Description of problem: A random MAC address is assigned to the tap device in the dom0 for hvm guests. If this MAC sorts lower than the bridge interface's MAC address, connectivity will be lost as the bridge is manipulated. In searching for a duplicate bug report before filing, I saw that there are similar reports for KVM: 571991 583139 Version-Release number of selected component (if applicable): xen-3.0.3-106.5 How reproducible: 100% Steps to Reproduce: 1. Create a hvm domU using bridged networking. 2. Examine the new tap device with ifconfig. Actual results: Random MAC address is assigned to the tap device. Expected results: A MAC address such as FE:FF:FF:FF:FF:FF should be assigned. Additional info: The /etc/xen/scripts/xen-network-common.sh script assigns FE:FF:FF:FF:FF:FF to each vif before it is added to the bridge. I believe this should also be incorporated into /etc/xen/qemu-ifup. I have made the following change and it appears to resolve the issue: --- qemu-ifup.dist 2007-05-18 09:45:21.000000000 -0500 +++ qemu-ifup 2010-12-17 06:28:41.000000000 -0600 @@ -3,7 +3,19 @@ #. /etc/rc.d/init.d/functions #ulimit -c unlimited -echo 'config qemu network with xen bridge for ' $* +echo `date +%FT%T`: config qemu network with xen bridge for $* >> /tmp/qemu-ifup.out + +dev=$1 + +# pulled from vif-bridge + +# take interface down ... +ip link set ${dev} down + +# ... and configure it +ip link set ${dev} arp off +ip link set ${dev} multicast off +ip link set ${dev} addr fe:ff:ff:ff:ff:ff ifconfig $1 0.0.0.0 up brctl addif $2 $1
xen changes bridge MAC to be equal lowest MAC of tap devices. Can you please provide scenario for lost connectivity?
An easy reproduction scenario involves the physical network adapter(s) on the bridge owning high MAC addresses. For example, in my environment I had access to a netxen 10gb adapter with a MAC address of D4:85:64:2F:7B:88. In testing, as the HVM guests were created, the tap devices were given randomly generated MAC addresses such as the following: 66:D7:0D:6C:23:E1 22:1D:53:7A:3A:B9 16:3D:40:75:D6:D7 Each time the bridge was manipulated connectivity to the dom0 and all other guests was lost. Connectivity would be re-established if the dom0 ran a command such as arping and pointed it at the default gateway. Now that I have the updated qemu-ifup script in place, tap devices are all given fe:ff:ff:ff:ff:ff and guest restarts do not impact bridge connectivity. I believe bug 571991 also documents the same scenario, but from a KVM perspective. Thanks.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
VERIFIED with xen-3.0.3-126.el5. the fix has been updated to: 533236c Generate random MAC address for tap device MAC address is generated as: mac=`printf "fe:%02x:%02x:%02x:%02x:%02x" \ $(($RANDOM % 256)) $(($RANDOM % 256)) $(($RANDOM % 256)) \ $(($RANDOM % 256)) $(($RANDOM % 256))` rather than the dummy MAC: fe:ff:ff:ff:ff:ff. FE:xx:xx:xx:xx:xx should always be larger than any bridge interface's MAC.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, a random MAC address was generated for dom0 TAP devices in HVM guests. If this address sorted above the MAC address of the bridge interface, the connectivity to the guest was lost. With this update, a dummy MAC address that is always larger than the MAC address of any bridge interface is generated instead, and this bug no longer occurs.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1070.html