1SYSTEMD.NETWORK(5) systemd.network SYSTEMD.NETWORK(5)
2
6 systemd.network - Network configuration
7
9 network.network
10
12 A plain ini-style text file that encodes network configuration for
13 matching network interfaces, used by systemd-networkd(8). See
14 systemd.syntax(7) for a general description of the syntax.
15 The main network file must have the extension .network; other
17 extensions are ignored. Networks are applied to links whenever the
18 links appear.
19 The .network files are read from the files located in the system
21 network directories /usr/lib/systemd/network and
22 /usr/local/lib/systemd/network, the volatile runtime network directory
23 /run/systemd/network and the local administration network directory
24 /etc/systemd/network. All configuration files are collectively sorted
25 and processed in lexical order, regardless of the directories in which
26 they live. However, files with identical filenames replace each other.
27 Files in /etc/ have the highest priority, files in /run/ take
28 precedence over files with the same name under /usr/. This can be used
29 to override a system-supplied configuration file with a local file if
30 needed. As a special case, an empty file (file size 0) or symlink with
31 the same name pointing to /dev/null disables the configuration file
32 entirely (it is "masked").
33 Along with the network file foo.network, a "drop-in" directory
35 foo.network.d/ may exist. All files with the suffix ".conf" from this
36 directory will be parsed after the file itself is parsed. This is
37 useful to alter or add configuration settings, without having to modify
38 the main configuration file. Each drop-in file must have appropriate
39 section headers.
40 In addition to /etc/systemd/network, drop-in ".d" directories can be
42 placed in /usr/lib/systemd/network or /run/systemd/network directories.
43 Drop-in files in /etc/ take precedence over those in /run/ which in
44 turn take precedence over those in /usr/lib/. Drop-in files under any
45 of these directories take precedence over the main network file
46 wherever located.
47
49 The network file contains a [Match] section, which determines if a
50 given network file may be applied to a given device; and a [Network]
51 section specifying how the device should be configured. The first (in
52 lexical order) of the network files that matches a given device is
53 applied, all later files are ignored, even if they match as well.
54 A network file is said to match a network interface if all matches
56 specified by the [Match] section are satisfied. When a network file
57 does not contain valid settings in [Match] section, then the file will
58 match all interfaces and systemd-networkd warns about that. Hint: to
59 avoid the warning and to make it clear that all interfaces shall be
60 matched, add the following:
61 Name=*
63 The following keys are accepted:
65 MACAddress=
67 A whitespace-separated list of hardware addresses. Use full colon-,
68 hyphen- or dot-delimited hexadecimal. See the example below. This
69 option may appear more than once, in which case the lists are
70 merged. If the empty string is assigned to this option, the list of
71 hardware addresses defined prior to this is reset.
72 Example:
74 MACAddress=01:23:45:67:89:ab 00-11-22-33-44-55 AABB.CCDD.EEFF
76 PermanentMACAddress=
78 A whitespace-separated list of hardware's permanent addresses.
79 While MACAddress= matches the device's current MAC address, this
80 matches the device's permanent MAC address, which may be different
81 from the current one. Use full colon-, hyphen- or dot-delimited
82 hexadecimal. This option may appear more than once, in which case
83 the lists are merged. If the empty string is assigned to this
84 option, the list of hardware addresses defined prior to this is
85 reset.
86 Path=
88 A whitespace-separated list of shell-style globs matching the
89 persistent path, as exposed by the udev property ID_PATH.
90 Driver=
92 A whitespace-separated list of shell-style globs matching the
93 driver currently bound to the device, as exposed by the udev
94 property ID_NET_DRIVER of its parent device, or if that is not set,
95 the driver as exposed by ethtool -i of the device itself. If the
96 list is prefixed with a "!", the test is inverted.
97 Type=
99 A whitespace-separated list of shell-style globs matching the
100 device type, as exposed by networkctl list. If the list is prefixed
101 with a "!", the test is inverted. Some valid values are "ether",
102 "loopback", "wlan", "wwan". Valid types are named either from the
103 udev "DEVTYPE" attribute, or "ARPHRD_" macros in linux/if_arp.h, so
104 this is not comprehensive.
105 Property=
107 A whitespace-separated list of udev property name with its value
108 after a equal ("="). If multiple properties are specified, the test
109 results are ANDed. If the list is prefixed with a "!", the test is
110 inverted. If a value contains white spaces, then please quote whole
111 key and value pair. If a value contains quotation, then please
112 escape the quotation with "\".
113 Example: if a .link file has the following:
115 Property=ID_MODEL_ID=9999 "ID_VENDOR_FROM_DATABASE=vendor name" "KEY=with \"quotation\""
117 then, the .link file matches only when an interface has all the
119 above three properties.
120 Name=
122 A whitespace-separated list of shell-style globs matching the
123 device name, as exposed by the udev property "INTERFACE", or
124 device's alternative names. If the list is prefixed with a "!", the
125 test is inverted.
126 WLANInterfaceType=
128 A whitespace-separated list of wireless network type. Supported
129 values are "ad-hoc", "station", "ap", "ap-vlan", "wds", "monitor",
130 "mesh-point", "p2p-client", "p2p-go", "p2p-device", "ocb", and
131 "nan". If the list is prefixed with a "!", the test is inverted.
132 SSID=
134 A whitespace-separated list of shell-style globs matching the SSID
135 of the currently connected wireless LAN. If the list is prefixed
136 with a "!", the test is inverted.
137 BSSID=
139 A whitespace-separated list of hardware address of the currently
140 connected wireless LAN. Use full colon-, hyphen- or dot-delimited
141 hexadecimal. See the example in MACAddress=. This option may appear
142 more than once, in which case the lists are merged. If the empty
143 string is assigned to this option, the list is reset.
144 Host=
146 Matches against the hostname or machine ID of the host. See
147 ConditionHost= in systemd.unit(5) for details. When prefixed with
148 an exclamation mark ("!"), the result is negated. If an empty
149 string is assigned, then previously assigned value is cleared.
150 Virtualization=
152 Checks whether the system is executed in a virtualized environment
153 and optionally test whether it is a specific implementation. See
154 ConditionVirtualization= in systemd.unit(5) for details. When
155 prefixed with an exclamation mark ("!"), the result is negated. If
156 an empty string is assigned, then previously assigned value is
157 cleared.
158 KernelCommandLine=
160 Checks whether a specific kernel command line option is set. See
161 ConditionKernelCommandLine= in systemd.unit(5) for details. When
162 prefixed with an exclamation mark ("!"), the result is negated. If
163 an empty string is assigned, then previously assigned value is
164 cleared.
165 KernelVersion=
167 Checks whether the kernel version (as reported by uname -r) matches
168 a certain expression. See ConditionKernelVersion= in
169 systemd.unit(5) for details. When prefixed with an exclamation mark
170 ("!"), the result is negated. If an empty string is assigned, then
171 previously assigned value is cleared.
172 Architecture=
174 Checks whether the system is running on a specific architecture.
175 See ConditionArchitecture= in systemd.unit(5) for details. When
176 prefixed with an exclamation mark ("!"), the result is negated. If
177 an empty string is assigned, then previously assigned value is
178 cleared.
179
181 The [Link] section accepts the following keys:
182 MACAddress=
184 The hardware address to set for the device.
185 MTUBytes=
187 The maximum transmission unit in bytes to set for the device. The
188 usual suffixes K, M, G, are supported and are understood to the
189 base of 1024.
190 Note that if IPv6 is enabled on the interface, and the MTU is
192 chosen below 1280 (the minimum MTU for IPv6) it will automatically
193 be increased to this value.
194 ARP=
196 Takes a boolean. If set to true, the ARP (low-level Address
197 Resolution Protocol) for this interface is enabled. When unset, the
198 kernel's default will be used.
199 For example, disabling ARP is useful when creating multiple MACVLAN
201 or VLAN virtual interfaces atop a single lower-level physical
202 interface, which will then only serve as a link/"bridge" device
203 aggregating traffic to the same physical link and not participate
204 in the network otherwise. Defaults to unset.
205 Multicast=
207 Takes a boolean. If set to true, the multicast flag on the device
208 is enabled. Defaults to unset.
209 AllMulticast=
211 Takes a boolean. If set to true, the driver retrieves all multicast
212 packets from the network. This happens when multicast routing is
213 enabled. Defaults to unset.
214 Promiscuous=
216 Takes a boolean. If set to true, promiscuous mode of the interface
217 is enabled. Defaults to unset.
218 Unmanaged=
220 Takes a boolean. When "yes", no attempts are made to bring up or
221 configure matching links, equivalent to when there are no matching
222 network files. Defaults to "no".
223 This is useful for preventing later matching network files from
225 interfering with certain interfaces that are fully controlled by
226 other applications.
227 Group=
229 Link groups are similar to port ranges found in managed switches.
230 When network interfaces are added to a numbered group, operations
231 on all the interfaces from that group can be performed at once. An
232 unsigned integer in the range 0...4294967294. Defaults to unset.
233 RequiredForOnline=
235 Takes a boolean or a minimum operational state and an optional
236 maximum operational state. Please see networkctl(1) for possible
237 operational states. When "yes", the network is deemed required when
238 determining whether the system is online when running
239 systemd-networkd-wait-online. When "no", the network is ignored
240 when checking for online state. When a minimum operational state
241 and an optional maximum operational state are set, "yes" is
242 implied, and this controls the minimum and maximum operational
243 state required for the network interface to be considered online.
244 Defaults to "yes".
245 The network will be brought up normally in all cases, but in the
247 event that there is no address being assigned by DHCP or the cable
248 is not plugged in, the link will simply remain offline and be
249 skipped automatically by systemd-networkd-wait-online if
250 "RequiredForOnline=no".
251 ActivationPolicy=
253 Specifies the policy for systemd-networkd managing the link
254 administrative state. Specifically, this controls how
255 systemd-networkd changes the network device's "IFF_UP" flag, which
256 is sometimes controlled by system administrators by running e.g.,
257 ip set dev eth0 up or ip set dev eth0 down, and can also be changed
258 with networkctl up eth0 or networkctl down eth0.
259 Takes one of "up", "always-up", "manual", "always-down", "down", or
261 "bound". When "manual", systemd-networkd will not change the link's
262 admin state automatically; the system administrator must bring the
263 interface up or down manually, as desired. When "up" (the default)
264 or "always-up", or "down" or "always-down", systemd-networkd will
265 set the link up or down, respectively, when the interface is
266 (re)configured. When "always-up" or "always-down", systemd-networkd
267 will set the link up or down, respectively, any time
268 systemd-networkd detects a change in the administrative state. When
269 BindCarrier= is also set, this is automatically set to "bound" and
270 any other value is ignored.
271 The administrative state is not the same as the carrier state, so
273 using "always-up" does not mean the link will never lose carrier.
274 The link carrier depends on both the administrative state as well
275 as the network device's physical connection. However, to avoid
276 reconfiguration failures, when using "always-up",
277 IgnoreCarrierLoss= is forced to true.
278
280 The [SR-IOV] section accepts the following keys. Specify several
281 [SR-IOV] sections to configure several SR-IOVs. SR-IOV provides the
282 ability to partition a single physical PCI resource into virtual PCI
283 functions which can then be injected into a VM. In the case of network
284 VFs, SR-IOV improves north-south network performance (that is, traffic
285 with endpoints outside the host machine) by allowing traffic to bypass
286 the host machine’s network stack.
287 VirtualFunction=
289 Specifies a Virtual Function (VF), lightweight PCIe function
290 designed solely to move data in and out. Takes an unsigned integer
291 in the range 0...2147483646. This option is compulsory.
292 VLANId=
294 Specifies VLAN ID of the virtual function. Takes an unsigned
295 integer in the range 1...4095.
296 QualityOfService=
298 Specifies quality of service of the virtual function. Takes an
299 unsigned integer in the range 1...4294967294.
300 VLANProtocol=
302 Specifies VLAN protocol of the virtual function. Takes "802.1Q" or
303 "802.1ad".
304 MACSpoofCheck=
306 Takes a boolean. Controls the MAC spoof checking. When unset, the
307 kernel's default will be used.
308 QueryReceiveSideScaling=
310 Takes a boolean. Toggle the ability of querying the receive side
311 scaling (RSS) configuration of the virtual function (VF). The VF
312 RSS information like RSS hash key may be considered sensitive on
313 some devices where this information is shared between VF and the
314 physical function (PF). When unset, the kernel's default will be
315 used.
316 Trust=
318 Takes a boolean. Allows to set trust mode of the virtual function
319 (VF). When set, VF users can set a specific feature which may
320 impact security and/or performance. When unset, the kernel's
321 default will be used.
322 LinkState=
324 Allows to set the link state of the virtual function (VF). Takes a
325 boolean or a special value "auto". Setting to "auto" means a
326 reflection of the physical function (PF) link state, "yes" lets the
327 VF to communicate with other VFs on this host even if the PF link
328 state is down, "no" causes the hardware to drop any packets sent by
329 the VF. When unset, the kernel's default will be used.
330 MACAddress=
332 Specifies the MAC address for the virtual function.
333
335 The [Network] section accepts the following keys:
336 Description=
338 A description of the device. This is only used for presentation
339 purposes.
340 DHCP=
342 Enables DHCPv4 and/or DHCPv6 client support. Accepts "yes", "no",
343 "ipv4", or "ipv6". Defaults to "no".
344 Note that DHCPv6 will by default be triggered by Router
346 Advertisement, if that is enabled, regardless of this parameter. By
347 enabling DHCPv6 support explicitly, the DHCPv6 client will be
348 started regardless of the presence of routers on the link, or what
349 flags the routers pass. See "IPv6AcceptRA=".
350 Furthermore, note that by default the domain name specified through
352 DHCP is not used for name resolution. See option UseDomains= below.
353 See the [DHCPv4] or [DHCPv6] sections below for further
355 configuration options for the DHCP client support.
356 DHCPServer=
358 Takes a boolean. If set to "yes", DHCPv4 server will be started.
359 Defaults to "no". Further settings for the DHCP server may be set
360 in the [DHCPServer] section described below.
361 LinkLocalAddressing=
363 Enables link-local address autoconfiguration. Accepts yes, no,
364 ipv4, and ipv6. An IPv6 link-local address is configured when yes
365 or ipv6. An IPv4 link-local address is configured when yes or ipv4
366 and when DHCPv4 autoconfiguration has been unsuccessful for some
367 time. (IPv4 link-local address autoconfiguration will usually
368 happen in parallel with repeated attempts to acquire a DHCPv4
369 lease).
370 Defaults to no when Bridge=yes is set, and ipv6 otherwise.
372 IPv6LinkLocalAddressGenerationMode=
374 Specifies how IPv6 link local address is generated. Takes one of
375 "eui64", "none", "stable-privacy" and "random". When unset, the
376 kernel's default will be used. Note that if LinkLocalAdressing= not
377 configured as "ipv6" then IPv6LinkLocalAddressGenerationMode= is
378 ignored.
379 IPv4LLRoute=
381 Takes a boolean. If set to true, sets up the route needed for
382 non-IPv4LL hosts to communicate with IPv4LL-only hosts. Defaults to
383 false.
384 DefaultRouteOnDevice=
386 Takes a boolean. If set to true, sets up the default route bound to
387 the interface. Defaults to false. This is useful when creating
388 routes on point-to-point interfaces. This is equivalent to e.g. the
389 following.
390 ip route add default dev veth99
392 IPv6Token=
394 Specifies an optional address generation mode for the Stateless
395 Address Autoconfiguration (SLAAC). Supported modes are
396 "prefixstable" and "static".
