From: Laine Stump
Date: 2015-04-27 21:41
To: libvirt-users
CC: Daniel P. Berrange; wh.h(a)foxmail.com
Subject: Re: [libvirt-users] How does the libvirt deal with the vnet mac address
On 04/27/2015 04:59 AM, Daniel P. Berrange wrote:
On Sun, Apr 26, 2015 at 10:51:34AM +0800, wh.h(a)foxmail.com wrote:
> How does the libvirt deal with the vnet mac address?
>
> Greetings,
> if I establish a network for the VM (hypervisor is KVM) using bridge in
> the virt-manager , a vnet0 device is created . There are some relationships
> about mac address between the vnet0 device in the hypervisor and the ethX
> device in the VM, for example :
> the mac address of vnet0 is FE:54:00:84:E3:62
> the mac address of ethX in the VM is 52:54:00:84:E3:62
> two mac addresses above are almost the same except the first part of the address .
> but if I created a tap device manually ,
> tunctl -t tap0 -u root
> brctl addif br0 tap0
> and add tap0 to the VM, I will find that mac address between the tap0 device
> in the hypervisor and the ethX device in the VM will totally different . so
> I think that libvirt must do something about the mac address handling, could
> you please kindly tell me something about this ?
When first created, the kernel assigns the tap device a completely random
MAC address. This bears no relation to the MAC address that is used in the
guest OS.
When you create a bridge device it initially has a MAC address of all zeros,
and when you add NIC devices to the bridge, its MAC address gets update to
the numerically lowest MAC address of all the NICs. The problem is that
when the kernel assigns MAC addresses randomly, one of these random MAC
address might be numerically lower than the bridge's current MAC address.
So the effect is that when you start/stop guests, and their TAP devices
get added/removed from the bridge, the bridge's own MAC address will
occassionally change which is a bad thing.
So deal with this, libvirt will set all guest TAP devices so that they
have a MAC address with 0xFE as the first byte. The real physical NIC
added to the bridge is thus guaranteed to have a smaller MAC address,
and so the bridge will permanently use the MAC address of the physical
NIC, which is what we want.
For bridges which do not have any physical NIC, libvirt will create a
dummy TAP device, not connected to any guest, and give it a small MAC
address. This ensures again ensures the bridge MAC address won't change
when guests start/stop.
> How does the libvirt establish the arp table in the hypervisor if the
> vnet0 device in the hypervisor and the ethX device in the VM is
> different?
The MAC address of the TAP device is actually totally irrelevant for
the ARP table maintenance.
If a packet arrives on the bridge and the IP doesn't have a ARP table
mapping, the bridge will just send it to all connected TAP devices.
When a packet arrives from a guest TAP, the source MAC address will
be used to populate the ARP table.
In neither case does the MAC address of the TAP device itself have
any involvement.
The only time the TAP device MAC address has any effect is when
the kerenel auto-assigns a MAC to the bridge device as explained
above.
> If I want to create tap device manually , how should I deal
> with the mac address ?I have setup the mac address of the
> tap0 device in the hypervisor and the ethX device in the VM
> in the same way with libvirt , but the network of VM cannot
> work.
As mentioned above, the TAP device MAC can be pretty much anything,
but we'd recommend using 0xFE as the first byte.
Along with everything that Dan has explained, it's important to also
know that it is essential the tap device's MAC address be different from
the MAC address used by the guest. The reason is that the tap device
will not forward a packet to the other side of itself if it sees a
destination MAC address matching its own - it will think that the packet
must be intended for local delivery; this is another reason that libvirt
replaces the 1st byte of the guest address with 0xFE when setting the
tap device address.
(This is in contrast to macvtap devices, which *do* match the MAC
address used by the guest.)
(...and I'm still curious why you are choosing to do all of this
yourself rather than just letting libvirt deal with it. Is there some
functionality you need that libvirt can't supply?)
/**********************************************/
Thanks a lot for your reply!
The reason is that only the command scripts can be integrated to the upper layer
software which is designed by workmates.
I remain puzzled about :
"it's important to also know that it is essential the tap device's MAC
address be different from
the MAC address used by the guest. The reason is that the tap device
will not forward a packet to the other side of itself if it sees a
destination MAC address matching its own"
Does "the other side" mean :
one side is ethx in the VM, the other side is tap device in the hypervisor?
But , these two devices is actually the same one . If package is received in the ethx
device in the VM , the package also arrives at the tap device in the hypervisor at the
same time , doesn't it ?
weihua
wh.h(a)foxmail.com