diff options
| -rw-r--r-- | content/devops/virtual_network_with_systemd.rst | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/content/devops/virtual_network_with_systemd.rst b/content/devops/virtual_network_with_systemd.rst new file mode 100644 index 0000000..3b8a11e --- /dev/null +++ b/content/devops/virtual_network_with_systemd.rst @@ -0,0 +1,85 @@ +Managing Virtual Network Devices with systemd-networkd +###################################################### + +:author: copyninja +:date: 2016-01-10 22:26 +:slug: systemd-networkd-networking +:tags: systemd-networkd, systemd, networking +:summary: Using systemd-networkd to manage virtual network devices in + Linux + + +I've been using bridge networking and tap networking for containers +and virtual machines on my system. Configuration for bridge network +which I use to connect containers was configured using +*/etc/network/interfaces* file as shown below. + +.. code-block:: interfaces + + auto natbr0 + iface natbr0 inet static + address 172.16.10.1 + netmask 255.255.255.0 + pre-up brctl addbr natbr0 + post-down brctl delbr natbr0 + post-down sysctl net.ipv4.ip_forward=0 + post-down sysctl net.ipv6.conf.all.forwarding=0 + post-up sysctl net.ipv4.ip_forward=1 + post-up sysctl net.ipv6.conf.all.forwarding=1 + post-up iptables -A POSTROUTING -t mangle -p udp --dport bootpc -s 172.16.0.0/16 -j CHECKSUM --checksum-fill + pre-down iptables -D POSTROUTING -t mangle -p udp --dport bootpc -s 172.16.0.0/16 -j CHECKSUM --checksum-fill + +Basically I setup masquerading and IP forwarding when network comes up +using this, so all my containers and virtual machines can access +internet. + +This can be simply done using systemd-networkd with couple of lines, +yes couple of lines. For this to work first you need to enable +systemd-networkd. + +.. code-block:: shell + + systemctl enable systemd-networkd.service + +Now I need to write 2 configuration file for the above bridge +interface under */etc/systemd/network*. One file is *natbr0.netdev* +which configures the bridge and the *natbr0.network* which configures +IP address and other stuff for the bridge interface. + +.. code-block:: ini + + #natbr0.netdev + [NetDev] + Description=Bridge interface for containers/vms + Name=natbr0 + Kind=bridge + +.. code-block:: ini + + #natbr0.network + [Match] + Name=natbr0 + + [Network] + Description=IP configuration for natbr0 + Address=172.16.10.1/16 + IPForward=yes + IPMasquerade=yes + +The *IPForward* in above configuration is actually redundant, when I +set *IPMasquerade* it automatically enables IPForward. So these +configuration is equivalent of what I did in my *interfaces* file. It +also avoids me doing additional *iptables* usage to add masquerading +rules. This pretty much simplifies handling of virtual network +devices. + +There are many other things which can you do with systemd-networkd, +like running a DHCPServer on the interface and many other things. I +suggest you to read manual pages on *systemd.network(5)* and +*systemd.netdev(5)*. + +systemd-networkd allows you configure all type of virtual networking +devices and actual network interfaces. I've not myself used it to +handle actual network interfaces yet. + + |