| 1. | Linux Ethernet Bonding Driver HOWTO |
| 2. | RFC 2784 |
| 3. | IEEE 802.1Q |
| 4. | VRF |
| 5. | B.A.T.M.A.N. Advanced |
| 6. | System and Service Credentials |
| 7. | Distributed Overlay Virtual Ethernet (DOVE) |
| 8. | VXLAN Group Policy |
| 9. | Generic Protocol Extension for VXLAN |
| 10. | Type of Service in the Internet Protocol Suite |
| 11. | RFC 6437 |
| 12. | RFC 2460 |
| 13. | RFC 2473 |
| 14. | ip-xfrm — transform configuration |
| 15. | Foo over UDP |
| 16. | IPv6 Rapid Deployment |
| 17. | Generic UDP Encapsulation |
| 18. | Virtual XFRM Interfaces |
NAME
systemd.netdev - Virtual Network Device configuration
SYNOPSIS
netdev.netdev
DESCRIPTION
A plain ini-style text file that encodes configuration about a virtual network device, used by systemd-networkd(8). See systemd.syntax(7) for a general description of the syntax.
The main Virtual Network Device file must have the extension .netdev; other extensions are ignored. Virtual network devices are created as soon as systemd-networkd is started if possible. If a netdev with the specified name already exists, systemd-networkd will try to update the config if the kind of the existing netdev is equivalent to the requested one, otherwise (e.g. when bridge device foo exists but bonding device with the same name is configured in a .netdev file) use the existing netdev as-is rather than replacing with the requested netdev. Note, several settings (e.g. vlan ID) cannot be changed after the netdev is created. To change such settings, it is necessary to first remove the existing netdev, and then run networkctl reload command or restart systemd-networkd. See also networkctl(1).
The .netdev files are read from the files located in the system network directory /usr/lib/systemd/network and /usr/local/lib/systemd/network, the volatile runtime network directory /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in alphanumeric order, regardless of the directories in which they live. However, files with identical filenames replace each other. It is recommended that each filename is prefixed with a number smaller than "70" (e.g. 10-vlan.netdev). Otherwise, .netdev files generated by systemd-network-generator.service(8) may take precedence over user configured files. Files in /etc/ have the highest priority, files in /run/ take precedence over files with the same name in /usr/lib/. This can be used to override a system-supplied configuration file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the configuration file entirely (it is "masked").
Along with the netdev file foo.netdev, a "drop-in" directory foo.netdev.d/ may exist. All files with the suffix ".conf" from this directory will be merged in the alphanumeric order and parsed after the main file itself has been parsed. This is useful to alter or add configuration settings, without having to modify the main configuration file. Each drop-in file must have appropriate section headers.
In addition to /etc/systemd/network, drop-in ".d" directories can be placed in /usr/lib/systemd/network or /run/systemd/network directories. Drop-in files in /etc/ take precedence over those in /run/ which in turn take precedence over those in /usr/lib/. Drop-in files under any of these directories take precedence over the main netdev file wherever located. (Of course, since /run/ is temporary and /usr/lib/ is for vendors, it is unlikely drop-ins should be used in either of those places.)