397 When the mode is set to "static", an IPv6 address must be specified
399 after a colon (":"), and the lower bits of the supplied address are
400 combined with the upper bits of a prefix received in a Router
401 Advertisement (RA) message to form a complete address. Note that if
402 multiple prefixes are received in an RA message, or in multiple RA
403 messages, addresses will be formed from each of them using the
404 supplied address. This mode implements SLAAC but uses a static
405 interface identifier instead of an identifier generated by using
406 the EUI-64 algorithm. Because the interface identifier is static,
407 if Duplicate Address Detection detects that the computed address is
408 a duplicate (in use by another node on the link), then this mode
409 will fail to provide an address for that prefix. If an IPv6 address
410 without mode is specified, then "static" mode is assumed.
411 When the mode is set to "prefixstable" the RFC 7217[1] algorithm
413 for generating interface identifiers will be used. This mode can
414 optionally take an IPv6 address separated with a colon (":"). If an
415 IPv6 address is specified, then an interface identifier is
416 generated only when a prefix received in an RA message matches the
417 supplied address.
418 If no address generation mode is specified (which is the default),
420 or a received prefix does not match any of the addresses provided
421 in "prefixstable" mode, then the EUI-64 algorithm will be used to
422 form an interface identifier for that prefix. This mode is also
423 SLAAC, but with a potentially stable interface identifier which
424 does not directly map to the interface's hardware address.
425 Note that the "prefixstable" algorithm uses both the interface name
427 and MAC address as input to the hash to compute the interface
428 identifier, so if either of those are changed the resulting
429 interface identifier (and address) will change, even if the prefix
430 received in the RA message has not changed.
431 This setting can be specified multiple times. If an empty string is
433 assigned, then the all previous assignments are cleared.
434 Examples:
436 IPv6Token=::1a:2b:3c:4d
438 IPv6Token=static:::1a:2b:3c:4d
439 IPv6Token=prefixstable
440 IPv6Token=prefixstable:2002:da8:1::
441 LLMNR=
443 Takes a boolean or "resolve". When true, enables Link-Local
444 Multicast Name Resolution[2] on the link. When set to "resolve",
445 only resolution is enabled, but not host registration and
446 announcement. Defaults to true. This setting is read by systemd-
447 resolved.service(8).
448 MulticastDNS=
450 Takes a boolean or "resolve". When true, enables Multicast DNS[3]
451 support on the link. When set to "resolve", only resolution is
452 enabled, but not host or service registration and announcement.
453 Defaults to false. This setting is read by systemd-
454 resolved.service(8).
455 DNSOverTLS=
457 Takes a boolean or "opportunistic". When true, enables
458 DNS-over-TLS[4] support on the link. When set to "opportunistic",
459 compatibility with non-DNS-over-TLS servers is increased, by
460 automatically turning off DNS-over-TLS servers in this case. This
461 option defines a per-interface setting for resolved.conf(5)'s
462 global DNSOverTLS= option. Defaults to false. This setting is read
463 by systemd-resolved.service(8).
464 DNSSEC=
466 Takes a boolean or "allow-downgrade". When true, enables DNSSEC[5]
467 DNS validation support on the link. When set to "allow-downgrade",
468 compatibility with non-DNSSEC capable networks is increased, by
469 automatically turning off DNSSEC in this case. This option defines
470 a per-interface setting for resolved.conf(5)'s global DNSSEC=
471 option. Defaults to false. This setting is read by systemd-
472 resolved.service(8).
473 DNSSECNegativeTrustAnchors=
475 A space-separated list of DNSSEC negative trust anchor domains. If
476 specified and DNSSEC is enabled, look-ups done via the interface's
477 DNS server will be subject to the list of negative trust anchors,
478 and not require authentication for the specified domains, or
479 anything below it. Use this to disable DNSSEC authentication for
480 specific private domains, that cannot be proven valid using the
481 Internet DNS hierarchy. Defaults to the empty list. This setting is
482 read by systemd-resolved.service(8).
483 LLDP=
485 Controls support for Ethernet LLDP packet reception. LLDP is a
486 link-layer protocol commonly implemented on professional routers
487 and bridges which announces which physical port a system is
488 connected to, as well as other related data. Accepts a boolean or
489 the special value "routers-only". When true, incoming LLDP packets
490 are accepted and a database of all LLDP neighbors maintained. If
491 "routers-only" is set only LLDP data of various types of routers is
492 collected and LLDP data about other types of devices ignored (such
493 as stations, telephones and others). If false, LLDP reception is
494 disabled. Defaults to "routers-only". Use networkctl(1) to query
495 the collected neighbor data. LLDP is only available on Ethernet
496 links. See EmitLLDP= below for enabling LLDP packet emission from
497 the local system.
498 EmitLLDP=
500 Controls support for Ethernet LLDP packet emission. Accepts a
501 boolean parameter or the special values "nearest-bridge",
502 "non-tpmr-bridge" and "customer-bridge". Defaults to false, which
503 turns off LLDP packet emission. If not false, a short LLDP packet
504 with information about the local system is sent out in regular
505 intervals on the link. The LLDP packet will contain information
506 about the local hostname, the local machine ID (as stored in
507 machine-id(5)) and the local interface name, as well as the pretty
508 hostname of the system (as set in machine-info(5)). LLDP emission
509 is only available on Ethernet links. Note that this setting passes
510 data suitable for identification of host to the network and should
511 thus not be enabled on untrusted networks, where such
512 identification data should not be made available. Use this option
513 to permit other systems to identify on which interfaces they are
514 connected to this system. The three special values control
515 propagation of the LLDP packets. The "nearest-bridge" setting
516 permits propagation only to the nearest connected bridge,
517 "non-tpmr-bridge" permits propagation across Two-Port MAC Relays,
518 but not any other bridges, and "customer-bridge" permits
519 propagation until a customer bridge is reached. For details about
520 these concepts, see IEEE 802.1AB-2016[6]. Note that configuring
521 this setting to true is equivalent to "nearest-bridge", the
522 recommended and most restricted level of propagation. See LLDP=
523 above for an option to enable LLDP reception.
524 BindCarrier=
526 A link name or a list of link names. When set, controls the
527 behavior of the current link. When all links in the list are in an
528 operational down state, the current link is brought down. When at
529 least one link has carrier, the current interface is brought up.
530 This forces ActivationPolicy= to be set to "bound".
532 Address=
534 A static IPv4 or IPv6 address and its prefix length, separated by a
535 "/" character. Specify this key more than once to configure several
536 addresses. The format of the address must be as described in
537 inet_pton(3). This is a short-hand for an [Address] section only
538 containing an Address key (see below). This option may be specified
539 more than once.
540 If the specified address is "0.0.0.0" (for IPv4) or "::" (for
542 IPv6), a new address range of the requested size is automatically
543 allocated from a system-wide pool of unused ranges. Note that the
544 prefix length must be equal or larger than 8 for IPv4, and 64 for
545 IPv6. The allocated range is checked against all current network
546 interfaces and all known network configuration files to avoid
547 address range conflicts. The default system-wide pool consists of
548 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 for IPv4, and fd00::/8
549 for IPv6. This functionality is useful to manage a large number of
550 dynamically created network interfaces with the same network
551 configuration and automatic address range assignment.
552 Gateway=
554 The gateway address, which must be in the format described in
555 inet_pton(3). This is a short-hand for a [Route] section only
556 containing a Gateway key. This option may be specified more than
557 once.
558 DNS=
560 A DNS server address, which must be in the format described in
561 inet_pton(3). This option may be specified more than once. Each
562 address can optionally take a port number separated with ":", a
563 network interface name or index separated with "%", and a Server
564 Name Indication (SNI) separated with "#". When IPv6 address is
565 specified with a port number, then the address must be in the
566 square brackets. That is, the acceptable full formats are
567 "111.222.333.444:9953%ifname#example.com" for IPv4 and
568 "[1111:2222::3333]:9953%ifname#example.com" for IPv6. If an empty
569 string is assigned, then the all previous assignments are cleared.
570 This setting is read by systemd-resolved.service(8).
571 Domains=
573 A whitespace-separated list of domains which should be resolved
574 using the DNS servers on this link. Each item in the list should be
575 a domain name, optionally prefixed with a tilde ("~"). The domains
576 with the prefix are called "routing-only domains". The domains
577 without the prefix are called "search domains" and are first used
578 as search suffixes for extending single-label hostnames (hostnames
579 containing no dots) to become fully qualified domain names (FQDNs).
580 If a single-label hostname is resolved on this interface, each of
581 the specified search domains are appended to it in turn, converting
582 it into a fully qualified domain name, until one of them may be
583 successfully resolved.
584 Both "search" and "routing-only" domains are used for routing of
586 DNS queries: look-ups for hostnames ending in those domains (hence
587 also single label names, if any "search domains" are listed), are
588 routed to the DNS servers configured for this interface. The domain
589 routing logic is particularly useful on multi-homed hosts with DNS
590 servers serving particular private DNS zones on each interface.
591 The "routing-only" domain "~." (the tilde indicating definition of
593 a routing domain, the dot referring to the DNS root domain which is
594 the implied suffix of all valid DNS names) has special effect. It
595 causes all DNS traffic which does not match another configured
596 domain routing entry to be routed to DNS servers specified for this
597 interface. This setting is useful to prefer a certain set of DNS
598 servers if a link on which they are connected is available.
599 This setting is read by systemd-resolved.service(8). "Search
601 domains" correspond to the domain and search entries in
602 resolv.conf(5). Domain name routing has no equivalent in the
603 traditional glibc API, which has no concept of domain name servers
604 limited to a specific link.
605 DNSDefaultRoute=
607 Takes a boolean argument. If true, this link's configured DNS
608 servers are used for resolving domain names that do not match any
609 link's configured Domains= setting. If false, this link's
610 configured DNS servers are never used for such domains, and are
611 exclusively used for resolving names that match at least one of the
612 domains configured on this link. If not specified defaults to an
613 automatic mode: queries not matching any link's configured domains
614 will be routed to this link if it has no routing-only domains
615 configured.
616 NTP=
618 An NTP server address (either an IP address, or a hostname). This
619 option may be specified more than once. This setting is read by
620 systemd-timesyncd.service(8).
621 IPForward=
623 Configures IP packet forwarding for the system. If enabled,
624 incoming packets on any network interface will be forwarded to any
625 other interfaces according to the routing table. Takes a boolean,
626 or the values "ipv4" or "ipv6", which only enable IP packet
627 forwarding for the specified address family. This controls the
628 net.ipv4.ip_forward and net.ipv6.conf.all.forwarding sysctl options
629 of the network interface (see ip-sysctl.txt[7] for details about
630 sysctl options). Defaults to "no".
631 Note: this setting controls a global kernel option, and does so one
633 way only: if a network that has this setting enabled is set up the
634 global setting is turned on. However, it is never turned off again,
635 even after all networks with this setting enabled are shut down
636 again.
637 To allow IP packet forwarding only between specific network
639 interfaces use a firewall.
640 IPMasquerade=
642 Configures IP masquerading for the network interface. If enabled,
643 packets forwarded from the network interface will be appear as
644 coming from the local host. Takes one of "ipv4", "ipv6", "both", or
645 "no". Defaults to "no". If enabled, this automatically sets
646 IPForward= to one of "ipv4", "ipv6" or "yes".
647 Note. Any positive boolean values such as "yes" or "true" are now
649 deprecated. Please use one of the values in the above.
650 IPv6PrivacyExtensions=
652 Configures use of stateless temporary addresses that change over
653 time (see RFC 4941[8], Privacy Extensions for Stateless Address
654 Autoconfiguration in IPv6). Takes a boolean or the special values
655 "prefer-public" and "kernel". When true, enables the privacy
656 extensions and prefers temporary addresses over public addresses.
657 When "prefer-public", enables the privacy extensions, but prefers
658 public addresses over temporary addresses. When false, the privacy
659 extensions remain disabled. When "kernel", the kernel's default
660 setting will be left in place. Defaults to "no".
661 IPv6AcceptRA=
663 Takes a boolean. Controls IPv6 Router Advertisement (RA) reception
664 support for the interface. If true, RAs are accepted; if false, RAs
665 are ignored. When RAs are accepted, they may trigger the start of
666 the DHCPv6 client if the relevant flags are set in the RA data, or
667 if no routers are found on the link. The default is to disable RA
668 reception for bridge devices or when IP forwarding is enabled, and
669 to enable it otherwise. Cannot be enabled on bond devices and when
670 link local addressing is disabled.
671 Further settings for the IPv6 RA support may be configured in the
673 [IPv6AcceptRA] section, see below.
674 Also see ip-sysctl.txt[7] in the kernel documentation regarding
676 "accept_ra", but note that systemd's setting of 1 (i.e. true)
677 corresponds to kernel's setting of 2.
678 Note that kernel's implementation of the IPv6 RA protocol is always
680 disabled, regardless of this setting. If this option is enabled, a
681 userspace implementation of the IPv6 RA protocol is used, and the
682 kernel's own implementation remains disabled, since
683 systemd-networkd needs to know all details supplied in the
684 advertisements, and these are not available from the kernel if the
685 kernel's own implementation is used.
686 IPv6DuplicateAddressDetection=
688 Configures the amount of IPv6 Duplicate Address Detection (DAD)
689 probes to send. When unset, the kernel's default will be used.
690 IPv6HopLimit=
692 Configures IPv6 Hop Limit. For each router that forwards the
693 packet, the hop limit is decremented by 1. When the hop limit field
694 reaches zero, the packet is discarded. When unset, the kernel's
695 default will be used.
696 IPv4AcceptLocal=
698 Takes a boolean. Accept packets with local source addresses. In
699 combination with suitable routing, this can be used to direct
700 packets between two local interfaces over the wire and have them
701 accepted properly. When unset, the kernel's default will be used.
702 IPv4RouteLocalnet=
704 Takes a boolean. When true, the kernel does not consider loopback
705 addresses as martian source or destination while routing. This
706 enables the use of 127.0.0.0/8 for local routing purposes. When
707 unset, the kernel's default will be used.
708 IPv4ProxyARP=
710 Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the
711 technique in which one host, usually a router, answers ARP requests
712 intended for another machine. By "faking" its identity, the router
713 accepts responsibility for routing packets to the "real"
714 destination. See RFC 1027[9]. When unset, the kernel's default will
715 be used.
716 IPv6ProxyNDP=
718 Takes a boolean. Configures proxy NDP for IPv6. Proxy NDP (Neighbor
719 Discovery Protocol) is a technique for IPv6 to allow routing of
720 addresses to a different destination when peers expect them to be
721 present on a certain physical link. In this case a router answers
722 Neighbour Advertisement messages intended for another machine by
723 offering its own MAC address as destination. Unlike proxy ARP for
724 IPv4, it is not enabled globally, but will only send Neighbour
725 Advertisement messages for addresses in the IPv6 neighbor proxy
726 table, which can also be shown by ip -6 neighbour show proxy.
727 systemd-networkd will control the per-interface `proxy_ndp` switch
728 for each configured interface depending on this option. When unset,
729 the kernel's default will be used.
730 IPv6ProxyNDPAddress=
732 An IPv6 address, for which Neighbour Advertisement messages will be
733 proxied. This option may be specified more than once.
734 systemd-networkd will add the IPv6ProxyNDPAddress= entries to the
735 kernel's IPv6 neighbor proxy table. This option implies
736 IPv6ProxyNDP=yes but has no effect if IPv6ProxyNDP has been set to
737 false. When unset, the kernel's default will be used.
