Systemd/networkd: Difference between revisions
m
no edit summary
imported>Mweinelt (Add bridge example) |
mNo edit summary |
||
| (23 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
{{Systemd/breadcrumb}} | |||
{{DISPLAYTITLE:systemd-networkd}} | {{DISPLAYTITLE:systemd-networkd}} | ||
[https://www.freedesktop.org/software/systemd/man/systemd-networkd.html systemd-networkd] is the network | [https://www.freedesktop.org/software/systemd/man/systemd-networkd.html systemd-networkd] is the network configuration component of the [[systemd]][[Category:systemd]] software suite. It is well integrated into NixOS below {{Nixos:option|systemd.network}} and should be preferred over {{Nixos:option|networking.interfaces}} options for most use cases, since it receives far superior maintenance. | ||
Configuration for networkd is split into three sections. | Configuration for networkd is split into three sections. | ||
| Line 70: | Line 71: | ||
</nowiki>}} | </nowiki>}} | ||
Note that we usually prefix the configuration file with a number. This can be important, because networkd collects all available configuration files, then sorts them | Note that we usually prefix the configuration file with a number. This can be important, because networkd collects all available configuration files, then sorts them alphanumerically, and uses the first match for each interface as its configuration. This happens separately for <code>.link</code>, <code>.netdev</code> and <code>.network</code> files, so that you can have one configuration of each type per interface. | ||
=== Debugging === | |||
When things don't work as expected, the journal for <code>systemd-networkd.service</code> should be consulted. Unfortunately, by default the log is not very useful in its default loglevel. Increasing the loglevel can be done using the <code>SYSTEMD_LOG_LEVEL</code> environment variable. | |||
<syntaxhighlight lang="nix"> | |||
systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; | |||
</syntaxhighlight> | |||
=== Limitations === | === Limitations === | ||
| Line 109: | Line 118: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
systemd.network."50-enp3s0" = { | systemd.network.networks."50-enp3s0" = { | ||
matchConfig.Name = "enp3s0"; | matchConfig.Name = "enp3s0"; | ||
# acquire a DHCP lease on link up | # acquire a DHCP lease on link up | ||
| Line 125: | Line 134: | ||
entirely, because a working <code>network-online.target</code> is required for some | entirely, because a working <code>network-online.target</code> is required for some | ||
services to properly start without race conditions. | services to properly start without race conditions. | ||
Also consider enabling the <code>systemd.network.wait-online.anyInterface</code> option, | |||
which makes networkd consider the network online when any interface is online, | |||
as opposed to all that have a positive value for <code>linkConfig.RequiredForOnline</code>. | |||
This is useful on portable machines with a wired and a wireless interface, for example. | |||
Recommended documentation: | Recommended documentation: | ||
| Line 164: | Line 178: | ||
matchConfig.Name = "enp1s0"; | matchConfig.Name = "enp1s0"; | ||
address = [ | address = [ | ||
# configure addresses including subnet mask | |||
"192.0.2.100/24" | |||
"2001:DB8::2/64" | |||
]; | ]; | ||
routes = [ | routes = [ | ||
| Line 173: | Line 187: | ||
{ routeConfig.Gateway = "192.0.2.1"; } | { routeConfig.Gateway = "192.0.2.1"; } | ||
# or when the gateway is not on the same network | # or when the gateway is not on the same network | ||
{ routeConfig = { | { | ||
routeConfig = { | |||
Gateway = "172.31.1.1"; | |||
GatewayOnLink = true; | |||
}; | |||
} | |||
]; | ]; | ||
# make the routes on this interface a dependency for network-online.target | # make the routes on this interface a dependency for network-online.target | ||
| Line 187: | Line 203: | ||
VLANs can be configured on top of hardlinks as well as virtual links, like bonding interfaces. They provide separate logical networks over physical links. | VLANs can be configured on top of hardlinks as well as virtual links, like bonding interfaces. They provide separate logical networks over physical links. | ||
In this example we tag two VLANs with Ids 10 and 20 on a physical link <code>enp1s0</code>. The VLAN interfaces become available <code>vlan10</code> and <code>vlan20</code> and can receive additional configuration. | In this example we tag two VLANs with Ids 10 and 20 on a physical link <code>enp1s0</code>. The VLAN interfaces become available as <code>vlan10</code> and <code>vlan20</code> and can receive additional configuration. | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 213: | Line 229: | ||
# tag vlan on this link | # tag vlan on this link | ||
vlan = [ | vlan = [ | ||
vlan10 | "vlan10" | ||
