dotlinux guide

Linux Networking with Systemd: How to Get Started

In the modern Linux ecosystem, systemd has emerged as the de facto init system and service manager, replacing traditional tools like SysVinit and Upstart. Among its many components, systemd includes a powerful suite for network management: systemd-networkd (network configuration), systemd-resolved (DNS resolution), and networkd-dispatcher (network state monitoring). These tools offer integrated, declarative, and efficient control over network interfaces, making them essential for both server and desktop environments. This blog will guide you through the fundamentals of Linux networking with systemd, from core concepts to practical configuration. Whether you’re setting up a simple static IP, configuring VLANs, or troubleshooting DNS issues, we’ll cover the tools, workflows, and best practices to help you master systemd-based networking.

Table of Contents

  1. Fundamental Concepts: Systemd Networking Components
  2. Installation and Setup
  3. Basic Network Configuration
  4. Advanced Configuration
  5. Troubleshooting Systemd Networking
  6. Common Practices
  7. Best Practices
  8. Conclusion
  9. References

Fundamental Concepts: Systemd Networking Components

systemd-networkd: The Network Manager

systemd-networkd is a system service that manages network interfaces and configuration. It replaces legacy tools like ifconfig and iproute2 for persistent configuration, offering a unified, declarative syntax via configuration files. It excels in server environments, minimal setups, and embedded systems due to its low resource usage and integration with systemd.

systemd-resolved: DNS Resolution

systemd-resolved handles DNS queries, DNSSEC validation, and DNS caching. It replaces traditional resolvers like dnsmasq or resolvconf, integrating with systemd-networkd to automatically configure DNS servers from network interfaces (e.g., DHCP-leased DNS servers). It also manages /etc/resolv.conf (or a symlink to its own stub resolver).

networkd-dispatcher: Network State Events

networkd-dispatcher monitors network interface state changes (e.g., “up”, “down”, “routable”) and triggers custom scripts. This is useful for running actions like updating firewall rules or restarting services when the network changes.

Installation and Setup

Most modern Linux distributions (e.g., Ubuntu 20.04+, Fedora, Debian 10+, Arch Linux) include systemd by default, so systemd-networkd and systemd-resolved are pre-installed. To confirm:

# Check if systemd-networkd is installed
systemctl list-unit-files | grep systemd-networkd

# Check if systemd-resolved is installed
systemctl list-unit-files | grep systemd-resolved

To use systemd-networkd, disable conflicting network managers (e.g., NetworkManager, which is common on desktops):

# Stop and disable NetworkManager (if present)
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager

# Enable and start systemd-networkd
sudo systemctl enable --now systemd-networkd

# Enable and start systemd-resolved (for DNS)
sudo systemctl enable --now systemd-resolved

# Symlink /etc/resolv.conf to systemd-resolved's stub resolver (recommended)
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Basic Network Configuration

Understanding Configuration Files

systemd-networkd uses three types of configuration files, stored in /etc/systemd/network/ (or /usr/lib/systemd/network/ for vendor defaults):

  • .link files: Configure low-level device properties (e.g., MAC address, MTU, renaming interfaces). Processed by systemd-udevd during device initialization.
  • .netdev files: Define virtual network devices (e.g., VLANs, bridges, bonds).
  • .network files: Configure IP addressing, routes, DNS, and other network settings for interfaces (physical or virtual).

Files are processed in lexicographical order, and you can use *.network globs to target multiple interfaces.

DHCP Configuration

To configure an interface (e.g., eth0) to use DHCP:

  1. Create a .network file (e.g., 20-eth0-dhcp.network):

    # /etc/systemd/network/20-eth0-dhcp.network
[Match]
Name=eth0  # Match interface by name

[Network]
DHCP=yes   # Enable DHCP for IPv4 (use DHCP=ipv6 for IPv6)
IPv6AcceptRA=yes  # Accept IPv6 Router Advertisements (optional)

  2. Reload systemd-networkd to apply changes:

    sudo networkctl reload

  3. Verify the configuration:

    networkctl status eth0
# Output should show "DHCP4: yes" and assigned IP

Static IP Configuration

To set a static IP (e.g., 192.168.1.10/24 on eth0):

  1. Create a .network file (e.g., 20-eth0-static.network):

    # /etc/systemd/network/20-eth0-static.network
[Match]
Name=eth0

[Network]
Address=192.168.1.10/24  # Static IP with CIDR
Gateway=192.168.1.1      # Default gateway
DNS=8.8.8.8 8.8.4.4      # DNS servers (Google DNS)
Domains=example.com      # Search domains (optional)

  2. Reload and verify:

    sudo networkctl reload
networkctl status eth0  # Check IP, gateway, DNS
resolvectl status       # Verify DNS servers

Advanced Configuration

VLANs

To create a VLAN interface (e.g., vlan10 on eth0 with VLAN ID 10):

