Re: Duplicate MAC addresses in VNET epair interaces
Hi. I have the same problem. The arc4random() call was committed and reverted ( https://svnweb.freebsd.org/base/head/sys/net/if_epair.c?view=log) I have a patch, that I'm currently using, that solves the issue locally (available here https://pastebin.com/LpPEVJL7 ) To be more generic, I'd like to add some hostid bits, following the approach of if_bridge, in case your epair interface has to be connected to a LAN. best regards, pizzamig On Mon, Feb 6, 2017 at 8:53 PM, Bjoern A. Zeeb < bzeeb-li...@lists.zabbadoz.net> wrote: > On 6 Feb 2017, at 18:53, Giulio Ferro wrote: > > Hi all, >> >> >> Setup: >> >> 11.0-STABLE FreeBSD 11.0-STABLE #0 r312338: Tue Jan 17 12:29:38 UTC 2017 >> >> >> I've set up two freebsd hosts, each of which has a single VNET jail. >> >> On each host I've created 2 epair interfaces. >> >> Host A >> >> - epair0a, epair1a on the host >> >> - epair0b, epair1b on the jail >> >> >> Host B >> >> - epair0a, epair10a on the host >> >> - epair0b, epair10b on the jail >> >> >> What I noticed is that on both hosts, each epair interface has the same >> MAC address: >> >> …> > >> >> (same behavior on the epair interfaces on the jail side) >> >> >> As you can see, the mac addresses seems to depend on the order of the >> creation of the epair, not on the name or address >> >> >> This is a potentially bad behavior, because if I want to bridge say >> epair1a on A with epair10a on B with a VPN or >> >> a physical connection giving 192.168.1.1 to epair1b and 192.168.1.2 to >> epair10b, I won't be able to make them >> >> talk to each other since they have the same MAC address. >> >> >> My question is: is this a bug or something I'm doing wrong? If there any >> workaround I can use? >> > > > From the man page: > > Like any other Ethernet interface, an epair needs to have a network > address. Each epair will be assigned a locally administered address > by > default, that is only guaranteed to be unique within one network > stack. > To change the default addresses one may use the SIOCSIFADDR ioctl(2) > or > ifconfig(8) utility. > > I thought someone patched it a few years ago to have a pseudo-random part > to make collisions less likely and use the FreeBSD vendor space, but it > seems that never happened for epair (or didn’t make it into the tree). > > ifconfig epair[ab] ether 02:xx:xx:xx:xx is your friend for now. > > /bz > > ___ > freebsd-hack...@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Duplicate MAC addresses in VNET epair interaces
On 14/02/2017 13:51, Bjoern A. Zeeb wrote: ifconfig epair0b ether ether 02:ff:e0:00:00:0b ifconfig: can't set link-level netmask or broadcast Two “ether”s there but I assume that’s a copy and paste issue? No, it's just me being stupid and careless... ;) Ok, it works great both in the jail and in the host. I've put the ether address in the /etc/start_if.epairxx files, as I think it should be supposed to be. Thanks a lot for your support! Giulio. I've tried manually, in the rc.conf file (ifconfig_epair0b="ether..."), and in the /etc/start_if.epair0b file, but neither of these three ways actually work to set the mac address of the epair interface within the jail. On the other hand, no problem setting the mac of epair in the host... And that’s what you should do. Despite epairs being virtual interfaces, think of them as hardware that you are only “loaning” to the vnet-jail but don’t want the jail to mess with all the hw settings. And you probably want to change the ether addresses on both ends anyway. /bz ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Duplicate MAC addresses in VNET epair interaces
On 14 Feb 2017, at 9:26, Giulio Ferro wrote: Hi Bjoern, thanks for your reply... the idea is sound, but unfortunately setting the mac address of the epair interface inside the jail doesn't work: ifconfig epair0b ether ether 02:ff:e0:00:00:0b ifconfig: can't set link-level netmask or broadcast Two “ether”s there but I assume that’s a copy and paste issue? I've tried manually, in the rc.conf file (ifconfig_epair0b="ether..."), and in the /etc/start_if.epair0b file, but neither of these three ways actually work to set the mac address of the epair interface within the jail. On the other hand, no problem setting the mac of epair in the host... And that’s what you should do. Despite epairs being virtual interfaces, think of them as hardware that you are only “loaning” to the vnet-jail but don’t want the jail to mess with all the hw settings. And you probably want to change the ether addresses on both ends anyway. /bz ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Duplicate MAC addresses in VNET epair interaces
