A Modern Approach to Linux Network Management: Getting Started with systemd-networkd
Managing network connections on a Linux system is a fundamental task for any administrator. While tools like NetworkManager are excellent for desktop environments and dynamic setups, servers and embedded systems often benefit from a more predictable, lightweight, and declarative approach. This is where systemd-networkd shines.
As a native component of the systemd init system, systemd-networkd provides a powerful and efficient daemon for configuring network interfaces. It excels in environments where network configurations are stable and need to be defined clearly and concisely.
Why Choose systemd-networkd?
If you’re accustomed to other networking tools, you might wonder what makes systemd-networkd a compelling choice. The advantages lie in its design philosophy:
- Declarative Configuration: You define the desired state of your network in simple text files.
systemd-networkdthen takes the necessary steps to achieve that state. This makes configurations easy to read, version control, and reproduce across multiple systems. - Lightweight and Fast: The daemon is designed to be minimal and efficient, consuming fewer resources than more feature-rich alternatives. This is ideal for servers, containers, and embedded devices where every megabyte of RAM counts.
- Deep Systemd Integration: Because it’s part of systemd, it integrates seamlessly with other system services. You can easily set up network-dependent services to start only after the network is fully configured and online.
- Ideal for Server Environments: For static IP addresses, bridges, VLANs, and network bonds,
systemd-networkdoffers a robust and no-fuss solution without the overhead of a GUI or complex background processes.
Getting Started: Enabling the Service
Before you begin creating configuration files, you must ensure systemd-networkd is enabled and running.
First, enable the service to start automatically on boot:
sudo systemctl enable systemd-networkd.service
Then, start the service for the current session:
sudo systemctl start systemd-networkd.service
Crucial Tip: To avoid conflicts, you must disable any other network management services that might be running. The most common one is NetworkManager. You can disable it with the following commands:
sudo systemctl stop NetworkManager.service
sudo systemctl disable NetworkManager.service
If you are on a Debian-based system, you may also need to disable the legacy networking service.
Understanding the Configuration Files
All network configurations for systemd-networkd reside in the /etc/systemd/network/ directory. The daemon reads simple text files with a .network extension to determine how to configure each interface.
The core of every configuration file revolves around two main sections:
[Match]: This section tellssystemd-networkdwhich network interface the configuration should apply to. You can match an interface by its name (e.g.,Name=eth0) or MAC address (MACAddress=...).[Network]: This section defines what to do with the matched interface. Here you will specify details like the IP address, gateway, DNS servers, or whether to use DHCP.
Practical Configuration Examples
Let’s look at two of the most common scenarios: setting a static IP and using DHCP.
Example 1: Configuring a Static IP Address
To assign a static IP address to an interface named enp0s3, you would create a file like /etc/systemd/network/10-static-enp0s3.network. The leading number in the filename helps control the order in which files are processed.
[Match]
Name=enp0s3
[Network]
Address=192.168.1.100/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4
[Match]: This file will only apply to the interface with the exact nameenp0s3.[Network]:Address: Sets the static IP address and the subnet mask in CIDR notation (/24is equivalent to255.255.255.0).Gateway: Defines the default gateway for routing traffic outside the local network.DNS: Specifies the DNS servers to use for name resolution. You can have multipleDNSlines.
Example 2: Configuring a DHCP Client
For interfaces that should receive their network configuration automatically from a DHCP server, the configuration is even simpler. Create a file like /etc/systemd/network/10-dhcp-enp0s3.network:
[Match]
Name=enp0s3
[Network]
DHCP=yes
Here, DHCP=yes instructs systemd-networkd to request an IP address, gateway, and DNS information from the DHCP server for both IPv4 and IPv6. You can also specify DHCP=ipv4 or DHCP=ipv6 if you only want to use one protocol.
Applying Changes and Checking Status with networkctl
After creating or modifying your configuration files, you don’t need to reboot the system. You can apply the changes by telling systemd-networkd to reload its configuration.
The primary command for interacting with the service is networkctl.
To apply new configurations:
sudo networkctl reloadTo check the status of all network interfaces:
networkctl statusThis command provides a detailed overview of each link, including its current state, IP address, and the configuration file that is being applied to it.
To get a simple list of interfaces:
bash
networkctl list
Key Security and Best Practices
- File Permissions: Configuration files in
/etc/systemd/network/can contain sensitive network information. Set their permissions to644(-rw-r--r--) so they are not writable by non-root users. - Use Specific Matches: Whenever possible, use a specific
[Match]condition likeName=orMACAddress=instead of a broad wildcard (Name=en*). This prevents configuration from being accidentally applied to the wrong interface. - Firewall Integration: Remember that
systemd-networkdonly handles network interface configuration. It does not manage firewall rules. You must still use a firewall solution likeiptablesorfirewalldto secure your server.
By embracing a declarative and integrated approach, systemd-networkd offers a streamlined and highly effective way to manage networking on modern Linux servers, proving that sometimes the simplest solution is also the most powerful.
Source: https://linuxhandbook.com/courses/systemd/systemd-networkd/
