the highest priority, files in <filename>/run</filename> take precedence over files with
76 the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied
77 configuration file with a local file if needed. As a special case, an empty file (file size 0)
78 or symlink with the same name pointing to <filename>/dev/null</filename> disables the
79 configuration file entirely (it is "masked").</para>
80
81 <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
82 <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
83 from this directory will be parsed after the file itself is parsed. This is useful to alter or
84 add configuration settings, without having to modify the main configuration file. Each drop-in
85 file must have appropriate section headers.</para>
86
87 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
88 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
89 <filename>/run/systemd/network</filename> directories. Drop-in files in
90 <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn
91 take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these
92 directories take precedence over the main netdev file wherever located. (Of course, since
93 <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is
94 unlikely drop-ins should be used in either of those places.)</para>
798d3a52
ZJS		 95 </refsect1>
96
97 <refsect1>
98 <title>Supported netdev kinds</title>
99
100 <para>The following kinds of virtual network devices may be
101 configured in <filename>.netdev</filename> files:</para>
102
103 <table>
104 <title>Supported kinds of virtual network devices</title>
105
106 <tgroup cols='2'>
107 <colspec colname='kind' />
108 <colspec colname='explanation' />
109 <thead><row>
110 <entry>Kind</entry>
111 <entry>Description</entry>
112 </row></thead>
113 <tbody>
114 <row><entry><varname>bond</varname></entry>
115 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
116
117 <row><entry><varname>bridge</varname></entry>
a8eaaee7 118 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 119
120 <row><entry><varname>dummy</varname></entry>
121 <entry>A dummy device drops all packets sent to it.</entry></row>
122
123 <row><entry><varname>gre</varname></entry>
124 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
125
126 <row><entry><varname>gretap</varname></entry>
127 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
128
129 <row><entry><varname>ip6gre</varname></entry>
130 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
131
132 <row><entry><varname>ip6tnl</varname></entry>
133 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
134
135 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 136 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 137
138 <row><entry><varname>ipip</varname></entry>
139 <entry>An IPv4 over IPv4 tunnel.</entry></row>
140
141 <row><entry><varname>ipvlan</varname></entry>
142 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
143
144 <row><entry><varname>macvlan</varname></entry>
145 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
146
0371f2df
SS		 147 <row><entry><varname>macvtap</varname></entry>
148 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
149
798d3a52
ZJS		 150 <row><entry><varname>sit</varname></entry>
151 <entry>An IPv6 over IPv4 tunnel.</entry></row>
152
153 <row><entry><varname>tap</varname></entry>
154 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
155
156 <row><entry><varname>tun</varname></entry>
157 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
158
159 <row><entry><varname>veth</varname></entry>
a8eaaee7 160 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 161
162 <row><entry><varname>vlan</varname></entry>
163 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
164
165 <row><entry><varname>vti</varname></entry>
166 <entry>An IPv4 over IPSec tunnel.</entry></row>
167
5cc0748e
SS		 168 <row><entry><varname>vti6</varname></entry>
169 <entry>An IPv6 over IPSec tunnel.</entry></row>
170
798d3a52
ZJS		 171 <row><entry><varname>vxlan</varname></entry>
172 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d 173
6598e046
SS		 174 <row><entry><varname>geneve</varname></entry>
175 <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row>
176
20897a0d 177 <row><entry><varname>vrf</varname></entry>
92c918b0
SS		 178 <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
179
180 <row><entry><varname>vcan</varname></entry>
ba9fa3bc 181 <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
20897a0d 182
d6df583c
SS		 183 <row><entry><varname>vxcan</varname></entry>
184 <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication.
185 </entry></row>
186
798d3a52
ZJS		 187 </tbody>
188 </tgroup>
189 </table>
190
191 </refsect1>
192
193 <refsect1>
194 <title>[Match] Section Options</title>
195
196 <para>A virtual network device is only created if the
197 <literal>[Match]</literal> section matches the current
198 environment, or if the section is empty. The following keys are
199 accepted:</para>
200
201 <variablelist class='network-directives'>
202 <varlistentry>
203 <term><varname>Host=</varname></term>
204 <listitem>
205 <para>Matches against the hostname or machine ID of the
206 host. See <literal>ConditionHost=</literal> in
207 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
208 for details.
209 </para>
210 </listitem>
211 </varlistentry>
212 <varlistentry>
213 <term><varname>Virtualization=</varname></term>
214 <listitem>
215 <para>Checks whether the system is executed in a virtualized
216 environment and optionally test whether it is a specific
217 implementation. See
218 <literal>ConditionVirtualization=</literal> in
219 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
220 for details.
221 </para>
222 </listitem>
223 </varlistentry>
224 <varlistentry>
225 <term><varname>KernelCommandLine=</varname></term>
226 <listitem>
227 <para>Checks whether a specific kernel command line option
228 is set (or if prefixed with the exclamation mark unset). See
229 <literal>ConditionKernelCommandLine=</literal> in
230 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
231 for details.
232 </para>
233 </listitem>
234 </varlistentry>
235 <varlistentry>
236 <term><varname>Architecture=</varname></term>
237 <listitem>
238 <para>Checks whether the system is running on a specific
239 architecture. See <literal>ConditionArchitecture=</literal> in
240 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
241 for details.
242 </para>
243 </listitem>
244 </varlistentry>
245 </variablelist>
246
247 </refsect1>
248
249 <refsect1>
250 <title>[NetDev] Section Options</title>
251
252 <para>The <literal>[NetDev]</literal> section accepts the
253 following keys:</para>
254
255 <variablelist class='network-directives'>
256 <varlistentry>
257 <term><varname>Description=</varname></term>
258 <listitem>
259 <para>A free-form description of the netdev.</para>
260 </listitem>
261 </varlistentry>
262 <varlistentry>
263 <term><varname>Name=</varname></term>
264 <listitem>
265 <para>The interface name used when creating the netdev.
