Imported Upstream version 220

[systemd.git] / man / systemd.network.5

'\" t
.TH "SYSTEMD\&.NETWORK" "5" "" "systemd 220" "systemd.network"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd.network \- Network configuration
.SH "SYNOPSIS"
.PP
\fInetwork\fR\&.network
.SH "DESCRIPTION"
.PP
Network setup is performed by
\fBsystemd-networkd\fR(8)\&.
.PP
Network files must have the extension
\&.network; other extensions are ignored\&. Networks are applied to links whenever the links appear\&.
.PP
The
\&.network
files are read from the files located in the system network directory
/usr/lib/systemd/network, the volatile runtime network directory
/run/systemd/network
and the local administration network directory
/etc/systemd/network\&. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live\&. However, files with identical filenames replace each other\&. Files in
/etc
have the highest priority, files in
/run
take precedence over files with the same name in
/usr/lib\&. This can be used to override a system\-supplied configuration file with a local file if needed; a symlink in
/etc
with the same name as a configuration file in
/usr/lib, pointing to
/dev/null, disables the configuration file entirely\&.
.SH "[MATCH] SECTION OPTIONS"
.PP
The network file contains a
"[Match]"
section, which determines if a given network file may be applied to a given device; and a
"[Network]"
section specifying how the device should be configured\&. The first (in lexical order) of the network files that matches a given device is applied, all later files are ignored, even if they match as well\&.
.PP
A network file is said to match a device if each of the entries in the
"[Match]"
section matches, or if the section is empty\&. The following keys are accepted:
.PP
\fIMACAddress=\fR
.RS 4
The hardware address\&.
.RE
.PP
\fIPath=\fR
.RS 4
A whitespace\-separated list of shell\-style globs matching the persistent path, as exposed by the udev property
"ID_PATH"\&.
.RE
.PP
\fIDriver=\fR
.RS 4
A whitespace\-separated list of shell\-style globs matching the driver currently bound to the device, as exposed by the udev property
"DRIVER"
of its parent device, or if that is not set the driver as exposed by
"ethtool \-i"
of the device itself\&.
.RE
.PP
\fIType=\fR
.RS 4
A whitespace\-separated list of shell\-style globs matching the device type, as exposed by the udev property
"DEVTYPE"\&.
.RE
.PP
\fIName=\fR
.RS 4
A whitespace\-separated list of shell\-style globs matching the device name, as exposed by the udev property
"INTERFACE"\&.
.RE
.PP
\fIHost=\fR
.RS 4
Matches against the hostname or machine ID of the host\&. See
"ConditionHost="
in
\fBsystemd.unit\fR(5)
for details\&.
.RE
.PP
\fIVirtualization=\fR
.RS 4
Checks whether the system is executed in a virtualized environment and optionally test whether it is a specific implementation\&. See
"ConditionVirtualization="
in
\fBsystemd.unit\fR(5)
for details\&.
.RE
.PP
\fIKernelCommandLine=\fR
.RS 4
Checks whether a specific kernel command line option is set (or if prefixed with the exclamation mark unset)\&. See
"ConditionKernelCommandLine="
in
\fBsystemd.unit\fR(5)
for details\&.
.RE
.PP
\fIArchitecture=\fR
.RS 4
Checks whether the system is running on a specific architecture\&. See
"ConditionArchitecture="
in
\fBsystemd.unit\fR(5)
for details\&.
.RE
.SH "[LINK] SECTION OPTIONS"
.PP
The
"[Link]"
section accepts the following keys:
.PP
\fIMACAddress=\fR
.RS 4
The hardware address\&.
.RE
.PP
\fIMTUBytes=\fR
.RS 4
The maximum transmission unit in bytes to set for the device\&. The usual suffixes K, M, G, are supported and are understood to the base of 1024\&.
.RE
.SH "[NETWORK] SECTION OPTIONS"
.PP
The
"[Network]"
section accepts the following keys:
.PP
\fIDescription=\fR
.RS 4
A description of the device\&. This is only used for presentation purposes\&.
.RE
.PP
\fIDHCP=\fR
.RS 4
Enables DHCPv4 and/or DHCPv6 support\&. Accepts
"yes",
"no",
"ipv4", or
"ipv6"\&.
.sp
Please note that by default the domain name specified through DHCP is not used for name resolution\&. See option
\fBUseDomains=\fR
below\&.
.RE
.PP
\fIDHCPServer=\fR
.RS 4
A boolean\&. Enables a basic DHCPv4 server on the device\&. Mostly useful for handing out leases to container instances\&.
.RE
.PP
\fILinkLocalAddressing=\fR
.RS 4
Enables link\-local address autoconfiguration\&. Accepts
"yes",
"no",
"ipv4", or
"ipv6"\&. Defaults to
"ipv6"\&.
.RE
.PP
\fIIPv4LLRoute=\fR
.RS 4
A boolean\&. When true, sets up the route needed for non\-IPv4LL hosts to communicate with IPv4LL\-only hosts\&. Defaults to false\&.
