needed. As a special case, an empty file (file size 0) or symlink
with the same name pointing to <filename>/dev/null</filename>
disables the configuration file entirely (it is "masked").</para>
+
+ <para>Note that an interface without any static IPv6 addresses configured, and neither DHCPv6 nor IPv6LL enabled,
+ shall be considered to have no IPv6 support. IPv6 will be automatically disabled for that interface by writing "1"
+ to <filename>/proc/sys/net/ipv6/conf/<replaceable>ifname</replaceable>/disable_ipv6</filename>.
+ </para>
</refsect1>
<refsect1>
<varlistentry>
<term><varname>MACAddress=</varname></term>
<listitem>
- <para>The hardware address.</para>
+ <para>The hardware address of the interface (use full colon-delimited hexadecimal, e.g.,
+ 01:23:45:67:89:ab).</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>MACAddress=</varname></term>
<listitem>
- <para>The hardware address.</para>
+ <para>The hardware address to set for the device.</para>
</listitem>
</varlistentry>
<varlistentry>
<para>The maximum transmission unit in bytes to set for the
device. The usual suffixes K, M, G, are supported and are
understood to the base of 1024.</para>
+ <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
+ below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>IAIDValue=</varname></term>
+ <term><varname>ARP=</varname></term>
<listitem>
- <para>Identity Association Identifier for the interface. This is a 32-bit value specified in host byte order.</para>
+ <para> A boolean. Enables or disables the ARP (low-level Address Resolution Protocol)
+ for this interface. Defaults to unset, which means that the kernel default will be used.</para>
+ <para> For example, disabling ARP is useful when creating multiple MACVLAN or VLAN virtual
+ interfaces atop a single lower-level physical interface, which will then only serve as a
+ link/"bridge" device aggregating traffic to the same physical link and not participate in
+ the network otherwise.</para>
</listitem>
</varlistentry>
</variablelist>
By enabling DHCPv6 support explicitly, the DHCPv6 client will
be started regardless of the presence of routers on the link,
or what flags the routers pass. See
- <literal>IPv6AcceptRouterAdvertisements=</literal>.</para>
+ <literal>IPv6AcceptRA=</literal>.</para>
<para>Furthermore, note that by default the domain name
specified through DHCP is not used for name resolution.
See option <option>UseDomains=</option> below.</para>
+
+ <para>See the <literal>[DHCP]</literal> section below for further configuration options for the DHCP client
+ support.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>EmitLLDP=</varname></term>
<listitem>
- <para>Controls support for Ethernet LLDP packet emission. Accepts a boolean parameter and defaults to
- false. If enabled a short LLDP packet with information about the local system is sent out in regular
- intervals on the link. The LLDP packet will contain information about the local host name, the local
- machine ID (as stored in
- <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the
+ <para>Controls support for Ethernet LLDP packet emission. Accepts a boolean parameter or the special values
+ <literal>nearest-bridge</literal>, <literal>non-tpmr-bridge</literal> and
+ <literal>customer-bridge</literal>. Defaults to false, which turns off LLDP packet emission. If not false,
+ a short LLDP packet with information about the local system is sent out in regular intervals on the
+ link. The LLDP packet will contain information about the local host name, the local machine ID (as stored
+ in <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the
local interface name, as well as the pretty hostname of the system (as set in
<citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>). LLDP
- emission is only available on Ethernet links. Note that this setting passed data suitable for
- identification of host to the network and should thus not be used on untrusted networks, where such
- identification data should not be made available. Use this option to enable other systems to identify on
- which interface they are connected to this system. See <varname>LLDP=</varname> above for an option to
- enable LLDP reception.</para>
+ emission is only available on Ethernet links. Note that this setting passes data suitable for
+ identification of host to the network and should thus not be enabled on untrusted networks, where such
+ identification data should not be made available. Use this option to permit other systems to identify on
+ which interfaces they are connected to this system. The three special values control propagation of the
+ LLDP packets. The <literal>nearest-bridge</literal> setting permits propagation only to the nearest
+ connected bridge, <literal>non-tpmr-bridge</literal> permits propagation across Two-Port MAC Relays, but
+ not any other bridges, and <literal>customer-bridge</literal> permits propagation until a customer bridge
+ is reached. For details about these concepts, see <ulink
+ url="http://standards.ieee.org/getieee802/download/802.1AB-2009.pdf">IEEE 802.1AB-2009</ulink>. Note that
+ configuring this setting to true is equivalent to <literal>nearest-bridge</literal>, the recommended and
+ most restricted level of propagation. See <varname>LLDP=</varname> above for an option to enable LLDP
+ reception.</para>
</listitem>
</varlistentry>
<varlistentry>
<literal>no</literal>.</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>IPv6AcceptRouterAdvertisements=</varname></term>
- <listitem><para>Force the setting of the <filename>accept_ra</filename>
- (router advertisements) setting for the interface.
