I would like to use MACPROTECT ON for Linux guests on a vswitch but it is not working as I would expect. My understanding is that MACPROTECT ON will not allow a NIC to send a frame with source mac address different from the one assigned by CP. I have a Linux bridge that bridges layer 2 traffic between two vswitches. I would like to have MACPROTECT on for all guests except for the one that runs the bridge. This I intended to do with running SET VSWITCH <name> MACPROTECT ON and SET NIC USER <bridge> <addr> MACPROTECT OFF. But, as soon as I turn MACPROTECT on for the vswitch the traffic through the bridge stops regardless of whether the MACPROTECT on the NIC is on or off.
As an additional check I have tried to do it in the other way: set MACPROTECT
OFF on the vswitch and set MACPROTECT ON for the bridge NIC. I would expect
this to stop the traffic through the bridge, but that did not happen.
More details for the second case:
q v nic a000
Adapter A000.P00 Type: QDIO Name: UNASSIGNED Devices: 3
MAC: 02-00-C2-0A-6D-D5 VSWITCH: SYSTEM ALBL07
Device: A000 Protected
znetconf -c | grep a000
0.0.a000,0.0.a001,0.0.a002 1731/01 GuestLAN QDIO 08 qeth eth6 online
tcpdump -e -i eth6 '(host 141.202.59.44 or host 141.202.59.45)'
tcpdump: WARNING: eth6: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth6, link-type EN10MB (Ethernet), capture size 65535 bytes
07:46:54.596577 02:00:c2:0a:6d:ff (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 141.202.59.45 tell 141.202.59.44, length 28
07:46:54.596827 02:00:c2:0a:6e:00 (oui Unknown) > 02:00:c2:0a:6d:ff (oui
Unknown), ethertype ARP (0x0806), length 42: Reply 141.202.59.45 is-at
02:00:c2:0a:6e:00 (oui Unknown), length 28
07:46:54.596985 02:00:c2:0a:6d:ff (oui Unknown) > 02:00:c2:0a:6e:00 (oui
Unknown), ethertype IPv4 (0x0800), length 98: 141.202.59.44 > 141.202.59.45:
ICMP echo request, id 1913, seq 1, length 64
The A000 NIC on the bridge has mac addres 02-00-C2-0A-6D-D5 but passes traffic
between mac addresses 02:00:c2:0a:6d:ff and 02:00:c2:0a:6e:00 despite
protection being on.
Is my understanding of MACPROTECT incorrect or have I found a bug?
Thanks,
Tomas
Tomas Pavelka
CA Technologies
Sr Software Engineer
Tel: +420226207796
tomas.pave...@ca.com
<mailto:tomas.pave...@ca.com>[cid:image001.gif@01CF42AD.93DBBA60]<http://www.ca.com/>
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
<<inline: image001.gif>>
