[lxc-devel] hwaddr tuning in templates

Stéphane Graber stgraber at ubuntu.com
Tue Dec 24 14:32:50 UTC 2013 

On Tue, Dec 24, 2013 at 03:01:38PM +0100, Guillaume ZITTA wrote:
> Hi,
> 
> I'm coding a new template (for gentoo).
> 
> I saw this kind of tweak in many templates :
> 
>     if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr"
> $path/config; then
>         # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
>         hwaddr="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od
> -t x8 | \
>                       head -1 |awk '{print $2}' | cut -c1-10 |\
>                       sed 's/\(..\)/\1:/g; s/.$//')"
>         echo "lxc.network.hwaddr = $hwaddr" >> $path/config
>     fi
> 
> The url no longer exists and I didn't catch the explaination in ML
> archive.
> 
> Someone has a new pointer to the explaination?
> Was it a workaround for a no longuer existing bug?
> 
> Regards,
> 
> Guillaume ZITTA

Yeah, I guess the bug report got lost in the migration to github.

So let me try to explain what's going on there and why we are doing
this. Note that it's not really a bug has much as just having to cope
with the way things work in the kernel.

We want all containers to have a static mac address for a simple reason,
it's no fun if your IP addresses change every time you boot it (as if
not specified, a random one assigned by the kernel will be used).

On top of that, we can't just use any randomly generated mac address. We
need one that'll typically be higher than a regular MAC address. That's
because of the way bridges work in Linux. A bridge has its own mac
address and whenever that address changes trafic is cut for around 30s
(STP delay and similar stuff). The Linux kernel always uses the lowest
MAC address in the bridge for the bridge's own address, so we need to
make sure our addresses tend to be higher than that.

Not all templates care about that though. In Ubuntu we provide a routed
bridge so we don't have that concern and we instead choose to use the
Xen MAC range which has the advantage of being properly registered
specifically for use with VMs and containers.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131224/ba8805a7/attachment.pgp>

More information about the lxc-devel mailing list