738 IPv6SendRA=
740 Whether to enable or disable Router Advertisement sending on a
741 link. Takes a boolean value. When enabled, prefixes configured in
742 [IPv6Prefix] sections and routes configured in [IPv6RoutePrefix]
743 sections are distributed as defined in the [IPv6SendRA] section. If
744 DHCPv6PrefixDelegation= is enabled, then the delegated prefixes are
745 also distributed. See DHCPv6PrefixDelegation= setting and the
746 [IPv6SendRA], [IPv6Prefix], [IPv6RoutePrefix], and
747 [DHCPv6PrefixDelegation] sections for more configuration options.
748 DHCPv6PrefixDelegation=
750 Takes a boolean value. When enabled, requests prefixes using a
751 DHCPv6 client configured on another link. By default, an address
752 within each delegated prefix will be assigned, and the prefixes
753 will be announced through IPv6 Router Advertisement when
754 IPv6SendRA= is enabled. Such default settings can be configured in
755 [DHCPv6PrefixDelegation] section. Defaults to disabled.
756 IPv6MTUBytes=
758 Configures IPv6 maximum transmission unit (MTU). An integer greater
759 than or equal to 1280 bytes. When unset, the kernel's default will
760 be used.
761 Bridge=
763 The name of the bridge to add the link to. See systemd.netdev(5).
764 Bond=
766 The name of the bond to add the link to. See systemd.netdev(5).
767 VRF=
769 The name of the VRF to add the link to. See systemd.netdev(5).
770 VLAN=
772 The name of a VLAN to create on the link. See systemd.netdev(5).
773 This option may be specified more than once.
774 IPVLAN=
776 The name of a IPVLAN to create on the link. See systemd.netdev(5).
777 This option may be specified more than once.
778 MACVLAN=
780 The name of a MACVLAN to create on the link. See systemd.netdev(5).
781 This option may be specified more than once.
782 VXLAN=
784 The name of a VXLAN to create on the link. See systemd.netdev(5).
785 This option may be specified more than once.
786 Tunnel=
788 The name of a Tunnel to create on the link. See systemd.netdev(5).
789 This option may be specified more than once.
790 MACsec=
792 The name of a MACsec device to create on the link. See
793 systemd.netdev(5). This option may be specified more than once.
794 ActiveSlave=
796 Takes a boolean. Specifies the new active slave. The "ActiveSlave="
797 option is only valid for following modes: "active-backup",
798 "balance-alb" and "balance-tlb". Defaults to false.
799 PrimarySlave=
801 Takes a boolean. Specifies which slave is the primary device. The
802 specified device will always be the active slave while it is
803 available. Only when the primary is off-line will alternate devices
804 be used. This is useful when one slave is preferred over another,
805 e.g. when one slave has higher throughput than another. The
806 "PrimarySlave=" option is only valid for following modes:
807 "active-backup", "balance-alb" and "balance-tlb". Defaults to
808 false.
809 ConfigureWithoutCarrier=
811 Takes a boolean. Allows networkd to configure a specific link even
812 if it has no carrier. Defaults to false. If IgnoreCarrierLoss= is
813 not explicitly set, it will default to this value.
814 IgnoreCarrierLoss=
816 Takes a boolean. Allows networkd to retain both the static and
817 dynamic configuration of the interface even if its carrier is lost.
818 When unset, the value specified with ConfigureWithoutCarrier= is
819 used.
820 When ActivationPolicy= is set to "always-up", this is forced to
822 "true".
823 Xfrm=
825 The name of the xfrm to create on the link. See systemd.netdev(5).
826 This option may be specified more than once.
827 KeepConfiguration=
829 Takes a boolean or one of "static", "dhcp-on-stop", "dhcp". When
830 "static", systemd-networkd will not drop static addresses and
831 routes on starting up process. When set to "dhcp-on-stop",
832 systemd-networkd will not drop addresses and routes on stopping the
833 daemon. When "dhcp", the addresses and routes provided by a DHCP
834 server will never be dropped even if the DHCP lease expires. This
835 is contrary to the DHCP specification, but may be the best choice
836 if, e.g., the root filesystem relies on this connection. The
837 setting "dhcp" implies "dhcp-on-stop", and "yes" implies "dhcp" and
838 "static". Defaults to "no".
839 BatmanAdvanced=
841 The name of the B.A.T.M.A.N. Advanced interface to add the link to.
842 See systemd.netdev(5).
843
845 An [Address] section accepts the following keys. Specify several
846 [Address] sections to configure several addresses.
847 Address=
849 As in the [Network] section. This key is mandatory. Each [Address]
850 section can contain one Address= setting.
851 Peer=
853 The peer address in a point-to-point connection. Accepts the same
854 format as the Address= key.
855 Broadcast=
857 Takes an IPv4 address or boolean value. The address must be in the
858 format described in inet_pton(3). If set to true, then the IPv4
859 broadcast address will be derived from the Address= setting. If set
860 to false, then the broadcast address will not be set. Defaults to
861 true, except for wireguard interfaces, where it default to false.
862 Label=
864 An address label.
865 PreferredLifetime=
867 Allows the default "preferred lifetime" of the address to be
868 overridden. Only three settings are accepted: "forever",
869 "infinity", which is the default and means that the address never
870 expires, and "0", which means that the address is considered
871 immediately "expired" and will not be used, unless explicitly
872 requested. A setting of PreferredLifetime=0 is useful for addresses
873 which are added to be used only by a specific application, which is
874 then configured to use them explicitly.
875 Scope=
877 The scope of the address, which can be "global" (valid everywhere
878 on the network, even through a gateway), "link" (only valid on this
879 device, will not traverse a gateway) or "host" (only valid within
880 the device itself, e.g. 127.0.0.1) or an unsigned integer in the
881 range 0...255. Defaults to "global".
882 HomeAddress=
884 Takes a boolean. Designates this address the "home address" as
885 defined in RFC 6275[10]. Supported only on IPv6. Defaults to false.
886 DuplicateAddressDetection=
888 Takes one of "ipv4", "ipv6", "both", "none". When "ipv4", performs
889 IPv4 Duplicate Address Detection. See RFC 5224[11]. When "ipv6",
890 performs IPv6 Duplicate Address Detection. See RFC 4862[12].
891 Defaults to "ipv6".
892 ManageTemporaryAddress=
894 Takes a boolean. If true the kernel manage temporary addresses
895 created from this one as template on behalf of Privacy Extensions
896 RFC 3041[13]. For this to become active, the use_tempaddr sysctl
897 setting has to be set to a value greater than zero. The given
898 address needs to have a prefix length of 64. This flag allows using
899 privacy extensions in a manually configured network, just like if
900 stateless auto-configuration was active. Defaults to false.
901 AddPrefixRoute=
903 Takes a boolean. When true, the prefix route for the address is
904 automatically added. Defaults to true.
905 AutoJoin=
907 Takes a boolean. Joining multicast group on ethernet level via ip
908 maddr command would not work if we have an Ethernet switch that
909 does IGMP snooping since the switch would not replicate multicast
910 packets on ports that did not have IGMP reports for the multicast
911 addresses. Linux vxlan interfaces created via ip link add vxlan or
912 networkd's netdev kind vxlan have the group option that enables
913 then to do the required join. By extending ip address command with
914 option "autojoin" we can get similar functionality for openvswitch
915 (OVS) vxlan interfaces as well as other tunneling mechanisms that
916 need to receive multicast traffic. Defaults to "no".
917
919 A [Neighbor] section accepts the following keys. The neighbor section
920 adds a permanent, static entry to the neighbor table (IPv6) or ARP
921 table (IPv4) for the given hardware address on the links matched for
922 the network. Specify several [Neighbor] sections to configure several
923 static neighbors.
924 Address=
926 The IP address of the neighbor.
927 LinkLayerAddress=
929 The link layer address (MAC address or IP address) of the neighbor.
930
932 An [IPv6AddressLabel] section accepts the following keys. Specify
933 several [IPv6AddressLabel] sections to configure several address
934 labels. IPv6 address labels are used for address selection. See RFC
935 3484[14]. Precedence is managed by userspace, and only the label itself
936 is stored in the kernel.
937 Label=
939 The label for the prefix, an unsigned integer in the range
940 0–4294967294. 0xffffffff is reserved. This setting is mandatory.
941 Prefix=
943 IPv6 prefix is an address with a prefix length, separated by a
944 slash "/" character. This key is mandatory.
945
947 An [RoutingPolicyRule] section accepts the following keys. Specify
948 several [RoutingPolicyRule] sections to configure several rules.
949 TypeOfService=
951 Takes a number between 0 and 255 that specifies the type of service
952 to match.
953 From=
955 Specifies the source address prefix to match. Possibly followed by
956 a slash and the prefix length.
957 To=
959 Specifies the destination address prefix to match. Possibly
960 followed by a slash and the prefix length.
961 FirewallMark=
963 Specifies the iptables firewall mark value to match (a number
964 between 1 and 4294967295). Optionally, the firewall mask (also a
965 number between 1 and 4294967295) can be suffixed with a slash
966 ("/"), e.g., "7/255".
967 Table=
969 Specifies the routing table identifier to lookup if the rule
970 selector matches. Takes one of predefined names "default", "main",
971 and "local", and names defined in RouteTable= in networkd.conf(5),
972 or a number between 1 and 4294967295. Defaults to "main".
973 Priority=
975 Specifies the priority of this rule. Priority= is an unsigned
976 integer. Higher number means lower priority, and rules get
977 processed in order of increasing number.
978 IncomingInterface=
980 Specifies incoming device to match. If the interface is loopback,
981 the rule only matches packets originating from this host.
982 OutgoingInterface=
984 Specifies the outgoing device to match. The outgoing interface is
985 only available for packets originating from local sockets that are
986 bound to a device.
987 SourcePort=
989 Specifies the source IP port or IP port range match in forwarding
990 information base (FIB) rules. A port range is specified by the
991 lower and upper port separated by a dash. Defaults to unset.
992 DestinationPort=
994 Specifies the destination IP port or IP port range match in
995 forwarding information base (FIB) rules. A port range is specified
996 by the lower and upper port separated by a dash. Defaults to unset.
997 IPProtocol=
999 Specifies the IP protocol to match in forwarding information base
1000 (FIB) rules. Takes IP protocol name such as "tcp", "udp" or "sctp",
1001 or IP protocol number such as "6" for "tcp" or "17" for "udp".
1002 Defaults to unset.
1003 InvertRule=
1005 A boolean. Specifies whether the rule is to be inverted. Defaults
1006 to false.
1007 Family=
1009 Takes a special value "ipv4", "ipv6", or "both". By default, the
1010 address family is determined by the address specified in To= or
1011 From=. If neither To= nor From= are specified, then defaults to
1012 "ipv4".
1013 User=
1015 Takes a username, a user ID, or a range of user IDs separated by a
1016 dash. Defaults to unset.
1017 SuppressPrefixLength=
1019 Takes a number N in the range 0...128 and rejects routing decisions
1020 that have a prefix length of N or less. Defaults to unset.
1021 Type=
1023 Specifies Routing Policy Database (RPDB) rule type. Takes one of
1024 "blackhole", "unreachable" or "prohibit".
1025
1027 The [NextHop] section is used to manipulate entries in the kernel's
1028 "nexthop" tables. The [NextHop] section accepts the following keys.
1029 Specify several [NextHop] sections to configure several hops.
1030 Id=
1032 The id of the next hop. Takes an unsigned integer in the range
1033 1...4294967295. If left unspecified, then automatically chosen by
1034 kernel.
1035 Gateway=
1037 As in the [Network] section.
1038 Family=
1040 Takes one of the special values "ipv4" or "ipv6". By default, the
1041 family is determined by the address specified in Gateway=. If
1042 Gateway= is not specified, then defaults to "ipv4".
1043 OnLink=
1045 Takes a boolean. If set to true, the kernel does not have to check
1046 if the gateway is reachable directly by the current machine (i.e.,
1047 attached to the local network), so that we can insert the nexthop
1048 in the kernel table without it being complained about. Defaults to
1049 "no".
1050 Blackhole=
1052 Takes a boolean. If enabled, packets to the corresponding routes
1053 are discarded silently, and Gateway= cannot be specified. Defaults
1054 to "no".
1055
1057 The [Route] section accepts the following keys. Specify several [Route]
1058 sections to configure several routes.
1059 Gateway=
1061 Takes the gateway address or the special values "_dhcp4" and
1062 "_ipv6ra". If "_dhcp4" or "_ipv6ra" is set, then the gateway
1063 address provided by DHCPv4 or IPv6 RA is used.
1064 GatewayOnLink=
1066 Takes a boolean. If set to true, the kernel does not have to check
1067 if the gateway is reachable directly by the current machine (i.e.,
1068 attached to the local network), so that we can insert the route in
1069 the kernel table without it being complained about. Defaults to
1070 "no".
1071 Destination=
1073 The destination prefix of the route. Possibly followed by a slash
1074 and the prefix length. If omitted, a full-length host route is
1075 assumed.
1076 Source=
1078 The source prefix of the route. Possibly followed by a slash and
1079 the prefix length. If omitted, a full-length host route is assumed.
1080 Metric=
1082 The metric of the route (an unsigned integer).
1083 IPv6Preference=
1085 Specifies the route preference as defined in RFC 4191[15] for
1086 Router Discovery messages. Which can be one of "low" the route has
1087 a lowest priority, "medium" the route has a default priority or
1088 "high" the route has a highest priority.
1089 Scope=
1091 The scope of the IPv4 route, which can be "global", "site", "link",
1092 "host", or "nowhere":
1093 • "global" means the route can reach hosts more than one hop
1095 away.
1096 • "site" means an interior route in the local autonomous system.
1098 • "link" means the route can only reach hosts on the local
1100 network (one hop away).
1101 • "host" means the route will not leave the local machine (used
1103 for internal addresses like 127.0.0.1).
1104 • "nowhere" means the destination doesn't exist.
1106 For IPv4 route, defaults to "host" if Type= is "local" or "nat",
1108 and "link" if Type= is "broadcast", "multicast", or "anycast". In
1109 other cases, defaults to "global". The value is not used for IPv6.
1110 PreferredSource=
1112 The preferred source address of the route. The address must be in
1113 the format described in inet_pton(3).
1114 Table=
1116 The table identifier for the route. Takes one of predefined names
1117 "default", "main", and "local", and names defined in RouteTable= in
1118 networkd.conf(5), or a number between 1 and 4294967295. The table
1119 can be retrieved using ip route show table num. If unset and Type=
1120 is "local", "broadcast", "anycast", or "nat", then "local" is used.
1121 In other cases, defaults to "main".
1122 Protocol=
1124 The protocol identifier for the route. Takes a number between 0 and
1125 255 or the special values "kernel", "boot", "static", "ra" and
1126 "dhcp". Defaults to "static".
1127 Type=
1129 Specifies the type for the route. Takes one of "unicast", "local",
1130 "broadcast", "anycast", "multicast", "blackhole", "unreachable",
1131 "prohibit", "throw", "nat", and "xresolve". If "unicast", a regular
1132 route is defined, i.e. a route indicating the path to take to a
1133 destination network address. If "blackhole", packets to the defined
1134 route are discarded silently. If "unreachable", packets to the
1135 defined route are discarded and the ICMP message "Host Unreachable"
1136 is generated. If "prohibit", packets to the defined route are
1137 discarded and the ICMP message "Communication Administratively
1138 Prohibited" is generated. If "throw", route lookup in the current
1139 routing table will fail and the route selection process will return
1140 to Routing Policy Database (RPDB). Defaults to "unicast".