.RE
.PP
\fIIPv6Token=\fR
.RS 4
An IPv6 address with the top 64 bits unset\&. When set, indicates the 64 bits interface part of SLAAC IPv6 addresses for this link\&. By default it is autogenerated\&.
.RE
.PP
\fILLMNR=\fR
.RS 4
A boolean or
"resolve"\&. When true, enables Link\-Local Multicast Name Resolution on the link, when set to
"resolve"
only resolution is enabled, but not announcement\&. Defaults to true\&.
.RE
.PP
\fILLDP=\fR
.RS 4
A boolean\&. When true, enables LLDP link receive support\&.
.RE
.PP
\fIBindCarrier=\fR
.RS 4
A port or a list of ports\&. When set, controls the behaviour of the current interface\&. When all ports in the list are in an operational down state, the current interface is brought down\&. When at least one port has carrier, the current interface is brought up\&.
.RE
.PP
\fIAddress=\fR
.RS 4
A static IPv4 or IPv6 address and its prefix length, separated by a
"/"
character\&. Specify this key more than once to configure several addresses\&. The format of the address must be as described in
\fBinet_pton\fR(3)\&. This is a short\-hand for an [Address] section only containing an Address key (see below)\&. This option may be specified more than once\&.
.sp
If the specified address is 0\&.0\&.0\&.0 (for IPv4) or [::] (for IPv6), a new address range of the requested size is automatically allocated from a system\-wide pool of unused ranges\&. The allocated range is checked against all current network interfaces and all known network configuration files to avoid address range conflicts\&. The default system\-wide pool consists of 192\&.168\&.0\&.0/16, 172\&.16\&.0\&.0/12 and 10\&.0\&.0\&.0/8 for IPv4, and fc00::/7 for IPv6\&. This functionality is useful to manage a large number of dynamically created network interfaces with the same network configuration and automatic address range assignment\&.
.RE
.PP
\fIGateway=\fR
.RS 4
The gateway address, which must be in the format described in
\fBinet_pton\fR(3)\&. This is a short\-hand for a [Route] section only containing a Gateway key\&. This option may be specified more than once\&.
.RE
.PP
\fIDNS=\fR
.RS 4
A DNS server address, which must be in the format described in
\fBinet_pton\fR(3)\&. This option may be specified more than once\&.
.RE
.PP
\fIDomains=\fR
.RS 4
The domains used for DNS resolution over this link\&.
.RE
.PP
\fINTP=\fR
.RS 4
An NTP server address\&. This option may be specified more than once\&.
.RE
.PP
\fIIPForward=\fR
.RS 4
Configures IP forwarding for the network interface\&. If enabled incoming packets on the network interface will be forwarded to other interfaces according to the routing table\&. Takes either a boolean argument, or the values
"ipv4"
or
"ipv6", which only enables IP forwarding for the specified address family\&. This controls the
net\&.ipv4\&.conf\&.<interface>\&.forwarding
and
net\&.ipv6\&.conf\&.<interface>\&.forwarding
sysctl options of the network interface (see
\m[blue]\fBip\-sysctl\&.txt\fR\m[]\&\s-2\u[1]\d\s+2
for details about sysctl options)\&. Defaults to
"no"\&.
.sp
Note: unless this option is turned on, no IP forwarding is done on this interface, even if this is globally turned on in the kernel, with the
net\&.ipv4\&.ip_forward
and
net\&.ipv4\&.ip_forward
sysctl options\&.
.RE
.PP
\fIIPMasquerade=\fR
.RS 4
Configures IP masquerading for the network interface\&. If enabled packets forwarded from the network interface will be appear as coming from the local host\&. Takes a boolean argument\&. Implies
\fIIPForward=ipv4\fR\&. Defaults to
"no"\&.
.RE
.PP
\fIBridge=\fR
.RS 4
The name of the bridge to add the link to\&.
.RE
.PP
\fIBond=\fR
.RS 4
The name of the bond to add the link to\&.
.RE
.PP
\fIVLAN=\fR
.RS 4
The name of a VLAN to create on the link\&. This option may be specified more than once\&.
.RE
.PP
\fIMACVLAN=\fR
.RS 4
The name of a MACVLAN to create on the link\&. This option may be specified more than once\&.
.RE
.PP
\fIVXLAN=\fR
.RS 4
The name of a VXLAN to create on the link\&. This option may be specified more than once\&.
.RE
.PP
\fITunnel=\fR
.RS 4
The name of a Tunnel to create on the link\&. This option may be specified more than once\&.
.RE
.SH "[ADDRESS] SECTION OPTIONS"
.PP
An
"[Address]"
section accepts the following keys\&. Specify several
"[Address]"
sections to configure several addresses\&.
.PP
\fIAddress=\fR
.RS 4
As in the
"[Network]"
section\&. This key is mandatory\&.
.RE
.PP
\fIPeer=\fR
.RS 4
The peer address in a point\-to\-point connection\&. Accepts the same format as the
