Copy and Paste English version
New page
{{Lowercase title}}
[[Category:Network configuration]]
[[Category:Virtualization]]
[[en:systemd-networkd]]
[[fr:systemd-networkd]]
[[ja:systemd-networkd]]
{{Related articles start}}
{{Related|systemd}}
{{Related|systemd-nspawn}}
{{Related|Network bridge}}
{{Related|Network configuration}}
{{Related|Wireless network configuration}}
{{Related|:Category:Network managers}}
{{Related articles end}}
''systemd-networkd'' is a system daemon that manages network configurations. It detects and configures network devices as they appear; it can also create virtual network devices. This service can be especially useful to set up complex network configurations for a container managed by [[systemd-nspawn]] or for virtual machines. It also works fine on simple connections.
== Основы использования ==
The {{Pkg|systemd}} package is part of the default Arch installation and contains all needed files to operate a wired network. Wireless adapters can be setup by other services, such as [[wpa_supplicant]], which are covered later in this article.
=== Обязательные сервисы и установки ===
To use ''systemd-networkd'', [[start]] the following two services and [[enable]] them to run on system boot:
* {{ic|systemd-networkd.service}}
* {{ic|systemd-resolved.service}}
For compatibility with [[resolv.conf]], delete or rename the existing file and create the following symbolic link:
# ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Additionally, in order to use the local DNS stub resolver of ''systemd-resolved'' (and thus use LLMNR and DNS merging per interface), replace {{ic|dns}} with {{ic|resolve}} in {{ic|/etc/nsswitch.conf}}:
hosts: files '''resolve''' myhostname
See {{ic|man systemd-resolved}} and {{ic|man resolved.conf}} and [https://github.com/systemd/systemd/blob/master/README#L205 Systemd README].
{{Note|Systemd's {{ic|resolve}} may not search the local domain when given just the hostname, even when {{ic|1=UseDomains=yes}} or {{ic|1=Domains=[domain-list]}} is present in the appropriate {{ic|.network}} file, and that file produces the expected {{ic|search [domain-list]}} in {{ic|resolv.conf}}. If you run into this problem:
* Switch to using fully-qualified domain names
* Use {{ic|/etc/hosts}} to resolve hostnames
* Fall back to using glibc's {{ic|dns}} instead of using systemd's {{ic|resolve}}}}
=== Configuration examples ===
All configurations in this section are stored as {{ic|foo.network}} in {{ic|/etc/systemd/network}}. For a full listing of options and processing order, see [[#Configuration files]] and the {{ic|systemd.network}} man page.
Systemd/udev automatically assigns predictable, stable network interface names for all local Ethernet, WLAN, and WWAN interfaces. Use {{ic|networkctl list}} to list the devices on the system.
After making changes to a configuration file, reload the networkd daemon.
# systemctl restart systemd-networkd
{{Note (Русский)|In the examples below, '''enp1s0''' is the wired adapter and '''wlp2s0''' is the wireless adapter. These names can be different on different systems.}}
==== Wired adapter using DHCP ====
{{hc|/etc/systemd/network/''wired''.network|<nowiki>
[Match]
Name=enp1s0
[Network]
DHCP=ipv4</nowiki>
}}
==== Wired adapter using a static IP ====
{{hc|/etc/systemd/network/''wired''.network|<nowiki>
[Match]
Name=enp1s0
[Network]
Address=10.1.10.9/24
Gateway=10.1.10.1</nowiki>
}}
See the {{ic|systemd.network(5)}} man page for more network options such as specifying DNS servers and a broadcast address.
==== Wireless adapter ====
In order to connect to a wireless network with ''systemd-networkd'', a wireless adapter configured with another service such as [[wpa_supplicant]] is required. In this example, the corresponding systemd service file that needs to be enabled is {{ic|wpa_supplicant@wlp2s0.service}}.
{{hc|/etc/systemd/network/''wireless''.network|<nowiki>
[Match]
Name=wlp2s0
[Network]
DHCP=ipv4
</nowiki>}}
If the wireless adapter has a static IP address, the configuration is the same (except for the interface name) as in a [[#Wired adapter using a static IP|wired adapter]].