266 This option is compulsory.</para>
267 </listitem>
268 </varlistentry>
269 <varlistentry>
270 <term><varname>Kind=</varname></term>
271 <listitem>
272 <para>The netdev kind. This option is compulsory. See the
273 <literal>Supported netdev kinds</literal> section for the
274 valid keys.</para>
275 </listitem>
276 </varlistentry>
277 <varlistentry>
278 <term><varname>MTUBytes=</varname></term>
279 <listitem>
280 <para>The maximum transmission unit in bytes to set for
281 the device. The usual suffixes K, M, G, are supported and
282 are understood to the base of 1024. This key is not
ff9b60f3 283 currently supported for <literal>tun</literal> or
798d3a52
ZJS		 284 <literal>tap</literal> devices.
285 </para>
286 </listitem>
287 </varlistentry>
288 <varlistentry>
289 <term><varname>MACAddress=</varname></term>
290 <listitem>
291 <para>The MAC address to use for the device. If none is
292 given, one is generated based on the interface name and
293 the
294 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
ff9b60f3 295 This key is not currently supported for
798d3a52
ZJS		 296 <literal>tun</literal> or <literal>tap</literal> devices.
297 </para>
298 </listitem>
299 </varlistentry>
300 </variablelist>
301 </refsect1>
302
3428fe07
SS		 303 <refsect1>
304 <title>[Bridge] Section Options</title>
305
306 <para>The <literal>[Bridge]</literal> section only applies for
307 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 308 following keys:</para>
3428fe07
SS		 309
310 <variablelist class='network-directives'>
311 <varlistentry>
312 <term><varname>HelloTimeSec=</varname></term>
313 <listitem>
a8eaaee7 314 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 315 sent out by the root bridge and the designated bridges. Hello packets are
316 used to communicate information about the topology throughout the entire
317 bridged local area network.</para>
318 </listitem>
319 </varlistentry>
320 <varlistentry>
321 <term><varname>MaxAgeSec=</varname></term>
322 <listitem>
323 <para>MaxAgeSec specifies the number of seconds of maximum message age.
324 If the last seen (received) hello packet is more than this number of
325 seconds old, the bridge in question will start the takeover procedure
326 in attempt to become the Root Bridge itself.</para>
327 </listitem>
328 </varlistentry>
329 <varlistentry>
330 <term><varname>ForwardDelaySec=</varname></term>
331 <listitem>
332 <para>ForwardDelaySec specifies the number of seconds spent in each
333 of the Listening and Learning states before the Forwarding state is entered.</para>
334 </listitem>
335 </varlistentry>
c7440e74
TJ		 336 <varlistentry>
337 <term><varname>AgeingTimeSec=</varname></term>
338 <listitem>
339 <para>This specifies the number of seconds a MAC Address will be kept in
d23a0044 340 the forwarding database after having a packet received from this MAC Address.</para>
c7440e74
TJ		 341 </listitem>
342 </varlistentry>
343 <varlistentry>
344 <term><varname>Priority=</varname></term>
345 <listitem>
346 <para>The priority of the bridge. An integer between 0 and 65535. A lower value
347 means higher priority. The bridge having the lowest priority will be elected as root bridge.</para>
348 </listitem>
349 </varlistentry>
c4819961
JC		 350 <varlistentry>
351 <term><varname>GroupForwardMask=</varname></term>
352 <listitem>
353 <para>A 16-bit bitmask represented as an integer which allows forwarding of link
354 local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND
355 is performed between the specified bitmask and the exponentiation of 2^X, the
356 lower nibble of the last octet of the MAC address. For example, a value of 8
357 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para>
358 </listitem>
359 </varlistentry>
c7440e74
TJ		 360 <varlistentry>
361 <term><varname>DefaultPVID=</varname></term>
362 <listitem>
0d6c68eb
TJ		 363 <para>This specifies the default port VLAN ID of a newly attached bridge port.
364 Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para>
c7440e74
TJ		 365 </listitem>
366 </varlistentry>
3fef7a3f
SS		 367 <varlistentry>
368 <term><varname>MulticastQuerier=</varname></term>
369 <listitem>
370 <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
371 If enabled, the kernel will send general ICMP queries from a zero source address.
372 This feature should allow faster convergence on startup, but it causes some
373 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
374 When unset, the kernel's default setting applies.
375 </para>
376 </listitem>
377 </varlistentry>
6df6d898
SS		 378 <varlistentry>
379 <term><varname>MulticastSnooping=</varname></term>
380 <listitem>
381 <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
382 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
383 between hosts and multicast routers. When unset, the kernel's default setting applies.
384 </para>
385 </listitem>
386 </varlistentry>
c6f8d17d
TJ		 387 <varlistentry>
388 <term><varname>VLANFiltering=</varname></term>
389 <listitem>
390 <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
391 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's
392 default setting applies.
393 </para>
394 </listitem>
395 </varlistentry>
b760a9af
SS		 396 <varlistentry>
397 <term><varname>STP=</varname></term>
398 <listitem>
399 <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset,
400 the kernel's default setting applies.
401 </para>
402 </listitem>
403 </varlistentry>
3428fe07 404 </variablelist>
3428fe07
SS		 405 </refsect1>
406
798d3a52
ZJS		 407 <refsect1>
408 <title>[VLAN] Section Options</title>
409
410 <para>The <literal>[VLAN]</literal> section only applies for
411 netdevs of kind <literal>vlan</literal>, and accepts the
412 following key:</para>
413
414 <variablelist class='network-directives'>
415 <varlistentry>
416 <term><varname>Id=</varname></term>
417 <listitem>
418 <para>The VLAN ID to use. An integer in the range 0–4094.
