]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #4522 from lucaswerkmeister/unescape-template
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef
TG		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
eac684ef
TG		 4
5<!--
572eb058 6 SPDX-License-Identifier: LGPL-2.1+
eac684ef
TG		 7-->
8
9<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'>
10
798d3a52
ZJS		 11 <refentryinfo>
12 <title>systemd.network</title>
13 <productname>systemd</productname>
798d3a52
ZJS		 14 </refentryinfo>
15
16 <refmeta>
17 <refentrytitle>systemd.netdev</refentrytitle>
18 <manvolnum>5</manvolnum>
19 </refmeta>
20
21 <refnamediv>
22 <refname>systemd.netdev</refname>
23 <refpurpose>Virtual Network Device configuration</refpurpose>
24 </refnamediv>
25
26 <refsynopsisdiv>
27 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
28 </refsynopsisdiv>
29
30 <refsect1>
31 <title>Description</title>
32
33 <para>Network setup is performed by
34 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
35 </para>
36
bac150e9
ZJS		 37 <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
38 other extensions are ignored. Virtual network devices are created as soon as networkd is
39 started. If a netdev with the specified name already exists, networkd will use that as-is rather
40 than create its own. Note that the settings of the pre-existing netdev will not be changed by
798d3a52
ZJS		 41 networkd.</para>
42
bac150e9
ZJS		 43 <para>The <filename>.netdev</filename> files are read from the files located in the system
44 network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network
45 directory <filename>/run/systemd/network</filename> and the local administration network
46 directory <filename>/etc/systemd/network</filename>. All configuration files are collectively
47 sorted and processed in lexical order, regardless of the directories in which they live.
48 However, files with identical filenames replace each other. Files in <filename>/etc</filename>
49 have the highest priority, files in <filename>/run</filename> take precedence over files with
50 the same name in <filename>/usr/lib</filename>. This can be used to override a system-supplied
51 configuration file with a local file if needed. As a special case, an empty file (file size 0)
52 or symlink with the same name pointing to <filename>/dev/null</filename> disables the
53 configuration file entirely (it is "masked").</para>
54
55 <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
56 <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
57 from this directory will be parsed after the file itself is parsed. This is useful to alter or
58 add configuration settings, without having to modify the main configuration file. Each drop-in
59 file must have appropriate section headers.</para>
60
61 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
62 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
63 <filename>/run/systemd/network</filename> directories. Drop-in files in
64 <filename>/etc</filename> take precedence over those in <filename>/run</filename> which in turn
65 take precedence over those in <filename>/usr/lib</filename>. Drop-in files under any of these
66 directories take precedence over the main netdev file wherever located. (Of course, since
67 <filename>/run</filename> is temporary and <filename>/usr/lib</filename> is for vendors, it is
68 unlikely drop-ins should be used in either of those places.)</para>
798d3a52
ZJS		 69 </refsect1>
70
71 <refsect1>
72 <title>Supported netdev kinds</title>
73
74 <para>The following kinds of virtual network devices may be
75 configured in <filename>.netdev</filename> files:</para>
76
77 <table>
78 <title>Supported kinds of virtual network devices</title>
79
80 <tgroup cols='2'>
81 <colspec colname='kind' />
82 <colspec colname='explanation' />
83 <thead><row>
84 <entry>Kind</entry>
85 <entry>Description</entry>
86 </row></thead>
87 <tbody>
88 <row><entry><varname>bond</varname></entry>
89 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.Local configuration</entry></row>
90
91 <row><entry><varname>bridge</varname></entry>
a8eaaee7 92 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 93
94 <row><entry><varname>dummy</varname></entry>
95 <entry>A dummy device drops all packets sent to it.</entry></row>
96
97 <row><entry><varname>gre</varname></entry>
98 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details.</entry></row>
99
100 <row><entry><varname>gretap</varname></entry>
101 <entry>A Level 2 GRE tunnel over IPv4.</entry></row>
102
103 <row><entry><varname>ip6gre</varname></entry>
104 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
105
106 <row><entry><varname>ip6tnl</varname></entry>
107 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
108
109 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 110 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 111
112 <row><entry><varname>ipip</varname></entry>
113 <entry>An IPv4 over IPv4 tunnel.</entry></row>
114
115 <row><entry><varname>ipvlan</varname></entry>
116 <entry>An ipvlan device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
117
118 <row><entry><varname>macvlan</varname></entry>
119 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
120
0371f2df
SS		 121 <row><entry><varname>macvtap</varname></entry>
122 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
123
798d3a52
ZJS		 124 <row><entry><varname>sit</varname></entry>
125 <entry>An IPv6 over IPv4 tunnel.</entry></row>
126
127 <row><entry><varname>tap</varname></entry>
128 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
129
130 <row><entry><varname>tun</varname></entry>
131 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
132
133 <row><entry><varname>veth</varname></entry>
a8eaaee7 134 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 135
136 <row><entry><varname>vlan</varname></entry>
137 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
138
139 <row><entry><varname>vti</varname></entry>
140 <entry>An IPv4 over IPSec tunnel.</entry></row>
141
5cc0748e
SS		 142 <row><entry><varname>vti6</varname></entry>
143 <entry>An IPv6 over IPSec tunnel.</entry></row>
144
798d3a52
ZJS		 145 <row><entry><varname>vxlan</varname></entry>
146 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d 147
6598e046
SS		 148 <row><entry><varname>geneve</varname></entry>
149 <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row>
150
20897a0d 151 <row><entry><varname>vrf</varname></entry>
92c918b0
SS		 152 <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
153
154 <row><entry><varname>vcan</varname></entry>
ba9fa3bc 155 <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
20897a0d 156
d6df583c
SS		 157 <row><entry><varname>vxcan</varname></entry>
158 <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication.
159 </entry></row>
160
e5719363
JT		 161 <row><entry><varname>wireguard</varname></entry>
162 <entry>WireGuard Secure Network Tunnel.</entry></row>
163
56e7fb50
SS		 164 <row><entry><varname>netdevsim</varname></entry>
165 <entry> A simulator. This simulated networking device is used for testing various networking APIs and at this time is particularly focused on testing hardware offloading related interfaces.</entry></row>
798d3a52
ZJS		 166 </tbody>
167 </tgroup>
168 </table>
169
170 </refsect1>
171
172 <refsect1>
173 <title>[Match] Section Options</title>
174
175 <para>A virtual network device is only created if the
176 <literal>[Match]</literal> section matches the current
177 environment, or if the section is empty. The following keys are
178 accepted:</para>
179
180 <variablelist class='network-directives'>
181 <varlistentry>
182 <term><varname>Host=</varname></term>
183 <listitem>
184 <para>Matches against the hostname or machine ID of the
185 host. See <literal>ConditionHost=</literal> in
186 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
187 for details.