==== Wired and wireless adapters on the same machine ====
This setup will enable a DHCP IP for both a wired and wireless connection making use of the metric directive to allow the kernel the decide on-the-fly which one to use. This way, no connection downtime is observed when the wired connection is unplugged.
The kernel's route metric (same as configured with ''ip'') decides which route to use for outgoing packets, in cases when several match. This will be the case when both wireless and wired devices on the system have active connections. To break the tie, the kernel uses the metric. If one of the connections is terminated, the other automatically wins without there being a gap with nothing configured (ongoing transfers may still not deal with this nicely but that is at a different OSI layer).
{{Note (Русский)|The '''Metric''' option is for static routes while the '''RouteMetric''' option is for setups not using static routes.}}
{{hc|/etc/systemd/network/''wired''.network|<nowiki>
[Match]
Name=enp1s0
[Network]
DHCP=ipv4
[DHCP]
RouteMetric=10
</nowiki>}}
{{hc|/etc/systemd/network/''wireless''.network|<nowiki>
[Match]
Name=wlp2s0
[Network]
DHCP=ipv4
[DHCP]
RouteMetric=20
</nowiki>}}
== Configuration files ==
Configuration files are located in {{ic|/usr/lib/systemd/network}}, the volatile runtime network directory {{ic|/run/systemd/network}} and, the local administration network directory {{ic|/etc/systemd/network}}. Files in {{ic|/etc/systemd/network}} have the highest priority.
There are three types of configuration files.
* '''.network''' files. They will apply a network configuration for a ''matching'' device
* '''.netdev''' files. They will create a ''virtual network device'' for a ''matching'' environment
* '''.link''' files. When a network device appears, [[udev]] will look for the first ''matching'' '''.link''' file
They all follow the same rules:
* If '''all''' conditions in the {{ic|[Match]}} section are matched, the profile will be activated
* an empty {{ic|[Match]}} section means the profile will apply in any case (can be compared to the {{ic|*}} joker)
* each entry is a key with the {{ic|1=NAME=VALUE}} syntax
* all configuration files are collectively sorted and processed in lexical order, regardless of the directory in which they live
* files with identical name replace each other
{{Tip|
* to override a system-supplied file in {{ic|/usr/lib/systemd/network}} in a permanent manner (i.e even after upgrade), place a file with same name in {{ic|/etc/systemd/network}} and symlink it to {{ic|/dev/null}}
* the {{ic|*}} joker can be used in {{ic|VALUE}} (e.g {{ic|en*}} will match any Ethernet device)
* following this [https://mailman.archlinux.org/pipermail/arch-general/2014-March/035381.html Arch-general thread], the best practice is to setup specific container network settings ''inside the container'' with '''networkd''' configuration files.
}}
=== network files ===
These files are aimed at setting network configuration variables, especially for servers and containers.
Below is a basic structure of a {{ic|''MyProfile''.network}} file:
{{hc|/etc/systemd/network/''MyProfile''.network|
[Match]
''a vertical list of keys''
[Network]
''a vertical list of keys''
[Address]
''a vertical list of keys''
[Route]
''a vertical list of keys''
}}
==== [Match] section ====
Most common keys are:
* {{ic|1=Name=}} the device name (e.g Br0, enp4s0)
* {{ic|1=Host=}} the machine hostname
* {{ic|1=Virtualization=}} check whether the system is executed in a virtualized environment or not. A {{ic|1=Virtualization=no}} key will only apply on your host machine, while {{ic|1=Virtualization=yes}} apply to any container or VM.
==== [Network] section ====
Most common keys are:
* {{ic|1=DHCP=}} enables [[Wikipedia:Dynamic Host Configuration Protocol|DHCPv4]] and/or DHCPv6 support. Accepts {{ic|yes}}, {{ic|no}}, {{ic|ipv4}} or {{ic|ipv6}}
* {{ic|1=DNS=}} is a [[Wikipedia:Domain Name System|DNS]] server address. You can specify this option more than once
* {{ic|1=Bridge=}} is the name of the bridge to add the link to
* {{ic|1=IPForward=}} enables IP forwarding, performing the forwarding according to the routing table, and is required for setting up [[Internet sharing]]. Accepts {{ic|yes}}, {{ic|no}}, {{ic|ipv4}}, {{ic|ipv6}} or {{ic|kernel}}.