419 This option is compulsory.</para>
420 </listitem>
421 </varlistentry>
c8b21184
SS		 422 <varlistentry>
423 <term><varname>GVRP=</varname></term>
424 <listitem>
425 <para>The Generic VLAN Registration Protocol (GVRP) is a protocol that
426 allows automatic learning of VLANs on a network. A boolean. When unset,
427 the kernel's default setting applies.</para>
428 </listitem>
429 </varlistentry>
6c1ff21b
SS		 430 <varlistentry>
431 <term><varname>MVRP=</varname></term>
432 <listitem>
433 <para>Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN
434 Registration Protocol (GVRP) is a standards-based Layer 2 network protocol,
435 for automatic configuration of VLAN information on switches. It was defined
436 in the 802.1ak amendment to 802.1Q-2005. A boolean. When unset, the kernel's
437 default setting applies.</para>
438 </listitem>
439 </varlistentry>
440 <varlistentry>
441 <term><varname>LooseBinding=</varname></term>
442 <listitem>
443 <para>The VLAN loose binding mode, in which only the operational state is passed
444 from the parent to the associated VLANs, but the VLAN device state is not changed.
445 A boolean. When unset, the kernel's default setting applies.</para>
446 </listitem>
447 </varlistentry>
448 <varlistentry>
449 <term><varname>ReorderHeader=</varname></term>
450 <listitem>
451 <para>The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
452 A boolean. When unset, the kernel's default setting applies.</para>
453 </listitem>
454 </varlistentry>
798d3a52 455 </variablelist>
798d3a52
ZJS		 456 </refsect1>
457
458 <refsect1>
459 <title>[MACVLAN] Section Options</title>
460
461 <para>The <literal>[MACVLAN]</literal> section only applies for
462 netdevs of kind <literal>macvlan</literal>, and accepts the
463 following key:</para>
464
465 <variablelist class='network-directives'>
466 <varlistentry>
467 <term><varname>Mode=</varname></term>
468 <listitem>
469 <para>The MACVLAN mode to use. The supported options are
470 <literal>private</literal>,
471 <literal>vepa</literal>,
472 <literal>bridge</literal>, and
473 <literal>passthru</literal>.
474 </para>
475 </listitem>
476 </varlistentry>
477 </variablelist>
478
479 </refsect1>
480
0371f2df
SS		 481 <refsect1>
482 <title>[MACVTAP] Section Options</title>
483
484 <para>The <literal>[MACVTAP]</literal> section applies for
485 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 486 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 487
488 </refsect1>
489
798d3a52
ZJS		 490 <refsect1>
491 <title>[IPVLAN] Section Options</title>
492
493 <para>The <literal>[IPVLAN]</literal> section only applies for
494 netdevs of kind <literal>ipvlan</literal>, and accepts the
495 following key:</para>
496
497 <variablelist class='network-directives'>
498 <varlistentry>
499 <term><varname>Mode=</varname></term>
500 <listitem>
501 <para>The IPVLAN mode to use. The supported options are
d384826f
SS		 502 <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>.
503 </para>
504 </listitem>
505 </varlistentry>
506 <varlistentry>
507 <term><varname>Flags=</varname></term>
508 <listitem>
509 <para>The IPVLAN flags to use. The supported options are
510 <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>.
798d3a52
ZJS		 511 </para>
512 </listitem>
513 </varlistentry>
514 </variablelist>
515
516 </refsect1>
517
518 <refsect1>
519 <title>[VXLAN] Section Options</title>
520 <para>The <literal>[VXLAN]</literal> section only applies for
521 netdevs of kind <literal>vxlan</literal>, and accepts the
522 following keys:</para>
523
524 <variablelist class='network-directives'>
525 <varlistentry>
526 <term><varname>Id=</varname></term>
527 <listitem>
528 <para>The VXLAN ID to use.</para>
529 </listitem>
530 </varlistentry>
531 <varlistentry>
d35e5d37 532 <term><varname>Remote=</varname></term>
798d3a52 533 <listitem>
d35e5d37 534 <para>Configures destination multicast group IP address.</para>
798d3a52
ZJS		 535 </listitem>
536 </varlistentry>
537 <varlistentry>
d35e5d37
SS		 538 <term><varname>Local=</varname></term>
539 <listitem>
540 <para>Configures local IP address.</para>
541 </listitem>
542 </varlistentry>
543 <varlistentry>
798d3a52
ZJS		 544 <term><varname>TOS=</varname></term>
545 <listitem>
546 <para>The Type Of Service byte value for a vxlan interface.</para>
547 </listitem>
548 </varlistentry>
549 <varlistentry>
550 <term><varname>TTL=</varname></term>
551 <listitem>
552 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 553 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 554 is a special value meaning that packets inherit the TTL
555 value.</para>
556 </listitem>
557 </varlistentry>
558 <varlistentry>
559 <term><varname>MacLearning=</varname></term>
560 <listitem>
561 <para>A boolean. When true, enables dynamic MAC learning
562 to discover remote MAC addresses.</para>
563 </listitem>
564 </varlistentry>
565 <varlistentry>
566 <term><varname>FDBAgeingSec=</varname></term>
567 <listitem>
568 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 569 the kernel, in seconds.</para>
798d3a52
ZJS		 570 </listitem>
571 </varlistentry>
572 <varlistentry>
3d276dd2
SS		 573 <term><varname>MaximumFDBEntries=</varname></term>
574 <listitem>
575 <para>Configures maximum number of FDB entries.</para>
576 </listitem>
577 </varlistentry>
798d3a52 578 <varlistentry>
7dd6974c 579 <term><varname>ReduceARPProxy=</varname></term>
798d3a52 580 <listitem>
7dd6974c
SS		 581 <para>A boolean. When true, bridge-connected VXLAN tunnel
582 endpoint answers ARP requests from the local bridge on behalf
583 of remote Distributed Overlay Virtual Ethernet
584 <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet">