188 </para>
189 </listitem>
190 </varlistentry>
191 <varlistentry>
192 <term><varname>Virtualization=</varname></term>
193 <listitem>
194 <para>Checks whether the system is executed in a virtualized
195 environment and optionally test whether it is a specific
196 implementation. See
197 <literal>ConditionVirtualization=</literal> in
198 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
199 for details.
200 </para>
201 </listitem>
202 </varlistentry>
203 <varlistentry>
204 <term><varname>KernelCommandLine=</varname></term>
205 <listitem>
206 <para>Checks whether a specific kernel command line option
207 is set (or if prefixed with the exclamation mark unset). See
208 <literal>ConditionKernelCommandLine=</literal> in
209 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
210 for details.
211 </para>
212 </listitem>
213 </varlistentry>
5022f08a
LP		 214 <varlistentry>
215 <term><varname>KernelVersion=</varname></term>
216 <listitem>
217 <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain
218 expression (or if prefixed with the exclamation mark does not match it). See
219 <literal>ConditionKernelVersion=</literal> in
220 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.
221 </para>
222 </listitem>
223 </varlistentry>
798d3a52
ZJS		 224 <varlistentry>
225 <term><varname>Architecture=</varname></term>
226 <listitem>
227 <para>Checks whether the system is running on a specific
228 architecture. See <literal>ConditionArchitecture=</literal> in
229 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
230 for details.
231 </para>
232 </listitem>
233 </varlistentry>
234 </variablelist>
235
236 </refsect1>
237
238 <refsect1>
239 <title>[NetDev] Section Options</title>
240
241 <para>The <literal>[NetDev]</literal> section accepts the
242 following keys:</para>
243
244 <variablelist class='network-directives'>
245 <varlistentry>
246 <term><varname>Description=</varname></term>
247 <listitem>
248 <para>A free-form description of the netdev.</para>
249 </listitem>
250 </varlistentry>
251 <varlistentry>
252 <term><varname>Name=</varname></term>
253 <listitem>
254 <para>The interface name used when creating the netdev.
255 This option is compulsory.</para>
256 </listitem>
257 </varlistentry>
258 <varlistentry>
259 <term><varname>Kind=</varname></term>
260 <listitem>
261 <para>The netdev kind. This option is compulsory. See the
262 <literal>Supported netdev kinds</literal> section for the
263 valid keys.</para>
264 </listitem>
265 </varlistentry>
266 <varlistentry>
267 <term><varname>MTUBytes=</varname></term>
268 <listitem>
269 <para>The maximum transmission unit in bytes to set for
270 the device. The usual suffixes K, M, G, are supported and
271 are understood to the base of 1024. This key is not
ff9b60f3 272 currently supported for <literal>tun</literal> or
798d3a52
ZJS		 273 <literal>tap</literal> devices.
274 </para>
275 </listitem>
276 </varlistentry>
277 <varlistentry>
278 <term><varname>MACAddress=</varname></term>
279 <listitem>
280 <para>The MAC address to use for the device. If none is
281 given, one is generated based on the interface name and
282 the
283 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
ff9b60f3 284 This key is not currently supported for
798d3a52
ZJS		 285 <literal>tun</literal> or <literal>tap</literal> devices.
286 </para>
287 </listitem>
288 </varlistentry>
289 </variablelist>
290 </refsect1>
291
3428fe07
SS		 292 <refsect1>
293 <title>[Bridge] Section Options</title>
294
295 <para>The <literal>[Bridge]</literal> section only applies for
296 netdevs of kind <literal>bridge</literal>, and accepts the
a8eaaee7 297 following keys:</para>
3428fe07
SS		 298
299 <variablelist class='network-directives'>
300 <varlistentry>
301 <term><varname>HelloTimeSec=</varname></term>
302 <listitem>
a8eaaee7 303 <para>HelloTimeSec specifies the number of seconds between two hello packets
3428fe07
SS		 304 sent out by the root bridge and the designated bridges. Hello packets are
305 used to communicate information about the topology throughout the entire
306 bridged local area network.</para>
307 </listitem>
308 </varlistentry>
309 <varlistentry>
310 <term><varname>MaxAgeSec=</varname></term>
311 <listitem>
312 <para>MaxAgeSec specifies the number of seconds of maximum message age.
313 If the last seen (received) hello packet is more than this number of
314 seconds old, the bridge in question will start the takeover procedure
315 in attempt to become the Root Bridge itself.</para>
316 </listitem>
317 </varlistentry>
318 <varlistentry>
319 <term><varname>ForwardDelaySec=</varname></term>
320 <listitem>
321 <para>ForwardDelaySec specifies the number of seconds spent in each
322 of the Listening and Learning states before the Forwarding state is entered.</para>
323 </listitem>
324 </varlistentry>
c7440e74
TJ		 325 <varlistentry>
326 <term><varname>AgeingTimeSec=</varname></term>
327 <listitem>
328 <para>This specifies the number of seconds a MAC Address will be kept in
d23a0044 329 the forwarding database after having a packet received from this MAC Address.</para>
c7440e74
TJ		 330 </listitem>
331 </varlistentry>
332 <varlistentry>
333 <term><varname>Priority=</varname></term>
334 <listitem>
335 <para>The priority of the bridge. An integer between 0 and 65535. A lower value
336 means higher priority. The bridge having the lowest priority will be elected as root bridge.</para>
337 </listitem>
338 </varlistentry>
c4819961
JC		 339 <varlistentry>
340 <term><varname>GroupForwardMask=</varname></term>
341 <listitem>
342 <para>A 16-bit bitmask represented as an integer which allows forwarding of link
343 local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND
344 is performed between the specified bitmask and the exponentiation of 2^X, the
345 lower nibble of the last octet of the MAC address. For example, a value of 8
346 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para>
347 </listitem>
348 </varlistentry>
c7440e74
TJ		 349 <varlistentry>
350 <term><varname>DefaultPVID=</varname></term>
351 <listitem>
0d6c68eb
TJ		 352 <para>This specifies the default port VLAN ID of a newly attached bridge port.
353 Set this to an integer in the range 1–4094 or <literal>none</literal> to disable the PVID.</para>
c7440e74
TJ		 354 </listitem>
355 </varlistentry>
3fef7a3f
SS		 356 <varlistentry>
357 <term><varname>MulticastQuerier=</varname></term>
358 <listitem>
359 <para>A boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
360 If enabled, the kernel will send general ICMP queries from a zero source address.
361 This feature should allow faster convergence on startup, but it causes some
362 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
363 When unset, the kernel's default setting applies.
364 </para>
365 </listitem>
366 </varlistentry>
6df6d898
SS		 367 <varlistentry>
368 <term><varname>MulticastSnooping=</varname></term>
369 <listitem>
370 <para>A boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
371 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
372 between hosts and multicast routers. When unset, the kernel's default setting applies.
373 </para>
374 </listitem>
375 </varlistentry>
c6f8d17d
TJ		 376 <varlistentry>
377 <term><varname>VLANFiltering=</varname></term>
378 <listitem>
379 <para>A boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
380 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's
381 default setting applies.