==== [Address] section ====
Most common key in the {{ic|[Address]}} section is:
* {{ic|1=Address=}} is a static '''IPv4''' or '''IPv6''' address and its prefix length, separated by a {{ic|/}} character (e.g {{ic|192.168.1.90/24}}). This option is '''mandatory''' unless DHCP is used.
==== [Route] section ====
Most common key in the {{ic|[Route]}} section is:
* {{ic|1=Gateway=}} is the address of your machine gateway. This option is '''mandatory''' unless DHCP is used.
For an exhaustive key list, please refer to {{ic|systemd.network(5)}}
{{Tip|you can put the {{ic|1=Address=}} and {{ic|1=Gateway=}} keys in the {{ic|[Network]}} section as a short-hand if {{ic|1=Address=}} contains only an Address key and {{ic|1=Gateway=}} section contains only a Gateway key
}}
=== netdev files ===
These files will create virtual network devices.
Below is a basic structure of a ''Mydevice''.netdev file:
{{hc|/etc/systemd/network/''MyDevice''.netdev|
[Match]
''a vertical list of keys''
[Netdev]
''a vertical list of keys''
}}
==== [Match] section ====
Most common keys are {{ic|1=Host=}} and {{ic|1=Virtualization=}}
==== [Netdev] section ====
Most common keys are:
* {{ic|1=Name=}} is the interface name used when creating the netdev. This option is '''compulsory'''
* {{ic|1=Kind=}} is the netdev kind. For example, ''bridge'', ''bond'', ''vlan'', ''veth'', ''sit'', etc. are supported. This option is '''compulsory'''
For an exhaustive key list, please refer to {{ic|systemd.netdev(5)}}
=== link files ===
These files are an alternative to custom udev rules and will be applied by [[udev]] as the device appears.
Below is a basic structure of a ''Mydevice''.link file:
{{hc|/etc/systemd/network/''MyDevice''.link|
[Match]
''a vertical list of keys''
[Link]
''a vertical list of keys''
}}
The {{ic|[Match]}} section will determine if a given link file may be applied to a given device, when the {{ic|[Link]}} section specifies the device configuration.
==== [Match] section ====
Most common keys are {{ic|1=MACAddress=}}, {{ic|1=Host=}} and {{ic|1=Virtualization=}}.
{{ic|1=Type=}} is the device type (e.g. vlan)
==== [Link] section ====
Most common keys are:
{{ic|1=MACAddressPolicy=}} is either ''persistent'' when the hardware has a persistent MAC address (as most hardware should) or ''random'' , which allows to give a random MAC address when the device appears.
{{ic|1=MACAddress=}} shall be used when no {{ic|1=MACAddressPolicy=}} is specified.
{{Note (Русский)|the system {{ic|/usr/lib/systemd/network/99-default.link}} is generally sufficient for most of the basic cases.}}
== Usage with containers ==
The service is available with {{Pkg|systemd}} >= 210. You will want to [[systemd#Basic systemctl usage|enable and start]] the {{ic|systemd-networkd.service}} on the host and container.
For debugging purposes, it is strongly advised to [[pacman|install]] the {{Pkg|bridge-utils}}, {{Pkg|net-tools}} and {{Pkg|iproute2}} packages.
If you are using ''systemd-nspawn'', you may need to modify the {{ic|systemd-nspawn@.service}} and append boot options to the {{ic|ExecStart}} line. Please refer to {{ic|man 1 systemd-nspawn}} for an exhaustive list of options.
Note that if you want to take advantage of automatic DNS configuration from DHCP, you need to enable {{ic|systemd-resolved}} and symlink {{ic|/run/systemd/resolve/resolv.conf}} to {{ic|/etc/resolv.conf}}. See {{ic|systemd-resolved.service(8)}} for more details.
{{Style|Too many points for a tip, some of them are very similar so they could be merged.}}
{{Tip|Before you start to configure your container network, it is useful to:
* disable all your [[netctl]] services. This will avoid any potential conflicts with '''systemd-networkd''' and make all your configurations easier to test. Furthermore, odds are high you will end with few or even no [[netctl]] activated profiles. The {{ic|netctl list}} command will output a list of all your profiles, with the activated one being starred.