1141 InitialCongestionWindow=
1143 The TCP initial congestion window is used during the start of a TCP
1144 connection. During the start of a TCP session, when a client
1145 requests a resource, the server's initial congestion window
1146 determines how many packets will be sent during the initial burst
1147 of data without waiting for acknowledgement. Takes a number between
1148 1 and 1023. Note that 100 is considered an extremely large value
1149 for this option. When unset, the kernel's default (typically 10)
1150 will be used.
1151 InitialAdvertisedReceiveWindow=
1153 The TCP initial advertised receive window is the amount of receive
1154 data (in bytes) that can initially be buffered at one time on a
1155 connection. The sending host can send only that amount of data
1156 before waiting for an acknowledgment and window update from the
1157 receiving host. Takes a number between 1 and 1023. Note that 100 is
1158 considered an extremely large value for this option. When unset,
1159 the kernel's default will be used.
1160 QuickAck=
1162 Takes a boolean. When true enables TCP quick ack mode for the
1163 route. When unset, the kernel's default will be used.
1164 FastOpenNoCookie=
1166 Takes a boolean. When true enables TCP fastopen without a cookie on
1167 a per-route basis. When unset, the kernel's default will be used.
1168 TTLPropagate=
1170 Takes a boolean. When true enables TTL propagation at Label
1171 Switched Path (LSP) egress. When unset, the kernel's default will
1172 be used.
1173 MTUBytes=
1175 The maximum transmission unit in bytes to set for the route. The
1176 usual suffixes K, M, G, are supported and are understood to the
1177 base of 1024.
1178 Note that if IPv6 is enabled on the interface, and the MTU is
1180 chosen below 1280 (the minimum MTU for IPv6) it will automatically
1181 be increased to this value.
1182 IPServiceType=
1184 Takes string; "CS6" or "CS4". Used to set IP service type to CS6
1185 (network control) or CS4 (Realtime). Defaults to CS6.
1186 TCPAdvertisedMaximumSegmentSize=
1188 Specifies the Path MSS (in bytes) hints given on TCP layer. The
1189 usual suffixes K, M, G, are supported and are understood to the
1190 base of 1024. An unsigned integer in the range 1–4294967294. When
1191 unset, the kernel's default will be used.
1192 MultiPathRoute=address[@name] [weight]
1194 Configures multipath route. Multipath routing is the technique of
1195 using multiple alternative paths through a network. Takes gateway
1196 address. Optionally, takes a network interface name or index
1197 separated with "@", and a weight in 1..256 for this multipath route
1198 separated with whitespace. This setting can be specified multiple
1199 times. If an empty string is assigned, then the all previous
1200 assignments are cleared.
1201 NextHop=
1203 Specifies the nexthop id. Takes an unsigned integer in the range
1204 1...4294967295. If set, the corresponding [NextHop] section must be
1205 configured. Defaults to unset.
1206
1208 The [DHCPv4] section configures the DHCPv4 client, if it is enabled
1209 with the DHCP= setting described above:
1210 UseDNS=
1212 When true (the default), the DNS servers received from the DHCP
1213 server will be used.
1214 This corresponds to the nameserver option in resolv.conf(5).
1216 RoutesToDNS=
1218 When true, the routes to the DNS servers received from the DHCP
1219 server will be configured. When UseDNS= is disabled, this setting
1220 is ignored. Defaults to false.
1221 UseNTP=
1223 When true (the default), the NTP servers received from the DHCP
1224 server will be used by systemd-timesyncd.service.
1225 UseSIP=
1227 When true (the default), the SIP servers received from the DHCP
1228 server will be collected and made available to client programs.
1229 UseMTU=
1231 When true, the interface maximum transmission unit from the DHCP
1232 server will be used on the current link. If MTUBytes= is set, then
1233 this setting is ignored. Defaults to false.
1234 Anonymize=
1236 Takes a boolean. When true, the options sent to the DHCP server
1237 will follow the RFC 7844[16] (Anonymity Profiles for DHCP Clients)
1238 to minimize disclosure of identifying information. Defaults to
1239 false.
1240 This option should only be set to true when MACAddressPolicy= is
1242 set to "random" (see systemd.link(5)).
1243 Note that this configuration will overwrite others. In concrete,
1245 the following variables will be ignored: SendHostname=,
1246 ClientIdentifier=, UseRoutes=, UseMTU=, VendorClassIdentifier=,
1247 UseTimezone=.
1248 With this option enabled DHCP requests will mimic those generated
1250 by Microsoft Windows, in order to reduce the ability to fingerprint
1251 and recognize installations. This means DHCP request sizes will
1252 grow and lease data will be more comprehensive than normally,
1253 though most of the requested data is not actually used.
1254 SendHostname=
1256 When true (the default), the machine's hostname will be sent to the
1257 DHCP server. Note that the machine's hostname must consist only of
1258 7-bit ASCII lower-case characters and no spaces or dots, and be
1259 formatted as a valid DNS domain name. Otherwise, the hostname is
1260 not sent even if this is set to true.
1261 MUDURL=
1263 When configured, the specified Manufacturer Usage Description (MUD)
1264 URL will be sent to the DHCPv4 server. Takes a URL of length up to
1265 255 characters. A superficial verification that the string is a
1266 valid URL will be performed. DHCPv4 clients are intended to have at
1267 most one MUD URL associated with them. See RFC 8520[17].
1268 MUD is an embedded software standard defined by the IETF that
1270 allows IoT device makers to advertise device specifications,
1271 including the intended communication patterns for their device when
1272 it connects to the network. The network can then use this to author
1273 a context-specific access policy, so the device functions only
1274 within those parameters.
1275 UseHostname=
1277 When true (the default), the hostname received from the DHCP server
1278 will be set as the transient hostname of the system.
1279 Hostname=
1281 Use this value for the hostname which is sent to the DHCP server,
1282 instead of machine's hostname. Note that the specified hostname
1283 must consist only of 7-bit ASCII lower-case characters and no
1284 spaces or dots, and be formatted as a valid DNS domain name.
1285 UseDomains=
1287 Takes a boolean, or the special value "route". When true, the
1288 domain name received from the DHCP server will be used as DNS
1289 search domain over this link, similar to the effect of the Domains=
1290 setting. If set to "route", the domain name received from the DHCP
1291 server will be used for routing DNS queries only, but not for
1292 searching, similar to the effect of the Domains= setting when the
1293 argument is prefixed with "~". Defaults to false.
1294 It is recommended to enable this option only on trusted networks,
1296 as setting this affects resolution of all hostnames, in particular
1297 of single-label names. It is generally safer to use the supplied
1298 domain only as routing domain, rather than as search domain, in
1299 order to not have it affect local resolution of single-label names.
1300 When set to true, this setting corresponds to the domain option in
1302 resolv.conf(5).
1303 UseRoutes=
1305 When true (the default), the static routes will be requested from
1306 the DHCP server and added to the routing table with a metric of
1307 1024, and a scope of "global", "link" or "host", depending on the
1308 route's destination and gateway. If the destination is on the local
1309 host, e.g., 127.x.x.x, or the same as the link's own address, the
1310 scope will be set to "host". Otherwise if the gateway is null (a
1311 direct route), a "link" scope will be used. For anything else,
1312 scope defaults to "global".
1313 UseGateway=
1315 When true, the gateway will be requested from the DHCP server and
1316 added to the routing table with a metric of 1024, and a scope of
1317 "link". When unset, the value specified with UseRoutes= is used.
1318 UseTimezone=
1320 When true, the timezone received from the DHCP server will be set
1321 as timezone of the local system. Defaults to "no".
1322 ClientIdentifier=
1324 The DHCPv4 client identifier to use. Takes one of "mac", "duid" or
1325 "duid-only". If set to "mac", the MAC address of the link is used.
1326 If set to "duid", an RFC4361-compliant Client ID, which is the
1327 combination of IAID and DUID (see below), is used. If set to
1328 "duid-only", only DUID is used, this may not be RFC compliant, but
1329 some setups may require to use this. Defaults to "duid".
1330 VendorClassIdentifier=
1332 The vendor class identifier used to identify vendor type and
1333 configuration.
1334 UserClass=
1336 A DHCPv4 client can use UserClass option to identify the type or
1337 category of user or applications it represents. The information
1338 contained in this option is a string that represents the user class
1339 of which the client is a member. Each class sets an identifying
1340 string of information to be used by the DHCP service to classify
1341 clients. Takes a whitespace-separated list of strings.
1342 MaxAttempts=
1344 Specifies how many times the DHCPv4 client configuration should be
1345 attempted. Takes a number or "infinity". Defaults to "infinity".
1346 Note that the time between retries is increased exponentially, up
1347 to approximately one per minute, so the network will not be
1348 overloaded even if this number is high. The default is suitable in
1349 most circumstances.
1350 DUIDType=
1352 Override the global DUIDType setting for this network. See
1353 networkd.conf(5) for a description of possible values.
1354 DUIDRawData=
1356 Override the global DUIDRawData setting for this network. See
1357 networkd.conf(5) for a description of possible values.
1358 IAID=
1360 The DHCP Identity Association Identifier (IAID) for the interface,
1361 a 32-bit unsigned integer.
1362 RequestBroadcast=
1364 Request the server to use broadcast messages before the IP address
1365 has been configured. This is necessary for devices that cannot
1366 receive RAW packets, or that cannot receive packets at all before
1367 an IP address has been configured. On the other hand, this must not
1368 be enabled on networks where broadcasts are filtered out.
1369 RouteMetric=
1371 Set the routing metric for routes specified by the DHCP server.
1372 Defaults to 1024.
1373 RouteTable=num
1375 The table identifier for DHCP routes (a number between 1 and
1376 4294967295, or 0 to unset). The table can be retrieved using ip
1377 route show table num.
1378 When used in combination with VRF=, the VRF's routing table is used
1380 when this parameter is not specified.
1381 RouteMTUBytes=
1383 Specifies the MTU for the DHCP routes. Please see the [Route]
1384 section for further details.
1385 ListenPort=
1387 Allow setting custom port for the DHCP client to listen on.
1388 FallbackLeaseLifetimeSec=
1390 Allows to set DHCPv4 lease lifetime when DHCPv4 server does not
1391 send the lease lifetime. Takes one of "forever" or "infinity" means
1392 that the address never expires. Defaults to unset.
1393 SendRelease=
1395 When true, the DHCPv4 client sends a DHCP release packet when it
1396 stops. Defaults to true.
1397 SendDecline=
1399 A boolean. When "true", the DHCPv4 client receives the IP address
1400 from the DHCP server. After a new IP is received, the DHCPv4 client
1401 performs IPv4 Duplicate Address Detection. If duplicate use is
1402 detected, the DHCPv4 client rejects the IP by sending a DHCPDECLINE
1403 packet and tries to obtain an IP address again. See RFC 5224[11].
1404 Defaults to "unset".
1405 DenyList=
1407 A whitespace-separated list of IPv4 addresses. DHCP offers from
1408 servers in the list are rejected. Note that if AllowList= is
1409 configured then DenyList= is ignored.
1410 AllowList=
1412 A whitespace-separated list of IPv4 addresses. DHCP offers from
1413 servers in the list are accepted.
1414 RequestOptions=
1416 Sets request options to be sent to the server in the DHCPv4 request
1417 options list. A whitespace-separated list of integers in the range
1418 1...254. Defaults to unset.
1419 SendOption=
1421 Send an arbitrary raw option in the DHCPv4 request. Takes a DHCP
1422 option number, data type and data separated with a colon
1423 ("option:type:value"). The option number must be an integer in the
1424 range 1...254. The type takes one of "uint8", "uint16", "uint32",
1425 "ipv4address", or "string". Special characters in the data string
1426 may be escaped using C-style escapes[18]. This setting can be
1427 specified multiple times. If an empty string is specified, then all
1428 options specified earlier are cleared. Defaults to unset.
1429 SendVendorOption=
1431 Send an arbitrary vendor option in the DHCPv4 request. Takes a DHCP
1432 option number, data type and data separated with a colon
1433 ("option:type:value"). The option number must be an integer in the
1434 range 1...254. The type takes one of "uint8", "uint16", "uint32",
1435 "ipv4address", or "string". Special characters in the data string
1436 may be escaped using C-style escapes[18]. This setting can be
1437 specified multiple times. If an empty string is specified, then all
1438 options specified earlier are cleared. Defaults to unset.
1439
1441 The [DHCPv6] section configures the DHCPv6 client, if it is enabled
1442 with the DHCP= setting described above, or invoked by the IPv6 Router
1443 Advertisement:
1444 UseAddress=
1446 When true (the default), the IP addresses provided by the DHCPv6
1447 server will be assigned.
1448 UseDNS=, UseNTP=, UseHostname=
1450 As in the [DHCPv4] section.
1451 RouteMetric=
1453 Set the routing metric for routes specified by the DHCP server.
1454 Defaults to 1024.
1455 RapidCommit=
1457 Takes a boolean. The DHCPv6 client can obtain configuration
1458 parameters from a DHCPv6 server through a rapid two-message
1459 exchange (solicit and reply). When the rapid commit option is
1460 enabled by both the DHCPv6 client and the DHCPv6 server, the
1461 two-message exchange is used, rather than the default four-message
1462 exchange (solicit, advertise, request, and reply). The two-message
1463 exchange provides faster client configuration and is beneficial in
1464 environments in which networks are under a heavy load. See RFC
1465 3315[19] for details. Defaults to true.
1466 MUDURL=
1468 When configured, the specified Manufacturer Usage Description (MUD)
1469 URL will be sent to the DHCPv6 server. The syntax and semantics are
1470 the same as for MUDURL= in the [DHCPv4] section described above.
1471 RequestOptions=
1473 When configured, allows to set arbitrary request options in the
1474 DHCPv6 request options list that will be sent to the DHCPv6 server.
1475 A whitespace-separated list of integers in the range 1...254.
1476 Defaults to unset.
1477 SendVendorOption=
1479 Send an arbitrary vendor option in the DHCPv6 request. Takes an
1480 enterprise identifier, DHCP option number, data type, and data
1481 separated with a colon ("enterprise identifier:option:type:
1482 value"). Enterprise identifier is an unsigned integer in the range
1483 1–4294967294. The option number must be an integer in the range
1484 1–254. Data type takes one of "uint8", "uint16", "uint32",
1485 "ipv4address", "ipv6address", or "string". Special characters in
1486 the data string may be escaped using C-style escapes[18]. This
1487 setting can be specified multiple times. If an empty string is
1488 specified, then all options specified earlier are cleared. Defaults
1489 to unset.
1490 ForceDHCPv6PDOtherInformation=
1492 Takes a boolean that enforces DHCPv6 stateful mode when the 'Other
1493 information' bit is set in Router Advertisement messages. By
1494 default setting only the 'O' bit in Router Advertisements makes
1495 DHCPv6 request network information in a stateless manner using a
1496 two-message Information Request and Information Reply message
1497 exchange. RFC 7084[20], requirement WPD-4, updates this behavior
1498 for a Customer Edge router so that stateful DHCPv6 Prefix
1499 Delegation is also requested when only the 'O' bit is set in Router
1500 Advertisements. This option enables such a CE behavior as it is
1501 impossible to automatically distinguish the intention of the 'O'
1502 bit otherwise. By default this option is set to 'false', enable it
1503 if no prefixes are delegated when the device should be acting as a
1504 CE router.
1505 PrefixDelegationHint=
1507 Takes an IPv6 address with prefix length in the same format as the
1508 Address= in the [Network] section. The DHCPv6 client will include a
1509 prefix hint in the DHCPv6 solicitation sent to the server. The
1510 prefix length must be in the range 1–128. Defaults to unset.
1511 WithoutRA=
1513 Allows DHCPv6 client to start without router advertisements's
1514 managed or other address configuration flag. Takes one of "solicit"
1515 or "information-request". Defaults to unset.