382 </para>
383 </listitem>
384 </varlistentry>
b760a9af
SS		 385 <varlistentry>
386 <term><varname>STP=</varname></term>
387 <listitem>
388 <para>A boolean. This enables the bridge's Spanning Tree Protocol (STP). When unset,
389 the kernel's default setting applies.
390 </para>
391 </listitem>
392 </varlistentry>
3428fe07 393 </variablelist>
3428fe07
SS		 394 </refsect1>
395
798d3a52
ZJS		 396 <refsect1>
397 <title>[VLAN] Section Options</title>
398
399 <para>The <literal>[VLAN]</literal> section only applies for
400 netdevs of kind <literal>vlan</literal>, and accepts the
401 following key:</para>
402
403 <variablelist class='network-directives'>
404 <varlistentry>
405 <term><varname>Id=</varname></term>
406 <listitem>
407 <para>The VLAN ID to use. An integer in the range 0–4094.
408 This option is compulsory.</para>
409 </listitem>
410 </varlistentry>
c8b21184
SS		 411 <varlistentry>
412 <term><varname>GVRP=</varname></term>
413 <listitem>
414 <para>The Generic VLAN Registration Protocol (GVRP) is a protocol that
415 allows automatic learning of VLANs on a network. A boolean. When unset,
416 the kernel's default setting applies.</para>
417 </listitem>
418 </varlistentry>
6c1ff21b
SS		 419 <varlistentry>
420 <term><varname>MVRP=</varname></term>
421 <listitem>
422 <para>Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN
423 Registration Protocol (GVRP) is a standards-based Layer 2 network protocol,
424 for automatic configuration of VLAN information on switches. It was defined
425 in the 802.1ak amendment to 802.1Q-2005. A boolean. When unset, the kernel's
426 default setting applies.</para>
427 </listitem>
428 </varlistentry>
429 <varlistentry>
430 <term><varname>LooseBinding=</varname></term>
431 <listitem>
432 <para>The VLAN loose binding mode, in which only the operational state is passed
433 from the parent to the associated VLANs, but the VLAN device state is not changed.
434 A boolean. When unset, the kernel's default setting applies.</para>
435 </listitem>
436 </varlistentry>
437 <varlistentry>
438 <term><varname>ReorderHeader=</varname></term>
439 <listitem>
440 <para>The VLAN reorder header is set VLAN interfaces behave like physical interfaces.
441 A boolean. When unset, the kernel's default setting applies.</para>
442 </listitem>
443 </varlistentry>
798d3a52 444 </variablelist>
798d3a52
ZJS		 445 </refsect1>
446
447 <refsect1>
448 <title>[MACVLAN] Section Options</title>
449
450 <para>The <literal>[MACVLAN]</literal> section only applies for
451 netdevs of kind <literal>macvlan</literal>, and accepts the
452 following key:</para>
453
454 <variablelist class='network-directives'>
455 <varlistentry>
456 <term><varname>Mode=</varname></term>
457 <listitem>
458 <para>The MACVLAN mode to use. The supported options are
459 <literal>private</literal>,
460 <literal>vepa</literal>,
461 <literal>bridge</literal>, and
462 <literal>passthru</literal>.
463 </para>
464 </listitem>
465 </varlistentry>
466 </variablelist>
467
468 </refsect1>
469
0371f2df
SS		 470 <refsect1>
471 <title>[MACVTAP] Section Options</title>
472
473 <para>The <literal>[MACVTAP]</literal> section applies for
474 netdevs of kind <literal>macvtap</literal> and accepts the
96d49011 475 same key as <literal>[MACVLAN]</literal>.</para>
0371f2df
SS		 476
477 </refsect1>
478
798d3a52
ZJS		 479 <refsect1>
480 <title>[IPVLAN] Section Options</title>
481
482 <para>The <literal>[IPVLAN]</literal> section only applies for
483 netdevs of kind <literal>ipvlan</literal>, and accepts the
484 following key:</para>
485
486 <variablelist class='network-directives'>
487 <varlistentry>
488 <term><varname>Mode=</varname></term>
489 <listitem>
490 <para>The IPVLAN mode to use. The supported options are
d384826f
SS		 491 <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>.
492 </para>
493 </listitem>
494 </varlistentry>
495 <varlistentry>
496 <term><varname>Flags=</varname></term>
497 <listitem>
498 <para>The IPVLAN flags to use. The supported options are
499 <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>.
798d3a52
ZJS		 500 </para>
501 </listitem>
502 </varlistentry>
503 </variablelist>
504
505 </refsect1>
506
507 <refsect1>
508 <title>[VXLAN] Section Options</title>
509 <para>The <literal>[VXLAN]</literal> section only applies for
510 netdevs of kind <literal>vxlan</literal>, and accepts the
511 following keys:</para>
512
513 <variablelist class='network-directives'>
514 <varlistentry>
515 <term><varname>Id=</varname></term>
516 <listitem>
517 <para>The VXLAN ID to use.</para>
518 </listitem>
519 </varlistentry>
520 <varlistentry>
d35e5d37 521 <term><varname>Remote=</varname></term>
798d3a52 522 <listitem>
bf443be9 523 <para>Configures destination IP address.</para>
798d3a52
ZJS		 524 </listitem>
525 </varlistentry>
526 <varlistentry>
d35e5d37
SS		 527 <term><varname>Local=</varname></term>
528 <listitem>
529 <para>Configures local IP address.</para>
530 </listitem>
531 </varlistentry>
532 <varlistentry>
798d3a52
ZJS		 533 <term><varname>TOS=</varname></term>
534 <listitem>
535 <para>The Type Of Service byte value for a vxlan interface.</para>
536 </listitem>
537 </varlistentry>
538 <varlistentry>
539 <term><varname>TTL=</varname></term>
540 <listitem>
541 <para>A fixed Time To Live N on Virtual eXtensible Local
b938cb90 542 Area Network packets. N is a number in the range 1–255. 0
798d3a52
ZJS		 543 is a special value meaning that packets inherit the TTL
544 value.</para>
545 </listitem>
546 </varlistentry>
547 <varlistentry>
548 <term><varname>MacLearning=</varname></term>
549 <listitem>
550 <para>A boolean. When true, enables dynamic MAC learning
551 to discover remote MAC addresses.</para>
552 </listitem>
553 </varlistentry>
554 <varlistentry>
555 <term><varname>FDBAgeingSec=</varname></term>
556 <listitem>
557 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 558 the kernel, in seconds.</para>
798d3a52
ZJS		 559 </listitem>
560 </varlistentry>
561 <varlistentry>
3d276dd2
SS		 562 <term><varname>MaximumFDBEntries=</varname></term>
563 <listitem>
564 <para>Configures maximum number of FDB entries.</para>
565 </listitem>
566 </varlistentry>
798d3a52 567 <varlistentry>
7dd6974c 568 <term><varname>ReduceARPProxy=</varname></term>
798d3a52 569 <listitem>
7dd6974c
SS		 570 <para>A boolean. When true, bridge-connected VXLAN tunnel
571 endpoint answers ARP requests from the local bridge on behalf
572 of remote Distributed Overlay Virtual Ethernet
573 <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet">
574 (DVOE)</ulink> clients. Defaults to false.</para>
798d3a52
ZJS		 575 </listitem>
576 </varlistentry>
577 <varlistentry>
578 <term><varname>L2MissNotification=</varname></term>