"Address"
key\&.
.RE
.PP
\fIBroadcast=\fR
.RS 4
The broadcast address, which must be in the format described in
\fBinet_pton\fR(3)\&. This key only applies to IPv4 addresses\&. If it is not given, it is derived from the
"Address"
key\&.
.RE
.PP
\fILabel=\fR
.RS 4
An address label\&.
.RE
.SH "[ROUTE] SECTION OPTIONS"
.PP
The
"[Route]"
section accepts the following keys\&. Specify several
"[Route]"
sections to configure several routes\&.
.PP
\fIGateway=\fR
.RS 4
As in the
"[Network]"
section\&.
.RE
.PP
\fIDestination=\fR
.RS 4
The destination prefix of the route\&. Possibly followed by a slash and the prefixlength\&. If omitted, a full\-length host route is assumed\&.
.RE
.PP
\fISource=\fR
.RS 4
The source prefix of the route\&. Possibly followed by a slash and the prefixlength\&. If omitted, a full\-length host route is assumed\&.
.RE
.PP
\fIMetric=\fR
.RS 4
The metric of the route\&. An unsigned integer
.RE
.PP
\fIScope=\fR
.RS 4
The scope of the route\&. One of the values
"global",
"link"
or
"host"\&. Defaults to
"global"\&.
.RE
.SH "[DHCP] SECTION OPTIONS"
.PP
The
"[DHCP]"
section accepts the following keys:
.PP
\fIUseDNS=\fR
.RS 4
When true (the default), the DNS servers received from the DHCP server will be used and take precedence over any statically configured ones\&.
.sp
This corresponds to the
\fBnameserver\fR
option in
\fBresolv.conf\fR(5)\&.
.RE
.PP
\fIUseNTP=\fR
.RS 4
When true (the default), the NTP servers received from the DHCP server will be used by systemd\-timesyncd and take precedence over any statically configured ones\&.
.RE
.PP
\fIUseMTU=\fR
.RS 4
When true, the interface maximum transmission unit from the DHCP server will be used on the current link\&. Defaults to false\&.
.RE
.PP
\fISendHostname=\fR
.RS 4
When true (the default), the machine\*(Aqs hostname will be sent to the DHCP server
.RE
.PP
\fIUseHostname=\fR
.RS 4
When true (the default), the hostname received from the DHCP server will be used as the transient hostname\&.
.RE
.PP
\fIUseDomains=\fR
.RS 4
When true (not the default), the domain name received from the DHCP server will be used for DNS resolution over this link\&. When a name cannot be resolved as specified, the domain name will be used a suffix and name resolution of that will be attempted\&.
.sp
This corresponds to the
\fBdomain\fR
option in
\fBresolv.conf\fR(5)
and should not be enabled on untrusted networks\&.
.RE
.PP
\fIUseRoutes=\fR
.RS 4
When true (the default), the static routes will be requested from the DHCP server and added to the routing table with metric of 1024\&.
.RE
.PP
\fICriticalConnection=\fR
.RS 4
When true, the connection will never be torn down even if the DHCP lease expires\&. This is contrary to the DHCP specification, but may be the best choice if, say, the root filesystem relies on this connection\&. Defaults to false\&.
.RE
.PP
\fIClientIdentifier=\fR
.RS 4
DHCP client identifier to use\&. Either
"mac"
to use the MAC address of the link or
"duid"
(the default) to use a RFC4361\-compliant Client ID\&.
.RE
.PP
\fIVendorClassIdentifier=\fR
.RS 4
The vendor class identifier used to identify vendor type and configuration\&.
.RE
.PP
\fIRequestBroadcast=\fR
.RS 4
Request the server to use broadcast messages before the IP address has been configured\&. This is necessary for devices that cannot receive RAW packets, or that cannot receive packets at all before an IP address has been configured\&. On the other hand, this must not be enabled on networks where broadcasts are filtered out\&.
.RE
.PP
\fIRouteMetric=\fR
.RS 4
Set the routing metric for routes specified by the DHCP server\&.
.RE
.SH "[BRIDGE] SECTION OPTIONS"
.PP
The
"[Bridge]"
section accepts the following keys\&.
.PP
\fICost=\fR
.RS 4
Each port in a bridge may have different speed\&. Cost is used to decide which link to use\&. Faster interfaces should have lower costs
.RE
.SH "[BRIDGEFDB] SECTION OPTIONS"
.PP
The
"[BridgeFDB]"
section manages the forwarding database table of a port and accepts the following keys\&. Specify several
"[BridgeFDB]"
sections to configure several static MAC table entries\&.
.PP
\fIMACAddress=\fR
.RS 4
As in the
"[Network]"
section\&. This key is mandatory\&.
.RE
.PP
\fIVLANId=\fR
.RS 4
The VLAN Id for the new static MAC table entry\&. If omitted, no VLAN Id info is appended to the new static MAC table entry\&.
.RE
.SH "EXAMPLE"
.PP
\fBExample\ \&1.\ \&/etc/systemd/network/50-static.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=enp2s0