585 (DVOE)</ulink> clients. Defaults to false.</para>
798d3a52
ZJS		 586 </listitem>
587 </varlistentry>
588 <varlistentry>
589 <term><varname>L2MissNotification=</varname></term>
590 <listitem>
591 <para>A boolean. When true, enables netlink LLADDR miss
592 notifications.</para>
593 </listitem>
594 </varlistentry>
595 <varlistentry>
596 <term><varname>L3MissNotification=</varname></term>
597 <listitem>
a8eaaee7 598 <para>A boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 599 notifications.</para>
600 </listitem>
601 </varlistentry>
602 <varlistentry>
603 <term><varname>RouteShortCircuit=</varname></term>
604 <listitem>
a8eaaee7 605 <para>A boolean. When true, route short circuiting is turned
798d3a52
ZJS		 606 on.</para>
607 </listitem>
608 </varlistentry>
cffacc74 609 <varlistentry>
53c06862 610 <term><varname>UDPChecksum=</varname></term>
cffacc74 611 <listitem>
b938cb90 612 <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 613 </listitem>
614 </varlistentry>
615 <varlistentry>
616 <term><varname>UDP6ZeroChecksumTx=</varname></term>
617 <listitem>
b938cb90 618 <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 619 </listitem>
620 </varlistentry>
621 <varlistentry>
53c06862 622 <term><varname>UDP6ZeroChecksumRx=</varname></term>
cffacc74 623 <listitem>
b938cb90 624 <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
16441027
SS		 625 </listitem>
626 </varlistentry>
627 <varlistentry>
53c06862 628 <term><varname>RemoteChecksumTx=</varname></term>
16441027
SS		 629 <listitem>
630 <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
631 </listitem>
632 </varlistentry>
633 <varlistentry>
53c06862 634 <term><varname>RemoteChecksumRx=</varname></term>
16441027
SS		 635 <listitem>
636 <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
cffacc74
SS		 637 </listitem>
638 </varlistentry>
8b414e52
SS		 639 <varlistentry>
640 <term><varname>GroupPolicyExtension=</varname></term>
641 <listitem>
b938cb90
JE		 642 <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
643 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 644 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
645 VXLAN Group Policy </ulink> document. Defaults to false.</para>
646 </listitem>
647 </varlistentry>
ea0288d1
SS		 648 <varlistentry>
649 <term><varname>DestinationPort=</varname></term>
650 <listitem>
651 <para>Configures the default destination UDP port on a per-device basis.
652 If destination port is not specified then Linux kernel default will be used.
98616735
SS		 653 Set destination port 4789 to get the IANA assigned value. If not set or if the
654 destination port is assigned the empty string the default port of 4789 is used.</para>
ea0288d1
SS		 655 </listitem>
656 </varlistentry>
657 <varlistentry>
658 <term><varname>PortRange=</varname></term>
659 <listitem>
660 <para>Configures VXLAN port range. VXLAN bases source
661 UDP port based on flow to help the receiver to be able
662 to load balance based on outer header flow. It
663 restricts the port range to the normal UDP local
664 ports, and allows overriding via configuration.</para>
665 </listitem>
666 </varlistentry>
d8653945
SS		 667 <varlistentry>
668 <term><varname>FlowLabel=</varname></term>
669 <listitem>
670 <para>Specifies the flow label to use in outgoing packets.
671 The valid range is 0-1048575.
672 </para>
673 </listitem>
674 </varlistentry>
798d3a52
ZJS		 675 </variablelist>
676 </refsect1>
6598e046
SS		 677 <refsect1>
678 <title>[GENEVE] Section Options</title>
679 <para>The <literal>[GENEVE]</literal> section only applies for
680 netdevs of kind <literal>geneve</literal>, and accepts the
681 following keys:</para>
682
683 <variablelist class='network-directives'>
684 <varlistentry>
685 <term><varname>Id=</varname></term>
686 <listitem>
785889e5 687 <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para>
6598e046
SS		 688 </listitem>
689 </varlistentry>
690 <varlistentry>
691 <term><varname>Remote=</varname></term>
692 <listitem>
693 <para>Specifies the unicast destination IP address to use in outgoing packets.</para>
694 </listitem>
695 </varlistentry>
696 <varlistentry>
697 <term><varname>TOS=</varname></term>
698 <listitem>
98616735 699 <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 700 </listitem>
701 </varlistentry>
702 <varlistentry>
703 <term><varname>TTL=</varname></term>
704 <listitem>
98616735 705 <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 706 </listitem>
707 </varlistentry>
708 <varlistentry>
709 <term><varname>UDPChecksum=</varname></term>
710 <listitem>
711 <para>A boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
712 </listitem>
713 </varlistentry>
714 <varlistentry>
715 <term><varname>UDP6ZeroChecksumTx=</varname></term>
716 <listitem>
717 <para>A boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
718 </listitem>
719 </varlistentry>
720 <varlistentry>
721 <term><varname>UDP6ZeroChecksumRx=</varname></term>
722 <listitem>
723 <para>A boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
724 </listitem>
725 </varlistentry>
726 <varlistentry>
727 <term><varname>DestinationPort=</varname></term>
728 <listitem>
98616735
SS		 729 <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default
730 port of 6081 is used.</para>
6598e046
SS		 731 </listitem>
732 </varlistentry>
733 <varlistentry>
734 <term><varname>FlowLabel=</varname></term>
735 <listitem>
736 <para>Specifies the flow label to use in outgoing packets.</para>
737 </listitem>
738 </varlistentry>
739 </variablelist>
740 </refsect1>
798d3a52
ZJS		 741 <refsect1>
742 <title>[Tunnel] Section Options</title>
743
744 <para>The <literal>[Tunnel]</literal> section only applies for
745 netdevs of kind