579 <listitem>
580 <para>A boolean. When true, enables netlink LLADDR miss
581 notifications.</para>
582 </listitem>
583 </varlistentry>
584 <varlistentry>
585 <term><varname>L3MissNotification=</varname></term>
586 <listitem>
a8eaaee7 587 <para>A boolean. When true, enables netlink IP address miss
798d3a52
ZJS		 588 notifications.</para>
589 </listitem>
590 </varlistentry>
591 <varlistentry>
592 <term><varname>RouteShortCircuit=</varname></term>
593 <listitem>
a8eaaee7 594 <para>A boolean. When true, route short circuiting is turned
798d3a52
ZJS		 595 on.</para>
596 </listitem>
597 </varlistentry>
cffacc74 598 <varlistentry>
53c06862 599 <term><varname>UDPChecksum=</varname></term>
cffacc74 600 <listitem>
b938cb90 601 <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
cffacc74
SS		 602 </listitem>
603 </varlistentry>
604 <varlistentry>
605 <term><varname>UDP6ZeroChecksumTx=</varname></term>
606 <listitem>
b938cb90 607 <para>A boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
cffacc74
SS		 608 </listitem>
609 </varlistentry>
610 <varlistentry>
53c06862 611 <term><varname>UDP6ZeroChecksumRx=</varname></term>
cffacc74 612 <listitem>
b938cb90 613 <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
16441027
SS		 614 </listitem>
615 </varlistentry>
616 <varlistentry>
53c06862 617 <term><varname>RemoteChecksumTx=</varname></term>
16441027
SS		 618 <listitem>
619 <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
620 </listitem>
621 </varlistentry>
622 <varlistentry>
53c06862 623 <term><varname>RemoteChecksumRx=</varname></term>
16441027
SS		 624 <listitem>
625 <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
cffacc74
SS		 626 </listitem>
627 </varlistentry>
8b414e52
SS		 628 <varlistentry>
629 <term><varname>GroupPolicyExtension=</varname></term>
630 <listitem>
b938cb90
JE		 631 <para>A boolean. When true, it enables Group Policy VXLAN extension security label mechanism
632 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
8b414e52
SS		 633 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
634 VXLAN Group Policy </ulink> document. Defaults to false.</para>
635 </listitem>
636 </varlistentry>
ea0288d1
SS		 637 <varlistentry>
638 <term><varname>DestinationPort=</varname></term>
639 <listitem>
640 <para>Configures the default destination UDP port on a per-device basis.
641 If destination port is not specified then Linux kernel default will be used.
98616735
SS		 642 Set destination port 4789 to get the IANA assigned value. If not set or if the
643 destination port is assigned the empty string the default port of 4789 is used.</para>
ea0288d1
SS		 644 </listitem>
645 </varlistentry>
646 <varlistentry>
647 <term><varname>PortRange=</varname></term>
648 <listitem>
649 <para>Configures VXLAN port range. VXLAN bases source
650 UDP port based on flow to help the receiver to be able
651 to load balance based on outer header flow. It
652 restricts the port range to the normal UDP local
653 ports, and allows overriding via configuration.</para>
654 </listitem>
655 </varlistentry>
d8653945
SS		 656 <varlistentry>
657 <term><varname>FlowLabel=</varname></term>
658 <listitem>
659 <para>Specifies the flow label to use in outgoing packets.
660 The valid range is 0-1048575.
661 </para>
662 </listitem>
663 </varlistentry>
798d3a52
ZJS		 664 </variablelist>
665 </refsect1>
6598e046
SS		 666 <refsect1>
667 <title>[GENEVE] Section Options</title>
668 <para>The <literal>[GENEVE]</literal> section only applies for
669 netdevs of kind <literal>geneve</literal>, and accepts the
670 following keys:</para>
671
672 <variablelist class='network-directives'>
673 <varlistentry>
674 <term><varname>Id=</varname></term>
675 <listitem>
785889e5 676 <para>Specifies the Virtual Network Identifier (VNI) to use. Ranges [0-16777215].</para>
6598e046
SS		 677 </listitem>
678 </varlistentry>
679 <varlistentry>
680 <term><varname>Remote=</varname></term>
681 <listitem>
682 <para>Specifies the unicast destination IP address to use in outgoing packets.</para>
683 </listitem>
684 </varlistentry>
685 <varlistentry>
686 <term><varname>TOS=</varname></term>
687 <listitem>
98616735 688 <para>Specifies the TOS value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 689 </listitem>
690 </varlistentry>
691 <varlistentry>
692 <term><varname>TTL=</varname></term>
693 <listitem>
98616735 694 <para>Specifies the TTL value to use in outgoing packets. Ranges [1-255].</para>
6598e046
SS		 695 </listitem>
696 </varlistentry>
697 <varlistentry>
698 <term><varname>UDPChecksum=</varname></term>
699 <listitem>
700 <para>A boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4.</para>
701 </listitem>
702 </varlistentry>
703 <varlistentry>
704 <term><varname>UDP6ZeroChecksumTx=</varname></term>
705 <listitem>
706 <para>A boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
707 </listitem>
708 </varlistentry>
709 <varlistentry>
710 <term><varname>UDP6ZeroChecksumRx=</varname></term>
711 <listitem>
712 <para>A boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
713 </listitem>
714 </varlistentry>
715 <varlistentry>
716 <term><varname>DestinationPort=</varname></term>
717 <listitem>
98616735
SS		 718 <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default
719 port of 6081 is used.</para>
6598e046
SS		 720 </listitem>
721 </varlistentry>
722 <varlistentry>
723 <term><varname>FlowLabel=</varname></term>
724 <listitem>
725 <para>Specifies the flow label to use in outgoing packets.</para>
726 </listitem>
727 </varlistentry>
728 </variablelist>
729 </refsect1>
798d3a52
ZJS		 730 <refsect1>
731 <title>[Tunnel] Section Options</title>
732
733 <para>The <literal>[Tunnel]</literal> section only applies for
734 netdevs of kind
735 <literal>ipip</literal>,
736 <literal>sit</literal>,
737 <literal>gre</literal>,
738 <literal>gretap</literal>,
739 <literal>ip6gre</literal>,
740 <literal>ip6gretap</literal>,
5cc0748e
SS		 741 <literal>vti</literal>,
742 <literal>vti6</literal>, and
798d3a52
ZJS		 743 <literal>ip6tnl</literal> and accepts
744 the following keys:</para>
745
746 <variablelist class='network-directives'>
747 <varlistentry>
748 <term><varname>Local=</varname></term>
749 <listitem>
750 <para>A static local address for tunneled packets. It must
751 be an address on another interface of this host.</para>
752 </listitem>
753 </varlistentry>
754 <varlistentry>
755 <term><varname>Remote=</varname></term>
756 <listitem>
757 <para>The remote endpoint of the tunnel.</para>
758 </listitem>
759 </varlistentry>
760 <varlistentry>
761 <term><varname>TOS=</varname></term>
762 <listitem>
763 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 764 For details about the TOS, see the
