container mac addresses should use 'locally assigned' section
Bug #1660542 reported by
John A Meinel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Won't Fix
|
Medium
|
Unassigned | ||
lxd (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
We currently always prefix container MAC addresses with:
const macAddressTemplate = "00:16:
These appear to be allocated to "Xensource, Inc.".
https:/
Indicates that we should be setting the second least-significant bit (eg 0x02) to indicate that we are creating these addresses as a "network admin", and not as a Manufacturer that is guaranteeing they are globally unique.
Changed in juju-core: | |
importance: | High → Medium |
affects: | lxd → lxd (Ubuntu) |
Changed in lxd (Ubuntu): | |
status: | New → Incomplete |
To post a comment you must log in.
Copy/pasting from the e-mail I just sent you:
"""
It's a reserved prefix by Xen for use by hypervisors and has been used
by a fair number of other hypervisors and container projects who didn't
get their own allocation.
So I remember someone looking into using a different prefix in the past,
including looking into local addresses, from what I remember the issues
with them were:
- Bad rendering in dump tools as there is no OUI assignement for them
- Has a very high probability of being a higher number than a physical
MAC, which is a problem since on Linux bridges use the highest MAC as
their own and a change of MAC can stop forwarding for a few seconds.
This limitation went somewhat away with recent kernels where we can
now force the MAC regardless of slave ports.
- Some broken switches, at least back then (a few years ago) were
interpreting the local bit as meaning, switch-local and so weren't
forwarding packets coming from such a MAC (similar to if those were STP
frames).
My personal preference was for us to register a new prefix for use by
LXC containers and switch from the Xen to our own prefix everywhere in
LXC and LXD. This would avoid the problems above and after the various
OUI databases get updated, show very clearly what those MACs are in the
various network reporting tools.
I unfortunately didn't get much traction on getting that paperwork done
(and fee paid) so we've been sticking with the Xen range for now.
"""