State of systemd-networkd networking backend in NixOS?

The networking setup on my laptop has grown a bit hairy over time; Multiple VPNs, one of them routing the default route on a netns based Wireguard connection, IPv6 unique local address config for my home network.

Over the years I ran into more and more edge cases; Network config only properly activating after second run, no DHCP config after return from suspend, no IPv6 ULA when using netns, etc.

So I decided to give systemd-networkd a try. My goal was to experience fewer edge cases, and that seems to workout for me, but now I ran into new deficiencies. E.g. networkd doesn’t support network namespaces yet. And recently I learned again, that networkd state applications really aren’t idempotent, and even worse, it doesn’t clean up interfaces that got removed from the system config. At the same time I see the advantages of a unified networking “language” across lots of Linux distributions. And in the past weeks my pleasant experiences with systemd-networkd greatly overweighed the unpleasant ones.

So this leaves me with the question which kind of networking backend is feasible for NixOS in the long term. I recommend @fpletz’s great talk on NixCon 2018, in which he made a point to move to networkd. I very much agree with his argument that implementing a network stack is hard due to the loads of edge cases one has to fix and that it probably should happen in an upstream project like systemd, contraire to every distribution implementing their own.

At the same time I can’t help but notice some lack of drive regarding the move to networkd. The last change on nixos/modules/tasks/network-interfaces-systemd.nix happened in april 2020, which was one of only two changes in 2020. The Tracking issue shows a similar level of activity. This makes me somewhat insecure off my feeling of enthusiasm regarding NixOS’s migration to networkd. Did I miss out on some important blockers, that make networkd unfeasible for large parts of the NixOS community? Or does the community currently lack the resources for a full migration, so that it would be better to stay with the scripted backend and give it a smoother polish? What’s going on?

In my free time I do a small amount of contributions to NixOS and I could see myself shifting my focus to networkd. But I notice some sense of a lack of direction with myself. Which mostly stems from the fact that I currently see so little activity from developers working on the migration. One example: I’m not sure wether it is actually desired to have every NixOS networking.* option be implemented from both the scripted backend and networkd. It would make migration for users easier, as they could switch by flipping networking.useNetworkd. But at the same time it would cause more code that needs to be maintained, which is undesirable in the long run, as we already have a full (much less leaky) abstraction over networkd in systemd.network.*. This general lack of direction I experience here could be lessened, if I knew some more about your perspective on the topic.

So, tell me, NixOS contributors, what do you think? Are you using networkd and do you like it? Is the networkd backend something you are currently working towards? Do you think it should be the default in NixOS? Do you think the effort would profit from some kind of more formalised roadmap, e.g. in the form of an RFC? Looking forward to hear from you.

Edit: Just realised that my indicator for low activity wasn’t so good: nixos/modules/system/boot/networkd.nix shows much more activity in 2020!

I noticed networking.useNetword does not implement wireguard interfaces, which netword supports, and I had also been having some problems with peers becoming disconnected, so I switched my wireguard interfaces manually to systemd.network.* options, and I was considering implementing the wireguard networking options for networkd, but I am not sure if that is even of any use at this point. I have some configs with wireguard that have not been switched to networkd manually, and it seems it wouldn’t be much trouble to implement that.

It seems like the value of the generic networking.* options is to have some basic options that other NixOS modules can use regardless of implementation, or at least to be able to trivially switch between scripted/networkd to make it easy for a user to evaluate which works better.

I am surprised that there is not very much activity on the issue since the goal is to remove the current default implementation. I wonder if there are people with networking setups using the scripted implementation that cannot be realized with networkd? If there is only 1 implementation, should the networking.* options be eventually removed entirely or should that be left open for a new networking module to implement.

There was a Networkd Sprint 2019-11-23/24 in Munich - #28 by ckauhaus with these notes.

I avoided it in the past because I wanted nmtui/NetworkManager for managing WiFi without encoding all of my credentials in my nixos config.

It looks like systemd-networkd plays nicely with the super-fast iwd now! I will probably try adopting this again soon and report back.

I am using networkd and I like it. I find it simpler and I think I benefit from the efforts of the systemd community.

@colemickens have you had a chance to play with networkd?

And (slightly OT) where do you notice iwd being faster than NetworkManager?

Networkd is mostly fine. I find it a bit awkward that I can’t blanket DHCP on all interfaces. (so if I plug in a random wifi adapter…).

And generally I’d found that iwd was much faster at connecting, reconnecting after sleep, etc, just basically felt more responsive (not sure about throughput, latency or anything like that though).