798d3a52
ZJS		 765 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
766 Service in the Internet Protocol Suite </ulink> document.
767 </para>
768 </listitem>
769 </varlistentry>
770 <varlistentry>
771 <term><varname>TTL=</varname></term>
772 <listitem>
773 <para>A fixed Time To Live N on tunneled packets. N is a
b938cb90 774 number in the range 1–255. 0 is a special value meaning that
798d3a52 775 packets inherit the TTL value. The default value for IPv4
b938cb90 776 tunnels is: inherit. The default value for IPv6 tunnels is
798d3a52
ZJS		 777 64.</para>
778 </listitem>
779 </varlistentry>
780 <varlistentry>
781 <term><varname>DiscoverPathMTU=</varname></term>
782 <listitem>
783 <para>A boolean. When true, enables Path MTU Discovery on
784 the tunnel.</para>
785 </listitem>
786 </varlistentry>
276de526
SS		 787 <varlistentry>
788 <term><varname>IPv6FlowLabel=</varname></term>
789 <listitem>
a8eaaee7 790 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 791 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 792 RFC 2460</ulink>), which is used by a node to label packets of a flow.
793 It is only used for IPv6 tunnels.
794 A flow label of zero is used to indicate packets that have
795 not been labeled.
796 It can be configured to a value in the range 0–0xFFFFF, or be
797 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
276de526
SS		 798 </listitem>
799 </varlistentry>
9b0ca30a 800 <varlistentry>
a9b70f9d 801 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 802 <listitem>
3cf4bcab
ZJS		 803 <para>A boolean. When true, the Differentiated Service Code
804 Point (DSCP) field will be copied to the inner header from
a9b70f9d 805 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 806 packet. DSCP is a field in an IP packet that enables different
807 levels of service to be assigned to network traffic.
808 Defaults to <literal>no</literal>.
9b0ca30a
SS		 809 </para>
810 </listitem>
811 </varlistentry>
dae398a8
SS		 812 <varlistentry>
813 <term><varname>EncapsulationLimit=</varname></term>
814 <listitem>
815 <para>The Tunnel Encapsulation Limit option specifies how many additional
816 levels of encapsulation are permitted to be prepended to the packet.
817 For example, a Tunnel Encapsulation Limit option containing a limit
818 value of zero means that a packet carrying that option may not enter
819 another tunnel before exiting the current tunnel.
820 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
b938cb90 821 The valid range is 0–255 and <literal>none</literal>. Defaults to 4.
dae398a8
SS		 822 </para>
823 </listitem>
824 </varlistentry>
1d710029
SS		 825 <varlistentry>
826 <term><varname>Key=</varname></term>
827 <listitem>
828 <para>The <varname>Key=</varname> parameter specifies the same key to use in
829 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
830 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
831 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
832 and control path) in ip xfrm (framework used to implement IPsec protocol).
833 See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
e306f2df 834 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
1d710029
SS		 835 tunnels.</para>
836 </listitem>
837 </varlistentry>
838 <varlistentry>
839 <term><varname>InputKey=</varname></term>
840 <listitem>
841 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
842 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
843 </listitem>
844 </varlistentry>
845 <varlistentry>
846 <term><varname>OutputKey=</varname></term>
847 <listitem>
848 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
849 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
850 </listitem>
851 </varlistentry>
798d3a52
ZJS		 852 <varlistentry>
853 <term><varname>Mode=</varname></term>
854 <listitem>
a8eaaee7 855 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 856 modes
857 <literal>ip6ip6</literal> for IPv6 over IPv6,
858 <literal>ipip6</literal> for IPv4 over IPv6 or
859 <literal>any</literal> for either.
860 </para>
861 </listitem>
862 </varlistentry>
4d7fa6de
SS		 863 <varlistentry>
864 <term><varname>Independent=</varname></term>
865 <listitem>
866 <para>A boolean. When true tunnel does not require .network file. Created as "tunnel@NONE".
867 Defaults to <literal>false</literal>.
868 </para>
869 </listitem>
870 </varlistentry>
3a4f3e42
SS		 871 <varlistentry>
872 <term><varname>AllowLocalRemote=</varname></term>
873 <listitem>
874 <para>A boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
875 Defaults to unset.
876 </para>
877 </listitem>
878 </varlistentry>
798d3a52
ZJS		 879 </variablelist>
880 </refsect1>
881 <refsect1>
882 <title>[Peer] Section Options</title>
883
884 <para>The <literal>[Peer]</literal> section only applies for
885 netdevs of kind <literal>veth</literal> and accepts the
a8eaaee7 886 following keys:</para>
798d3a52
ZJS		 887
888 <variablelist class='network-directives'>
889 <varlistentry>
890 <term><varname>Name=</varname></term>
891 <listitem>
892 <para>The interface name used when creating the netdev.
893 This option is compulsory.</para>
894 </listitem>
895 </varlistentry>
896 <varlistentry>
897 <term><varname>MACAddress=</varname></term>
898 <listitem>
b938cb90 899 <para>The peer MACAddress, if not set, it is generated in
798d3a52
ZJS		 900 the same way as the MAC address of the main
901 interface.</para>
902 </listitem>
903 </varlistentry>
904 </variablelist>
905 </refsect1>
d6df583c
SS		 906 <refsect1>
907 <title>[VXCAN] Section Options</title>
908 <para>The <literal>[VXCAN]</literal> section only applies for
909 netdevs of kind <literal>vxcan</literal> and accepts the
910 following key:</para>
911
912 <variablelist class='network-directives'>
913 <varlistentry>
914 <term><varname>Peer=</varname></term>
915 <listitem>
916 <para>The peer interface name used when creating the netdev.
