[Lxc-users] Networking issues with LXC

Michael H. Warfield mhw at WittsEnd.com
Thu Feb 11 23:12:15 UTC 2010


On Thu, 2010-02-11 at 22:37 +0100, Daniel Lezcano wrote: 
> Michael H. Warfield wrote:
> > On Thu, 2010-02-11 at 21:58 +0100, Daniel Lezcano wrote: 
> >> Michael B. Trausch wrote:
> >>> On 02/11/2010 03:46 AM, Daniel Lezcano wrote:
> >>>> If you do not set a mac address in the container configuration file, the
> >>>> kernel will choose one for you preventing duplicate mac address on the
> >>>> host.
> >>> Will it pick something that is static for each container?  I'd like 
> >>> for each of my containers to have stable IPv6 addresses that persist 
> >>> over reboots.
> >> Ah, ok. That makes sense to specify a mac address.
> > 
> > Just out of curiousity...  What determines the host side of the veth
> > interfaces.  That looks to be a random number.  
> 
> Yes right.
> 
> > There's also a problem
> > with Linux bridges that the mac address of the bridge is assumed to be
> > the lowest mac address on the bridge (don't ask me why, that's just the
> > way it is).
> 
> Oh, good point !
> 
> Looking around on internet, it seems some people creates a dummy 
> interface with a lower mac address and assign it to the bridge.

> brrr ...

I scanned all of the host side mac addresses for my 3 dozen +++ VM's
scattered across 4 hosts and not a single one of them had the multicast
bit set or the locally administered bit cleared in the MAC address.  So
it's not totally random and, with the locally administered bit set, you
are cool with anything having OUI's less that 02:00:00.  Certainly
covers it for any case I have.  All my hard mac addresses are beginning
00: on all the eth devices on those hosts to begin with so they win.  If
you forced one or more of the upper bits (82 C2 E2 or more) you would
really be covered there with some sacrifice in randomness.

> > If you have your host eth device on that bridge and it's
> > the bridge mac that is seen on the outside and plays in the IPv6
> > autoconf game, you can get some confusion if a random interface added to
> > the bridge changes the mac address for the hosts address.  I ran into
> > this with OpenVZ and went back and implemented a policy of assigning MAC
> > addresses with the local bit set and higher than any possible hard eth
> > attach to the bridge.

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100211/07a32e69/attachment.pgp>


More information about the lxc-users mailing list