[Lxc-users] Bug discussion: implementing high virtual device MAC addresses

Derek Simkowiak derek at simkowiak.net
Tue Oct 18 23:31:48 UTC 2011

     There is a behavior in the Linux kernel which can cause a bridge 
device to change MAC address, thus causing a network blackout of several 
seconds (while everybody ARPs the new MAC address flushes the old one).  
This happens when bridging an enslaved interface, like we do with LXC.

     The symptom is that the LXC host will black out for several seconds 
when starting or stopping an LXC container.  Your SSH terminal on the 
host will freeze and become unresponsive.  (It is a random symptom, 
because the blackout only happens if the randomly-assigned MAC address 
of the virtual device is lower than that of the physical eth0 device).

     This behavior was first observed by the libvirt folks when creating 
virtual machines.  You can read more details about it (and how they 
fixed it) here:


     I have observed the symptom under LXC, and the workaround for it 
has been independently confirmed for LXC in this bug report (ID: 3411497):


     The workaround for the bug is to give the virtual device a high MAC 
address, thus discouraging the bridge device from adapting its MAC 
address as its own.

     I have mentioned this bug on the list before, however, I was 
confused about which MAC address was causing the problem.  This is NOT 
the mac address specified in lxc.conf, like this:

lxc.network.hwaddr = fe:16:3e:fd:5a:5b

     That MAC address has nothing to do with the bug; the host's bridge 
device (br0) will never assume a configured LXC MAC address as its own.  
Instead, the MAC address in question is the one of the virtual vethXXXX 
device, as shown with "ifconfig" on the host:

veth0IEDlk Link encap:Ethernet  HWaddr 4e:34:7c:dc:92:e8

     That HWaddr should be given a high prefix to avoid the network 
blackouts, just like they've done for libvirt.  That does not exist in 
any config file anywhere; it must be fixed in the LXC source code.

     I looked in network.c for the LXC source code and I think the fix 
should go in lxc_bridge_attach() near line 991.  The fix would put a 
manually-generated MAC address -- one with a high prefix -- into 
ifr.ifr_hwaddr.sa_data and thus replace the random one assigned by the 

     However, I'm new to the LXC source and would like some input and 
analysis from a more seasoned contributor.  I would be happy to test and 
maybe even contribute a patch, but I'd like some feedback first.

Thank You,
Derek Simkowiak

More information about the lxc-users mailing list