[BPI-R2/R64] debian networkd

Hi,

I plan to switch to networkd on next debian image (bullseye) to not install the old ifupdown.

Have anyone tried it before and give tips how to put gmac (ethx) up and configure dsa ports?

Maybe vlan, pppoe and ipv6-over-ipv4 (hurrican electric tunnel) configuration. If anybody has this already done i can save the time for try and error

have eth0 working

/etc/systemd/network/eth0.network:

[Match]
Name=eth0

[Network]
DHCP=no
LinkLocalAddressing=no
ConfigureWithoutCarrier=true

/etc/systemd/network/wan.network

[Match]
Name=wan

[Network]
BindCarrier=eth0
ConfigureWithoutCarrier=true

IPForward=yes
IPMasquerade=yes
Address=192.168.0.18/24
Gateway=192.168.0.10
#DNS=192.168.0.10

now i try to setup lanbridge like it’s done here

i’ve created 3 files to do this:

/etc/systemd/network/lanbr.netdev

[NetDev]
Name=lanbr0
Kind=bridge

[Bridge]
DefaultPVID=1
VLANFiltering=1

/etc/systemd/network/lanbr.network

[Match]
Name=lanbr0

[Network]
Address=192.168.1.1/24

/etc/systemd/network/lan.network

[Match]
Name=lan0 lan1 lan2 lan3

[Network]
BindCarrier=lanbr0
Bridge=lanbr0

binding seems to work, but it ip-address is not set (second file)

5: lan0@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master lanbr0 state DOWN group default qlen 1000                                                                                 
    link/ether 3a:5d:98:f7:50:8b brd ff:ff:ff:ff:ff:ff                                                                                                                                   
6: lan1@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master lanbr0 state DOWN group default qlen 1000                                                                                 
    link/ether 3e:de:03:53:13:70 brd ff:ff:ff:ff:ff:ff                                                                                                                                   
7: lan2@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master lanbr0 state DOWN group default qlen 1000                                                                                 
    link/ether 66:8a:45:e7:49:14 brd ff:ff:ff:ff:ff:ff                                                                                                                                   
8: lan3@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master lanbr0 state DOWN group default qlen 1000                                                                                 
    link/ether 0a:81:22:f8:21:57 brd ff:ff:ff:ff:ff:ff                                                                                                                                   
9: lanbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000                                                                                 
    link/ether 52:29:84:c3:04:47 brd ff:ff:ff:ff:ff:ff

any idea why?

edit: i need ConfigureWithoutCarrier=true in the network-section, then address is set…

currently i have problems with Gateway not set for wan

syslog says

wan: Could not set route: Nexthop has invalid gateway. Network is unreachable

but gateway is same subnet as wan’s IP-address

any idea? Found it (ConfigureWithoutCarrier must not be set for wan)

Seems like pppoe and ifup/ifdown is not possible…bad seems it can only be started with systemd-service

at least i have eth0/wan with vlan/lanbridge working with systemd now

bpi-r2_networkd.tar.gz (606 Bytes)

have not yet found a way to set the mac-adress of eth0/wan-port

tried with a link file

/etc/systemd/network/wan.link

[Match]
OriginalName=wan

[Link]
# Override MAC address (spoof MAC address)
MACAddress=08:22:33:44:55:66

but my mac is not changed to the given value…

Try naming the file:

/etc/systemd/network/10-wan.link

(Add 10- in front of the filename)

Thanks i’ve found a way by adding link section in .network file

You can look in my debian-image for more

Just in case you need a .link anyway:

This is from the docs:

The first (in lexical order) of the link files that matches a given device is applied. Note that a default file 99-default.link is shipped by the system. Any user-supplied .link should hence have a lexically earlier name to be considered at all.

This is why wan.link did not work. It comes after 99 in lexical order…

i have no 99-default-link

root@bpi-r2:~# ls /etc/systemd/network/                                         
eth0.network       lanbr.netdev    wan.140.netdev                               
he-tunnel.netdev   lanbr.network   wan.link                                     
he-tunnel.network  wan.110.netdev  wan.network                                  
root@bpi-r2:~#

tried also finding the file in other directory, there is one in

/usr/lib/systemd/network/99-default.link

is this loaded too?