917 This option is compulsory.</para>
918 </listitem>
919 </varlistentry>
920 </variablelist>
921 </refsect1>
798d3a52
ZJS		 922 <refsect1>
923 <title>[Tun] Section Options</title>
924
925 <para>The <literal>[Tun]</literal> section only applies for
926 netdevs of kind <literal>tun</literal>, and accepts the following
927 keys:</para>
928
929 <variablelist class='network-directives'>
930 <varlistentry>
931 <term><varname>OneQueue=</varname></term>
932 <listitem><para>Takes a boolean argument. Configures whether
933 all packets are queued at the device (enabled), or a fixed
934 number of packets are queued at the device and the rest at the
935 <literal>qdisc</literal>. Defaults to
936 <literal>no</literal>.</para>
937 </listitem>
938 </varlistentry>
939 <varlistentry>
940 <term><varname>MultiQueue=</varname></term>
941 <listitem><para>Takes a boolean argument. Configures whether
942 to use multiple file descriptors (queues) to parallelize
943 packets sending and receiving. Defaults to
944 <literal>no</literal>.</para>
945 </listitem>
946 </varlistentry>
947 <varlistentry>
948 <term><varname>PacketInfo=</varname></term>
949 <listitem><para>Takes a boolean argument. Configures whether
ff9b60f3 950 packets should be prepended with four extra bytes (two flag
b938cb90 951 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 952 the packets will be pure IP packets. Defaults to
953 <literal>no</literal>.</para>
954 </listitem>
955 </varlistentry>
43f78da4 956 <varlistentry>
2aba142e 957 <term><varname>VNetHeader=</varname></term>
43f78da4
SS		 958 <listitem><para>Takes a boolean argument. Configures
959 IFF_VNET_HDR flag for a tap device. It allows sending
960 and receiving larger Generic Segmentation Offload (GSO)
961 packets. This may increase throughput significantly.
962 Defaults to
963 <literal>no</literal>.</para>
964 </listitem>
965 </varlistentry>
798d3a52
ZJS		 966 <varlistentry>
967 <term><varname>User=</varname></term>
968 <listitem><para>User to grant access to the
969 <filename>/dev/net/tun</filename> device.</para>
970 </listitem>
971 </varlistentry>
972 <varlistentry>
973 <term><varname>Group=</varname></term>
974 <listitem><para>Group to grant access to the
975 <filename>/dev/net/tun</filename> device.</para>
976 </listitem>
977 </varlistentry>
978
979 </variablelist>
980
981 </refsect1>
982
983 <refsect1>
984 <title>[Tap] Section Options</title>
985
986 <para>The <literal>[Tap]</literal> section only applies for
987 netdevs of kind <literal>tap</literal>, and accepts the same keys
988 as the <literal>[Tun]</literal> section.</para>
989 </refsect1>
990
e5719363
JT		 991 <refsect1>
992 <title>[WireGuard] Section Options</title>
993
994 <para>The <literal>[WireGuard]</literal> section accepts the following
995 keys:</para>
996
997 <variablelist class='network-directives'>
998 <varlistentry>
999 <term><varname>PrivateKey=</varname></term>
1000 <listitem>
1001 <para>The Base64 encoded private key for the interface. It can be
1002 generated using the <command>wg genkey</command> command
1003 (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
a8d6dbed
JD		 1004 This option is mandatory to use WireGuard.
1005 Note that because this information is secret, you may want to set
1006 the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal>
1007 with a <literal>0640</literal> file mode.</para>
e5719363
JT		 1008 </listitem>
1009 </varlistentry>
1010 <varlistentry>
1011 <term><varname>ListenPort=</varname></term>
1012 <listitem>
1013 <para>Sets UDP port for listening. Takes either value between 1 and 65535
1014 or <literal>auto</literal>. If <literal>auto</literal> is specified,
1015 the port is automatically generated based on interface name.
1016 Defaults to <literal>auto</literal>.</para>
1017 </listitem>
1018 </varlistentry>
1019 <varlistentry>
1020 <term><varname>FwMark=</varname></term>
1021 <listitem>
3209474f 1022 <para>Sets a firewall mark on outgoing WireGuard packets from this interface.</para>
e5719363
JT		 1023 </listitem>
1024 </varlistentry>
1025 </variablelist>
1026 </refsect1>
1027
1028 <refsect1>
1029 <title>[WireGuardPeer] Section Options</title>
1030
1031 <para>The <literal>[WireGuardPeer]</literal> section accepts the following
1032 keys:</para>
1033
1034 <variablelist class='network-directives'>
1035 <varlistentry>
1036 <term><varname>PublicKey=</varname></term>
1037 <listitem>
1038 <para>Sets a Base64 encoded public key calculated by <command>wg pubkey</command>
1039 (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
1040 from a private key, and usually transmitted out of band to the
1041 author of the configuration file. This option is mandatory for this
1042 section.</para>
1043 </listitem>
1044 </varlistentry>
1045 <varlistentry>
1046 <term><varname>PresharedKey=</varname></term>
1047 <listitem>
1048 <para>Optional preshared key for the interface. It can be generated
1049 by the <command>wg genpsk</command> command. This option adds an
1050 additional layer of symmetric-key cryptography to be mixed into the
1051 already existing public-key cryptography, for post-quantum
a8d6dbed
JD		 1052 resistance.
1053 Note that because this information is secret, you may want to set
1054 the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal>
1055 with a <literal>0640</literal> file mode.</para>
e5719363
JT		 1056 </listitem>
1057 </varlistentry>
1058 <varlistentry>
1059 <term><varname>AllowedIPs=</varname></term>
1060 <listitem>
1061 <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks
1062 from which this peer is allowed to send incoming traffic and to
1063 which outgoing traffic for this peer is directed. The catch-all
1064 0.0.0.0/0 may be specified for matching all IPv4 addresses, and
1065 ::/0 may be specified for matching all IPv6 addresses. </para>
1066 </listitem>
1067 </varlistentry>
1068 <varlistentry>
1069 <term><varname>Endpoint=</varname></term>
1070 <listitem>
1071 <para>Sets an endpoint IP address or hostname, followed by a colon, and then
1072 a port number. This endpoint will be updated automatically once to
1073 the most recent source IP address and port of correctly
1074 authenticated packets from the peer at configuration time.</para>
1075 </listitem>
1076 </varlistentry>
1077 <varlistentry>
1078 <term><varname>PersistentKeepalive=</varname></term>
1079 <listitem>
1080 <para>Sets a seconds interval, between 1 and 65535 inclusive, of how often
1081 to send an authenticated empty packet to the peer for the purpose
1082 of keeping a stateful firewall or NAT mapping valid persistently.
1083 For example, if the interface very rarely sends traffic, but it
1084 might at anytime receive traffic from a peer, and it is behind NAT,
1085 the interface might benefit from having a persistent keepalive
1086 interval of 25 seconds. If set to 0 or "off", this option is
1087 disabled. By default or when unspecified, this option is off.
1088 Most users will not need this.</para>
1089 </listitem>
1090 </varlistentry>
1091 </variablelist>
1092 </refsect1>
1093
798d3a52
ZJS		 1094 <refsect1>
1095 <title>[Bond] Section Options</title>
1096
1097 <para>The <literal>[Bond]</literal> section accepts the following
1098 key:</para>
1099
1100 <variablelist class='network-directives'>
1101 <varlistentry>
1102 <term><varname>Mode=</varname></term>
1103 <listitem>
1104 <para>Specifies one of the bonding policies. The default is
1105 <literal>balance-rr</literal> (round robin). Possible values are
1106 <literal>balance-rr</literal>,
1107 <literal>active-backup</literal>,
1108 <literal>balance-xor</literal>,
1109 <literal>broadcast</literal>,
1110 <literal>802.3ad</literal>,
1111 <literal>balance-tlb</literal>, and
1112 <literal>balance-alb</literal>.
