[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] RFC: Setting a permanent MAC address for virtual network bridges

On Tue, Dec 07, 2010 at 01:46:40AM -0500, Laine Stump wrote:
> This is in reference to the following bugs that are filed against
> RHEL, but applicable to all Linux distros:
> https://bugzilla.redhat.com/show_bug.cgi?id=560994
> https://bugzilla.redhat.com/show_bug.cgi?id=609463
> "MAC address of virtual network bridge changes when TAP devices are
> added/removed"
> The problem is that the MAC address of a bridge that hasn't had its
> address specifically set, will be set to the MAC address of the
> first interface attached to it. If that interface later goes away,
> it will be set to the MAC address of another attached interface.
> Daniel's comments in the bug 1) state that the MAC address of a
> bridge device must match the MAC address of one of the attached
> interfaces, or no traffic will pass, and 2) suggest creating a dummy
> interface that is created and used purely to set a fixed MAC address
> that won't go away when any guest is destroyed (because it's not
> associated with any guest.
> I did some quick experimentation and found that:
> 1) It is possible to set a bridge's MAC address to something that
> isn't the address of an attached interface (although the range of
> numbers seems to be limited, at least when setting it using "ip link
> set virbr0 address xx:xx:xx:xx:xx:xx - anything starting with less
> than "B2" was rejected).
> 2) When a bridge's MAC address is set in that way, as Daniel says,
> no traffic passes. (Why is that, anyway?)

A bridge device *must* have a MAC address that machines one of
its enslaved devices. It can't have its own MAC address. The
bridge will automatically obtain the MAC of the first interface
enslaved normally.

> 3) If I create a tap device, set a MAC address on it, attach it to
> the bridge, and make sure the bridge is assigned that MAC address,
> traffic does pass, and when guests are destroyed and restarted, the
> MAC address of the bridge doesn't change.

You need to make sure the MAC address of the special TAP device is
numerically smaller than the MAC address of any normal VM TAP
device. This is fairly easy, since we now ensure all TAP devices
for VMs have 0xFE for their high byte. So the special device can
just have any value smaller than 0xFE (for values of 'any' which
are careful not to select a multicast MAC).

> So it looks like this is a viable way to solve the problem. Before
> digging into it, though, I thought I should ask if there are any
> alternate ideas, or problems that anyone sees with this approach.
> Also, I'm wondering where the name and MAC address of the dummy
> interfaces should come from, and whether I need to worry about
> storing them in the network XML. So far, this is what I think on
> those topics:

You could make a case for including the MAC address in
the XML, describing it as the MAC address of the router. We
should definitely not include the interface name because that
is a Linux specific implementation details.

> 1) the MAC address can be autogenerated if it's not in the XML, but
> needs to be saved in the XML so that it's persistent across libvirtd
> restarts.
> 2) the dummy interface name can just be some derivation of the
> bridge device name ("virbr0-mac"?), and probably doesn't need to be
> saved in the XML.


> (Also, I just noticed the code that sets the first byte of the MAC
> address of all tap interfaces being attached to virtual network
> bridges to 0xFE. What's the story behind that? Does the bridge
> always take the numerically lowest MAC that's currently connected?)

Yes. This is to guarnetee that all guest TAP devices have a MAC
that is higher than any physical NIC (no NIC vendor has a prefix
assigned with 0xFE or 0xFF)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]