SUPPORTED NETDEV KINDS
The following kinds of virtual network devices may be configured in .netdev files:
Table 1. Supported kinds of virtual network devices
| Kind | Description |
| bond | A bond device is an aggregation of all its slave devices. See Linux Ethernet Bonding Driver HOWTO [1] for details. |
| bridge | A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch. |
| dummy | A dummy device drops all packets sent to it. |
| gre | A Level 3 GRE tunnel over IPv4. See RFC 2784 [2] for details. Name "gre0" should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded. |
| gretap | A Level 2 GRE tunnel over IPv4. Name "gretap0" should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded. |
| erspan | ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch and the destination switch. Name "erspan0" should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded. |
| ip6gre | A Level 3 GRE tunnel over IPv6. |
| ip6tnl | An IPv4 or IPv6 tunnel over IPv6 |
| ip6gretap | A Level 2 GRE tunnel over IPv6. |
| ipip | An IPv4 over IPv4 tunnel. |
| ipvlan | An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering. |
| ipvtap | An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface. |
| macvlan | A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering. |
| macvtap | A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering. |
| sit | An IPv6 over IPv4 tunnel. |
| tap | A persistent Level 2 tunnel between a network device and a device node. |
| tun | A persistent Level 3 tunnel between a network device and a device node. |
| veth | An Ethernet tunnel between a pair of network devices. |
| vlan | A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See IEEE 802.1Q [3] for details. |
| vti | An IPv4 over IPSec tunnel. |
| vti6 | An IPv6 over IPSec tunnel. |
| vxlan | A virtual extensible LAN (vxlan), for connecting Cloud computing deployments. |
| geneve | A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver. |
| l2tp | A Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself |
| macsec | Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats. |
| vrf | A Virtual Routing and Forwarding ( VRF [4]) interface to create separate routing and forwarding domains. |
| vcan | The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface. |
| vxcan | The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication. |
| wireguard | WireGuard Secure Network Tunnel. |
| nlmon | A Netlink monitor device. Use an nlmon device when you want to monitor system Netlink messages. |
| fou | Foo-over-UDP tunneling. |
| xfrm | A virtual tunnel interface like vti/vti6 but with several advantages. |
| ifb | The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic. |
| bareudp | Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of a UDP tunnel. |
| batadv | B.A.T.M.A.N. Advanced [5] is a routing protocol for multi-hop mobile ad-hoc networks which operates on layer 2. |
| ipoib | An IP over Infiniband subinterface. |
| wlan | A virtual wireless network (WLAN) interface. |
[MATCH] SECTION OPTIONS
A virtual network device is only created if the [Match] section matches the current environment, or if the section is empty. The following keys are accepted:
Host=
Added in version 211.
Virtualization=
Added in version 211.
KernelCommandLine=
Added in version 211.
KernelVersion=
Added in version 237.
Credential=
Added in version 252.
Architecture=
Added in version 211.
Firmware=
Added in version 249.
[NETDEV] SECTION OPTIONS
The [NetDev] section accepts the following keys:
Description=
Added in version 215.
Name=
Added in version 211.
Kind=
Added in version 211.
MTUBytes=
Added in version 215.
MACAddress=
Note, even if "none" is specified, systemd-udevd will assign the persistent MAC address for the device, as 99-default.link has MACAddressPolicy=persistent. So, it is also necessary to create a custom .link file for the device, if the MAC address assignment is not desired.
Added in version 215.
[BRIDGE] SECTION OPTIONS
The [Bridge] section only applies for netdevs of kind "bridge", and accepts the following keys:
HelloTimeSec=
Added in version 227.
MaxAgeSec=
Added in version 227.
ForwardDelaySec=
Added in version 227.
AgeingTimeSec=
Added in version 232.
Priority=
Added in version 232.
GroupForwardMask=
Added in version 235.
DefaultPVID=
Added in version 232.
MulticastQuerier=
Added in version 230.
MulticastSnooping=
Added in version 230.
VLANFiltering=
Added in version 231.
VLANProtocol=
Added in version 246.
STP=
Added in version 232.
MulticastIGMPVersion=
Added in version 243.
FDBMaxLearned=
Added in version 257.
[VLAN] SECTION OPTIONS
The [VLAN] section only applies for netdevs of kind "vlan", and accepts the following key:
Id=
Added in version 211.
Protocol=
Added in version 248.
GVRP=
Added in version 234.
MVRP=
Added in version 234.
LooseBinding=
Added in version 234.
ReorderHeader=
Added in version 234.
EgressQOSMaps=, IngressQOSMaps=
Added in version 248.
[MACVLAN] SECTION OPTIONS
The [MACVLAN] section only applies for netdevs of kind "macvlan", and accepts the following key:
Mode=
Added in version 211.
SourceMACAddress=
Added in version 246.
BroadcastMulticastQueueLength=
Added in version 248.
BroadcastQueueThreshold=
Added in version 256.
[MACVTAP] SECTION OPTIONS
The [MACVTAP] section applies for netdevs of kind "macvtap" and accepts the same keys as [MACVLAN].
