-
Notifications
You must be signed in to change notification settings - Fork 10
Create Virtual Network Devices with network config manager
The network-config-manager nmctl allows to configure and introspect the state of the network links as seen by systemd-networkd. nmctl can be used to query and configure devices's for Address, Routes, Gateways, DNS, NTP, domain, hostname. nmctl allows to create virtual NetDevs (VLAN, VXLAN, Bridge, Bond ...etc) . It also allows to configure link's various configuration such as WakeOnLanPassword, Port, BitsPerSecond, Duplex and Advertise etc. It uses sd-bus, libudev APIs to interact with systemd, systemd-networkd, systemd-resolved, systemd-hostnamed, and systemd-timesyncd via dbus. nmctl uses systemd-networkd verbs to explain output. nmctl can generate configuration which persists between reboots.
❯ nmctl
System Name: Zeus
Kernel: Linux (5.15.0-0.rc6.47.fc36.x86_64)
systemd version: 252.2-591.fc38
Architecture: x86-64
Virtualization: vmware
Operating System: Fedora Linux 38 (Workstation Edition Prerelease)
Machine ID: d4f740d7e70d423cb46c8b1def547701
System State: routable
Online State: partial
Addresses: fe80::20c:29ff:fe5f:d139/64 on device ens33
172.16.130.145/24 on device ens33
172.16.130.144/24 on device ens37
127.0.0.1/8 on device lo
::1/128 on device lo
fe80::20c:29ff:fe5f:d143/64 on device ens37
Gateway: 172.16.130.2 on device ens37
172.16.130.2 on device ens33
DNS: 172.16.130.2
Search Domains: test4
The first step is to the VLAN ID – a unique number – as network device (netdev).
❯ sudo cat /etc/systemd/network/10-vlan-95.netdev
[NetDev]
Name=vlan-95
Kind=vlan
[VLAN]
Id=19
The second step is making the underlying ethernet device a member of VLAN(s) in a 'network' file. This will create virtual interfaces for each VLAN on all matched devices.
❯ sudo cat /etc/systemd/network/10-dummy95.network
[Match]
Name=dummy95
[Network]
VLAN=vlan-95
Final configuration step three is the configuration of the (virtual) interface for the VLAN in another 'network' file matching the VLAN. This will bring the VLan up
❯ sudo cat /etc/systemd/network/10-vlan-95.network
[Match]
Name=vlan-95
Apply the configuration and inspect
Now that the configuration is done, restart the 'systemd-networkd' service to apply it and inspect the result.
❯ systemctl restart systemd-networkd
❯ ip -d link show vlan-95
3612: vlan-95@dummy95: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 8e:67:1a:71:01:c2 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
vlan protocol 802.1Q id 19 <REORDER_HDR> addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
How about creating VLAN via nmctl which can be done in just one command. It creates .netdev .network and assigns to underlying device. It sets all these file permission to systemd-network automatically.
❯ nmctl create-vlan [VLAN name] dev [MASTER DEVICE] id [ID INTEGER] proto [PROTOCOL {802.1q|802.1ad}] Creates vlan netdev and network file
❯ sudo nmctl create-vlan vlan-95 dev dummy95 id 19
Verify VLAN is created or not via ip.
❯ ip -d link show vlan-95
3614: vlan-95@dummy95: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 8e:67:1a:71:01:c2 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
vlan protocol 802.1Q id 19 <REORDER_HDR> addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
We successfully created VLAN with just one command. nmctl output
❯ nmctl status vlan-95
Flags: UP BROADCAST RUNNING NOARP LOWERUP
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/10-vlan-95.network
Type: vlan
State: degraded (configured)
Address State: degraded
IPv4 Address State: off
IPv6 Address State: degraded
Online State: online
Required for Online: yes
Activation Policy: up
Driver: 802.1Q VLAN Support
HW Address: 8e:67:1a:71:01:c2
MTU: 1500 (min: 0 max: 65535)
QDISC: noqueue
Queues (Tx/Rx): 1/1
Tx Queue Length: 1000
IPv6 Address Generation Mode: eui64
GSO Max Size: 65536 GSO Max Segments: 65535
Address: fe80::8c67:1aff:fe71:1c2/64
DHCP6 Client DUID: DUID-EN/Vendor:0000ab11f92ac27729f95c000000
Similarly let's create a VXLAN.
❯ sudo nmctl create-vxlan vxlan-98 vni 32 local 192.168.1.2 remote 192.168.1.3 port 7777 independent yes
Verify if it's created .
❯ ip -d link show vxlan-98
3591: vxlan-98: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 06:f3:92:36:d4:03 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535
vxlan id 32 remote 192.168.1.3 local 192.168.1.2 srcport 0 0 dstport 7777 ttl auto ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
Creating virtual routing and forwarding (VRF)
❯ sudo nmctl create-vrf test-vrf table 555
❯ ip -d link show test-vrf
4: test-vrf: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 86:ad:9b:50:83:1f brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 1280 maxmtu 65575
vrf table 555 addrgenmode none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
See tests for more examples. Removing a virtual netdev.
❯ sudo nmctl remove-netdev vlan-95
❯ ip -d link show vlan-95
Device "vlan-95" does not exist.
nmctl not only removes the .netdev and .network files but also removes the virtual netdev too. GitHub repo network-config-manager. Thanks !