Linux: VLAN Interface Setup Using Systemd

How to set up VLAN interfaces (IEEE 802.1Q) using the systemd; e.g. in Archlinux…

Prerequisities

The first assumption is to prevent Udev to rename the network interfaces by:

ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules

The second assumption is that there exist two interfaces eth0 and eth1 that will be renamed to lan and wan. This can be achieved by editing the /etc/udev/rules.d/network_persistent.rules file:

SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan", DRIVERS=="?*"
SUBSYSTEM=="net", ATTR{address}=="00:01:02:03:04:05", NAME="wan", DRIVERS=="?*"

The third assumption is that the lan interface is a native Ethernet link. On the other hand, the wan requires the IEEE 802.1Q frame tagging for each IPv4 (wan4 subinterface) and IPv6 (wan6 subif) connnectivity.

Setup

Create a configuration file for lan in /etc/conf.d/network@lan:

iface_name=lan
ipv4_address=192.168.0.5
ipv4_netmask=24
ipv4_broadcast=192.168.0.255
ipv4_gateway=192.168.0.1
ipv4_route=192.168.1.0/24

Now, the same for wan in /etc/conf.d/network@wan:

iface_name=wan
ipv4_address=123.123.123.123
ipv4_netmask=24
ipv4_broadcast=123.123.123.255
ipv4_gateway=123.123.123.1
ipv4_vlan_name=wan4
ipv4_vlan_id=444
ipv6_address=dead:beef:cafe:1::2
ipv6_prefix=64
ipv6_gateway=dead:beef:cafe:1::1
ipv6_vlan_name=wan6
ipv6_vlan_id=666

Having the configs ready, let’s create the systemd script for lan in /etc/systemd/system/network@lan.service:

[Unit]
Description=Network connectivity (lan)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-lan.device
After=sys-subsystem-net-devices-lan.device
 
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network@lan
 
ExecStart=/usr/bin/ip link set dev ${iface_name} up
ExecStart=/usr/bin/ip addr add ${ipv4_address}/${ipv4_netmask} brd ${ipv4_broadcast} dev ${iface_name}
#Uncomment the following command if you want to set the default route via the lan interface.
#ExecStart=/usr/bin/ip route add default via ${ipv4_gateway}
#The following command is optional, as it sets up a static route routed via the lan interface.
ExecStart=/usr/bin/ip route add ${ipv4_route} via ${ipv4_gateway}
 
ExecStop=/usr/bin/ip addr flush dev ${iface_name}
ExecStop=/usr/bin/ip link set dev ${iface_name} down
 
[Install]
WantedBy=multi-user.target

Analogously, for wan in /etc/systemd/system/network@wan.service:

[Unit]
Description=Network connectivity (wan)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-wan.device
After=sys-subsystem-net-devices-wan.device
 
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network@wan
 
ExecStart=/usr/bin/ip link set dev ${iface_name} up

ExecStart=/usr/bin/ip link add link ${iface_name} name ${ipv4_vlan_name} type vlan id ${ipv4_vlan_id}
ExecStart=/usr/bin/ip addr add ${ipv4_address}/${ipv4_netmask} brd ${ipv4_broadcast} dev ${ipv4_vlan_name}
ExecStart=/usr/bin/ip link set dev ${ipv4_vlan_name} up
ExecStart=/usr/bin/ip route add default via ${ipv4_gateway}

ExecStart=/usr/bin/ip link add link ${iface_name} name ${ipv6_vlan_name} type vlan id ${ipv6_vlan_id}
ExecStart=/usr/bin/ip -6 addr add ${ipv6_address}/${ipv6_prefix} dev ${ipv6_vlan_name}
ExecStart=/usr/bin/ip link set dev ${ipv6_vlan_name} up
ExecStart=/usr/bin/ip -6 route add default via ${ipv6_gateway}

ExecStop=/usr/bin/ip addr flush dev ${ipv4_vlan_name}
ExecStop=/usr/bin/ip link set dev ${ipv4_vlan_name} down
ExecStop=/usr/bin/ip link del dev ${ipv4_vlan_name}

ExecStop=/usr/bin/ip addr flush dev ${ipv6_vlan_name}
ExecStop=/usr/bin/ip link set dev ${ipv6_vlan_name} down
ExecStop=/usr/bin/ip link del dev ${ipv6_vlan_name}

ExecStop=/usr/bin/ip addr flush dev ${iface_name}
ExecStop=/usr/bin/ip link set dev ${iface_name} down
 
[Install]
WantedBy=multi-user.target

Notice, that the lan@service has the default route commented out. It did not work for me, that the wan default route, executed lately, overwrote the lan default route.

Starting the scripts is easy:

systemctl start network@lan
systemctl start network@wan
systemctl enable network@lan
systemctl enable network@wan

In the end, to make sure the DNS works as well, it is neccessary to update the /etc/resolv.conf file accordingly. For instance, as follows (Google’s DNS servers):

nameserver 8.8.8.8
nameserver 8.8.4.4

That’s pretty much it. The NetworkManager is not needed anymore… maybe 🙂

Advertisements
This entry was posted in Linux, Server and tagged , , , , , , , , . Bookmark the permalink.