1516 SendOption=
1518 As in the [DHCPv4] section, however because DHCPv6 uses 16-bit
1519 fields to store option numbers, the option number is an integer in
1520 the range 1...65536.
1521 UserClass=
1523 A DHCPv6 client can use User Class option to identify the type or
1524 category of user or applications it represents. The information
1525 contained in this option is a string that represents the user class
1526 of which the client is a member. Each class sets an identifying
1527 string of information to be used by the DHCP service to classify
1528 clients. Special characters in the data string may be escaped using
1529 C-style escapes[18]. This setting can be specified multiple times.
1530 If an empty string is specified, then all options specified earlier
1531 are cleared. Takes a whitespace-separated list of strings. Note
1532 that currently NUL bytes are not allowed.
1533 VendorClass=
1535 A DHCPv6 client can use VendorClass option to identify the vendor
1536 that manufactured the hardware on which the client is running. The
1537 information contained in the data area of this option is contained
1538 in one or more opaque fields that identify details of the hardware
1539 configuration. Takes a whitespace-separated list of strings.
1540
1542 The [DHCPv6PrefixDelegation] section configures delegated prefixes
1543 assigned by DHCPv6 server. The settings in this section are used only
1544 when DHCPv6PrefixDelegation= setting is enabled.
1545 SubnetId=
1547 Configure a specific subnet ID on the interface from a (previously)
1548 received prefix delegation. You can either set "auto" (the default)
1549 or a specific subnet ID (as defined in RFC 4291[21], section
1550 2.5.4), in which case the allowed value is hexadecimal, from 0 to
1551 0x7fffffffffffffff inclusive.
1552 Announce=
1554 Takes a boolean. When enabled, and IPv6SendRA= in [Network] section
1555 is enabled, the delegated prefixes are distributed through the IPv6
1556 Router Advertisement. Defaults to yes.
1557 Assign=
1559 Takes a boolean. Specifies whether to add an address from the
1560 delegated prefixes which are received from the WAN interface by the
1561 DHCPv6 Prefix Delegation. When true (on LAN interfce), the EUI-64
1562 algorithm will be used by default to form an interface identifier
1563 from the delegated prefixes. See also Token= setting below.
1564 Defaults to yes.
1565 Token=
1567 Specifies an optional address generation mode for assigning an
1568 address in each delegated prefix. Takes an IPv6 address. When set,
1569 the lower bits of the supplied address is combined with the upper
1570 bits of each delegatad prefix received from the WAN interface by
1571 the DHCPv6 Prefix Delegation to form a complete address. When
1572 Assign= is disabled, this setting is ignored. When unset, the
1573 EUI-64 algorithm will be used to form addresses. Defaults to unset.
1574 ManageTemporaryAddress=
1576 As in the [Address] section, but defaults to true.
1577
1579 The [IPv6AcceptRA] section configures the IPv6 Router Advertisement
1580 (RA) client, if it is enabled with the IPv6AcceptRA= setting described
1581 above:
1582 UseDNS=
1584 When true (the default), the DNS servers received in the Router
1585 Advertisement will be used.
1586 This corresponds to the nameserver option in resolv.conf(5).
1588 UseDomains=
1590 Takes a boolean, or the special value "route". When true, the
1591 domain name received via IPv6 Router Advertisement (RA) will be
1592 used as DNS search domain over this link, similar to the effect of
1593 the Domains= setting. If set to "route", the domain name received
1594 via IPv6 RA will be used for routing DNS queries only, but not for
1595 searching, similar to the effect of the Domains= setting when the
1596 argument is prefixed with "~". Defaults to false.
1597 It is recommended to enable this option only on trusted networks,
1599 as setting this affects resolution of all hostnames, in particular
1600 of single-label names. It is generally safer to use the supplied
1601 domain only as routing domain, rather than as search domain, in
1602 order to not have it affect local resolution of single-label names.
1603 When set to true, this setting corresponds to the domain option in
1605 resolv.conf(5).
1606 RouteTable=num
1608 The table identifier for the routes received in the Router
1609 Advertisement (a number between 1 and 4294967295, or 0 to unset).
1610 The table can be retrieved using ip route show table num.
1611 UseAutonomousPrefix=
1613 When true (the default), the autonomous prefix received in the
1614 Router Advertisement will be used and take precedence over any
1615 statically configured ones.
1616 UseOnLinkPrefix=
1618 When true (the default), the onlink prefix received in the Router
1619 Advertisement will be used and takes precedence over any statically
1620 configured ones.
1621 RouterDenyList=
1623 A whitespace-separated list of IPv6 router addresses. Any
1624 information advertised by the listed router is ignored.
1625 RouterAllowList=
1627 A whitespace-separated list of IPv6 router addresses. Only
1628 information advertised by the listed router is accepted. Note that
1629 if RouterAllowList= is configured then RouterDenyList= is ignored.
1630 PrefixDenyList=
1632 A whitespace-separated list of IPv6 prefixes. IPv6 prefixes
1633 supplied via router advertisements in the list are ignored.
1634 PrefixAllowList=
1636 A whitespace-separated list of IPv6 prefixes. IPv6 prefixes
1637 supplied via router advertisements in the list are allowed. Note
1638 that if PrefixAllowList= is configured then PrefixDenyList= is
1639 ignored.
1640 RouteDenyList=
1642 A whitespace-separated list of IPv6 route prefixes. IPv6 route
1643 prefixes supplied via router advertisements in the list are
1644 ignored.
1645 RouteAllowList=
1647 A whitespace-separated list of IPv6 route prefixes. IPv6 route
1648 prefixes supplied via router advertisements in the list are
1649 allowed. Note that if RouteAllowList= is configured then
1650 RouteDenyList= is ignored.
1651 DHCPv6Client=
1653 Takes a boolean, or the special value "always". When true or
1654 "always", the DHCPv6 client will be started when the RA has the
1655 managed or other information flag. If set to "always", the DHCPv6
1656 client will also be started in managed mode when neither managed
1657 nor other information flag is set in the RA. Defaults to true.
1658
1660 The [DHCPServer] section contains settings for the DHCP server, if
1661 enabled via the DHCPServer= option described above:
1662 PoolOffset=, PoolSize=
1664 Configures the pool of addresses to hand out. The pool is a
1665 contiguous sequence of IP addresses in the subnet configured for
1666 the server address, which does not include the subnet nor the
1667 broadcast address. PoolOffset= takes the offset of the pool from
1668 the start of subnet, or zero to use the default value. PoolSize=
1669 takes the number of IP addresses in the pool or zero to use the
1670 default value. By default, the pool starts at the first address
1671 after the subnet address and takes up the rest of the subnet,
1672 excluding the broadcast address. If the pool includes the server
1673 address (the default), this is reserved and not handed out to
1674 clients.
1675 DefaultLeaseTimeSec=, MaxLeaseTimeSec=
1677 Control the default and maximum DHCP lease time to pass to clients.
1678 These settings take time values in seconds or another common time
1679 unit, depending on the suffix. The default lease time is used for
1680 clients that did not ask for a specific lease time. If a client
1681 asks for a lease time longer than the maximum lease time, it is
1682 automatically shortened to the specified time. The default lease
1683 time defaults to 1h, the maximum lease time to 12h. Shorter lease
1684 times are beneficial if the configuration data in DHCP leases
1685 changes frequently and clients shall learn the new settings with
1686 shorter latencies. Longer lease times reduce the generated DHCP
1687 network traffic.
1688 EmitDNS=, DNS=
1690 EmitDNS= takes a boolean. Configures whether the DHCP leases handed
1691 out to clients shall contain DNS server information. Defaults to
1692 "yes". The DNS servers to pass to clients may be configured with
1693 the DNS= option, which takes a list of IPv4 addresses. If the
1694 EmitDNS= option is enabled but no servers configured, the servers
1695 are automatically propagated from an "uplink" interface that has
1696 appropriate servers set. The "uplink" interface is determined by
1697 the default route of the system with the highest priority. Note
1698 that this information is acquired at the time the lease is handed
1699 out, and does not take uplink interfaces into account that acquire
1700 DNS server information at a later point. If no suitable uplink
1701 interface is found the DNS server data from /etc/resolv.conf is
1702 used. Also, note that the leases are not refreshed if the uplink
1703 network configuration changes. To ensure clients regularly acquire
1704 the most current uplink DNS server information, it is thus
1705 advisable to shorten the DHCP lease time via MaxLeaseTimeSec=
1706 described above.
1707 EmitNTP=, NTP=, EmitSIP=, SIP=, EmitPOP3=, POP3=, EmitSMTP=, SMTP=,
1709 EmitLPR=, LPR=
1710 Similar to the EmitDNS= and DNS= settings described above, these
1711 settings configure whether and what server information for the
1712 indicate protocol shall be emitted as part of the DHCP lease. The
1713 same syntax, propagation semantics and defaults apply as for
1714 EmitDNS= and DNS=.
1715 EmitRouter=
1717 Similar to the EmitDNS= setting described above, this setting
1718 configures whether the DHCP lease should contain the router option.
1719 The same syntax, propagation semantics and defaults apply as for
1720 EmitDNS=.
1721 EmitTimezone=, Timezone=
1723 Takes a boolean. Configures whether the DHCP leases handed out to
1724 clients shall contain timezone information. Defaults to "yes". The
1725 Timezone= setting takes a timezone string (such as "Europe/Berlin"
1726 or "UTC") to pass to clients. If no explicit timezone is set, the
1727 system timezone of the local host is propagated, as determined by
1728 the /etc/localtime symlink.
1729 SendOption=
1731 Send a raw option with value via DHCPv4 server. Takes a DHCP option
1732 number, data type and data ("option:type:value"). The option number
1733 is an integer in the range 1...254. The type takes one of "uint8",
1734 "uint16", "uint32", "ipv4address", "ipv6address", or "string".
1735 Special characters in the data string may be escaped using C-style
1736 escapes[18]. This setting can be specified multiple times. If an
1737 empty string is specified, then all options specified earlier are
1738 cleared. Defaults to unset.
1739 SendVendorOption=
1741 Send a vendor option with value via DHCPv4 server. Takes a DHCP
1742 option number, data type and data ("option:type:value"). The option
1743 number is an integer in the range 1...254. The type takes one of
1744 "uint8", "uint16", "uint32", "ipv4address", or "string". Special
1745 characters in the data string may be escaped using C-style
1746 escapes[18]. This setting can be specified multiple times. If an
1747 empty string is specified, then all options specified earlier are
1748 cleared. Defaults to unset.
1749
1751 The [IPv6SendRA] section contains settings for sending IPv6 Router
1752 Advertisements and whether to act as a router, if enabled via the
1753 IPv6SendRA= option described above. IPv6 network prefixes or routes are
1754 defined with one or more [IPv6Prefix] or [IPv6RoutePrefix] sections.
1755 Managed=, OtherInformation=
1757 Takes a boolean. Controls whether a DHCPv6 server is used to
1758 acquire IPv6 addresses on the network link when Managed= is set to
1759 "true" or if only additional network information can be obtained
1760 via DHCPv6 for the network link when OtherInformation= is set to
1761 "true". Both settings default to "false", which means that a DHCPv6
1762 server is not being used.
1763 RouterLifetimeSec=
1765 Takes a timespan. Configures the IPv6 router lifetime in seconds.
1766 When set to 0, the host is not acting as a router. Defaults to 30
1767 minutes.
1768 RouterPreference=
1770 Configures IPv6 router preference if RouterLifetimeSec= is
1771 non-zero. Valid values are "high", "medium" and "low", with
1772 "normal" and "default" added as synonyms for "medium" just to make
1773 configuration easier. See RFC 4191[15] for details. Defaults to
1774 "medium".
1775 EmitDNS=, DNS=
1777 DNS= specifies a list of recursive DNS server IPv6 addresses that
1778 are distributed via Router Advertisement messages when EmitDNS= is
1779 true. DNS= also takes special value "_link_local"; in that case
1780 the IPv6 link local address is distributed. If DNS= is empty, DNS
1781 servers are read from the [Network] section. If the [Network]
1782 section does not contain any DNS servers either, DNS servers from
1783 the uplink with the highest priority default route are used. When
1784 EmitDNS= is false, no DNS server information is sent in Router
1785 Advertisement messages. EmitDNS= defaults to true.
1786 EmitDomains=, Domains=
1788 A list of DNS search domains distributed via Router Advertisement
1789 messages when EmitDomains= is true. If Domains= is empty, DNS
1790 search domains are read from the [Network] section. If the
1791 [Network] section does not contain any DNS search domains either,
1792 DNS search domains from the uplink with the highest priority
1793 default route are used. When EmitDomains= is false, no DNS search
1794 domain information is sent in Router Advertisement messages.
1795 EmitDomains= defaults to true.
1796 DNSLifetimeSec=
1798 Lifetime in seconds for the DNS server addresses listed in DNS= and
1799 search domains listed in Domains=.
1800
1802 One or more [IPv6Prefix] sections contain the IPv6 prefixes that are
1803 announced via Router Advertisements. See RFC 4861[22] for further
1804 details.
1805 AddressAutoconfiguration=, OnLink=
1807 Takes a boolean to specify whether IPv6 addresses can be
1808 autoconfigured with this prefix and whether the prefix can be used
1809 for onlink determination. Both settings default to "true" in order
1810 to ease configuration.
1811 Prefix=
1813 The IPv6 prefix that is to be distributed to hosts. Similarly to
1814 configuring static IPv6 addresses, the setting is configured as an
1815 IPv6 prefix and its prefix length, separated by a "/" character.
1816 Use multiple [IPv6Prefix] sections to configure multiple IPv6
1817 prefixes since prefix lifetimes, address autoconfiguration and
1818 onlink status may differ from one prefix to another.
1819 PreferredLifetimeSec=, ValidLifetimeSec=
1821 Preferred and valid lifetimes for the prefix measured in seconds.
1822 PreferredLifetimeSec= defaults to 604800 seconds (one week) and
1823 ValidLifetimeSec= defaults to 2592000 seconds (30 days).
1824 Assign=
1826 Takes a boolean. When true, adds an address from the prefix.
1827 Default to false.
1828
1830 One or more [IPv6RoutePrefix] sections contain the IPv6 prefix routes
1831 that are announced via Router Advertisements. See RFC 4191[15] for
1832 further details.
1833 Route=
1835 The IPv6 route that is to be distributed to hosts. Similarly to
1836 configuring static IPv6 routes, the setting is configured as an
1837 IPv6 prefix routes and its prefix route length, separated by a "/"
1838 character. Use multiple [IPv6PrefixRoutes] sections to configure
1839 multiple IPv6 prefix routes.
1840 LifetimeSec=
1842 Lifetime for the route prefix measured in seconds. LifetimeSec=
1843 defaults to 604800 seconds (one week).
1844
1846 The [Bridge] section accepts the following keys:
1847 UnicastFlood=
1849 Takes a boolean. Controls whether the bridge should flood traffic
1850 for which an FDB entry is missing and the destination is unknown
1851 through this port. When unset, the kernel's default will be used.
1852 MulticastFlood=
1854 Takes a boolean. Controls whether the bridge should flood traffic
1855 for which an MDB entry is missing and the destination is unknown
1856 through this port. When unset, the kernel's default will be used.
1857 MulticastToUnicast=
1859 Takes a boolean. Multicast to unicast works on top of the multicast
1860 snooping feature of the bridge. Which means unicast copies are only
1861 delivered to hosts which are interested in it. When unset, the
1862 kernel's default will be used.