[IPVLAN] SECTION OPTIONS
The [IPVLAN] section only applies for netdevs of kind "ipvlan", and accepts the following key:
Mode=
Added in version 219.
Flags=
Added in version 237.
[IPVTAP] SECTION OPTIONS
The [IPVTAP] section only applies for netdevs of kind "ipvtap" and accepts the same keys as [IPVLAN].
[VXLAN] SECTION OPTIONS
The [VXLAN] section only applies for netdevs of kind "vxlan", and accepts the following keys:
VNI=
Added in version 243.
Remote=
Added in version 233.
Local=
Added in version 233.
Group=
Added in version 243.
TOS=
Added in version 215.
TTL=
Added in version 215.
MacLearning=
Added in version 215.
FDBAgeingSec=
Added in version 218.
MaximumFDBEntries=
Added in version 228.
ReduceARPProxy=
Added in version 233.
L2MissNotification=
Added in version 218.
L3MissNotification=
Added in version 218.
RouteShortCircuit=
Added in version 218.
UDPChecksum=
Added in version 220.
UDP6ZeroChecksumTx=
Added in version 220.
UDP6ZeroChecksumRx=
Added in version 220.
RemoteChecksumTx=
Added in version 232.
RemoteChecksumRx=
Added in version 232.
GroupPolicyExtension=
Added in version 224.
GenericProtocolExtension=
Added in version 243.
DestinationPort=
Added in version 229.
PortRange=
Added in version 229.
FlowLabel=
Added in version 234.
IPDoNotFragment=
Added in version 243.
Independent=
Added in version 247.
[GENEVE] SECTION OPTIONS
The [GENEVE] section only applies for netdevs of kind "geneve", and accepts the following keys:
Id=
Added in version 234.
Remote=
Added in version 234.
TOS=
Added in version 234.
TTL=
Added in version 234.
UDPChecksum=
Added in version 234.
UDP6ZeroChecksumTx=
Added in version 234.
UDP6ZeroChecksumRx=
Added in version 234.
DestinationPort=
Added in version 234.
FlowLabel=
Added in version 234.
IPDoNotFragment=
Added in version 243.
InheritInnerProtocol=
Added in version 254.
[BAREUDP] SECTION OPTIONS
The [BareUDP] section only applies for netdevs of kind "bareudp", and accepts the following keys:
DestinationPort=
Added in version 247.
EtherType=
Added in version 247.
MinSourcePort=
Added in version 257.
[L2TP] SECTION OPTIONS
The [L2TP] section only applies for netdevs of kind "l2tp", and accepts the following keys:
TunnelId=
Added in version 242.
PeerTunnelId=
Added in version 242.
Remote=
Added in version 242.
Local=
Added in version 242.
EncapsulationType=
Added in version 242.
UDPSourcePort=
Added in version 242.
UDPDestinationPort=
Added in version 245.
UDPChecksum=
Added in version 242.
UDP6ZeroChecksumTx=
Added in version 242.
UDP6ZeroChecksumRx=
Added in version 242.
[L2TPSESSION] SECTION OPTIONS
The [L2TPSession] section only applies for netdevs of kind "l2tp", and accepts the following keys:
Name=
Added in version 242.
SessionId=
Added in version 242.
PeerSessionId=
Added in version 242.
Layer2SpecificHeader=
Added in version 242.
[MACSEC] SECTION OPTIONS
The [MACsec] section only applies for network devices of kind "macsec", and accepts the following keys:
Port=
Added in version 243.
Encrypt=
Added in version 243.
[MACSECRECEIVECHANNEL] SECTION OPTIONS
The [MACsecReceiveChannel] section only applies for network devices of kind "macsec", and accepts the following keys:
Port=
Added in version 243.
MACAddress=
Added in version 243.
[MACSECTRANSMITASSOCIATION] SECTION OPTIONS
The [MACsecTransmitAssociation] section only applies for network devices of kind "macsec", and accepts the following keys:
PacketNumber=
Added in version 243.
KeyId=
Added in version 243.
Key=
Added in version 243.
KeyFile=
Added in version 243.
Activate=
Added in version 243.