Yes it is loaded from several places. This is one of them.

oh, now it works

root@bpi-r2:~# cat /etc/systemd/network/10-wan.link                             
[Match]                                                                                                                                    
OriginalName=wan                                                                                                               
                                                                                
[Link]                                                        
MACAddress=08:22:33:44:55:77                                                    
root@bpi-r2:~# ip a s wan                                                       
4: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP g
roup default qlen 1000                                                          
    link/ether 08:22:33:44:55:77 brd ff:ff:ff:ff:ff:ff                          
    inet 192.168.0.18/24 brd 192.168.0.255 scope global wan                     
       valid_lft forever preferred_lft forever                                  
    inet6 fe80::a22:33ff:fe44:5577/64 scope link                                
       valid_lft forever preferred_lft forever                                  
root@bpi-r2:~#

Have you done ipv6 (radv) config?

My tunnel is working,so i have basicly ipv6 support,but need to propagate ipv6 prefix to clients.

Masquerade (ipv4) and forwarding seems to possible to set via network file

I see i can define dhcp server,but it seems not possible to use a mac2ipv4 matching,so that known devices got same address outside of dhcp pool (as i have configured with dnsmasq)

No ipv6 done yet…

I do not use masquerade in systemd, but setup nftables.

Should you use [DHCPServerStaticLease] for mac2ipv4 in systemd?

currently i use nftables too, but if this can be done in networkd, i can drop this from firewall (as in my eyes it is no firewall setting)

DHCPServerStaticLease has lease in it, so i guess it is not for assign address, but for release them

[DHCPServerStaticLease] Section Options here

The " [DHCPServerStaticLease] " section configures a static DHCP lease to assign a fixed IPv4 address to a specific device based on its MAC address. This section can be specified multiple times.

MACAddress=

The hardware address of a device to match. This key is mandatory.

Address=

The IPv4 address that should be assigned to the device that was matched with MACAddress= . This key is mandatory.

Enabling masquerade in systemd sets up masquerade in iptables. If you also use nftables then you are mixing these two.

Edit: On Debian, the translator is iptables-nft, and iptables is symlinked to it by default.

With newer kernels this should however not really be an issue… But it is the reason why I do not set it in systemd, only use nftables from /etc/nftables.conf manually. You never know which rules are added by systemd

on my basic debian bullseye the systemd-option does nothing (i guess because iptables is not installed).

using systemd to add the masquerading i see the clients ip on my main-router, not the one of the bullseye-r2. after adding the masquerading manually via nft, i see bullseye ip (which is correct)

can i configure this “translator”? but i guess if the firewall flushes ruleset in nft the masquerading is gone (or is systemd triggered to add it again?).

for fixed ip i tried this:

/etc/systemd/network/25-lanbr-static.network

[DHCPServerStaticLease]
MACAddress=00:13:77:b7:a7:62
Address=192.168.1.60/24

but i got this in syslog:

Unknown section 'DHCPServerStaticLease'. Ignoring.

i guess i need to enable dhcp-server (and diable dnsmasq) somewhere (maybe the lanbr.network)? so i added this:

[DHCPServer]
PoolOffset=100
PoolSize=150

but it looks like dhcp-server from systemd is not started…needed additional DHCPServer=yes in network-section…dhcp-server is started, but i got same ip as from dnsmasq and the error in syslog above (unknown section), added Match-section above, but still the error

i guess this needs a newer systemd

    * The DHCP server logic in systemd-networkd gained support for static
      DHCP leases, configurable via the [DHCPServerStaticLease]
      section. This allows explicitly mapping specific MAC addresses to
      fixed IP addresses and vice versa.

root@bpi-r2:~# systemd --version
systemd 247 (247.3-6)

Arch Linux has 249. This is why I like it better. I just added an image on my repo you can try

Btw can check which .link is loaded by:

udevadm info --query=property --path=/sys/class/net/wan

good to know…is there any way to see all netdev/network/link files loaded and maybe the problems except syslog?

Maybe enable debugging like it is done here: https://gist.github.com/rkalkani/817edb3d335d7bc17857be81c746e9c9