  1. Create a .netdev file to define the VLAN device:

    # /etc/systemd/network/10-vlan10.netdev
[NetDev]
Name=vlan10
Kind=vlan

[VLAN]
Id=10  # VLAN ID

  2. Create a .network file to configure IP for the VLAN:

    # /etc/systemd/network/20-vlan10.network
[Match]
Name=vlan10

[Network]
Address=10.0.10.10/24  # Static IP for VLAN 10
Gateway=10.0.10.1

  3. Reload and verify:

    sudo networkctl reload
networkctl list  # Should show vlan10 as "configured"

Bridges

Bridges connect multiple interfaces (e.g., for virtualization with KVM). To create a bridge br0 with eth0 as a slave:

  1. Create a .netdev file for the bridge:

    # /etc/systemd/network/10-br0.netdev
[NetDev]
Name=br0
Kind=bridge

  2. Configure the bridge’s IP (e.g., static):

    # /etc/systemd/network/20-br0.network
[Match]
Name=br0

[Network]
Address=192.168.2.10/24
Gateway=192.168.2.1

  3. Attach eth0 to the bridge (remove its existing IP config first):

    # /etc/systemd/network/30-eth0-bridge-slave.network
[Match]
Name=eth0

[Network]
Bridge=br0  # Attach eth0 to br0

  4. Reload and verify:

    sudo networkctl reload
networkctl status br0  # Check bridge status
bridge link show br0   # Verify eth0 is enslaved

Bond multiple interfaces (e.g., eth0 and eth1) for redundancy or increased bandwidth (802.3ad LACP):

  1. Create a .netdev file for the bond:

    # /etc/systemd/network/10-bond0.netdev
[NetDev]
Name=bond0
Kind=bond

[Bond]
Mode=802.3ad  # LACP mode (other modes: balance-rr, active-backup)
Miimon=100    # Monitor link status every 100ms
LACPTransmitRate=fast  # LACP packet rate

  2. Configure the bond’s IP:

    # /etc/systemd/network/20-bond0.network
[Match]
Name=bond0

[Network]
Address=192.168.3.10/24
Gateway=192.168.3.1

  3. Attach eth0 and eth1 to the bond:

    # /etc/systemd/network/30-eth0-bond-slave.network
[Match]
Name=eth0

[Network]
BondMaster=bond0
    # /etc/systemd/network/30-eth1-bond-slave.network
[Match]
Name=eth1

[Network]
BondMaster=bond0

  4. Reload and verify:

    sudo networkctl reload
networkctl status bond0
cat /proc/net/bonding/bond0  # Check bond status

Troubleshooting Systemd Networking

Key Commands

  • networkctl: Query network interface status:

    networkctl list          # List all interfaces
networkctl status eth0   # Detailed status of eth0
networkctl show eth0     # Raw network configuration

  • systemctl: Check service status:

    sudo systemctl status systemd-networkd
sudo systemctl status systemd-resolved

  • journalctl: View logs for debugging:

    sudo journalctl -u systemd-networkd -f  # Follow real-time logs
sudo journalctl -u systemd-resolved --since "10min ago"

  • resolvectl: Debug DNS issues:

    resolvectl status        # Show global DNS settings
resolvectl query example.com  # Test DNS resolution

Common Issues and Fixes

  • Interface not matching: Ensure .network [Match] sections use correct interface names (check with ip link).
  • DHCP failing: Verify DHCP server availability; check logs with journalctl -u systemd-networkd.
  • DNS not working: Ensure systemd-resolved is running; check /etc/resolv.conf symlink points to stub-resolv.conf.
  • Conflicting services: Disable NetworkManager or dhclient if they interfere with systemd-networkd.

Common Practices

  • File Naming: Use numeric prefixes (e.g., 20-eth0.network) to control processing order.
  • Drop-in Directories: Override settings for a .network file using *.d/ subdirectories (e.g., 20-eth0.network.d/override.conf).
  • Backup Configs: Before editing, back up existing files (e.g., sudo cp 20-eth0.network 20-eth0.network.bak).
  • Test Changes: Use networkctl reload instead of restarting the service to avoid downtime.

Best Practices

  • Use systemd Targets: Define network dependencies in unit files with After=network.target or Requires=network-online.target for critical services.
  • Secure Config Files: Restrict permissions on /etc/systemd/network/ to root:root and 0644 to prevent tampering.
  • Enable DNSSEC: Improve security by enabling DNSSEC in systemd-resolved: 
    # /etc/systemd/resolved.conf.d/dnssec.conf
[Resolve]
DNSSEC=yes
  • Prefer DHCP with Reservations: For dynamic environments, use DHCP with IP reservations instead of static IPs to simplify management.
  • Monitor with systemd Tools: Use systemctl enable --now systemd-networkd-wait-online to ensure the network is up before critical services start.

Conclusion

Systemd-networkd, systemd-resolved, and networkd-dispatcher provide a modern, integrated solution for Linux networking. By leveraging declarative configuration files and systemd’s service management, you can simplify network setup, reduce overhead, and ensure consistency across systems. Whether you’re configuring a basic DHCP interface or advanced virtual networks, systemd’s tools offer flexibility and reliability for both servers and embedded devices.

Start small with static/DHCP setups, then explore advanced features like VLANs and bonding. With the troubleshooting and best practices outlined here, you’ll be well-equipped to manage Linux networks with systemd.

References