746 <literal>ipip</literal>,
747 <literal>sit</literal>,
748 <literal>gre</literal>,
749 <literal>gretap</literal>,
750 <literal>ip6gre</literal>,
751 <literal>ip6gretap</literal>,
5cc0748e
SS		 752 <literal>vti</literal>,
753 <literal>vti6</literal>, and
798d3a52
ZJS		 754 <literal>ip6tnl</literal> and accepts
755 the following keys:</para>
756
757 <variablelist class='network-directives'>
758 <varlistentry>
759 <term><varname>Local=</varname></term>
760 <listitem>
761 <para>A static local address for tunneled packets. It must
762 be an address on another interface of this host.</para>
763 </listitem>
764 </varlistentry>
765 <varlistentry>
766 <term><varname>Remote=</varname></term>
767 <listitem>
768 <para>The remote endpoint of the tunnel.</para>
769 </listitem>
770 </varlistentry>
771 <varlistentry>
772 <term><varname>TOS=</varname></term>
773 <listitem>
774 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 775 For details about the TOS, see the
798d3a52
ZJS		 776 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
777 Service in the Internet Protocol Suite </ulink> document.
778 </para>
779 </listitem>
780 </varlistentry>
781 <varlistentry>
782 <term><varname>TTL=</varname></term>
783 <listitem>
784 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 785 number in the range 1–255. 0 is a special value meaning that
798d3a52 786 packets inherit the TTL value. The default value for IPv4
b938cb90 787 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 788 64.</para>
789 </listitem>
790 </varlistentry>
791 <varlistentry>
792 <term><varname>DiscoverPathMTU=</varname></term>
793 <listitem>
794 <para>A boolean. When true, enables Path MTU Discovery on
795 the tunnel.</para>
796 </listitem>
797 </varlistentry>
276de526
SS		 798 <varlistentry>
799 <term><varname>IPv6FlowLabel=</varname></term>
800 <listitem>
a8eaaee7 801 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 802 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 803 RFC 2460</ulink>), which is used by a node to label packets of a flow.
804 It is only used for IPv6 tunnels.
805 A flow label of zero is used to indicate packets that have
806 not been labeled.
807 It can be configured to a value in the range 0–0xFFFFF, or be
808 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 809 </listitem>
810 </varlistentry>
9b0ca30a 811 <varlistentry>
a9b70f9d 812 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 813 <listitem>
3cf4bcab
ZJS		 814 <para>A boolean. When true, the Differentiated Service Code
815 Point (DSCP) field will be copied to the inner header from
a9b70f9d 816 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 817 packet. DSCP is a field in an IP packet that enables different
818 levels of service to be assigned to network traffic.
819 Defaults to <literal>no</literal>.
9b0ca30a
SS		 820 </para>
821 </listitem>
822 </varlistentry>
dae398a8
SS		 823 <varlistentry>
824 <term><varname>EncapsulationLimit=</varname></term>
825 <listitem>
826 <para>The Tunnel Encapsulation Limit option specifies how many additional
827 levels of encapsulation are permitted to be prepended to the packet.
828 For example, a Tunnel Encapsulation Limit option containing a limit
829 value of zero means that a packet carrying that option may not enter
830 another tunnel before exiting the current tunnel.
831 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 832 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 833 </para>
834 </listitem>
835 </varlistentry>
1d710029
SS		 836 <varlistentry>
837 <term><varname>Key=</varname></term>
838 <listitem>
839 <para>The <varname>Key=</varname> parameter specifies the same key to use in
840 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
841 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
842 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
843 and control path) in ip xfrm (framework used to implement IPsec protocol).
844 See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
e306f2df 845 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
1d710029
SS		 846 tunnels.</para>
847 </listitem>
848 </varlistentry>
849 <varlistentry>
850 <term><varname>InputKey=</varname></term>
851 <listitem>
852 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
853 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
854 </listitem>
855 </varlistentry>
856 <varlistentry>
857 <term><varname>OutputKey=</varname></term>
858 <listitem>
859 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
860 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
861 </listitem>
862 </varlistentry>
798d3a52
ZJS		 863 <varlistentry>
864 <term><varname>Mode=</varname></term>
865 <listitem>
a8eaaee7 866 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 867 modes
868 <literal>ip6ip6</literal> for IPv6 over IPv6,
869 <literal>ipip6</literal> for IPv4 over IPv6 or
870 <literal>any</literal> for either.
871 </para>
872 </listitem>
873 </varlistentry>
4d7fa6de
SS		 874 <varlistentry>
875 <term><varname>Independent=</varname></term>
876 <listitem>
877 <para>A boolean. When true tunnel does not require .network file. Created as "tunnel@NONE".
878 Defaults to <literal>false</literal>.
879 </para>
880 </listitem>
881 </varlistentry>
798d3a52
ZJS		 882 </variablelist>
883 </refsect1>
884 <refsect1>
885 <title>[Peer] Section Options</title>
886
887 <para>The <literal>[Peer]</literal> section only applies for
888 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 889 following keys:</para>
798d3a52
ZJS		 890
891 <variablelist class='network-directives'>
892 <varlistentry>
893 <term><varname>Name=</varname></term>
894 <listitem>
895 <para>The interface name used when creating the netdev.
