diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index c2957fd182..5dfca5ce4f 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -183,6 +183,8 @@
           <row><entry><varname>ifb</varname></entry>
           <entry> The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
 
+          <row><entry><varname>bareudp</varname></entry>
+          <entry> Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of an UDP tunnel.</entry></row>
         </tbody>
       </tgroup>
     </table>
@@ -822,6 +824,31 @@
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>[BareUDP] Section Options</title>
+
+    <para>The [BareUDP] section only applies for
+    netdevs of kind <literal>bareudp</literal>, and accepts the
+    following keys:</para>
+
+    <variablelist class='network-directives'>
+      <varlistentry>
+        <term><varname>DestinationPort=</varname></term>
+        <listitem>
+          <para>Specifies the destination UDP port (in range 1…65535). This is mandatory.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>EtherType=</varname></term>
+        <listitem>
+          <para>Specifies the L3 protocol. Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>mpls-uc</literal>
+          or <literal>mpls-mc</literal>. This is mandatory.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>[L2TP] Section Options</title>
 
diff --git a/src/network/meson.build b/src/network/meson.build
index cb8f801031..ab664ce2ec 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -1,6 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
 sources = files('''
+        netdev/bareudp.c
+        netdev/bareudp.h
         netdev/bond.c
         netdev/bond.h
         netdev/bridge.c
diff --git a/src/network/netdev/bareudp.c b/src/network/netdev/bareudp.c
new file mode 100644
index 0000000000..03c3ce5311
--- /dev/null
+++ b/src/network/netdev/bareudp.c
@@ -0,0 +1,138 @@
+/* SPDX-License-Identifier: LGPL-2.1+
+ * Copyright © 2020 VMware, Inc. */
+
+#include "bareudp.h"
+#include "netlink-util.h"
+#include "networkd-manager.h"
+#include "string-table.h"
+
+static const char* const bare_udp_protocol_table[_BARE_UDP_PROTOCOL_MAX] = {
+        [BARE_UDP_PROTOCOL_IPV4]    = "ipv4",
+        [BARE_UDP_PROTOCOL_IPV6]    = "ipv6",
+        [BARE_UDP_PROTOCOL_MPLS_UC] = "mpls-uc",
+        [BARE_UDP_PROTOCOL_MPLS_MC] = "mpls-mc",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bare_udp_protocol, BareUDPProtocol);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bare_udp_iftype, bare_udp_protocol, BareUDPProtocol,
+                         "Failed to parse EtherType=");
+
+/* callback for bareudp netdev's created without a backing Link */
+static int bare_udp_netdev_create_handler(sd_netlink *rtnl, sd_netlink_message *m, NetDev *netdev) {
+        int r;
+
+        assert(netdev);
+        assert(netdev->state != _NETDEV_STATE_INVALID);
+
+        r = sd_netlink_message_get_errno(m);
+        if (r == -EEXIST)
+                log_netdev_info(netdev, "BareUDP netdev exists, using existing without changing its parameters.");
+        else if (r < 0) {
+                log_netdev_warning_errno(netdev, r, "BareUDP netdev could not be created: %m");
+                netdev_drop(netdev);
+
+                return 1;
+        }
+
+        log_netdev_debug(netdev, "BareUDP created.");
+
+        return 1;
+}
+
+static int netdev_bare_udp_create(NetDev *netdev) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        BareUDP *u;
+        int r;
+
+        assert(netdev);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not allocate RTM_NEWLINK message: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, netdev->ifname);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IFNAME, attribute: %m");
+
+        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
+
+        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, netdev_kind_to_string(netdev->kind));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+
+        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_ETHERTYPE, htobe16(u->iftype));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_ETHERTYPE attribute: %m");
+
+        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_PORT, htobe16(u->dest_port));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_PORT attribute: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
+
+        r = netlink_call_async(netdev->manager->rtnl, NULL, m, bare_udp_netdev_create_handler,
+                               netdev_destroy_callback, netdev);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not send rtnetlink message: %m");
+
+        netdev_ref(netdev);
+        netdev->state = NETDEV_STATE_CREATING;
+
+        log_netdev_debug(netdev, "Creating");
+
+        return r;
+}
+
+static int netdev_bare_udp_verify(NetDev *netdev, const char *filename) {
+        BareUDP *u;
+
+        assert(netdev);
+        assert(filename);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        if (u->dest_port == 0)
+                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+                                                "%s: BareUDP DesinationPort= is not set. Ignoring.", filename);
+
+        if (u->iftype == _BARE_UDP_PROTOCOL_INVALID)
+                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+                                                "%s: BareUDP EtherType= is not set. Ignoring.", filename);
+
+        return 0;
+}
+
+static void bare_udp_init(NetDev *netdev) {
+        BareUDP *u;
+
+        assert(netdev);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        u->iftype = _BARE_UDP_PROTOCOL_INVALID;
+}
+
+const NetDevVTable bare_udp_vtable = {
+        .object_size = sizeof(BareUDP),
+        .sections = NETDEV_COMMON_SECTIONS "BareUDP\0",
+        .init = bare_udp_init,
+        .config_verify = netdev_bare_udp_verify,
+        .create = netdev_bare_udp_create,
+        .create_type = NETDEV_CREATE_INDEPENDENT,
+};
diff --git a/src/network/netdev/bareudp.h b/src/network/netdev/bareudp.h
new file mode 100644
index 0000000000..105475038d
--- /dev/null
+++ b/src/network/netdev/bareudp.h
@@ -0,0 +1,34 @@
+/* SPDX-License-Identifier: LGPL-2.1+
+ * Copyright © 2020 VMware, Inc. */
+#pragma once
+
+typedef struct BareUDP BareUDP;
+
+#include <linux/if_ether.h>
+
+#include "conf-parser.h"
+#include "netdev.h"
+
+typedef enum BareUDPProtocol {
+        BARE_UDP_PROTOCOL_IPV4    = ETH_P_IP,
+        BARE_UDP_PROTOCOL_IPV6    = ETH_P_IPV6,
+        BARE_UDP_PROTOCOL_MPLS_UC = ETH_P_MPLS_UC,
+        BARE_UDP_PROTOCOL_MPLS_MC = ETH_P_MPLS_MC,
+        _BARE_UDP_PROTOCOL_MAX,
+        _BARE_UDP_PROTOCOL_INVALID = -1
+} BareUDPProtocol;
+
+struct BareUDP {
+        NetDev meta;
+
+        BareUDPProtocol iftype;
+        uint16_t dest_port;
+};
+
+DEFINE_NETDEV_CAST(BAREUDP, BareUDP);
+extern const NetDevVTable bare_udp_vtable;
+
+const char *bare_udp_protocol_to_string(BareUDPProtocol d) _const_;
+BareUDPProtocol bare_udp_protocol_from_string(const char *d) _pure_;
+
+CONFIG_PARSER_PROTOTYPE(config_parse_bare_udp_iftype);
diff --git a/src/network/netdev/netdev-gperf.gperf b/src/network/netdev/netdev-gperf.gperf
index c532dfd268..a449b0607d 100644
--- a/src/network/netdev/netdev-gperf.gperf
+++ b/src/network/netdev/netdev-gperf.gperf
@@ -3,6 +3,7 @@
 _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #endif
 #include <stddef.h>
+#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-parser.h"
@@ -213,6 +214,8 @@ Bridge.STP,                               config_parse_tristate,
 Bridge.MulticastIGMPVersion,              config_parse_uint8,                        0,                             offsetof(Bridge, igmp_version)
 VRF.TableId,                              config_parse_uint32,                       0,                             offsetof(Vrf, table) /* deprecated */
 VRF.Table,                                config_parse_uint32,                       0,                             offsetof(Vrf, table)
+BareUDP.DestinationPort,                  config_parse_ip_port,                      0,                             offsetof(BareUDP, dest_port)
+BareUDP.EtherType,                        config_parse_bare_udp_iftype,              0,                             offsetof(BareUDP, iftype)
 WireGuard.FirewallMark,                   config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark)
 WireGuard.FwMark,                         config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark) /* deprecated */
 WireGuard.ListenPort,                     config_parse_wireguard_listen_port,        0,                             offsetof(Wireguard, port)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 446a580e2c..e157e20f31 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -5,6 +5,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-files.h"
@@ -77,9 +78,11 @@ const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_NLMON] = &nlmon_vtable,
         [NETDEV_KIND_XFRM] = &xfrm_vtable,
         [NETDEV_KIND_IFB] = &ifb_vtable,
+        [NETDEV_KIND_BAREUDP] = &bare_udp_vtable,
 };
 