[Network]
Address=192\&.168\&.0\&.15/24
Gateway=192\&.168\&.0\&.1
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&2.\ \&/etc/systemd/network/80-dhcp.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=en*

[Network]
DHCP=yes
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&3.\ \&/etc/systemd/network/bridge-static.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=bridge0

[Network]
Address=192\&.168\&.0\&.15/24
Gateway=192\&.168\&.0\&.1
DNS=192\&.168\&.0\&.1
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&4.\ \&/etc/systemd/network/bridge-slave-interface.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=enp2s0

[Network]
Bridge=bridge0
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&5.\ \&/etc/systemd/network/ipip.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=em1

[Network]
Tunnel=ipip\-tun
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&6.\ \&/etc/systemd/network/sit.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=em1

[Network]
Tunnel=sit\-tun
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&7.\ \&/etc/systemd/network/gre.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=em1

[Network]
Tunnel=gre\-tun
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&8.\ \&/etc/systemd/network/vti.network\fR
.sp
.if n \{\
.RS 4
.\}
.nf
[Match]
Name=em1

[Network]
Tunnel=vti\-tun
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1),
\fBsystemd-networkd\fR(8),
\fBsystemd.link\fR(5),
\fBsystemd.netdev\fR(5)
.SH "NOTES"
.IP " 1." 4
ip-sysctl.txt
.RS 4
\%https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
.RE