[systemd-devel] networkd Single VXLAN Device (SVD) supported?

Brad House brad at brad-house.com
Wed Aug 13 00:39:39 UTC 2025


I'm trying to configure SVD support using systemd-networkd on Ubuntu 
24.04LTS, but I can't seem to find the right combination of files and 
settings to make it work.  I have it working properly in a 
one-vxlan-per-bridge mode, but I'd like to have a single vlan-aware 
(vlan-filtering enabled) bridge.

I can successfully configure SVD mode using these commands directly to 
map VXLAN VNI 100 to VLAN 100 on the bridge and break out a vlan 
interface for communication (yes, I've done multiple vlans this way on 
the same bridge, just reducing the command set for discussion purposes):

ip link add dev br0 type bridge
ip link set dev br0 type bridge vlan_filtering 1
bridge vlan add vid 100 dev br0 self
ip link add dev vxlan0 type vxlan external local 172.16.0.101 dstport 
4789 nolearning
ip link set dev vxlan0 master br0
bridge link set dev vxlan0 vlan_tunnel on
bridge vlan add dev vxlan0 vid 100
bridge vlan add dev vxlan0 vid 100 tunnel_info id 100
ip link add link br0 name vlan100 type vlan id 100 protocol 802.1q
ip addr add 10.10.100.2/24 dev vlan100

I'm using a couple of physical interfaces for BGP-unnumbered peering, 
and a dummy interface to house my VTEP endpoint.  In all my testing 
these are set up the same as well as my FRR configuration. (I've pasted 
the non-SVD working full configuration at the end of this email).

I've tried to emulate the above working SVD commands with these systemd 
configuration files.  I couldn't figure out how to do the same vxlan0 
concept, and not sure what may trigger "tunnel_on" and "tunnel_info id 
XXX" commands to be passed.  At this point, my bridge is always showing 
down, and I'm not entirely sure why.  I enabled debugging but it doesn't 
seem very helpful in what is going wrong but I'm pretty sure there's a 
lot wrong here.

My current iteration of testing looks like the below, but I've tried a 
lot of combinations:

========= 20-vxlan100.netdev =========

[NetDev]
Name=vxlan100
Kind=vxlan

[VXLAN]
VNI=100
Local=172.16.0.101
MacLearning=false
DestinationPort=4789
Independent=true

========= 30-bridge-br0.netdev =========

[NetDev]
Name=br0
Kind=bridge

[Bridge]
VLANFiltering=yes
DefaultPVID=none

========= 30-vlan100.netdev =========

[NetDev]
Name=hypervisor
MTUBytes=9000
Kind=vlan

[VLAN]
Id=100

========= 30-vlan100.network =========

[Match]
Name=hypervisor
Type=vlan

[Link]
MTUBytes=9000

[Network]
KeepConfiguration=yes
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
DHCP=no
Address=10.10.100.2/24

========= 30-vxlan100.network =========

[Match]
Name=vxlan100

[Network]
Bridge=br0

[BridgeVLAN]
VLAN=100

========= 40-bridge-br0.network =========

[Match]
Name=br0

[Link]
MTUBytes=9000

[Network]
VLAN=hypervisor
VXLAN=vxlan100

[BridgeVLAN]
VLAN=100


My working bridge-per-vxlan is also below here incase it provides any 
additional insights (and I've included my underlay and dummy vtep 
interfaces for good measure):

========= 10-eth-mgmt.link =========

[Match]
Type=ether
OriginalName=*
MACAddress=ac:1f:6b:2d:85:83

[Link]
Name=mgmt
WakeOnLan=off
MTUBytes=1500
Duplex=full
AutoNegotiation=yes

========= 10-eth-mgmt.network =========

[Match]
Name=mgmt

[Link]
MTUBytes=1500

[Network]
KeepConfiguration=yes
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
DHCP=no
Address=192.168.1.81/24
DNS=8.8.8.8
DNS=2001:4860:4860::8888

[Route]
Destination=0.0.0.0/0
Gateway=192.168.1.1

========= 10-underlay-iface0.link =========

[Match]
Type=ether
OriginalName=*
Driver=mlx5_core

[Link]
WakeOnLan=off
MTUBytes=9100
BitsPerSecond=25000
Duplex=full
AutoNegotiation=no