1113 </para>
1114 </listitem>
1115 </varlistentry>
1116
1117 <varlistentry>
1118 <term><varname>TransmitHashPolicy=</varname></term>
1119 <listitem>
1120 <para>Selects the transmit hash policy to use for slave
1121 selection in balance-xor, 802.3ad, and tlb modes. Possible
1122 values are
1123 <literal>layer2</literal>,
1124 <literal>layer3+4</literal>,
1125 <literal>layer2+3</literal>,
4d89618a 1126 <literal>encap2+3</literal>, and
798d3a52
ZJS		 1127 <literal>encap3+4</literal>.
1128 </para>
1129 </listitem>
1130 </varlistentry>
1131
1132 <varlistentry>
1133 <term><varname>LACPTransmitRate=</varname></term>
1134 <listitem>
1135 <para>Specifies the rate with which link partner transmits
1136 Link Aggregation Control Protocol Data Unit packets in
1137 802.3ad mode. Possible values are <literal>slow</literal>,
1138 which requests partner to transmit LACPDUs every 30 seconds,
1139 and <literal>fast</literal>, which requests partner to
1140 transmit LACPDUs every second. The default value is
1141 <literal>slow</literal>.</para>
1142 </listitem>
1143 </varlistentry>
1144
1145 <varlistentry>
1146 <term><varname>MIIMonitorSec=</varname></term>
1147 <listitem>
1148 <para>Specifies the frequency that Media Independent
1149 Interface link monitoring will occur. A value of zero
dd2b607b 1150 disables MII link monitoring. This value is rounded down to
798d3a52
ZJS		 1151 the nearest millisecond. The default value is 0.</para>
1152 </listitem>
1153 </varlistentry>
1154
1155 <varlistentry>
1156 <term><varname>UpDelaySec=</varname></term>
1157 <listitem>
1158 <para>Specifies the delay before a link is enabled after a
1159 link up status has been detected. This value is rounded down
1160 to a multiple of MIIMonitorSec. The default value is
1161 0.</para>
1162 </listitem>
1163 </varlistentry>
1164
1165 <varlistentry>
1166 <term><varname>DownDelaySec=</varname></term>
1167 <listitem>
1168 <para>Specifies the delay before a link is disabled after a
1169 link down status has been detected. This value is rounded
1170 down to a multiple of MIIMonitorSec. The default value is
1171 0.</para>
1172 </listitem>
1173 </varlistentry>
1174
81bd37a8 1175 <varlistentry>
38422da7 1176 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 1177 <listitem>
1178 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7
JE		 1179 driver sends learning packets to each slave peer switch.
1180 The valid range is 1–0x7fffffff; the default value is 1. This option
1181 has an effect only for the balance-tlb and balance-alb modes.</para>
81bd37a8
SS		 1182 </listitem>
1183 </varlistentry>
1184
1185 <varlistentry>
1186 <term><varname>AdSelect=</varname></term>
1187 <listitem>
1188 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
1189 <literal>stable</literal>,
a8eaaee7
JE		 1190 <literal>bandwidth</literal> and
1191 <literal>count</literal>.
81bd37a8
SS		 1192 </para>
1193 </listitem>
1194 </varlistentry>
1195
1196 <varlistentry>
38422da7 1197 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 1198 <listitem>
a8eaaee7
JE		 1199 <para>Specifies whether the active-backup mode should set all slaves to
1200 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 1201 bond's MAC address in accordance with the selected policy. The default policy is none.
1202 Possible values are
1203 <literal>none</literal>,
a8eaaee7
JE		 1204 <literal>active</literal> and
1205 <literal>follow</literal>.
81bd37a8
SS		 1206 </para>
1207 </listitem>
1208 </varlistentry>
1209
1210 <varlistentry>
38422da7 1211 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 1212 <listitem>
1213 <para>Specifies whether or not ARP probes and replies should be
38422da7 1214 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 1215 non-ARP traffic should be filtered (disregarded) for link
1216 monitoring purposes. Possible values are
1217 <literal>none</literal>,
1218 <literal>active</literal>,
a8eaaee7
JE		 1219 <literal>backup</literal> and
1220 <literal>all</literal>.
81bd37a8
SS		 1221 </para>
1222 </listitem>
1223 </varlistentry>
1224
1225 <varlistentry>
38422da7 1226 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8
SS		 1227 <listitem>
1228 <para>Specifies the ARP link monitoring frequency in milliseconds.
1229 A value of 0 disables ARP monitoring. The default value is 0.
1230 </para>
1231 </listitem>
1232 </varlistentry>
1233
1234 <varlistentry>
38422da7 1235 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 1236 <listitem>
1237 <para>Specifies the IP addresses to use as ARP monitoring peers when
38422da7 1238 ARPIntervalSec is greater than 0. These are the targets of the ARP request
81bd37a8 1239 sent to determine the health of the link to the targets.
a8eaaee7 1240 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 1241 address must be given for ARP monitoring to function. The
1242 maximum number of targets that can be specified is 16. The
1243 default value is no IP addresses.
1244 </para>
1245 </listitem>
1246 </varlistentry>
1247
1248 <varlistentry>
38422da7 1249 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 1250 <listitem>
38422da7 1251 <para>Specifies the quantity of ARPIPTargets that must be reachable
81bd37a8
SS		 1252 in order for the ARP monitor to consider a slave as being up.
1253 This option affects only active-backup mode for slaves with
38422da7 1254 ARPValidate enabled. Possible values are
a8eaaee7
JE		 1255 <literal>any</literal> and
1256 <literal>all</literal>.
81bd37a8
SS		 1257 </para>
1258 </listitem>
1259 </varlistentry>
1260
1261 <varlistentry>
38422da7 1262 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 1263 <listitem>
1264 <para>Specifies the reselection policy for the primary slave. This
1265 affects how the primary slave is chosen to become the active slave
1266 when failure of the active slave or recovery of the primary slave
1267 occurs. This option is designed to prevent flip-flopping between
1268 the primary slave and other slaves. Possible values are
1269 <literal>always</literal>,
a8eaaee7
JE		 1270 <literal>better</literal> and
1271 <literal>failure</literal>.
81bd37a8
SS		 1272 </para>
1273 </listitem>
1274 </varlistentry>
1275
1276 <varlistentry>
1277 <term><varname>ResendIGMP=</varname></term>
1278 <listitem>
1279 <para>Specifies the number of IGMP membership reports to be issued after
1280 a failover event. One membership report is issued immediately after
1281 the failover, subsequent packets are sent in each 200ms interval.
b938cb90 1282 The valid range is 0–255. Defaults to 1. A value of 0
81bd37a8
SS		 1283 prevents the IGMP membership report from being issued in response
1284 to the failover event.