896 This option is compulsory.</para>
897 </listitem>
898 </varlistentry>
899 <varlistentry>
900 <term><varname>MACAddress=</varname></term>
901 <listitem>
b938cb90 902 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 903 the same way as the MAC address of the main
904 interface.</para>
905 </listitem>
906 </varlistentry>
907 </variablelist>
908 </refsect1>
d6df583c
SS		 909 <refsect1>
910 <title>[VXCAN] Section Options</title>
911 <para>The <literal>[VXCAN]</literal> section only applies for
912 netdevs of kind <literal>vxcan</literal> and accepts the
913 following key:</para>
914
915 <variablelist class='network-directives'>
916 <varlistentry>
917 <term><varname>Peer=</varname></term>
918 <listitem>
919 <para>The peer interface name used when creating the netdev.
920 This option is compulsory.</para>
921 </listitem>
922 </varlistentry>
923 </variablelist>
924 </refsect1>
798d3a52
ZJS		 925 <refsect1>
926 <title>[Tun] Section Options</title>
927
928 <para>The <literal>[Tun]</literal> section only applies for
929 netdevs of kind <literal>tun</literal>, and accepts the following
930 keys:</para>
931
932 <variablelist class='network-directives'>
933 <varlistentry>
934 <term><varname>OneQueue=</varname></term>
935 <listitem><para>Takes a boolean argument. Configures whether
936 all packets are queued at the device (enabled), or a fixed
937 number of packets are queued at the device and the rest at the
938 <literal>qdisc</literal>. Defaults to
939 <literal>no</literal>.</para>
940 </listitem>
941 </varlistentry>
942 <varlistentry>
943 <term><varname>MultiQueue=</varname></term>
944 <listitem><para>Takes a boolean argument. Configures whether
945 to use multiple file descriptors (queues) to parallelize
946 packets sending and receiving. Defaults to
947 <literal>no</literal>.</para>
948 </listitem>
949 </varlistentry>
950 <varlistentry>
951 <term><varname>PacketInfo=</varname></term>
952 <listitem><para>Takes a boolean argument. Configures whether
ff9b60f3 953 packets should be prepended with four extra bytes (two flag
b938cb90 954 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 955 the packets will be pure IP packets. Defaults to
956 <literal>no</literal>.</para>
957 </listitem>
958 </varlistentry>
43f78da4 959 <varlistentry>
2aba142e 960 <term><varname>VNetHeader=</varname></term>
43f78da4
SS		 961 <listitem><para>Takes a boolean argument. Configures
962 IFF_VNET_HDR flag for a tap device. It allows sending
963 and receiving larger Generic Segmentation Offload (GSO)
964 packets. This may increase throughput significantly.
965 Defaults to
966 <literal>no</literal>.</para>
967 </listitem>
968 </varlistentry>
798d3a52
ZJS		 969 <varlistentry>
970 <term><varname>User=</varname></term>
971 <listitem><para>User to grant access to the
972 <filename>/dev/net/tun</filename> device.</para>
973 </listitem>
974 </varlistentry>
975 <varlistentry>
976 <term><varname>Group=</varname></term>
977 <listitem><para>Group to grant access to the
978 <filename>/dev/net/tun</filename> device.</para>
979 </listitem>
980 </varlistentry>
981
982 </variablelist>
983
984 </refsect1>
985
986 <refsect1>
987 <title>[Tap] Section Options</title>
988
989 <para>The <literal>[Tap]</literal> section only applies for
990 netdevs of kind <literal>tap</literal>, and accepts the same keys
991 as the <literal>[Tun]</literal> section.</para>
992 </refsect1>
993
994 <refsect1>
995 <title>[Bond] Section Options</title>
996
997 <para>The <literal>[Bond]</literal> section accepts the following
998 key:</para>
999
1000 <variablelist class='network-directives'>
1001 <varlistentry>
1002 <term><varname>Mode=</varname></term>
1003 <listitem>
1004 <para>Specifies one of the bonding policies. The default is
1005 <literal>balance-rr</literal> (round robin). Possible values are
1006 <literal>balance-rr</literal>,
1007 <literal>active-backup</literal>,
1008 <literal>balance-xor</literal>,
1009 <literal>broadcast</literal>,
1010 <literal>802.3ad</literal>,
1011 <literal>balance-tlb</literal>, and
1012 <literal>balance-alb</literal>.
1013 </para>
1014 </listitem>
1015 </varlistentry>
1016
1017 <varlistentry>
1018 <term><varname>TransmitHashPolicy=</varname></term>
1019 <listitem>
1020 <para>Selects the transmit hash policy to use for slave
1021 selection in balance-xor, 802.3ad, and tlb modes. Possible
1022 values are
1023 <literal>layer2</literal>,
1024 <literal>layer3+4</literal>,
1025 <literal>layer2+3</literal>,
4d89618a 1026 <literal>encap2+3</literal>, and
798d3a52
ZJS		 1027 <literal>encap3+4</literal>.