* disable the {{ic|systemd-nspawn@.service}} and use the {{ic|systemd-nspawn -bnD /path_to/your_container/}} command as root to boot the container. To log off and shutdown inside the container {{ic|systemctl poweroff}} is used as root. Once the network setting meets your requirements, [[systemd#Basic systemctl usage|enable and start]] {{ic|systemd-nspawn@.service}}
* disable the {{ic|dhcpcd.service}} if enabled on your system, since it activates ''dhcpcd'' on '''all''' interfaces
* make sure you have no [[netctl]] profiles activated in the container, and ensure that {{ic|systemd-networkd.service}} is neither enabled nor started
* make sure you do not have any [[iptables]] rules which can block traffic
* make sure ''packet forwarding'' is [[Internet sharing#Enable packet forwarding|enabled]] if you want to let containers access the internet
* when the daemon is started the systemd {{ic|networkctl}} command displays the status of network interfaces.
}}
{{Note (Русский)|For the set-up described below,
* we will limit the output of the {{ic|ip a}} command to the concerned interfaces
* we assume the ''host'' is your main OS you are booting to and the ''container'' is your guest virtual machine
* all interface names and IP addresses are only examples
}}
=== Basic DHCP network ===
This setup will enable a DHCP IP for host and container. In this case, both systems will share the same IP as they share the same interfaces.
{{hc|/etc/systemd/network/''MyDhcp''.network|<nowiki>
[Match]
Name=en*
[Network]
DHCP=ipv4
</nowiki>}}
Then, [[enable]] and start {{ic|systemd-networkd.service}} on your container.
You can of course replace {{ic|en*}} by the full name of your ethernet device given by the output of the {{ic|ip link}} command.
* on host and container:
{{hc|$ ip a|
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.72/24 brd 192.168.1.255 scope global enp7s0
valid_lft forever preferred_lft forever
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
valid_lft forever preferred_lft forever
}}
By default hostname received from the DHCP server will be used as the transient hostname.
To change it add {{ic|1=UseHostname=false}} in section {{ic|[DHCPv4]}}
{{hc|/etc/systemd/network/''MyDhcp''.network|<nowiki>
[DHCPv4]
UseHostname=false
</nowiki>}}
If you did not want configure a DNS in {{ic|/etc/resolv.conf}} and want to rely on DHCP for setting it up, you need to [[enable]] {{ic|systemd-resolved.service}} and symlink {{ic|/run/systemd/resolve/resolv.conf}} to {{ic|/etc/resolv.conf}}
# ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
See {{ic|systemd-resolved.service(8)}} for more details.
=== DHCP with two distinct IP ===
==== Bridge interface ====
Create a virtual bridge interface
{{hc|/etc/systemd/network/''MyBridge''.netdev|<nowiki>
[NetDev]
Name=br0
Kind=bridge
</nowiki>}}
On host and container:
{{hc|$ ip a|
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
link/ether ae:bd:35:ea:0c:c9 brd ff:ff:ff:ff:ff:ff
}}
Note that the interface br0 is listed but is DOWN.
==== Bind ethernet to bridge ====
Modify the {{ic|/etc/systemd/network/''MyDhcp''.network}} to remove the DHCP, as the bridge requires an interface to bind to with no IP, and add a key to bind this device to br0. Let us change its name to a more relevant one.
{{hc|/etc/systemd/network/''MyEth''.network|<nowiki>
[Match]
Name=en*
[Network]
Bridge=br0
</nowiki>}}
==== Bridge network ====
Create a network profile for the Bridge
{{hc|/etc/systemd/network/''MyBridge''.network|<nowiki>
[Match]
Name=br0
[Network]
DHCP=ipv4
</nowiki>}}
==== Add option to boot the container ====
As we want to give a separate IP for host and container, we need to ''Disconnect'' networking of the container from the host. To do this, add this option {{ic|1=--network-bridge=br0}} to your container boot command.
