diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 187baceec21..6a27bab1e30 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -801,46 +801,59 @@
- Assign the specified network interface to the
- container. This will remove the specified interface from the
- calling namespace and place it in the container. When the
- container terminates, it is moved back to the host namespace.
- Note that implies
- . This option may be used
- more than once to add multiple network interfaces to the
- container.
+ Assign the specified network interface to the container. This will remove the
+ specified interface from the calling namespace and place it in the container. When the container
+ terminates, it is moved back to the calling namespace. Note that
+ implies . This option may be
+ used more than once to add multiple network interfaces to the container.
+
+ Note that any network interface specified this way must already exist at the time the container
+ is started. If the container shall be started automatically at boot via a
+ systemd-nspawn@.service unit file instance, it might hence make sense to add a
+ unit file drop-in to the service instance
+ (e.g. /etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf) with
+ contents like the following:
+
+ [Unit]
+Wants=sys-subsystem-net-devices-ens1.device
+After=sys-subsystem-net-devices-ens1.device
+
+ This will make sure that activation of the container service will be delayed until the
+ ens1 network interface has shown up. This is required since hardware probing is
+ fully asynchronous, and network interfaces might be discovered only later during the boot process,
+ after the container would normally be started without these explicit dependencies.
+
- Create a macvlan interface
- of the specified Ethernet network interface and add it to the
- container. A macvlan interface is a virtual
- interface that adds a second MAC address to an existing
- physical Ethernet link. The interface in the container will be
- named after the interface on the host, prefixed with
- mv-. Note that
- implies
- . This option may be used
- more than once to add multiple network interfaces to the
- container.
+ Create a macvlan interface of the specified Ethernet network
+ interface and add it to the container. A macvlan interface is a virtual interface
+ that adds a second MAC address to an existing physical Ethernet link. The interface in the container
+ will be named after the interface on the host, prefixed with mv-. Note that
+ implies . This option may be
+ used more than once to add multiple network interfaces to the container.
+
+ As with , the underlying Ethernet network interface must
+ already exist at the time the container is started, and thus similar unit file drop-ins as described
+ above might be useful.
- Create an ipvlan interface
- of the specified Ethernet network interface and add it to the
- container. An ipvlan interface is a virtual
- interface, similar to a macvlan interface,
- which uses the same MAC address as the underlying interface.
- The interface in the container will be named after the
- interface on the host, prefixed with iv-.
- Note that implies
- . This option may be used
- more than once to add multiple network interfaces to the
- container.
+ Create an ipvlan interface of the specified Ethernet network
+ interface and add it to the container. An ipvlan interface is a virtual interface,
+ similar to a macvlan interface, which uses the same MAC address as the underlying
+ interface. The interface in the container will be named after the interface on the host, prefixed
+ with iv-. Note that implies
+ . This option may be used more than once to add multiple network
+ interfaces to the container.
+
+ As with , the underlying Ethernet network interface must
+ already exist at the time the container is started, and thus similar unit file drop-ins as described
+ above might be useful.
@@ -907,7 +920,11 @@
this option is used, the host side of the Ethernet link will use the vb- prefix
instead of ve-. Regardless of the used naming prefix the same network interface
name length limits imposed by Linux apply, along with the complications this creates (for details see
- above).
+ above).
+
+ As with , the underlying bridge network interface must
+ already exist at the time the container is started, and thus similar unit file drop-ins as described
+ above might be useful.