1028 </para>
1029 </listitem>
1030 </varlistentry>
1031
1032 <varlistentry>
1033 <term><varname>LACPTransmitRate=</varname></term>
1034 <listitem>
1035 <para>Specifies the rate with which link partner transmits
1036 Link Aggregation Control Protocol Data Unit packets in
1037 802.3ad mode. Possible values are <literal>slow</literal>,
1038 which requests partner to transmit LACPDUs every 30 seconds,
1039 and <literal>fast</literal>, which requests partner to
1040 transmit LACPDUs every second. The default value is
1041 <literal>slow</literal>.</para>
1042 </listitem>
1043 </varlistentry>
1044
1045 <varlistentry>
1046 <term><varname>MIIMonitorSec=</varname></term>
1047 <listitem>
1048 <para>Specifies the frequency that Media Independent
1049 Interface link monitoring will occur. A value of zero
dd2b607b 1050 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 1051 the nearest millisecond. The default value is 0.</para>
1052 </listitem>
1053 </varlistentry>
1054
1055 <varlistentry>
1056 <term><varname>UpDelaySec=</varname></term>
1057 <listitem>
1058 <para>Specifies the delay before a link is enabled after a
1059 link up status has been detected. This value is rounded down
1060 to a multiple of MIIMonitorSec. The default value is
1061 0.</para>
1062 </listitem>
1063 </varlistentry>
1064
1065 <varlistentry>
1066 <term><varname>DownDelaySec=</varname></term>
1067 <listitem>
1068 <para>Specifies the delay before a link is disabled after a
1069 link down status has been detected. This value is rounded
1070 down to a multiple of MIIMonitorSec. The default value is
1071 0.</para>
1072 </listitem>
1073 </varlistentry>
1074
81bd37a8 1075 <varlistentry>
38422da7 1076 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 1077 <listitem>
1078 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 1079 driver sends learning packets to each slave peer switch.
1080 The valid range is 1–0x7fffffff; the default value is 1. This option
1081 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 1082 </listitem>
1083 </varlistentry>
1084
1085 <varlistentry>
1086 <term><varname>AdSelect=</varname></term>
1087 <listitem>
1088 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
1089 <literal>stable</literal>,
a8eaaee7
JE		 1090 <literal>bandwidth</literal> and
1091 <literal>count</literal>.
81bd37a8
SS		 1092 </para>
1093 </listitem>
1094 </varlistentry>
1095
1096 <varlistentry>
38422da7 1097 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 1098 <listitem>
a8eaaee7
JE		 1099 <para>Specifies whether the active-backup mode should set all slaves to
1100 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 1101 bond's MAC address in accordance with the selected policy. The default policy is none.
1102 Possible values are
1103 <literal>none</literal>,
a8eaaee7
JE		 1104 <literal>active</literal> and
1105 <literal>follow</literal>.
81bd37a8
SS		 1106 </para>
1107 </listitem>
1108 </varlistentry>
1109
1110 <varlistentry>
38422da7 1111 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 1112 <listitem>
1113 <para>Specifies whether or not ARP probes and replies should be
38422da7 1114 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 1115 non-ARP traffic should be filtered (disregarded) for link
1116 monitoring purposes. Possible values are
1117 <literal>none</literal>,
1118 <literal>active</literal>,
a8eaaee7
JE		 1119 <literal>backup</literal> and
1120 <literal>all</literal>.
81bd37a8
SS		 1121 </para>
1122 </listitem>
1123 </varlistentry>
1124
1125 <varlistentry>
38422da7 1126 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 1127 <listitem>
1128 <para>Specifies the ARP link monitoring frequency in milliseconds.
1129 A value of 0 disables ARP monitoring. The default value is 0.
1130 </para>
1131 </listitem>
1132 </varlistentry>
1133
1134 <varlistentry>
38422da7 1135 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 1136 <listitem>
1137 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 1138 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 1139 sent to determine the health of the link to the targets.
a8eaaee7 1140 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 1141 address must be given for ARP monitoring to function. The
1142 maximum number of targets that can be specified is 16. The
1143 default value is no IP addresses.
1144 </para>
1145 </listitem>
1146 </varlistentry>
1147
1148 <varlistentry>
38422da7 1149 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 1150 <listitem>
38422da7 1151 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 1152 in order for the ARP monitor to consider a slave as being up.
1153 This option affects only active-backup mode for slaves with
38422da7 1154 ARPValidate enabled. Possible values are
a8eaaee7
JE		 1155 <literal>any</literal> and
1156 <literal>all</literal>.
81bd37a8
SS		 1157 </para>
1158 </listitem>
1159 </varlistentry>
1160
1161 <varlistentry>
38422da7 1162 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 1163 <listitem>
1164 <para>Specifies the reselection policy for the primary slave. This
1165 affects how the primary slave is chosen to become the active slave
1166 when failure of the active slave or recovery of the primary slave
1167 occurs. This option is designed to prevent flip-flopping between
1168 the primary slave and other slaves. Possible values are
1169 <literal>always</literal>,
a8eaaee7
JE		 1170 <literal>better</literal> and
1171 <literal>failure</literal>.
81bd37a8
SS		 1172 </para>
1173 </listitem>
1174 </varlistentry>
1175
1176 <varlistentry>
1177 <term><varname>ResendIGMP=</varname></term>
1178 <listitem>
1179 <para>Specifies the number of IGMP membership reports to be issued after
1180 a failover event. One membership report is issued immediately after
1181 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 1182 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 1183 prevents the IGMP membership report from being issued in response
1184 to the failover event.
1185 </para>
1186 </listitem>
1187 </varlistentry>
1188
1189 <varlistentry>
1190 <term><varname>PacketsPerSlave=</varname></term>
1191 <listitem>
b938cb90
JE		 1192 <para>Specify the number of packets to transmit through a slave before
1193 moving to the next one. When set to 0, then a slave is chosen at
1194 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 1195 only has effect when in balance-rr mode.
81bd37a8
SS		 1196 </para>
1197 </listitem>
1198 </varlistentry>
1199
1200 <varlistentry>
38422da7 1201 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 1202 <listitem>
1203 <para>Specify the number of peer notifications (gratuitous ARPs and
1204 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 1205 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 1206 a peer notification is sent on the bonding device and each
1207 VLAN sub-device. This is repeated at each link monitor interval
38422da7 1208 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 1209 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 1210 These options affect only the active-backup mode.