1863 NeighborSuppression=
1865 Takes a boolean. Configures whether ARP and ND neighbor suppression
1866 is enabled for this port. When unset, the kernel's default will be
1867 used.
1868 Learning=
1870 Takes a boolean. Configures whether MAC address learning is enabled
1871 for this port. When unset, the kernel's default will be used.
1872 HairPin=
1874 Takes a boolean. Configures whether traffic may be sent back out of
1875 the port on which it was received. When this flag is false, then
1876 the bridge will not forward traffic back out of the receiving port.
1877 When unset, the kernel's default will be used.
1878 UseBPDU=
1880 Takes a boolean. Configures whether STP Bridge Protocol Data Units
1881 will be processed by the bridge port. When unset, the kernel's
1882 default will be used.
1883 FastLeave=
1885 Takes a boolean. This flag allows the bridge to immediately stop
1886 multicast traffic on a port that receives an IGMP Leave message. It
1887 is only used with IGMP snooping if enabled on the bridge. When
1888 unset, the kernel's default will be used.
1889 AllowPortToBeRoot=
1891 Takes a boolean. Configures whether a given port is allowed to
1892 become a root port. Only used when STP is enabled on the bridge.
1893 When unset, the kernel's default will be used.
1894 ProxyARP=
1896 Takes a boolean. Configures whether proxy ARP to be enabled on this
1897 port. When unset, the kernel's default will be used.
1898 ProxyARPWiFi=
1900 Takes a boolean. Configures whether proxy ARP to be enabled on this
1901 port which meets extended requirements by IEEE 802.11 and Hotspot
1902 2.0 specifications. When unset, the kernel's default will be used.
1903 MulticastRouter=
1905 Configures this port for having multicast routers attached. A port
1906 with a multicast router will receive all multicast traffic. Takes
1907 one of "no" to disable multicast routers on this port, "query" to
1908 let the system detect the presence of routers, "permanent" to
1909 permanently enable multicast traffic forwarding on this port, or
1910 "temporary" to enable multicast routers temporarily on this port,
1911 not depending on incoming queries. When unset, the kernel's default
1912 will be used.
1913 Cost=
1915 Sets the "cost" of sending packets of this interface. Each port in
1916 a bridge may have a different speed and the cost is used to decide
1917 which link to use. Faster interfaces should have lower costs. It is
1918 an integer value between 1 and 65535.
1919 Priority=
1921 Sets the "priority" of sending packets on this interface. Each port
1922 in a bridge may have a different priority which is used to decide
1923 which link to use. Lower value means higher priority. It is an
1924 integer value between 0 to 63. Networkd does not set any default,
1925 meaning the kernel default value of 32 is used.
1926
1928 The [BridgeFDB] section manages the forwarding database table of a port
1929 and accepts the following keys. Specify several [BridgeFDB] sections to
1930 configure several static MAC table entries.
1931 MACAddress=
1933 As in the [Network] section. This key is mandatory.
1934 Destination=
1936 Takes an IP address of the destination VXLAN tunnel endpoint.
1937 VLANId=
1939 The VLAN ID for the new static MAC table entry. If omitted, no VLAN
1940 ID information is appended to the new static MAC table entry.
1941 VNI=
1943 The VXLAN Network Identifier (or VXLAN Segment ID) to use to
1944 connect to the remote VXLAN tunnel endpoint. Takes a number in the
1945 range 1...16777215. Defaults to unset.
1946 AssociatedWith=
1948 Specifies where the address is associated with. Takes one of "use",
1949 "self", "master" or "router". "use" means the address is in use.
1950 User space can use this option to indicate to the kernel that the
1951 fdb entry is in use. "self" means the address is associated with
1952 the port drivers fdb. Usually hardware. "master" means the address
1953 is associated with master devices fdb. "router" means the
1954 destination address is associated with a router. Note that it's
1955 valid if the referenced device is a VXLAN type device and has route
1956 shortcircuit enabled. Defaults to "self".
1957
1959 The [BridgeMDB] section manages the multicast membership entries
1960 forwarding database table of a port and accepts the following keys.
1961 Specify several [BridgeMDB] sections to configure several permanent
1962 multicast membership entries.
1963 MulticastGroupAddress=
1965 Specifies the IPv4 or IPv6 multicast group address to add. This
1966 setting is mandatory.
1967 VLANId=
1969 The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to
1970 4094. Optional, defaults to 0.
1971
1973 The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and
1974 accepts the following keys:
1975 MUDURL=
1977 When configured, the specified Manufacturer Usage Descriptions
1978 (MUD) URL will be sent in LLDP packets. The syntax and semantics
1979 are the same as for MUDURL= in the [DHCPv4] section described
1980 above.
1981 The MUD URLs received via LLDP packets are saved and can be read
1983 using the sd_lldp_neighbor_get_mud_url() function.
1984
1986 The [CAN] section manages the Controller Area Network (CAN bus) and
1987 accepts the following keys:
1988 BitRate=
1990 The bitrate of CAN device in bits per second. The usual SI prefixes
1991 (K, M) with the base of 1000 can be used here. Takes a number in
1992 the range 1...4294967295.
1993 SamplePoint=
1995 Optional sample point in percent with one decimal (e.g. "75%",
1996 "87.5%") or permille (e.g. "875‰").
1997 DataBitRate=, DataSamplePoint=
1999 The bitrate and sample point for the data phase, if CAN-FD is used.
2000 These settings are analogous to the BitRate= and SamplePoint= keys.
2001 FDMode=
2003 Takes a boolean. When "yes", CAN-FD mode is enabled for the
2004 interface. Note, that a bitrate and optional sample point should
2005 also be set for the CAN-FD data phase using the DataBitRate= and
2006 DataSamplePoint= keys.
2007 FDNonISO=
2009 Takes a boolean. When "yes", non-ISO CAN-FD mode is enabled for the
2010 interface. When unset, the kernel's default will be used.
2011 RestartSec=
2013 Automatic restart delay time. If set to a non-zero value, a restart
2014 of the CAN controller will be triggered automatically in case of a
2015 bus-off condition after the specified delay time. Subsecond delays
2016 can be specified using decimals (e.g. "0.1s") or a "ms" or "us"
2017 postfix. Using "infinity" or "0" will turn the automatic restart
2018 off. By default automatic restart is disabled.
2019 Termination=
2021 Takes a boolean. When "yes", the termination resistor will be
2022 selected for the bias network. When unset, the kernel's default
2023 will be used.
2024 TripleSampling=
2026 Takes a boolean. When "yes", three samples (instead of one) are
2027 used to determine the value of a received bit by majority rule.
2028 When unset, the kernel's default will be used.
2029 BusErrorReporting=
2031 Takes a boolean. When "yes", reporting of CAN bus errors is
2032 activated (those include single bit, frame format, and bit stuffing
2033 errors, unable to send dominant bit, unable to send recessive bit,
2034 bus overload, active error announcement, error occurred on
2035 transmission). When unset, the kernel's default will be used. Note:
2036 in case of a CAN bus with a single CAN device, sending a CAN frame
2037 may result in a huge number of CAN bus errors.
2038 ListenOnly=
2040 Takes a boolean. When "yes", listen-only mode is enabled. When the
2041 interface is in listen-only mode, the interface neither transmit
2042 CAN frames nor send ACK bit. Listen-only mode is important to debug
2043 CAN networks without interfering with the communication or
2044 acknowledge the CAN frame. When unset, the kernel's default will be
2045 used.
2046
2048 The [QDisc] section manages the traffic control queueing discipline
2049 (qdisc).
2050 Parent=
2052 Specifies the parent Queueing Discipline (qdisc). Takes one of
2053 "clsact" or "ingress". This is mandatory.
2054 Handle=
2056 Configures the major number of unique identifier of the qdisc,
2057 known as the handle. Takes a hexadecimal number in the range
2058 0x1–0xffff. Defaults to unset.
2059
2061 The [NetworkEmulator] section manages the queueing discipline (qdisc)
2062 of the network emulator. It can be used to configure the kernel packet
2063 scheduler and simulate packet delay and loss for UDP or TCP
2064 applications, or limit the bandwidth usage of a particular service to
2065 simulate internet connections.
2066 Parent=
2068 Configures the parent Queueing Discipline (qdisc). Takes one of
2069 "root", "clsact", "ingress" or a class identifier. The class
2070 identifier is specified as the major and minor numbers in
2071 hexadecimal in the range 0x1–Oxffff separated with a colon
2072 ("major:minor"). Defaults to "root".
2073 Handle=
2075 Configures the major number of unique identifier of the qdisc,
2076 known as the handle. Takes a hexadecimal number in the range
2077 0x1–0xffff. Defaults to unset.
2078 DelaySec=
2080 Specifies the fixed amount of delay to be added to all packets
2081 going out of the interface. Defaults to unset.
2082 DelayJitterSec=
2084 Specifies the chosen delay to be added to the packets outgoing to
2085 the network interface. Defaults to unset.
2086 PacketLimit=
2088 Specifies the maximum number of packets the qdisc may hold queued
2089 at a time. An unsigned integer in the range 0–4294967294. Defaults
2090 to 1000.
2091 LossRate=
2093 Specifies an independent loss probability to be added to the
2094 packets outgoing from the network interface. Takes a percentage
2095 value, suffixed with "%". Defaults to unset.
2096 DuplicateRate=
2098 Specifies that the chosen percent of packets is duplicated before
2099 queuing them. Takes a percentage value, suffixed with "%". Defaults
2100 to unset.
2101
2103 The [TokenBucketFilter] section manages the queueing discipline (qdisc)
2104 of token bucket filter (tbf).
2105 Parent=
2107 Configures the parent Queueing Discipline (qdisc). Takes one of
2108 "root", "clsact", "ingress" or a class identifier. The class
2109 identifier is specified as the major and minor numbers in
2110 hexadecimal in the range 0x1–Oxffff separated with a colon
2111 ("major:minor"). Defaults to "root".
2112 Handle=
2114 Configures the major number of unique identifier of the qdisc,
2115 known as the handle. Takes a hexadecimal number in the range
2116 0x1–0xffff. Defaults to unset.
2117 LatencySec=
2119 Specifies the latency parameter, which specifies the maximum amount
2120 of time a packet can sit in the Token Bucket Filter (TBF). Defaults
2121 to unset.
2122 LimitBytes=
2124 Takes the number of bytes that can be queued waiting for tokens to
2125 become available. When the size is suffixed with K, M, or G, it is
2126 parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the
2127 base of 1024. Defaults to unset.
2128 BurstBytes=
2130 Specifies the size of the bucket. This is the maximum amount of
2131 bytes that tokens can be available for instantaneous transfer. When
2132 the size is suffixed with K, M, or G, it is parsed as Kilobytes,
2133 Megabytes, or Gigabytes, respectively, to the base of 1024.
2134 Defaults to unset.
2135 Rate=
2137 Specifies the device specific bandwidth. When suffixed with K, M,
2138 or G, the specified bandwidth is parsed as Kilobits, Megabits, or
2139 Gigabits, respectively, to the base of 1000. Defaults to unset.
2140 MPUBytes=
2142 The Minimum Packet Unit (MPU) determines the minimal token usage
2143 (specified in bytes) for a packet. When suffixed with K, M, or G,
2144 the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
2145 respectively, to the base of 1024. Defaults to zero.
2146 PeakRate=
2148 Takes the maximum depletion rate of the bucket. When suffixed with
2149 K, M, or G, the specified size is parsed as Kilobits, Megabits, or
2150 Gigabits, respectively, to the base of 1000. Defaults to unset.
2151 MTUBytes=
2153 Specifies the size of the peakrate bucket. When suffixed with K, M,
2154 or G, the specified size is parsed as Kilobytes, Megabytes, or
2155 Gigabytes, respectively, to the base of 1024. Defaults to unset.
2156
2158 The [PIE] section manages the queueing discipline (qdisc) of
2159 Proportional Integral controller-Enhanced (PIE).
2160 Parent=
2162 Configures the parent Queueing Discipline (qdisc). Takes one of
2163 "root", "clsact", "ingress" or a class identifier. The class
2164 identifier is specified as the major and minor numbers in
2165 hexadecimal in the range 0x1–Oxffff separated with a colon
2166 ("major:minor"). Defaults to "root".
2167 Handle=
2169 Configures the major number of unique identifier of the qdisc,
2170 known as the handle. Takes a hexadecimal number in the range
2171 0x1–0xffff. Defaults to unset.
2172 PacketLimit=
2174 Specifies the hard limit on the queue size in number of packets.
2175 When this limit is reached, incoming packets are dropped. An
2176 unsigned integer in the range 1...4294967294. Defaults to unset and
2177 kernel's default is used.
2178
2180 The "[FlowQueuePIE]" section manages the queueing discipline (qdisc) of
2181 Flow Queue Proportional Integral controller-Enhanced (fq_pie).
2182 Parent=
2184 Configures the parent Queueing Discipline (qdisc). Takes one of
2185 "root", "clsact", "ingress" or a class identifier. The class
2186 identifier is specified as the major and minor numbers in
2187 hexadecimal in the range 0x1–Oxffff separated with a colon
2188 ("major:minor"). Defaults to "root".
2189 Handle=
2191 Configures the major number of unique identifier of the qdisc,
2192 known as the handle. Takes a hexadecimal number in the range
2193 0x1–0xffff. Defaults to unset.
2194 PacketLimit=
2196 Specifies the hard limit on the queue size in number of packets.
2197 When this limit is reached, incoming packets are dropped. An
2198 unsigned integer ranges 1 to 4294967294. Defaults to unset and
2199 kernel's default is used.
2200
2202 The [StochasticFairBlue] section manages the queueing discipline
2203 (qdisc) of stochastic fair blue (sfb).
2204 Parent=
2206 Configures the parent Queueing Discipline (qdisc). Takes one of
2207 "root", "clsact", "ingress" or a class identifier. The class
2208 identifier is specified as the major and minor numbers in
2209 hexadecimal in the range 0x1–Oxffff separated with a colon
2210 ("major:minor"). Defaults to "root".
2211 Handle=
2213 Configures the major number of unique identifier of the qdisc,
2214 known as the handle. Takes a hexadecimal number in the range
2215 0x1–0xffff. Defaults to unset.
2216 PacketLimit=
2218 Specifies the hard limit on the queue size in number of packets.
2219 When this limit is reached, incoming packets are dropped. An
2220 unsigned integer in the range 0–4294967294. Defaults to unset and
2221 kernel's default is used.
2222
2224 The [StochasticFairnessQueueing] section manages the queueing
2225 discipline (qdisc) of stochastic fairness queueing (sfq).
2226 Parent=
2228 Configures the parent Queueing Discipline (qdisc). Takes one of
2229 "root", "clsact", "ingress" or a class identifier. The class
2230 identifier is specified as the major and minor numbers in
2231 hexadecimal in the range 0x1–Oxffff separated with a colon
2232 ("major:minor"). Defaults to "root".
2233 Handle=
2235 Configures the major number of unique identifier of the qdisc,
2236 known as the handle. Takes a hexadecimal number in the range
2237 0x1–0xffff. Defaults to unset.
2238 PerturbPeriodSec=
2240 Specifies the interval in seconds for queue algorithm perturbation.
2241 Defaults to unset.
2242
2244 The [BFIFO] section manages the queueing discipline (qdisc) of Byte
2245 limited Packet First In First Out (bfifo).
2246 Parent=
2248 Configures the parent Queueing Discipline (qdisc). Takes one of
2249 "root", "clsact", "ingress" or a class identifier. The class
2250 identifier is specified as the major and minor numbers in
2251 hexadecimal in the range 0x1–Oxffff separated with a colon
2252 ("major:minor"). Defaults to "root".