UseForEncoding=
Added in version 243.
[MACSECRECEIVEASSOCIATION] SECTION OPTIONS
The [MACsecReceiveAssociation] section only applies for network devices of kind "macsec", and accepts the following keys:
Port=
Added in version 243.
MACAddress=
Added in version 243.
PacketNumber=
Added in version 243.
KeyId=
Added in version 243.
Key=
Added in version 243.
KeyFile=
Added in version 243.
Activate=
Added in version 243.
[TUNNEL] SECTION OPTIONS
The [Tunnel] section only applies for netdevs of kind "ipip", "sit", "gre", "gretap", "ip6gre", "ip6gretap", "vti", "vti6", "ip6tnl", and "erspan" and accepts the following keys:
External=
Added in version 251.
Local=
Added in version 215.
Remote=
Added in version 215.
TOS=
Added in version 215.
TTL=
Added in version 215.
DiscoverPathMTU=
Added in version 215.
IgnoreDontFragment=
Added in version 254.
IPv6FlowLabel=
Added in version 223.
CopyDSCP=
Added in version 223.
EncapsulationLimit=
Added in version 226.
Key=
Added in version 231.
InputKey=
Added in version 231.
OutputKey=
Added in version 231.
Mode=
Added in version 219.
Independent=
Added in version 235.
AssignToLoopback=
Added in version 243.
AllowLocalRemote=
Added in version 237.
FooOverUDP=
Added in version 240.
FOUDestinationPort=
Added in version 240.
FOUSourcePort=
Added in version 240.
Encapsulation=
Added in version 240.
IPv6RapidDeploymentPrefix=
Added in version 240.
ISATAP=
Added in version 240.
SerializeTunneledPackets=
Added in version 240.
ERSPANVersion=
Added in version 252.
ERSPANIndex=
Added in version 240.
ERSPANDirection=
Added in version 252.
ERSPANHardwareId=
Added in version 252.
[FOOOVERUDP] SECTION OPTIONS
The [FooOverUDP] section only applies for netdevs of kind "fou" and accepts the following keys:
Encapsulation=
Added in version 240.
Port=
Added in version 240.
PeerPort=
Added in version 243.
Protocol=
Added in version 240.
Peer=
Added in version 243.
Local=
Added in version 243.
[PEER] SECTION OPTIONS
The [Peer] section only applies for netdevs of kind "veth" and accepts the following keys:
Name=
Added in version 215.
MACAddress=
Added in version 215.
[VXCAN] SECTION OPTIONS
The [VXCAN] section only applies for netdevs of kind "vxcan" and accepts the following key:
Peer=
Added in version 236.
[TUN] SECTION OPTIONS
The [Tun] section only applies for netdevs of kind "tun", and accepts the following keys:
MultiQueue=
Added in version 215.
PacketInfo=
Added in version 215.
VNetHeader=
Added in version 223.
User=
Added in version 215.
Group=
Added in version 215.
KeepCarrier=
Added in version 252.
[TAP] SECTION OPTIONS
The [Tap] section only applies for netdevs of kind "tap", and accepts the same keys as the [Tun] section.
[WIREGUARD] SECTION OPTIONS
The [WireGuard] section accepts the following keys:
PrivateKey=
Note that because this information is secret, it is strongly recommended to use an (encrypted) credential. Alternatively, you may want to set the permissions of the .netdev file to be owned by "root:systemd-network" with a "0640" file mode.
Added in version 237.
PrivateKeyFile=
Added in version 242.
ListenPort=
Added in version 237.
FirewallMark=
Added in version 243.
RouteTable=
Added in version 250.
RouteMetric=
Added in version 250.
[WIREGUARDPEER] SECTION OPTIONS
The [WireGuardPeer] section accepts the following keys:
PublicKey=
Added in version 237.
PublicKeyFile=
Added in version 257.
PresharedKey=
Note that because this information is secret, it is strongly recommended to use an (encrypted) credential. Alternatively, you may want to set the permissions of the .netdev file to be owned by "root:systemd-network" with a "0640" file mode.
Added in version 237.
PresharedKeyFile=
Added in version 242.