81bd37a8
SS		 1211 </para>
1212 </listitem>
1213 </varlistentry>
1214
1215 <varlistentry>
1216 <term><varname>AllSlavesActive=</varname></term>
1217 <listitem>
a8eaaee7
JE		 1218 <para>A boolean. Specifies that duplicate frames (received on inactive ports)
1219 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 1220 duplicate frames (received on inactive ports), which is desirable for
1221 most users. But there are some times it is nice to allow duplicate
1222 frames to be delivered. The default value is false (drop duplicate frames
1223 received on inactive ports).
1224 </para>
1225 </listitem>
1226 </varlistentry>
1227
1228 <varlistentry>
1229 <term><varname>MinLinks=</varname></term>
1230 <listitem>
1231 <para>Specifies the minimum number of links that must be active before
1232 asserting carrier. The default value is 0.
1233 </para>
1234 </listitem>
1235 </varlistentry>
798d3a52 1236 </variablelist>
81bd37a8
SS		 1237
1238 <para>For more detail information see
1239 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
1240 Linux Ethernet Bonding Driver HOWTO</ulink></para>
1241
798d3a52
ZJS		 1242 </refsect1>
1243
1244 <refsect1>
1245 <title>Example</title>
1246 <example>
6c1695be 1247 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 1248
1249 <programlisting>[NetDev]
eac684ef
TG		 1250Name=bridge0
1251Kind=bridge</programlisting>
798d3a52 1252 </example>
eac684ef 1253
798d3a52 1254 <example>
6c1695be 1255 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 1256
798d3a52 1257 <programlisting>[Match]
eac684ef
TG		 1258Virtualization=no
1259
1260[NetDev]
1261Name=vlan1
1262Kind=vlan
1263
1264[VLAN]
1265Id=1</programlisting>
798d3a52
ZJS		 1266 </example>
1267 <example>
6c1695be 1268 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1269 <programlisting>[NetDev]
b35a2909
TG		 1270Name=ipip-tun
1271Kind=ipip
1272MTUBytes=1480
1273
1274[Tunnel]
1275Local=192.168.223.238
1276Remote=192.169.224.239
1277TTL=64</programlisting>
798d3a52
ZJS		 1278 </example>
1279 <example>
6c1695be 1280 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1281 <programlisting>[NetDev]
30ae9dfd
SS		 1282Name=tap-test
1283Kind=tap
1284
1285[Tap]
1286MultiQueue=true
1287PacketInfo=true</programlisting> </example>
eac684ef 1288
798d3a52 1289 <example>
6c1695be 1290 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1291 <programlisting>[NetDev]
b35a2909
TG		 1292Name=sit-tun
1293Kind=sit
1294MTUBytes=1480
1295
1296[Tunnel]
1297Local=10.65.223.238
1298Remote=10.65.223.239</programlisting>
798d3a52 1299 </example>
eac684ef 1300
798d3a52 1301 <example>
6c1695be 1302 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1303 <programlisting>[NetDev]
b35a2909
TG		 1304Name=gre-tun
1305Kind=gre
1306MTUBytes=1480
1307
1308[Tunnel]
1309Local=10.65.223.238
1310Remote=10.65.223.239</programlisting>
798d3a52 1311 </example>
b35a2909 1312
798d3a52 1313 <example>
6c1695be 1314 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1315
798d3a52 1316 <programlisting>[NetDev]
b35a2909
TG		 1317Name=vti-tun
1318Kind=vti
1319MTUBytes=1480
1320
1321[Tunnel]
1322Local=10.65.223.238
1323Remote=10.65.223.239</programlisting>
798d3a52 1324 </example>
b35a2909 1325
798d3a52 1326 <example>
6c1695be 1327 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1328 <programlisting>[NetDev]
b35a2909
TG		 1329Name=veth-test
1330Kind=veth
1331
1332[Peer]
1333Name=veth-peer</programlisting>
798d3a52 1334 </example>
b35a2909 1335
d94facdc 1336 <example>
6c1695be 1337 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1338 <programlisting>[NetDev]
1339Name=bond1
1340Kind=bond
1341
1342[Bond]
1343Mode=802.3ad
1344TransmitHashPolicy=layer3+4
1345MIIMonitorSec=1s
1346LACPTransmitRate=fast
1347</programlisting>
1348 </example>
1349
798d3a52 1350 <example>
6c1695be 1351 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1352 <programlisting>[NetDev]
9e358851
TG		 1353Name=dummy-test
1354Kind=dummy
1355MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 1356 </example>
20897a0d
AR		 1357 <example>
1358 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 1359 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 1360 <programlisting>[NetDev]
1361Name=vrf-test
1362Kind=vrf
798d3a52 1363
20897a0d 1364[VRF]
362f6336 1365Table=42</programlisting>
20897a0d 1366 </example>
42125eda
SS		 1367
1368 <example>
1369 <title>/etc/systemd/network/25-macvtap.netdev</title>
1370 <para>Create a MacVTap device.</para>
1371 <programlisting>[NetDev]
1372Name=macvtap-test
1373Kind=macvtap
1374 </programlisting>
1375 </example>
798d3a52
ZJS		 1376 </refsect1>
1377 <refsect1>
1378 <title>See Also</title>
1379 <para>
1380 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1381 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1382 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1383 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1384 </para>
1385 </refsect1>
eac684ef
TG		 1386
1387</refentry>
Unnamed repository; edit this file 'description' to name the repository.