1SYSTEMD.NETWORK(5) systemd.network SYSTEMD.NETWORK(5)
2
6 systemd.network - Network configuration
7
9 network.network
10
12 Network setup is performed by systemd-networkd(8).
13 Network files must have the extension .network; other extensions are
15 ignored. Networks are applied to links whenever the links appear.
16 The .network files are read from the files located in the system
18 network directory /usr/lib/systemd/network, the volatile runtime
19 network directory /run/systemd/network and the local administration
20 network directory /etc/systemd/network. All configuration files are
21 collectively sorted and processed in lexical order, regardless of the
22 directories in which they live. However, files with identical filenames
23 replace each other. Files in /etc have the highest priority, files in
24 /run take precedence over files with the same name in /usr/lib. This
25 can be used to override a system-supplied configuration file with a
26 local file if needed; a symlink in /etc with the same name as a
27 configuration file in /usr/lib, pointing to /dev/null, disables the
28 configuration file entirely.
29
31 The network file contains a "[Match]" section, which determines if a
32 given network file may be applied to a given device; and a "[Network]"
33 section specifying how the device should be configured. The first (in
34 lexical order) of the network files that matches a given device is
35 applied.
36 A network file is said to match a device if each of the entries in the
38 "[Match]" section matches, or if the section is empty. The following
39 keys are accepted:
40 MACAddress=
42 The hardware address.
43 Path=
45 A whitespace-separated list of shell-style globs matching the
46 persistent path, as exposed by the udev property "ID_PATH".
47 Driver=
49 A whitespace-separated list of shell-style globs matching the
50 driver currently bound to the device, as exposed by the udev
51 property "DRIVER" of its parent device, or if that is not set the
52 driver as exposed by "ethtool -i" of the device itself.
53 Type=
55 A whitespace-separated list of shell-style globs matching the
56 device type, as exposed by the udev property "DEVTYPE".
57 Name=
59 A whitespace-separated list of shell-style globs matching the
60 device name, as exposed by the udev property "INTERFACE".
61 Host=
63 Matches against the hostname or machine ID of the host. See
64 "ConditionHost=" in systemd.unit(5) for details.
65 Virtualization=
67 Checks whether the system is executed in a virtualized environment
68 and optionally test whether it is a specific implementation. See
69 "ConditionVirtualization=" in systemd.unit(5) for details.
70 KernelCommandLine=
72 Checks whether a specific kernel command line option is set (or if
73 prefixed with the exclamation mark unset). See
74 "ConditionKernelCommandLine=" in systemd.unit(5) for details.
75 Architecture=
77 Checks whether the system is running on a specific architecture.
78 See "ConditionArchitecture=" in systemd.unit(5) for details.
79
81 The "[Link]" section accepts the following keys:
82 MACAddress=
84 The hardware address.
85 MTUBytes=
87 The maximum transmission unit in bytes to set for the device. The
88 usual suffixes K, M, G, are supported and are understood to the
89 base of 1024.
90
92 The "[Network]" section accepts the following keys:
93 Description=
95 A description of the device. This is only used for presentation
96 purposes.
97 DHCP=
99 Enables DHCPv4 and/or DHCPv6 support. Accepts "yes", "no", "ipv4",
100 or "ipv6".
101 DHCPServer=
103 A boolean. Enables a basic DHCPv4 server on the device. Mostly
104 useful for handing out leases to container instances.
105 LinkLocalAddressing=
107 Enables link-local address autoconfiguration. Accepts "yes", "no",
108 "ipv4", or "ipv6". Defaults to "ipv6".
109 IPv4LLRoute=
111 A boolean. When true, sets up the route needed for non-IPv4LL hosts
112 to communicate with IPv4LL-only hosts. Defaults to false.
113 IPv6Token=
115 An IPv6 address with the top 64 bits unset. When set, indicates the
116 64 bits interface part of SLAAC IPv6 addresses for this link. By
117 default it is autogenerated.
118 LLMNR=
120 A boolean or "resolve". When true, enables Link-Local Multicast
121 Name Resolution on the link, when set to "resolve" only resolution
122 is enabled, but not announcement. Defaults to true.
123 LLDP=
125 A boolean. When true, enables LLDP link receive support.
126 Address=
128 A static IPv4 or IPv6 address and its prefix length, separated by a
129 "/" character. Specify this key more than once to configure several
130 addresses. The format of the address must be as described in
131 inet_pton(3). This is a short-hand for an [Address] section only
132 containing an Address key (see below). This option may be specified
133 more than once.
134 If the specified address is 0.0.0.0 (for IPv4) or [::] (for IPv6),
136 a new address range of the requested size is automatically
137 allocated from a system-wide pool of unused ranges. The allocated
138 range is checked against all current network interfaces and all
139 known network configuration files to avoid address range conflicts.
140 The default system-wide pool consists of 192.168.0.0/16,
141 172.16.0.0/12 and 10.0.0.0/8 for IPv4, and fc00::/7 for IPv6. This
142 functionality is useful to manage a large number of dynamically
143 created network interfaces with the same network configuration and
144 automatic address range assignment.
145 Gateway=
147 The gateway address, which must be in the format described in
148 inet_pton(3). This is a short-hand for a [Route] section only
149 containing a Gateway key. This option may be specified more than
150 once.
151 DNS=
153 A DNS server address, which must be in the format described in
154 inet_pton(3). This option may be specified more than once.
155 Domains=
157 The domains used for DNS resolution over this link.
158 NTP=
160 An NTP server address. This option may be specified more than once.
161 IPForward=
163 Configures IP forwarding for the network interface. If enabled
164 incoming packets on the network interface will be forwarded to
165 other interfaces according to the routing table. Takes either a
166 boolean argument, or the values "ipv4" or "ipv6", which only
167 enables IP forwarding for the specified address family.