vlan20 | "vlan20" | ||
]; | ]; | ||
networkConfig.LinkLocalAddressing = "no"; | |||
linkConfig.RequiredForOnline = "carrier"; | |||
}; | }; | ||
"40-vlan10" = { | "40-vlan10" = { | ||
| Line 231: | Line 249: | ||
=== Bridge === | === Bridge === | ||
Given multiple interfaces, that are connected into a bridge will act like a common switch and forward Ethernet frames between all connected bridge ports. The Linux bridge supports various features, like spanning tree, bridge port isolation or acting | Given multiple interfaces, that are connected into a bridge will act like a common switch and forward Ethernet frames between all connected bridge ports. The Linux bridge supports various features, like spanning tree, bridge port isolation or acting as a multicast router. | ||
The configuration on top of the bridge interface depends on the desired functionality, e.g., configuring an IP address would make the bridge host reachable on the Ethernet segment. | The configuration on top of the bridge interface depends on the desired functionality, e.g., configuring an IP address would make the bridge host reachable on the Ethernet segment. | ||
| Line 250: | Line 268: | ||
}; | }; | ||
networks = { | networks = { | ||
# Connect the bridge ports | # Connect the bridge ports to the bridge | ||
"30-enp1s0" = { | "30-enp1s0" = { | ||
matchConfig.Name = "enp1s0"; | matchConfig.Name = "enp1s0"; | ||
| Line 261: | Line 279: | ||
linkConfig.RequiredForOnline = "enslaved"; | linkConfig.RequiredForOnline = "enslaved"; | ||
}; | }; | ||
# Configure the bridge for its desired function | |||
"40-br0" = { | "40-br0" = { | ||
matchConfig.Name ="br0"; | matchConfig.Name = "br0"; | ||
bridgeConfig = {}; | bridgeConfig = {}; | ||
# Disable address autoconfig when no IP configuration is required | |||
#networkConfig.LinkLocalAddressing = "no"; | |||
linkConfig = { | linkConfig = { | ||
# or "routable" with IP addresses configured | # or "routable" with IP addresses configured | ||
RequiredForOnline = "carrier"; | RequiredForOnline = "carrier"; | ||
}; | |||
}; | }; | ||
}; | }; | ||
| Line 274: | Line 296: | ||
=== Bonding === | === Bonding === | ||
Given two hardlinks <code>enp2s0</code> and <code>enp3s0</code> create a virtual <code>bond0</code> interface using Dynamic LACP (802.3ad), hashing outgoing packets using a packet's | Given two hardlinks <code>enp2s0</code> and <code>enp3s0</code> create a virtual <code>bond0</code> interface using Dynamic LACP (802.3ad), hashing outgoing packets using a packet's layer 3/4 (network/transport layer in the OSI model) information. | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 309: | Line 331: | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Router Advertisement === | |||
Router advertisements are way to allow clients to achieve stateless autoconfiguration (SLAAC). The most prominent setup is where the router announces a prefix onto a LAN segment, which the receiving client can use to set up an address on that prefix, and configure the sender as its default gateway. | |||
In this example the router will announce a static IPv6 prefix on the <code>lan</code> interface from it's automatically configured link local address on that link. The router does not generally require a unique local or globally reachable address on the link, unless you also want to host services like DNS and NTP on that LAN segment. | |||
Recommended documentation: | |||
* [https://www.freedesktop.org/software/systemd/man/systemd.network.html#%5BIPv6SendRA%5D%20Section%20Options <nowiki>[IPv6SendRa]</nowiki> configuration reference] | |||
<syntaxhighlight lang="nix"> | |||
systemd.network = { | |||
networks = { | |||
"30-lan" = { | |||
matchConfig.Name = "lan"; | |||
address = [ "2001:db8:1122:3344::1/64" ]; | |||
networkConfig = { | |||
IPv6SendRA = true; | |||
}; | |||
ipv6Prefixes = [ | |||
{ | |||
# Announce a static prefix | |||
ipv6PrefixConfig.Prefix = "2001:db8:1122:3344::/64"; | |||
} | |||
]; | |||
ipv6SendRAConfig = { | |||
# Provide a DNS resolver | |||
EmitDNS = true; | |||
DNS = "2001:db8:1122:3344::1"; | |||
}; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
An extended form of this setup uses DHCPv6 prefix delegation to acquire a dynamic prefix over a WAN link, which then gets distributed onto designated LAN segments. | |||
=== WireGuard === | === WireGuard === | ||
| Line 322: | Line 380: | ||
* [https://gist.github.com/mweinelt/b78f7046145dbaeab4e42bf55663ef44 NixOS 22.11 VDSL Router (VLANs on top of Bonding, IPv6 Prefix-Delegation, pppd Integration)] by [https://github.com/mweinelt mweinelt] | * [https://gist.github.com/mweinelt/b78f7046145dbaeab4e42bf55663ef44 NixOS 22.11 VDSL Router (VLANs on top of Bonding, IPv6 Prefix-Delegation, pppd Integration)] by [https://github.com/mweinelt mweinelt] | ||
[[Category:systemd]] | |||
[[Category:Networking]] | |||