2253 Handle=
2255 Configures the major number of unique identifier of the qdisc,
2256 known as the handle. Takes a hexadecimal number in the range
2257 0x1–0xffff. Defaults to unset.
2258 LimitBytes=
2260 Specifies the hard limit in bytes on the FIFO buffer size. The size
2261 limit prevents overflow in case the kernel is unable to dequeue
2262 packets as quickly as it receives them. When this limit is reached,
2263 incoming packets are dropped. When suffixed with K, M, or G, the
2264 specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
2265 respectively, to the base of 1024. Defaults to unset and kernel
2266 default is used.
2267
2269 The [PFIFO] section manages the queueing discipline (qdisc) of Packet
2270 First In First Out (pfifo).
2271 Parent=
2273 Configures the parent Queueing Discipline (qdisc). Takes one of
2274 "root", "clsact", "ingress" or a class identifier. The class
2275 identifier is specified as the major and minor numbers in
2276 hexadecimal in the range 0x1–Oxffff separated with a colon
2277 ("major:minor"). Defaults to "root".
2278 Handle=
2280 Configures the major number of unique identifier of the qdisc,
2281 known as the handle. Takes a hexadecimal number in the range
2282 0x1–0xffff. Defaults to unset.
2283 PacketLimit=
2285 Specifies the hard limit on the number of packets in the FIFO
2286 queue. The size limit prevents overflow in case the kernel is
2287 unable to dequeue packets as quickly as it receives them. When this
2288 limit is reached, incoming packets are dropped. An unsigned integer
2289 in the range 0–4294967294. Defaults to unset and kernel's default
2290 is used.
2291
2293 The [PFIFOHeadDrop] section manages the queueing discipline (qdisc) of
2294 Packet First In First Out Head Drop (pfifo_head_drop).
2295 Parent=
2297 Configures the parent Queueing Discipline (qdisc). Takes one of
2298 "root", "clsact", "ingress" or a class identifier. The class
2299 identifier is specified as the major and minor numbers in
2300 hexadecimal in the range 0x1–Oxffff separated with a colon
2301 ("major:minor"). Defaults to "root".
2302 Handle=
2304 Configures the major number of unique identifier of the qdisc,
2305 known as the handle. Takes a hexadecimal number in the range
2306 0x1–0xffff. Defaults to unset.
2307 PacketLimit=
2309 As in [PFIFO] section.
2310
2312 The [PFIFOFast] section manages the queueing discipline (qdisc) of
2313 Packet First In First Out Fast (pfifo_fast).
2314 Parent=
2316 Configures the parent Queueing Discipline (qdisc). Takes one of
2317 "root", "clsact", "ingress" or a class identifier. The class
2318 identifier is specified as the major and minor numbers in
2319 hexadecimal in the range 0x1–Oxffff separated with a colon
2320 ("major:minor"). Defaults to "root".
2321 Handle=
2323 Configures the major number of unique identifier of the qdisc,
2324 known as the handle. Takes a hexadecimal number in the range
2325 0x1–0xffff. Defaults to unset.
2326
2328 The [CAKE] section manages the queueing discipline (qdisc) of Common
2329 Applications Kept Enhanced (CAKE).
2330 Parent=
2332 Configures the parent Queueing Discipline (qdisc). Takes one of
2333 "root", "clsact", "ingress" or a class identifier. The class
2334 identifier is specified as the major and minor numbers in
2335 hexadecimal in the range 0x1–Oxffff separated with a colon
2336 ("major:minor"). Defaults to "root".
2337 Handle=
2339 Configures the major number of unique identifier of the qdisc,
2340 known as the handle. Takes a hexadecimal number in the range
2341 0x1–0xffff. Defaults to unset.
2342 OverheadBytes=
2344 Specifies that bytes to be addeded to the size of each packet.
2345 Bytes may be negative. Takes an integer in the range from -64 to
2346 256. Defaults to unset and kernel's default is used.
2347 Bandwidth=
2349 Specifies the shaper bandwidth. When suffixed with K, M, or G, the
2350 specified size is parsed as Kilobits, Megabits, or Gigabits,
2351 respectively, to the base of 1000. Defaults to unset and kernel's
2352 default is used.
2353
2355 The [ControlledDelay] section manages the queueing discipline (qdisc)
2356 of controlled delay (CoDel).
2357 Parent=
2359 Configures the parent Queueing Discipline (qdisc). Takes one of
2360 "root", "clsact", "ingress" or a class identifier. The class
2361 identifier is specified as the major and minor numbers in
2362 hexadecimal in the range 0x1–Oxffff separated with a colon
2363 ("major:minor"). Defaults to "root".
2364 Handle=
2366 Configures the major number of unique identifier of the qdisc,
2367 known as the handle. Takes a hexadecimal number in the range
2368 0x1–0xffff. Defaults to unset.
2369 PacketLimit=
2371 Specifies the hard limit on the queue size in number of packets.
2372 When this limit is reached, incoming packets are dropped. An
2373 unsigned integer in the range 0–4294967294. Defaults to unset and
2374 kernel's default is used.
2375 TargetSec=
2377 Takes a timespan. Specifies the acceptable minimum
2378 standing/persistent queue delay. Defaults to unset and kernel's
2379 default is used.
2380 IntervalSec=
2382 Takes a timespan. This is used to ensure that the measured minimum
2383 delay does not become too stale. Defaults to unset and kernel's
2384 default is used.
2385 ECN=
2387 Takes a boolean. This can be used to mark packets instead of
2388 dropping them. Defaults to unset and kernel's default is used.
2389 CEThresholdSec=
2391 Takes a timespan. This sets a threshold above which all packets are
2392 marked with ECN Congestion Experienced (CE). Defaults to unset and
2393 kernel's default is used.
2394
2396 The [DeficitRoundRobinScheduler] section manages the queueing
2397 discipline (qdisc) of Deficit Round Robin Scheduler (DRR).
2398 Parent=
2400 Configures the parent Queueing Discipline (qdisc). Takes one of
2401 "root", "clsact", "ingress" or a class identifier. The class
2402 identifier is specified as the major and minor numbers in
2403 hexadecimal in the range 0x1–Oxffff separated with a colon
2404 ("major:minor"). Defaults to "root".
2405 Handle=
2407 Configures the major number of unique identifier of the qdisc,
2408 known as the handle. Takes a hexadecimal number in the range
2409 0x1–0xffff. Defaults to unset.
2410
2412 The [DeficitRoundRobinSchedulerClass] section manages the traffic
2413 control class of Deficit Round Robin Scheduler (DRR).
2414 Parent=
2416 Configures the parent Queueing Discipline (qdisc). Takes one of
2417 "root", or a qdisc identifier. The qdisc identifier is specified as
2418 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2419 separated with a colon ("major:minor"). Defaults to "root".
2420 ClassId=
2422 Configures the unique identifier of the class. It is specified as
2423 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2424 separated with a colon ("major:minor"). Defaults to unset.
2425 QuantumBytes=
2427 Specifies the amount of bytes a flow is allowed to dequeue before
2428 the scheduler moves to the next class. When suffixed with K, M, or
2429 G, the specified size is parsed as Kilobytes, Megabytes, or
2430 Gigabytes, respectively, to the base of 1024. Defaults to the MTU
2431 of the interface.
2432
2434 The [EnhancedTransmissionSelection] section manages the queueing
2435 discipline (qdisc) of Enhanced Transmission Selection (ETS).
2436 Parent=
2438 Configures the parent Queueing Discipline (qdisc). Takes one of
2439 "root", "clsact", "ingress" or a class identifier. The class
2440 identifier is specified as the major and minor numbers in
2441 hexadecimal in the range 0x1–Oxffff separated with a colon
2442 ("major:minor"). Defaults to "root".
2443 Handle=
2445 Configures the major number of unique identifier of the qdisc,
2446 known as the handle. Takes a hexadecimal number in the range
2447 0x1–0xffff. Defaults to unset.
2448 Bands=
2450 Specifies the number of bands. An unsigned integer in the range
2451 1–16. This value has to be at least large enough to cover the
2452 strict bands specified through the StrictBands= and
2453 bandwidth-sharing bands specified in QuantumBytes=.
2454 StrictBands=
2456 Specifies the number of bands that should be created in strict
2457 mode. An unsigned integer in the range 1–16.
2458 QuantumBytes=
2460 Specifies the white-space separated list of quantum used in
2461 band-sharing bands. When suffixed with K, M, or G, the specified
2462 size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively,
2463 to the base of 1024. This setting can be specified multiple times.
2464 If an empty string is assigned, then the all previous assignments
2465 are cleared.
2466 PriorityMap=
2468 The priority map maps the priority of a packet to a band. The
2469 argument is a whitespace separated list of numbers. The first
2470 number indicates which band the packets with priority 0 should be
2471 put to, the second is for priority 1, and so on. There can be up to
2472 16 numbers in the list. If there are fewer, the default band that
2473 traffic with one of the unmentioned priorities goes to is the last
2474 one. Each band number must be in the range 0...255. This setting
2475 can be specified multiple times. If an empty string is assigned,
2476 then the all previous assignments are cleared.
2477
2479 The [GenericRandomEarlyDetection] section manages the queueing
2480 discipline (qdisc) of Generic Random Early Detection (GRED).
2481 Parent=
2483 Configures the parent Queueing Discipline (qdisc). Takes one of
2484 "root", "clsact", "ingress" or a class identifier. The class
2485 identifier is specified as the major and minor numbers in
2486 hexadecimal in the range 0x1–Oxffff separated with a colon
2487 ("major:minor"). Defaults to "root".
2488 Handle=
2490 Configures the major number of unique identifier of the qdisc,
2491 known as the handle. Takes a hexadecimal number in the range
2492 0x1–0xffff. Defaults to unset.
2493 VirtualQueues=
2495 Specifies the number of virtual queues. Takes a integer in the
2496 range 1...16. Defaults to unset and kernel's default is used.
2497 DefaultVirtualQueue=
2499 Specifies the number of default virtual queue. This must be less
2500 than VirtualQueue=. Defaults to unset and kernel's default is used.
2501 GenericRIO=
2503 Takes a boolean. It turns on the RIO-like buffering scheme.
2504 Defaults to unset and kernel's default is used.
2505
2507 The [FairQueueingControlledDelay] section manages the queueing
2508 discipline (qdisc) of fair queuing controlled delay (FQ-CoDel).
2509 Parent=
2511 Configures the parent Queueing Discipline (qdisc). Takes one of
2512 "root", "clsact", "ingress" or a class identifier. The class
2513 identifier is specified as the major and minor numbers in
2514 hexadecimal in the range 0x1–Oxffff separated with a colon
2515 ("major:minor"). Defaults to "root".
2516 Handle=
2518 Configures the major number of unique identifier of the qdisc,
2519 known as the handle. Takes a hexadecimal number in the range
2520 0x1–0xffff. Defaults to unset.
2521 PacketLimit=
2523 Specifies the hard limit on the real queue size. When this limit is
2524 reached, incoming packets are dropped. Defaults to unset and
2525 kernel's default is used.
2526 MemoryLimitBytes=
2528 Specifies the limit on the total number of bytes that can be queued
2529 in this FQ-CoDel instance. When suffixed with K, M, or G, the
2530 specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
2531 respectively, to the base of 1024. Defaults to unset and kernel's
2532 default is used.
2533 Flows=
2535 Specifies the number of flows into which the incoming packets are
2536 classified. Defaults to unset and kernel's default is used.
2537 TargetSec=
2539 Takes a timespan. Specifies the acceptable minimum
2540 standing/persistent queue delay. Defaults to unset and kernel's
2541 default is used.
2542 IntervalSec=
2544 Takes a timespan. This is used to ensure that the measured minimum
2545 delay does not become too stale. Defaults to unset and kernel's
2546 default is used.
2547 QuantumBytes=
2549 Specifies the number of bytes used as the "deficit" in the fair
2550 queuing algorithm timespan. When suffixed with K, M, or G, the
2551 specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
2552 respectively, to the base of 1024. Defaults to unset and kernel's
2553 default is used.
2554 ECN=
2556 Takes a boolean. This can be used to mark packets instead of
2557 dropping them. Defaults to unset and kernel's default is used.
2558 CEThresholdSec=
2560 Takes a timespan. This sets a threshold above which all packets are
2561 marked with ECN Congestion Experienced (CE). Defaults to unset and
2562 kernel's default is used.
2563
2565 The [FairQueueing] section manages the queueing discipline (qdisc) of
2566 fair queue traffic policing (FQ).
2567 Parent=
2569 Configures the parent Queueing Discipline (qdisc). Takes one of
2570 "root", "clsact", "ingress" or a class identifier. The class
2571 identifier is specified as the major and minor numbers in
2572 hexadecimal in the range 0x1–Oxffff separated with a colon
2573 ("major:minor"). Defaults to "root".
2574 Handle=
2576 Configures the major number of unique identifier of the qdisc,
2577 known as the handle. Takes a hexadecimal number in the range
2578 0x1–0xffff. Defaults to unset.
2579 PacketLimit=
2581 Specifies the hard limit on the real queue size. When this limit is
2582 reached, incoming packets are dropped. Defaults to unset and
2583 kernel's default is used.
2584 FlowLimit=
2586 Specifies the hard limit on the maximum number of packets queued
2587 per flow. Defaults to unset and kernel's default is used.
2588 QuantumBytes=
2590 Specifies the credit per dequeue RR round, i.e. the amount of bytes
2591 a flow is allowed to dequeue at once. When suffixed with K, M, or
2592 G, the specified size is parsed as Kilobytes, Megabytes, or
2593 Gigabytes, respectively, to the base of 1024. Defaults to unset and
2594 kernel's default is used.
2595 InitialQuantumBytes=
2597 Specifies the initial sending rate credit, i.e. the amount of bytes
2598 a new flow is allowed to dequeue initially. When suffixed with K,
2599 M, or G, the specified size is parsed as Kilobytes, Megabytes, or
2600 Gigabytes, respectively, to the base of 1024. Defaults to unset and
2601 kernel's default is used.
2602 MaximumRate=
2604 Specifies the maximum sending rate of a flow. When suffixed with K,
2605 M, or G, the specified size is parsed as Kilobits, Megabits, or
2606 Gigabits, respectively, to the base of 1000. Defaults to unset and
2607 kernel's default is used.
2608 Buckets=
2610 Specifies the size of the hash table used for flow lookups.
2611 Defaults to unset and kernel's default is used.
2612 OrphanMask=
2614 Takes an unsigned integer. For packets not owned by a socket, fq is
2615 able to mask a part of hash and reduce number of buckets associated
2616 with the traffic. Defaults to unset and kernel's default is used.
2617 Pacing=
2619 Takes a boolean, and enables or disables flow pacing. Defaults to
2620 unset and kernel's default is used.
2621 CEThresholdSec=
2623 Takes a timespan. This sets a threshold above which all packets are
2624 marked with ECN Congestion Experienced (CE). Defaults to unset and
2625 kernel's default is used.
2626
2628 The [TrivialLinkEqualizer] section manages the queueing discipline
2629 (qdisc) of trivial link equalizer (teql).
2630 Parent=
2632 Configures the parent Queueing Discipline (qdisc). Takes one of
2633 "root", "clsact", "ingress" or a class identifier. The class
2634 identifier is specified as the major and minor numbers in
2635 hexadecimal in the range 0x1–Oxffff separated with a colon
2636 ("major:minor"). Defaults to "root".
2637 Handle=
2639 Configures the major number of unique identifier of the qdisc,
2640 known as the handle. Takes a hexadecimal number in the range
2641 0x1–0xffff. Defaults to unset.