# systemd-nspawn --network-bridge=br0 -bD /path_to/my_container
==== Result ====
* on host
{{hc|$ ip a|
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
valid_lft forever preferred_lft forever
6: vb-''MyContainer'': <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether d2:7c:97:97:37:25 brd ff:ff:ff:ff:ff:ff
inet6 fe80::d07c:97ff:fe97:3725/64 scope link
valid_lft forever preferred_lft forever
}}
* on container
{{hc|$ ip a|
2: host0: <BROADCAST,MULTICAST,ALLMULTI,AUTOMEDIA,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 5e:96:85:83:a8:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.73/24 brd 192.168.1.255 scope global host0
valid_lft forever preferred_lft forever
inet6 fe80::5c96:85ff:fe83:a85d/64 scope link
valid_lft forever preferred_lft forever
}}
==== Notice ====
* we have now one IP address for Br0 on the host, and one for host0 in the container
* two new interfaces have appeared: {{ic|vb-''MyContainer''}} in the host and {{ic|host0}} in the container. This comes as a result of the {{ic|1=--network-bridge=br0}} option. This option ''implies'' another option, {{ic|--network-veth}}. This means a ''virtual Ethernet link'' has been created between host and container.
* the DHCP address on {{ic|host0}} comes from the system {{ic|/usr/lib/systemd/network/80-container-host0.network}} file.
* on host
{{hc|$ brctl show|
bridge name bridge id STP enabled interfaces
br0 8000.14dae9b57a88 no enp7s0
vb-''MyContainer''
}}
the above command output confirms we have a bridge with two interfaces binded to.
* on host
{{hc|$ ip route|
default via 192.168.1.254 dev br0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.87
}}
* on container
{{hc|$ ip route|
default via 192.168.1.254 dev host0
192.168.1.0/24 dev host0 proto kernel scope link src 192.168.1.73
}}
the above command outputs confirm we have activated {{ic|br0}} and {{ic|host0}} interfaces with an IP address and Gateway 192.168.1.254. The gateway address has been automatically grabbed by ''systemd-networkd''
{{hc|$ cat /run/systemd/resolve/resolv.conf|
nameserver 192.168.1.254
}}
=== Static IP network ===
Setting a static IP for each device can be helpful in case of deployed web services (e.g FTP, http, SSH). Each device will keep the same MAC address across reboots if your system {{ic|/usr/lib/systemd/network/99-default.link}} file has the {{ic|1=MACAddressPolicy=persistent}} option (it has by default). Thus, you will easily route any service on your Gateway to the desired device.
First, we shall get rid of the system {{ic|/usr/lib/systemd/network/80-container-host0.network}} file. To do it in a permanent way (e.g even after upgrades), do the following on container. This will mask the file {{ic|/usr/lib/systemd/network/80-container-host0.network}} since files of the same name in {{ic|/etc/systemd/network}} take priority over {{ic|/usr/lib/systemd/network}}.
# ln -sf /dev/null /etc/systemd/network/80-container-host0.network
Then, [[systemd#Basic systemctl usage|enable and start]] {{ic|systemd-networkd}} on your container.
The needed configuration files:
* on host
{{Accuracy|In the listing of configuration files, /etc/systemd/network/MyBridge.netdev has the .netdev extension. But, the MyBridge.network example file has the .network extension.}}
/etc/systemd/network/''MyBridge''.netdev
/etc/systemd/network/''MyEth''.network
A modified ''MyBridge''.network
{{hc|/etc/systemd/network/''MyBridge''.network|<nowiki>
[Match]
Name=br0
[Network]
DNS=192.168.1.254
Address=192.168.1.87/24
Gateway=192.168.1.254
</nowiki>}}
* on container
{{hc|/etc/systemd/network/''MyVeth''.network|<nowiki>
[Match]
Name=host0
[Network]
DNS=192.168.1.254
Address=192.168.1.94/24
Gateway=192.168.1.254
</nowiki>}}
== See also ==
* [http://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html systemd.networkd man page]
* [https://plus.google.com/u/0/+TomGundersen/posts Tom Gundersen, main systemd-networkd developer, G+ home page]
* [https://coreos.com/blog/intro-to-systemd-networkd/ Tom Gundersen posts on Core OS blog]
* [https://bbs.archlinux.org/viewtopic.php?pid=1393759#p1393759 How to set up systemd-networkd with wpa_supplicant] (WonderWoofy's walkthrough on Arch forums)