 static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
+        [NETDEV_KIND_BAREUDP] = "bareudp",
         [NETDEV_KIND_BRIDGE] = "bridge",
         [NETDEV_KIND_BOND] = "bond",
         [NETDEV_KIND_VLAN] = "vlan",
diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h
index cc530022c1..0ab9a8e3f3 100644
--- a/src/network/netdev/netdev.h
+++ b/src/network/netdev/netdev.h
@@ -11,6 +11,7 @@
 #define NETDEV_COMMON_SECTIONS "Match\0NetDev\0"
 /* This is the list of known sections. We need to ignore them in the initial parsing phase. */
 #define NETDEV_OTHER_SECTIONS                     \
+        "-BareUDP\0"                              \
         "-Bond\0"                                 \
         "-Bridge\0"                               \
         "-FooOverUDP\0"                           \
@@ -81,6 +82,7 @@ typedef enum NetDevKind {
         NETDEV_KIND_NLMON,
         NETDEV_KIND_XFRM,
         NETDEV_KIND_IFB,
+        NETDEV_KIND_BAREUDP,
         _NETDEV_KIND_MAX,
         _NETDEV_KIND_TUNNEL, /* Used by config_parse_stacked_netdev() */
         _NETDEV_KIND_INVALID = -1
diff --git a/test/fuzz/fuzz-netdev-parser/directives.netdev b/test/fuzz/fuzz-netdev-parser/directives.netdev
index ef1f18fa40..9c444f7671 100644
--- a/test/fuzz/fuzz-netdev-parser/directives.netdev
+++ b/test/fuzz/fuzz-netdev-parser/directives.netdev
@@ -215,3 +215,6 @@ Activate=
 [Xfrm]
 Independent=
 InterfaceId=
+[BareUDP]
+DestinationPort=
+EtherType=