2642 Id=
2644 Specifies the interface ID "N" of teql. Defaults to "0". Note that
2645 when teql is used, currently, the module sch_teql with
2646 max_equalizers=N+1 option must be loaded before systemd-networkd is
2647 started.
2648
2650 The [HierarchyTokenBucket] section manages the queueing discipline
2651 (qdisc) of hierarchy token bucket (htb).
2652 Parent=
2654 Configures the parent Queueing Discipline (qdisc). Takes one of
2655 "root", "clsact", "ingress" or a class identifier. The class
2656 identifier is specified as the major and minor numbers in
2657 hexadecimal in the range 0x1–Oxffff separated with a colon
2658 ("major:minor"). Defaults to "root".
2659 Handle=
2661 Configures the major number of unique identifier of the qdisc,
2662 known as the handle. Takes a hexadecimal number in the range
2663 0x1–0xffff. Defaults to unset.
2664 DefaultClass=
2666 Takes the minor id in hexadecimal of the default class.
2667 Unclassified traffic gets sent to the class. Defaults to unset.
2668 RateToQuantum=
2670 Takes an unsigned integer. The DRR quantums are calculated by
2671 dividing the value configured in Rate= by RateToQuantum=.
2672
2674 The [HierarchyTokenBucketClass] section manages the traffic control
2675 class of hierarchy token bucket (htb).
2676 Parent=
2678 Configures the parent Queueing Discipline (qdisc). Takes one of
2679 "root", or a qdisc identifier. The qdisc identifier is specified as
2680 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2681 separated with a colon ("major:minor"). Defaults to "root".
2682 ClassId=
2684 Configures the unique identifier of the class. It is specified as
2685 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2686 separated with a colon ("major:minor"). Defaults to unset.
2687 Priority=
2689 Specifies the priority of the class. In the round-robin process,
2690 classes with the lowest priority field are tried for packets first.
2691 QuantumBytes=
2693 Specifies how many bytes to serve from leaf at once. When suffixed
2694 with K, M, or G, the specified size is parsed as Kilobytes,
2695 Megabytes, or Gigabytes, respectively, to the base of 1024.
2696 MTUBytes=
2698 Specifies the maximum packet size we create. When suffixed with K,
2699 M, or G, the specified size is parsed as Kilobytes, Megabytes, or
2700 Gigabytes, respectively, to the base of 1024.
2701 OverheadBytes=
2703 Takes an unsigned integer which specifies per-packet size overhead
2704 used in rate computations. When suffixed with K, M, or G, the
2705 specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
2706 respectively, to the base of 1024.
2707 Rate=
2709 Specifies the maximum rate this class and all its children are
2710 guaranteed. When suffixed with K, M, or G, the specified size is
2711 parsed as Kilobits, Megabits, or Gigabits, respectively, to the
2712 base of 1000. This setting is mandatory.
2713 CeilRate=
2715 Specifies the maximum rate at which a class can send, if its parent
2716 has bandwidth to spare. When suffixed with K, M, or G, the
2717 specified size is parsed as Kilobits, Megabits, or Gigabits,
2718 respectively, to the base of 1000. When unset, the value specified
2719 with Rate= is used.
2720 BufferBytes=
2722 Specifies the maximum bytes burst which can be accumulated during
2723 idle period. When suffixed with K, M, or G, the specified size is
2724 parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the
2725 base of 1024.
2726 CeilBufferBytes=
2728 Specifies the maximum bytes burst for ceil which can be accumulated
2729 during idle period. When suffixed with K, M, or G, the specified
2730 size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively,
2731 to the base of 1024.
2732
2734 The [HeavyHitterFilter] section manages the queueing discipline (qdisc)
2735 of Heavy Hitter Filter (hhf).
2736 Parent=
2738 Configures the parent Queueing Discipline (qdisc). Takes one of
2739 "root", "clsact", "ingress" or a class identifier. The class
2740 identifier is specified as the major and minor numbers in
2741 hexadecimal in the range 0x1–Oxffff separated with a colon
2742 ("major:minor"). Defaults to "root".
2743 Handle=
2745 Configures the major number of unique identifier of the qdisc,
2746 known as the handle. Takes a hexadecimal number in the range
2747 0x1–0xffff. Defaults to unset.
2748 PacketLimit=
2750 Specifies the hard limit on the queue size in number of packets.
2751 When this limit is reached, incoming packets are dropped. An
2752 unsigned integer in the range 0–4294967294. Defaults to unset and
2753 kernel's default is used.
2754
2756 The [QuickFairQueueing] section manages the queueing discipline (qdisc)
2757 of Quick Fair Queueing (QFQ).
2758 Parent=
2760 Configures the parent Queueing Discipline (qdisc). Takes one of
2761 "root", "clsact", "ingress" or a class identifier. The class
2762 identifier is specified as the major and minor numbers in
2763 hexadecimal in the range 0x1–Oxffff separated with a colon
2764 ("major:minor"). Defaults to "root".
2765 Handle=
2767 Configures the major number of unique identifier of the qdisc,
2768 known as the handle. Takes a hexadecimal number in the range
2769 0x1–0xffff. Defaults to unset.
2770
2772 The [QuickFairQueueingClass] section manages the traffic control class
2773 of Quick Fair Queueing (qfq).
2774 Parent=
2776 Configures the parent Queueing Discipline (qdisc). Takes one of
2777 "root", or a qdisc identifier. The qdisc identifier is specified as
2778 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2779 separated with a colon ("major:minor"). Defaults to "root".
2780 ClassId=
2782 Configures the unique identifier of the class. It is specified as
2783 the major and minor numbers in hexadecimal in the range 0x1–Oxffff
2784 separated with a colon ("major:minor"). Defaults to unset.
2785 Weight=
2787 Specifies the weight of the class. Takes an integer in the range
2788 1...1023. Defaults to unset in which case the kernel default is
2789 used.
2790 MaxPacketBytes=
2792 Specifies the maximum packet size in bytes for the class. When
2793 suffixed with K, M, or G, the specified size is parsed as
2794 Kilobytes, Megabytes, or Gigabytes, respectively, to the base of
2795 1024. When unset, the kernel default is used.
2796
2798 The [BridgeVLAN] section manages the VLAN ID configuration of a bridge
2799 port and accepts the following keys. Specify several [BridgeVLAN]
2800 sections to configure several VLAN entries. The VLANFiltering= option
2801 has to be enabled, see the [Bridge] section in systemd.netdev(5).
2802 VLAN=
2804 The VLAN ID allowed on the port. This can be either a single ID or
2805 a range M-N. VLAN IDs are valid from 1 to 4094.
2806 EgressUntagged=
2808 The VLAN ID specified here will be used to untag frames on egress.
2809 Configuring EgressUntagged= implicates the use of VLAN= above and
2810 will enable the VLAN ID for ingress as well. This can be either a
2811 single ID or a range M-N.
2812 PVID=
2814 The Port VLAN ID specified here is assigned to all untagged frames
2815 at ingress. PVID= can be used only once. Configuring PVID=
2816 implicates the use of VLAN= above and will enable the VLAN ID for
2817 ingress as well.
2818
2820 Example 1. Static network configuration
2821 # /etc/systemd/network/50-static.network
2823 [Match]
2824 Name=enp2s0
2825 [Network]
2827 Address=192.168.0.15/24
2828 Gateway=192.168.0.1
2829 This brings interface "enp2s0" up with a static address. The specified
2831 gateway will be used for a default route.
2832 Example 2. DHCP on ethernet links
2834 # /etc/systemd/network/80-dhcp.network
2836 [Match]
2837 Name=en*
2838 [Network]
2840 DHCP=yes
2841 This will enable DHCPv4 and DHCPv6 on all interfaces with names
2843 starting with "en" (i.e. ethernet interfaces).
2844 Example 3. IPv6 Prefix Delegation
2846 # /etc/systemd/network/55-ipv6-pd-upstream.network
2848 [Match]
2849 Name=enp1s0
2850 [Network]
2852 DHCP=ipv6
2853 # /etc/systemd/network/56-ipv6-pd-downstream.network
2855 [Match]
2856 Name=enp2s0
2857 [Network]
2859 IPv6SendRA=yes
2860 DHCPv6PrefixDelegation=yes
2861 This will enable DHCPv6-PD on the interface enp1s0 as an upstream
2863 interface where the DHCPv6 client is running and enp2s0 as a downstream
2864 interface where the prefix is delegated to. The delegated prefixes are
2865 distributed by IPv6 Router Advertisement on the downstream network.
2866 Example 4. A bridge with two enslaved links
2868 # /etc/systemd/network/25-bridge-static.network
2870 [Match]
2871 Name=bridge0
2872 [Network]
2874 Address=192.168.0.15/24
2875 Gateway=192.168.0.1
2876 DNS=192.168.0.1
2877 # /etc/systemd/network/25-bridge-slave-interface-1.network
2879 [Match]
2880 Name=enp2s0
2881 [Network]
2883 Bridge=bridge0
2884 # /etc/systemd/network/25-bridge-slave-interface-2.network
2886 [Match]
2887 Name=wlp3s0
2888 [Network]
2890 Bridge=bridge0
2891 This creates a bridge and attaches devices "enp2s0" and "wlp3s0" to it.
2893 The bridge will have the specified static address and network assigned,
2894 and a default route via the specified gateway will be added. The
2895 specified DNS server will be added to the global list of DNS resolvers.
2896 Example 5.
2898 # /etc/systemd/network/20-bridge-slave-interface-vlan.network
2900 [Match]
2901 Name=enp2s0
2902 [Network]
2904 Bridge=bridge0
2905 [BridgeVLAN]
2907 VLAN=1-32
2908 PVID=42
2909 EgressUntagged=42
2910 [BridgeVLAN]
2912 VLAN=100-200
2913 [BridgeVLAN]
2915 EgressUntagged=300-400
2916 This overrides the configuration specified in the previous example for
2918 the interface "enp2s0", and enables VLAN on that bridge port. VLAN IDs
2919 1-32, 42, 100-400 will be allowed. Packets tagged with VLAN IDs 42,
2920 300-400 will be untagged when they leave on this interface. Untagged
2921 packets which arrive on this interface will be assigned VLAN ID 42.
2922 Example 6. Various tunnels
2924 /etc/systemd/network/25-tunnels.network
2926 [Match]
2927 Name=ens1
2928 [Network]
2930 Tunnel=ipip-tun
2931 Tunnel=sit-tun
2932 Tunnel=gre-tun
2933 Tunnel=vti-tun
2934 /etc/systemd/network/25-tunnel-ipip.netdev
2937 [NetDev]
2938 Name=ipip-tun
2939 Kind=ipip
2940 /etc/systemd/network/25-tunnel-sit.netdev
2943 [NetDev]
2944 Name=sit-tun
2945 Kind=sit
2946 /etc/systemd/network/25-tunnel-gre.netdev
2949 [NetDev]
2950 Name=gre-tun
2951 Kind=gre
2952 /etc/systemd/network/25-tunnel-vti.netdev
2955 [NetDev]
2956 Name=vti-tun
2957 Kind=vti
2958 This will bring interface "ens1" up and create an IPIP tunnel, a SIT
2961 tunnel, a GRE tunnel, and a VTI tunnel using it.
2962 Example 7. A bond device
2964 # /etc/systemd/network/30-bond1.network
2966 [Match]
2967 Name=bond1
2968 [Network]
2970 DHCP=ipv6
2971 # /etc/systemd/network/30-bond1.netdev
2973 [NetDev]
2974 Name=bond1
2975 Kind=bond
2976 # /etc/systemd/network/30-bond1-dev1.network
2978 [Match]
2979 MACAddress=52:54:00:e9:64:41
2980 [Network]
2982 Bond=bond1
2983 # /etc/systemd/network/30-bond1-dev2.network
2985 [Match]
2986 MACAddress=52:54:00:e9:64:42
2987 [Network]
2989 Bond=bond1
2990 This will create a bond device "bond1" and enslave the two devices with
2992 MAC addresses 52:54:00:e9:64:41 and 52:54:00:e9:64:42 to it. IPv6 DHCP
2993 will be used to acquire an address.
2994 Example 8. Virtual Routing and Forwarding (VRF)
2996 Add the "bond1" interface to the VRF master interface "vrf1". This will
2998 redirect routes generated on this interface to be within the routing
2999 table defined during VRF creation. For kernels before 4.8 traffic won't
3000 be redirected towards the VRFs routing table unless specific ip-rules
3001 are added.
3002 # /etc/systemd/network/25-vrf.network
3004 [Match]
3005 Name=bond1
3006 [Network]
3008 VRF=vrf1
3009 Example 9. MacVTap
3011 This brings up a network interface "macvtap-test" and attaches it to
3013 "enp0s25".
3014 # /usr/lib/systemd/network/25-macvtap.network
3016 [Match]
3017 Name=enp0s25
3018 [Network]
3020 MACVTAP=macvtap-test
3021 Example 10. A Xfrm interface with physical underlying device.
3023 # /etc/systemd/network/27-xfrm.netdev
3025 [NetDev]
3026 Name=xfrm0
3027 [Xfrm]
3029 InterfaceId=7
3030 # /etc/systemd/network/27-eth0.network
3032 [Match]
3033 Name=eth0
3034 [Network]
3036 Xfrm=xfrm0
3037 This creates a "xfrm0" interface and binds it to the "eth0" device.
3039 This allows hardware based ipsec offloading to the "eth0" nic. If
3040 offloading is not needed, xfrm interfaces can be assigned to the "lo"
3041 device.
3042
3044 systemd(1), systemd-networkd.service(8), systemd.link(5),
3045 systemd.netdev(5), systemd-resolved.service(8)
3046
3048 1. RFC 7217
3049 https://tools.ietf.org/html/rfc7217
3050 2. Link-Local Multicast Name Resolution
3052 https://tools.ietf.org/html/rfc4795
3053 3. Multicast DNS
3055 https://tools.ietf.org/html/rfc6762
3056 4. DNS-over-TLS
3058 https://tools.ietf.org/html/rfc7858
3059 5. DNSSEC
3061 https://tools.ietf.org/html/rfc4033
3062 6. IEEE 802.1AB-2016
3064 https://standards.ieee.org/findstds/standard/802.1AB-2016.html
3065 7. ip-sysctl.txt
3067 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
3068 8. RFC 4941
3070 https://tools.ietf.org/html/rfc4941
3071 9. RFC 1027
3073 https://tools.ietf.org/html/rfc1027
3074 10. RFC 6275
3076 https://tools.ietf.org/html/rfc6275
3077 11. RFC 5224
3079 https://tools.ietf.org/html/rfc5227
3080 12. RFC 4862
3082 https://tools.ietf.org/html/rfc4862
3083 13. RFC 3041
3085 https://tools.ietf.org/html/rfc3041
3086 14. RFC 3484
3088 https://tools.ietf.org/html/rfc3484
3089 15. RFC 4191
3091 https://tools.ietf.org/html/rfc4191
3092 16. RFC 7844
3094 https://tools.ietf.org/html/rfc7844
3095 17. RFC 8520
3097 https://tools.ietf.org/html/rfc8520
3098 18. C-style escapes
3100 https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences
3101 19. RFC 3315
3103 https://tools.ietf.org/html/rfc3315#section-17.2.1
3104 20. RFC 7084
3106 https://tools.ietf.org/html/rfc7084
3107 21. RFC 4291
3109 https://tools.ietf.org/html/rfc4291#section-2.5.4
3110 22. RFC 4861
3112 https://tools.ietf.org/html/rfc4861
3113systemd 248 SYSTEMD.NETWORK(5)