168 IPMasquerade=
170 Configures IP masquerading for the network interface. If enabled
171 packets forwarded from the network interface will be appear as
172 coming from the local host. Takes a boolean argument. Implies
173 IPForward=yes.
174 Bridge=
176 The name of the bridge to add the link to.
177 Bond=
179 The name of the bond to add the link to.
180 VLAN=
182 The name of a VLAN to create on the link. This option may be
183 specified more than once.
184 MACVLAN=
186 The name of a MACVLAN to create on the link. This option may be
187 specified more than once.
188 VXLAN=
190 The name of a VXLAN to create on the link. This option may be
191 specified more than once.
192 Tunnel=
194 The name of a Tunnel to create on the link. This option may be
195 specified more than once.
196
198 An "[Address]" section accepts the following keys. Specify several
199 "[Address]" sections to configure several addresses.
200 Address=
202 As in the "[Network]" section. This key is mandatory.
203 Peer=
205 The peer address in a point-to-point connection. Accepts the same
206 format as the "Address" key.
207 Broadcast=
209 The broadcast address, which must be in the format described in
210 inet_pton(3). This key only applies to IPv4 addresses. If it is not
211 given, it is derived from the "Address" key.
212 Label=
214 An address label.
215
217 The "[Route]" section accepts the following keys. Specify several
218 "[Route]" sections to configure several routes.
219 Gateway=
221 As in the "[Network]" section.
222 Destination=
224 The destination prefix of the route. Possibly followed by a slash
225 and the prefixlength. If omitted, a full-length host route is
226 assumed.
227 Source=
229 The source prefix of the route. Possibly followed by a slash and
230 the prefixlength. If omitted, a full-length host route is assumed.
231 Metric=
233 The metric of the route. An unsigned integer
234 Scope=
236 The scope of the route. One of the values "global", "link" or
237 "host". Defaults to "global".
238
240 The "[DHCP]" section accepts the following keys:
241 UseDNS=
243 When true (the default), the DNS servers received from the DHCP
244 server will be used and take precedence over any statically
245 configured ones.
246 UseMTU=
248 When true, the interface maximum transmission unit from the DHCP
249 server will be used on the current link. Defaults to false.
250 SendHostname=
252 When true (the default), the machine's hostname will be sent to the
253 DHCP server
254 UseHostname=
256 When true (the default), the hostname received from the DHCP server
257 will be used as the transient hostname.
258 UseDomains=
260 When true (not the default), the domain name received from the DHCP
261 server will be used for DNS resolution over this link.
262 UseRoutes=
264 When true (the default), the static routes will be requested from
265 the DHCP server and added to the routing table with metric of 1024.
266 CriticalConnection=
268 When true, the connection will never be torn down even if the DHCP
269 lease expires. This is contrary to the DHCP specification, but may
270 be the best choice if, say, the root filesystem relies on this
271 connection. Defaults to false.
272 VendorClassIdentifier=
274 The vendor class identifier used to identify vendor type and
275 configuration.
276 RequestBroadcast=
278 Request the server to use broadcast messages before the IP address
279 has been configured. This is necessary for devices that cannot
280 receive RAW packets, or that cannot receive packets at all before
281 an IP address has been configured. On the other hand, this must not
282 be enabled on networks where broadcasts are filtered out.
283 RouteMetric=
285 Set the routing metric for routes specified by the DHCP server.
286
288 The "[Bridge]" section accepts the following keys.
289 Cost=
291 Each port in a bridge may have different speed. Cost is used to
292 decide which link to use. Faster interfaces should have lower costs
293
295 The "[BridgeFDB]" section manages the forwarding database table of a
296 port and accepts the following keys. Specify several "[BridgeFDB]"
297 sections to configure several static MAC table entries.
298 MACAddress=
300 As in the "[Network]" section. This key is mandatory.
301 VLANId=
303 The VLAN Id for the new static MAC table entry. If omitted, no VLAN
304 Id info is appended to the new static MAC table entry.
305
307 Example 1. /etc/systemd/network/50-static.network
308 [Match]
310 Name=enp2s0
311 [Network]
313 Address=192.168.0.15/24
314 Gateway=192.168.0.1
315 Example 2. /etc/systemd/network/80-dhcp.network
317 [Match]
319 Name=en*
320 [Network]
322 DHCP=yes
323 Example 3. /etc/systemd/network/bridge-static.network
325 [Match]
327 Name=bridge0
328 [Network]
330 Address=192.168.0.15/24
331 Gateway=192.168.0.1
332 DNS=192.168.0.1
333 Example 4. /etc/systemd/network/bridge-slave-interface.network
335 [Match]
337 Name=enp2s0
338 [Network]
340 Bridge=bridge0
341 Example 5. /etc/systemd/network/ipip.network
343 [Match]
345 Name=em1
346 [Network]
348 Tunnel=ipip-tun
349 Example 6. /etc/systemd/network/sit.network
351 [Match]
353 Name=em1
354 [Network]
356 Tunnel=sit-tun
357 Example 7. /etc/systemd/network/gre.network
359 [Match]
361 Name=em1
362 [Network]
364 Tunnel=gre-tun
365 Example 8. /etc/systemd/network/vti.network
367 [Match]
369 Name=em1
370 [Network]
372 Tunnel=vti-tun
373
375 systemd(1), systemd-networkd(8), systemd.link(5), systemd.netdev(5)
376systemd 219 SYSTEMD.NETWORK(5)