========= 10-underlay-iface0.network =========

[Match]
Type=ether
Name=*
Driver=mlx5_core

[Link]
MTUBytes=9100

[Network]
KeepConfiguration=yes
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
DHCP=no

========= 10-vtep.netdev =========

[NetDev]
Name=vtep
Kind=dummy

========= 10-vtep.network =========

[Match]
Name=vtep

[Network]
Address=172.16.0.101/32

========= 30-bridge-ceph.netdev =========

[NetDev]
Name=ceph
Kind=bridge

[Bridge]
VLANFiltering=no
STP=no

========= 30-bridge-hypervisor.netdev =========

[NetDev]
Name=hypervisor
Kind=bridge

[Bridge]
VLANFiltering=no
STP=no

========= 40-vxlan100.netdev =========

[NetDev]
Name=vxlan100
MTUBytes=9000
Kind=vxlan

[VXLAN]
VNI=100
Local=172.16.0.101
MacLearning=false
DestinationPort=4789
Independent=true

========= 40-vxlan200.netdev =========

[NetDev]
Name=vxlan200
MTUBytes=9000
Kind=vxlan

[VXLAN]
VNI=200
Local=172.16.0.101
MacLearning=false
DestinationPort=4789
Independent=true

========= 50-bridge-ceph-vxlan200.network =========

[Match]
Name=vxlan200

[Network]
Bridge=ceph

========= 50-bridge-hypervisor-vxlan100.network =========

[Match]
Name=vxlan100

[Network]
Bridge=hypervisor

========= 60-bridge-ceph.network =========

[Match]
Name=ceph

[Link]
MTUBytes=9000

[Network]
KeepConfiguration=yes
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
DHCP=no
Address=10.10.200.2/24

========= 60-bridge-hypervisor.network =========

[Match]
Name=hypervisor

[Link]
MTUBytes=9000

[Network]
KeepConfiguration=yes
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
DHCP=no
Address=10.10.100.2/24


And again for completeness, my frr config:

service integrated-vtysh-config
hostname node1.testenv.bradhouse.dev
!
log syslog informational
!
!
!
ip nht resolve-via-default
!
ipv6 nht resolve-via-default
!
ip prefix-list VTEP seq 1 permit 172.16.0.101/24 ge 32
!
route-map ALLOW_ALL permit 1
!
route-map ALLOW_VTEP_AND_BGP permit 1
  match ip address prefix-list VTEP
!
route-map ALLOW_VTEP_AND_BGP permit 2
  match source-protocol bgp
!
route-map ALLOW_VTEP_AND_BGP deny 100
!
router bgp 4220000001
   bgp router-id 172.16.0.101
   bgp ebgp-requires-policy
   bgp log-neighbor-changes
   !
   ! Enable ECMP on multiple eBGP paths
   bgp bestpath as-path multipath-relax
   ! Don't install more than 2 paths for ECMP
   maximum-paths 2
   !
   neighbor PEERS peer-group
   neighbor PEERS remote-as external
   neighbor PEERS timers 3 9
   neighbor PEERS advertisement-interval 5
   neighbor PEERS bfd
   neighbor PEERS capability extended-nexthop
   !
   address-family ipv4 unicast
     neighbor PEERS activate
     neighbor PEERS route-map ALLOW_ALL in
     neighbor PEERS route-map ALLOW_VTEP_AND_BGP out
     redistribute connected
   !
   address-family ipv6 unicast
     neighbor PEERS activate
     neighbor PEERS route-map ALLOW_ALL in
     neighbor PEERS route-map ALLOW_VTEP_AND_BGP out
     redistribute connected
   !
   address-family l2vpn evpn
     neighbor PEERS activate
     neighbor PEERS route-map ALLOW_ALL in
     neighbor PEERS route-map ALLOW_ALL out
     neighbor PEERS attribute-unchanged next-hop
     autort rfc8365-compatible
     advertise-all-vni
     advertise-svi-ip
   !
   neighbor enp7s0f0np0 interface peer-group PEERS
   neighbor enp7s0f1np1 interface peer-group PEERS
!


Any help that can be provided would be greatly appreciated!

Thanks!

-Brad





More information about the systemd-devel mailing list