- When unset, the kernel default is used, and router
- advertisements are accepted only when local forwarding
- is disabled for that interface.
- When router advertisements are accepted, they will
- trigger the start of the DHCPv6 client if the relevant
- flags are passed, or if no routers are found on the link.
- Takes a boolean. If true, router advertisements are
- accepted, when false, router advertisements are ignored,
- independently of the local forwarding state.</para>
-
- <para>See
- <ulink url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink>
- in the kernel documentation, but note that systemd's
- setting of <constant>1</constant> corresponds to
- kernel's setting of <constant>2</constant>.</para>
+ <term><varname>IPv6AcceptRA=</varname></term>
+ <listitem><para>Enable or disable IPv6 Router Advertisement (RA) reception support for the interface. Takes
+ a boolean parameter. If true, RAs are accepted; if false, RAs are ignored, independently of the local
+ forwarding state. When not set, the kernel default is used, and RAs are accepted only when local forwarding
+ is disabled for that interface. When RAs are accepted, they may trigger the start of the DHCPv6 client if
+ the relevant flags are set in the RA data, or if no routers are found on the link.</para>
+
+ <para>Further settings for the IPv6 RA support may be configured in the
+ <literal>[IPv6AcceptRA]</literal> section, see below.</para>
+
+ <para>Also see <ulink
+ url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel
+ documentation regarding <literal>accept_ra</literal>, but note that systemd's setting of
+ <constant>1</constant> (i.e. true) corresponds to kernel's setting of <constant>2</constant>.</para>
</listitem>
</varlistentry>
<varlistentry>
Defaults to unset.
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>ProxyARP=</varname></term>
+ <listitem><para>A boolean. Configures proxy ARP. Proxy ARP is the technique in which one host,
+ usually a router, answers ARP requests intended for another machine. By "faking" its identity,
+ the router accepts responsibility for routing packets to the "real" destination. (see <ulink
+ url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
+ Defaults to unset.
+ </para></listitem>
+ </varlistentry>
<varlistentry>
<term><varname>Bridge=</varname></term>
<listitem>
<para>The name of the bond to add the link to.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>VRF=</varname></term>
+ <listitem>
+ <para>The name of the VRF to add the link to.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>VLAN=</varname></term>
<listitem>
<para>An address label.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>PreferredLifetime=</varname></term>
+ <listitem>
+ <para>Allows the default "preferred lifetime" of the address to be overridden.
+ Only three settings are accepted: <literal>forever</literal> or <literal>infinity</literal>
+ which is the default and means that the address never expires, and <literal>0</literal> which means
+ that the address is considered immediately "expired" and will not be used,
+ unless explicitly requested. A setting of PreferredLifetime=0 is useful for
+ addresses which are added to be used only by a specific application,
+ which is then configured to use them explicitly.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>Table=<replaceable>num</replaceable></varname></term>
+ <listitem>
+ <para>The table identifier for the route (a number between 1 and 4294967295, or 0 to unset).
+ The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
false.</para>
<para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
- of all host names, in particular to single-label names. It is generally safer to use the supplied domain
+ of all host names, in particular of single-label names. It is generally safer to use the supplied domain
only as routing domain, rather than as search domain, in order to not have it affect local resolution of
single-label names.</para>
false.</para>
</listitem>
</varlistentry>
+
<varlistentry>
<term><varname>ClientIdentifier=</varname></term>
<listitem>
- <para>DHCP client identifier to use. Either <literal>mac</literal>
- to use the MAC address of the link or <literal>duid</literal>
- (the default) to use a RFC4361-compliant Client ID.</para>
+ <para>The DHCPv4 client identifier to use. Either <literal>mac</literal> to use the MAC address of the link
+ or <literal>duid</literal> (the default, see below) to use an RFC4361-compliant Client ID.</para>
</listitem>
</varlistentry>
+
<varlistentry>
<term><varname>VendorClassIdentifier=</varname></term>
<listitem>
type and configuration.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>DUIDType=</varname></term>
+ <listitem>
+ <para>Override the global <varname>DUIDType</varname> setting for this network. See
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for a description of possible values.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DUIDRawData=</varname></term>
+ <listitem>
+ <para>Override the global <varname>DUIDRawData</varname> setting for this network. See
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for a description of possible values.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>IAID=</varname></term>