AllowedIPs=
The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Note that this only affects routing inside the network interface itself, i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in the first place, an appropriate route needs to be added as well — either in the "[Routes]" section on the ".network" matching the wireguard interface, or externally to systemd-networkd.
Added in version 237.
Endpoint=
This option honors the "@" prefix in the same way as the PrivateKey= setting of the [WireGuard] section.
Added in version 237.
PersistentKeepalive=
Added in version 237.
RouteTable=
Added in version 250.
RouteMetric=
Added in version 250.
[BOND] SECTION OPTIONS
The [Bond] section accepts the following key:
Mode=
Added in version 216.
TransmitHashPolicy=
Added in version 216.
LACPTransmitRate=
Added in version 216.
MIIMonitorSec=
Added in version 216.
PeerNotifyDelaySec=
Added in version 256.
UpDelaySec=
Added in version 216.
DownDelaySec=
Added in version 216.
LearnPacketIntervalSec=
Added in version 220.
AdSelect=
Added in version 220.
AdActorSystemPriority=
Added in version 240.
AdUserPortKey=
Added in version 240.
AdActorSystem=
Added in version 240.
FailOverMACPolicy=
Added in version 220.
ARPValidate=
Added in version 220.
ARPIntervalSec=
Added in version 220.
ARPIPTargets=
Added in version 220.
ARPAllTargets=
Added in version 220.
PrimaryReselectPolicy=
Added in version 220.
ResendIGMP=
Added in version 220.
PacketsPerSlave=
Added in version 220.
GratuitousARP=
Added in version 220.
AllSlavesActive=
Added in version 220.
DynamicTransmitLoadBalancing=
Added in version 240.
MinLinks=
Added in version 220.
ARPMissedMax=
Added in version 256.
For more detail information see Linux Ethernet Bonding Driver HOWTO[1]
[XFRM] SECTION OPTIONS
The [Xfrm] section accepts the following keys:
InterfaceId=
Added in version 243.
Independent=
Added in version 243.
For more detail information see Virtual XFRM Interfaces[18].
[VRF] SECTION OPTIONS
The [VRF] section only applies for netdevs of kind "vrf" and accepts the following key:
Table=
Added in version 243.
[BATMANADVANCED] SECTION OPTIONS
The [BatmanAdvanced] section only applies for netdevs of kind "batadv" and accepts the following keys:
GatewayMode=
Added in version 248.
Aggregation=
Added in version 248.
BridgeLoopAvoidance=
Added in version 248.
DistributedArpTable=
Added in version 248.
Fragmentation=
Added in version 248.
HopPenalty=
Added in version 248.
OriginatorIntervalSec=
Added in version 248.
GatewayBandwidthDown=
Added in version 248.
GatewayBandwidthUp=
Added in version 248.
RoutingAlgorithm=
Added in version 248.
[IPOIB] SECTION OPTIONS
The [IPoIB] section only applies for netdevs of kind "ipoib" and accepts the following keys:
PartitionKey=
Added in version 250.
Mode=
When "datagram", the Infiniband unreliable datagram (UD) transport is used, and so the interface MTU is equal to the IB L2 MTU minus the IPoIB encapsulation header (4 bytes). For example, in a typical IB fabric with a 2K MTU, the IPoIB MTU will be 2048 - 4 = 2044 bytes.
When "connected", the Infiniband reliable connected (RC) transport is used. Connected mode takes advantage of the connected nature of the IB transport and allows an MTU up to the maximal IP packet size of 64K, which reduces the number of IP packets needed for handling large UDP datagrams, TCP segments, etc and increases the performance for large messages.
Added in version 250.
IgnoreUserspaceMulticastGroup=
Added in version 250.
[WLAN] SECTION OPTIONS
The [WLAN] section only applies to WLAN interfaces, and accepts the following keys:
PhysicalDevice=
Added in version 251.
Type=
Added in version 251.
WDS=
Added in version 251.
