Bug 663933 - tap device is assigned a random MAC address that can interrupt bridge connectivity
Summary: tap device is assigned a random MAC address that can interrupt bridge connect...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen
Version: 5.5
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Miroslav Rezanina
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-17 12:33 UTC by Frank Fejes
Modified: 2011-07-21 12:00 UTC (History)
6 users (show)

Fixed In Version: xen-3.0.3-122.el5
Doc Type: Bug Fix
Doc Text:
Previously, a random MAC address was generated for dom0 TAP devices in HVM guests. If this address sorted above the MAC address of the bridge interface, the connectivity to the guest was lost. With this update, a dummy MAC address that is always larger than the MAC address of any bridge interface is generated instead, and this bug no longer occurs.
Clone Of:
Environment:
Last Closed: 2011-07-21 09:17:45 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1070 0 normal SHIPPED_LIVE xen bug fix and enhancement update 2011-07-21 09:12:56 UTC

Description Frank Fejes 2010-12-17 12:33:10 UTC
Description of problem:
A random MAC address is assigned to the tap device in the dom0 for hvm guests.  If this MAC sorts lower than the bridge interface's MAC address, connectivity will be lost as the bridge is manipulated.

In searching for a duplicate bug report before filing, I saw that there are similar reports for KVM:

571991
583139

Version-Release number of selected component (if applicable):
xen-3.0.3-106.5

How reproducible:
100%

Steps to Reproduce:
1. Create a hvm domU using bridged networking.
2. Examine the new tap device with ifconfig.
  
Actual results:
Random MAC address is assigned to the tap device.

Expected results:
A MAC address such as FE:FF:FF:FF:FF:FF should be assigned.

Additional info:
The /etc/xen/scripts/xen-network-common.sh script assigns FE:FF:FF:FF:FF:FF to each vif before it is added to the bridge.  I believe this should also be incorporated into /etc/xen/qemu-ifup.  I have made the following change and it appears to resolve the issue:

--- qemu-ifup.dist	2007-05-18 09:45:21.000000000 -0500
+++ qemu-ifup	2010-12-17 06:28:41.000000000 -0600
@@ -3,7 +3,19 @@
 #. /etc/rc.d/init.d/functions
 #ulimit -c unlimited
 
-echo 'config qemu network with xen bridge for ' $*
+echo `date +%FT%T`: config qemu network with xen bridge for $* >> /tmp/qemu-ifup.out
+
+dev=$1
+
+# pulled from vif-bridge
+
+# take interface down ...
+ip link set ${dev} down
+
+# ... and configure it
+ip link set ${dev} arp off
+ip link set ${dev} multicast off
+ip link set ${dev} addr fe:ff:ff:ff:ff:ff
 
 ifconfig $1 0.0.0.0 up
 brctl addif $2 $1

Comment 1 Miroslav Rezanina 2010-12-20 09:01:09 UTC
xen changes bridge MAC to be equal lowest MAC of tap devices. Can you please provide scenario for lost connectivity?

Comment 2 Frank Fejes 2010-12-20 19:37:52 UTC
An easy reproduction scenario involves the physical network adapter(s) on the bridge owning high MAC addresses.  For example, in my environment I had access to a netxen 10gb adapter with a MAC address of D4:85:64:2F:7B:88.  In testing, as the HVM guests were created, the tap devices were given randomly generated MAC addresses such as the following:

66:D7:0D:6C:23:E1
22:1D:53:7A:3A:B9
16:3D:40:75:D6:D7

Each time the bridge was manipulated connectivity to the dom0 and all other guests was lost.  Connectivity would be re-established if the dom0 ran a command such as arping and pointed it at the default gateway.  Now that I have the updated qemu-ifup script in place, tap devices are all given fe:ff:ff:ff:ff:ff and guest restarts do not impact bridge connectivity.

I believe bug 571991 also documents the same scenario, but from a KVM perspective.

Thanks.

Comment 5 RHEL Program Management 2011-01-11 19:48:53 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Comment 6 RHEL Program Management 2011-01-12 15:23:02 UTC
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.

Comment 9 Qixiang Wan 2011-03-30 10:08:18 UTC
VERIFIED with xen-3.0.3-126.el5.

the fix has been updated to:

533236c Generate random MAC address for tap device

MAC address is generated as:
mac=`printf "fe:%02x:%02x:%02x:%02x:%02x" \
   $(($RANDOM % 256)) $(($RANDOM % 256)) $(($RANDOM % 256)) \
   $(($RANDOM % 256)) $(($RANDOM % 256))`

rather than the dummy MAC: fe:ff:ff:ff:ff:ff.

FE:xx:xx:xx:xx:xx should always be larger than any bridge interface's MAC.

Comment 10 Tomas Capek 2011-07-13 13:28:45 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, a random MAC address was generated for dom0 TAP devices in HVM guests. If this address sorted above the MAC address of the bridge interface, the connectivity to the guest was lost. With this update, a dummy MAC address that is always larger than the MAC address of any bridge interface is generated instead, and this bug no longer occurs.

Comment 11 errata-xmlrpc 2011-07-21 09:17:45 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1070.html

Comment 12 errata-xmlrpc 2011-07-21 12:00:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1070.html


Note You need to log in before you can comment on or make changes to this bug.