+ <listitem>
+ <para>The DHCP Identity Association Identifier (IAID) for the interface, a 32-bit unsigned integer.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>RequestBroadcast=</varname></term>
<listitem>
networks where broadcasts are filtered out.</para>
</listitem>
</varlistentry>
+
<varlistentry>
<term><varname>RouteMetric=</varname></term>
<listitem>
</listitem>
</varlistentry>
</variablelist>
+ </refsect1>
+ <refsect1>
+ <title>[IPv6AcceptRA] Section Options</title>
+ <para>The <literal>[IPv6AcceptRA]</literal> section configures the IPv6 Router Advertisement
+ (RA) client, if it is enabled with the <varname>IPv6AcceptRA=</varname> setting described
+ above:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>UseDNS=</varname></term>
+ <listitem>
+ <para>When true (the default), the DNS servers received in the Router Advertisement will be used and take
+ precedence over any statically configured ones.</para>
+
+ <para>This corresponds to the <option>nameserver</option> option in <citerefentry
+ project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>UseDomains=</varname></term>
+ <listitem>
+ <para>Takes a boolean argument, or the special value <literal>route</literal>. When true, the domain name
+ received via IPv6 Router Advertisement (RA) will be used as DNS search domain over this link, similar to
+ the effect of the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name
+ received via IPv6 RA will be used for routing DNS queries only, but not for searching, similar to the
+ effect of the <option>Domains=</option> setting when the argument is prefixed with
+ <literal>~</literal>. Defaults to false.</para>
+
+ <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
+ of all host names, in particular of single-label names. It is generally safer to use the supplied domain
+ only as routing domain, rather than as search domain, in order to not have it affect local resolution of
+ single-label names.</para>
+
+ <para>When set to true, this setting corresponds to the <option>domain</option> option in <citerefentry
+ project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
+
<refsect1>
<title>[DHCPServer] Section Options</title>
<para>The <literal>[DHCPServer]</literal> section contains
<varname>DNS=</varname>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>EmitRouter=</varname></term>
+
+ <listitem><para>Similar to the <varname>EmitDNS=</varname>
+ setting described above, this setting configures whether the
+ DHCP lease should contain the router option. The same syntax,
+ propagation semantics and defaults apply as for
+ <varname>EmitDNS=</varname>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>EmitTimezone=</varname></term>
<term><varname>Timezone=</varname></term>
</varlistentry>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>[BridgeVLAN] Section Options</title>
+ <para>The <literal>[BridgeVLAN]</literal> section manages the VLAN ID configuration of a bridge port and accepts
+ the following keys. Specify several <literal>[BridgeVLAN]</literal> sections to configure several VLAN entries.
+ The <varname>VLANFiltering=</varname> option has to be enabled, see <literal>[Bridge]</literal> section in
+ <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>VLAN=</varname></term>
+ <listitem>
+ <para>The VLAN ID allowed on the port. This can be either a single ID or a range M-N. VLAN IDs are valid
+ from 1 to 4094.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>EgressUntagged=</varname></term>
+ <listitem>
+ <para>The VLAN ID specified here will be used to untag frames on egress. Configuring
+ <varname>EgressUntagged=</varname> implicates the use of <varname>VLAN=</varname> above and will enable the
+ VLAN ID for ingress as well. This can be either a single ID or a range M-N.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>PVID=</varname></term>
+ <listitem>
+ <para>The Port VLAN ID specified here is assigned to all untagged frames at ingress.
+ <varname>PVID=</varname> can be used only once. Configuring <varname>PVID=</varname> implicates the use of
+ <varname>VLAN=</varname> above and will enable the VLAN ID for ingress as well.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
<refsect1>
<title>Example</title>
[Network]
Bridge=bridge0</programlisting>
+ </example>
+ <example>
+ <title>/etc/systemd/network/25-bridge-slave-interface-vlan.network</title>
+
+ <programlisting>[Match]
+Name=enp2s0
+
+[Network]
+Bridge=bridge0
+
+[BridgeVLAN]
+VLAN=1-32
+PVID=42
+EgressUntagged=42
+
+[BridgeVLAN]
+VLAN=100-200
+
+[BridgeVLAN]
+EgressUntagged=300-400</programlisting>
</example>
<example>
<title>/etc/systemd/network/25-ipip.network</title>
[Network]
DHCP=yes
+</programlisting>
+ </example>
+
+ <example>
+ <title>/etc/systemd/network/25-vrf.network</title>
+ <para>Add the bond1 interface to the VRF master interface vrf-test. This will redirect routes generated on this interface to be within the routing table defined during VRF creation. Traffic won't be redirected towards the VRFs routing table unless specific ip-rules are added.</para>
+ <programlisting>[Match]
+Name=bond1
+
+[Network]
+VRF=vrf-test
</programlisting>
</example>
projects / thirdparty / systemd.git / blobdiff