EXAMPLES
Example 1. /etc/systemd/network/25-bridge.netdev
[NetDev]
Name=bridge0
Kind=bridgeExample 2. /etc/systemd/network/25-vlan1.netdev
[Match]
Virtualization=no
[NetDev]
Name=vlan1
Kind=vlan
[VLAN]
Id=1Example 3. /etc/systemd/network/25-ipip.netdev
[NetDev]
Name=ipip-tun
Kind=ipip
MTUBytes=1480
[Tunnel]
Local=192.168.223.238
Remote=192.169.224.239
TTL=64Example 4. /etc/systemd/network/1-fou-tunnel.netdev
[NetDev]
Name=fou-tun
Kind=fou
[FooOverUDP]
Port=5555
Protocol=4Example 5. /etc/systemd/network/25-fou-ipip.netdev
[NetDev]
Name=ipip-tun
Kind=ipip
[Tunnel]
Independent=yes
Local=10.65.208.212
Remote=10.65.208.211
FooOverUDP=yes
FOUDestinationPort=5555Example 6. /etc/systemd/network/25-tap.netdev
[NetDev]
Name=tap-test
Kind=tap
[Tap]
MultiQueue=yes
PacketInfo=yesExample 7. /etc/systemd/network/25-sit.netdev
[NetDev]
Name=sit-tun
Kind=sit
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239Example 8. /etc/systemd/network/25-6rd.netdev
[NetDev]
Name=6rd-tun
Kind=sit
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
IPv6RapidDeploymentPrefix=2602::/24Example 9. /etc/systemd/network/25-gre.netdev
[NetDev]
Name=gre-tun
Kind=gre
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239Example 10. /etc/systemd/network/25-ip6gre.netdev
[NetDev]
Name=ip6gre-tun
Kind=ip6gre
[Tunnel]
Key=123Example 11. /etc/systemd/network/25-vti.netdev
[NetDev]
Name=vti-tun
Kind=vti
MTUBytes=1480
[Tunnel]
Local=10.65.223.238
Remote=10.65.223.239Example 12. /etc/systemd/network/25-veth.netdev
[NetDev]
Name=veth-test
Kind=veth
[Peer]
Name=veth-peerExample 13. /etc/systemd/network/25-bond.netdev
[NetDev]
Name=bond1
Kind=bond
[Bond]
Mode=802.3ad
TransmitHashPolicy=layer3+4
MIIMonitorSec=1s
LACPTransmitRate=fastExample 14. /etc/systemd/network/25-dummy.netdev
[NetDev]
Name=dummy-test
Kind=dummy
MACAddress=12:34:56:78:9a:bcExample 15. /etc/systemd/network/25-vrf.netdev
Create a VRF interface with table 42.
[NetDev]
Name=vrf-test
Kind=vrf
[VRF]
Table=42Example 16. /etc/systemd/network/25-macvtap.netdev
Create a MacVTap device.
[NetDev]
Name=macvtap-test
Kind=macvtapExample 17. /etc/systemd/network/25-wireguard.netdev
[NetDev]
Name=wg0
Kind=wireguard
[WireGuard]
PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
ListenPort=51820
[WireGuardPeer]
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
Endpoint=wireguard.example.com:51820Example 18. /etc/systemd/network/27-xfrm.netdev
[NetDev]
Name=xfrm0
Kind=xfrm
[Xfrm]
Independent=yesSEE ALSO
systemd(1), systemd-networkd.service(8), systemd.link(5), systemd.network(5), systemd-network-generator.service(8)
NOTES
- 1.
Linux Ethernet Bonding Driver HOWTO
- 2.
RFC 2784
- 3.
IEEE 802.1Q
- 4.
VRF
- 5.
B.A.T.M.A.N. Advanced
- 6.
System and Service Credentials
- 7.
Distributed Overlay Virtual Ethernet (DOVE)
- 8.
VXLAN Group Policy
- 9.
Generic Protocol Extension for VXLAN
- 10.
Type of Service in the Internet Protocol Suite
- 11.
RFC 6437
- 12.
RFC 2460
- 13.
RFC 2473
- 14.
ip-xfrm — transform configuration
- 15.
Foo over UDP
- 16.
IPv6 Rapid Deployment
- 17.
Generic UDP Encapsulation
- 18.
Virtual XFRM Interfaces