On 06/02/2017 20:53, Bjoern A. Zeeb wrote: This is a potentially bad behavior, because if I want to bridge say epair1a on A with epair10a on B with a VPN or a physical connection giving 192.168.1.1 to epair1b and 192.168.1.2 to epair10b, I won't be able to make them talk to each other since they have the same MAC address. My question is: is this a bug or something I'm doing wrong? If there any workaround I can use? From the man page: Like any other Ethernet interface, an epair needs to have a network address. Each epair will be assigned a locally administered address by default, that is only guaranteed to be unique within one network stack. To change the default addresses one may use the SIOCSIFADDR ioctl(2) or ifconfig(8) utility. I thought someone patched it a few years ago to have a pseudo-random part to make collisions less likely and use the FreeBSD vendor space, but it seems that never happened for epair (or didn’t make it into the tree). ifconfig epair[ab] ether 02:xx:xx:xx:xx is your friend for now. Hi Bjoern, thanks for your reply... the idea is sound, but unfortunately setting the mac address of the epair interface inside the jail doesn't work: ifconfig epair0b ether ether 02:ff:e0:00:00:0b ifconfig: can't set link-level netmask or broadcast I've tried manually, in the rc.conf file (ifconfig_epair0b="ether..."), and in the /etc/start_if.epair0b file, but neither of these three ways actually work to set the mac address of the epair interface within the jail. On the other hand, no problem setting the mac of epair in the host... Do you know of any way to work around this? ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Duplicate MAC addresses in VNET epair interaces
On 6 Feb 2017, at 18:53, Giulio Ferro wrote: Hi all, Setup: 11.0-STABLE FreeBSD 11.0-STABLE #0 r312338: Tue Jan 17 12:29:38 UTC 2017 I've set up two freebsd hosts, each of which has a single VNET jail. On each host I've created 2 epair interfaces. Host A - epair0a, epair1a on the host - epair0b, epair1b on the jail Host B - epair0a, epair10a on the host - epair0b, epair10b on the jail What I noticed is that on both hosts, each epair interface has the same MAC address: …> (same behavior on the epair interfaces on the jail side) As you can see, the mac addresses seems to depend on the order of the creation of the epair, not on the name or address This is a potentially bad behavior, because if I want to bridge say epair1a on A with epair10a on B with a VPN or a physical connection giving 192.168.1.1 to epair1b and 192.168.1.2 to epair10b, I won't be able to make them talk to each other since they have the same MAC address. My question is: is this a bug or something I'm doing wrong? If there any workaround I can use? From the man page: Like any other Ethernet interface, an epair needs to have a network address. Each epair will be assigned a locally administered address by default, that is only guaranteed to be unique within one network stack. To change the default addresses one may use the SIOCSIFADDR ioctl(2) or ifconfig(8) utility. I thought someone patched it a few years ago to have a pseudo-random part to make collisions less likely and use the FreeBSD vendor space, but it seems that never happened for epair (or didn’t make it into the tree). ifconfig epair[ab] ether 02:xx:xx:xx:xx is your friend for now. /bz ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Duplicate MAC addresses in VNET epair interaces
Hi all, Setup: 11.0-STABLE FreeBSD 11.0-STABLE #0 r312338: Tue Jan 17 12:29:38 UTC 2017 I've set up two freebsd hosts, each of which has a single VNET jail. On each host I've created 2 epair interfaces. Host A - epair0a, epair1a on the host - epair0b, epair1b on the jail Host B - epair0a, epair10a on the host - epair0b, epair10b on the jail What I noticed is that on both hosts, each epair interface has the same MAC address: Host A: root@xxx:~ # ifconfig epair0a epair0a: flags=8843 metric 0 mtu 1500 options=8 ether 02:ff:e0:00:03:0a inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 nd6 options=29 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair root@xxx:~ # ifconfig epair1a epair1a: flags=8943 metric 0 mtu 1500 options=8 ether 02:ff:e0:00:05:0a nd6 options=29 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair Host B: root@yyy:~ # ifconfig epair0a epair0a: flags=8843 metric 0 mtu 1500 options=8 ether 02:ff:e0:00:03:0a inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 nd6 options=29 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair root@yyy:~ # ifconfig epair10a epair10a: flags=28943 metric 0 mtu 1500 options=8 ether 02:ff:e0:00:05:0a nd6 options=29 media: Ethernet 10Gbase-T (10Gbase-T ) status: active groups: epair (same behavior on the epair interfaces on the jail side) As you can see, the mac addresses seems to depend on the order of the creation of the epair, not on the name or address This is a potentially bad behavior, because if I want to bridge say epair1a on A with epair10a on B with a VPN or a physical connection giving 192.168.1.1 to epair1b and 192.168.1.2 to epair10b, I won't be able to make them talk to each other since they have the same MAC address. My question is: is this a bug or something I'm doing wrong? If there any workaround I can use? Thanks Giulio ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