1285 </para>
1286 </listitem>
1287 </varlistentry>
1288
1289 <varlistentry>
1290 <term><varname>PacketsPerSlave=</varname></term>
1291 <listitem>
b938cb90
JE		 1292 <para>Specify the number of packets to transmit through a slave before
1293 moving to the next one. When set to 0, then a slave is chosen at
1294 random. The valid range is 0–65535. Defaults to 1. This option
a8eaaee7 1295 only has effect when in balance-rr mode.
81bd37a8
SS		 1296 </para>
1297 </listitem>
1298 </varlistentry>
1299
1300 <varlistentry>
38422da7 1301 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 1302 <listitem>
1303 <para>Specify the number of peer notifications (gratuitous ARPs and
1304 unsolicited IPv6 Neighbor Advertisements) to be issued after a
b938cb90 1305 failover event. As soon as the link is up on the new slave,
81bd37a8
SS		 1306 a peer notification is sent on the bonding device and each
1307 VLAN sub-device. This is repeated at each link monitor interval
38422da7 1308 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
a8eaaee7 1309 greater than 1. The valid range is 0–255. The default value is 1.
38422da7 1310 These options affect only the active-backup mode.
81bd37a8
SS		 1311 </para>
1312 </listitem>
1313 </varlistentry>
1314
1315 <varlistentry>
1316 <term><varname>AllSlavesActive=</varname></term>
1317 <listitem>
a8eaaee7
JE		 1318 <para>A boolean. Specifies that duplicate frames (received on inactive ports)
1319 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 1320 duplicate frames (received on inactive ports), which is desirable for
1321 most users. But there are some times it is nice to allow duplicate
1322 frames to be delivered. The default value is false (drop duplicate frames
1323 received on inactive ports).
1324 </para>
1325 </listitem>
1326 </varlistentry>
1327
1328 <varlistentry>
1329 <term><varname>MinLinks=</varname></term>
1330 <listitem>
1331 <para>Specifies the minimum number of links that must be active before
1332 asserting carrier. The default value is 0.
1333 </para>
1334 </listitem>
1335 </varlistentry>
798d3a52 1336 </variablelist>
81bd37a8
SS		 1337
1338 <para>For more detail information see
1339 <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
1340 Linux Ethernet Bonding Driver HOWTO</ulink></para>
1341
798d3a52
ZJS		 1342 </refsect1>
1343
1344 <refsect1>
1345 <title>Example</title>
1346 <example>
6c1695be 1347 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 1348
1349 <programlisting>[NetDev]
eac684ef
TG		 1350Name=bridge0
1351Kind=bridge</programlisting>
798d3a52 1352 </example>
eac684ef 1353
798d3a52 1354 <example>
6c1695be 1355 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 1356
798d3a52 1357 <programlisting>[Match]
eac684ef
TG		 1358Virtualization=no
1359
1360[NetDev]
1361Name=vlan1
1362Kind=vlan
1363
1364[VLAN]
1365Id=1</programlisting>
798d3a52
ZJS		 1366 </example>
1367 <example>
6c1695be 1368 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 1369 <programlisting>[NetDev]
b35a2909
TG		 1370Name=ipip-tun
1371Kind=ipip
1372MTUBytes=1480
1373
1374[Tunnel]
1375Local=192.168.223.238
1376Remote=192.169.224.239
1377TTL=64</programlisting>
798d3a52
ZJS		 1378 </example>
1379 <example>
6c1695be 1380 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 1381 <programlisting>[NetDev]
30ae9dfd
SS		 1382Name=tap-test
1383Kind=tap
1384
1385[Tap]
1386MultiQueue=true
1387PacketInfo=true</programlisting> </example>
eac684ef 1388
798d3a52 1389 <example>
6c1695be 1390 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 1391 <programlisting>[NetDev]
b35a2909
TG		 1392Name=sit-tun
1393Kind=sit
1394MTUBytes=1480
1395
1396[Tunnel]
1397Local=10.65.223.238
1398Remote=10.65.223.239</programlisting>
798d3a52 1399 </example>
eac684ef 1400
798d3a52 1401 <example>
6c1695be 1402 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 1403 <programlisting>[NetDev]
b35a2909
TG		 1404Name=gre-tun
1405Kind=gre
1406MTUBytes=1480
1407
1408[Tunnel]
1409Local=10.65.223.238
1410Remote=10.65.223.239</programlisting>
798d3a52 1411 </example>
b35a2909 1412
798d3a52 1413 <example>
6c1695be 1414 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 1415
798d3a52 1416 <programlisting>[NetDev]
b35a2909
TG		 1417Name=vti-tun
1418Kind=vti
1419MTUBytes=1480
1420
1421[Tunnel]
1422Local=10.65.223.238
1423Remote=10.65.223.239</programlisting>
798d3a52 1424 </example>
b35a2909 1425
798d3a52 1426 <example>
6c1695be 1427 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 1428 <programlisting>[NetDev]
b35a2909
TG		 1429Name=veth-test
1430Kind=veth
1431
1432[Peer]
1433Name=veth-peer</programlisting>
798d3a52 1434 </example>
b35a2909 1435
d94facdc 1436 <example>
6c1695be 1437 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 1438 <programlisting>[NetDev]
1439Name=bond1
1440Kind=bond
1441
1442[Bond]
1443Mode=802.3ad
1444TransmitHashPolicy=layer3+4
1445MIIMonitorSec=1s
1446LACPTransmitRate=fast
1447</programlisting>
1448 </example>
1449
798d3a52 1450 <example>
6c1695be 1451 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 1452 <programlisting>[NetDev]
9e358851
TG		 1453Name=dummy-test
1454Kind=dummy
1455MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 1456 </example>
20897a0d
AR		 1457 <example>
1458 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 1459 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 1460 <programlisting>[NetDev]
1461Name=vrf-test
1462Kind=vrf
798d3a52 1463
20897a0d 1464[VRF]
362f6336 1465Table=42</programlisting>
20897a0d 1466 </example>
42125eda
SS		 1467
1468 <example>
1469 <title>/etc/systemd/network/25-macvtap.netdev</title>
1470 <para>Create a MacVTap device.</para>
1471 <programlisting>[NetDev]
1472Name=macvtap-test
1473Kind=macvtap
1474 </programlisting>
1475 </example>
e5719363
JT		 1476 <example>
1477 <title>/etc/systemd/network/25-wireguard.netdev</title>
1478 <programlisting>[NetDev]
1479Name=wg0
1480Kind=wireguard
1481
1482[WireGuard]
1483PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
1484ListenPort=51820
1485
1486[WireGuardPeer]
1487PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
1488AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
1489Endpoint=wireguard.example.com:51820</programlisting>
1490 </example>
798d3a52
ZJS		 1491 </refsect1>
1492 <refsect1>
1493 <title>See Also</title>
1494 <para>
1495 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1496 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1497 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1498 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1499 </para>
1500 </refsect1>
eac684ef
TG		 1501
1502</refentry>
Unnamed repository; edit this file 'description' to name the repository.