694382 – bridges created by libvirtd fail to start when the bridge device name is > 11 characters

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 694382 - bridges created by libvirtd fail to start when the bridge device name is > 11 characters

Summary: bridges created by libvirtd fail to start when the bridge device name is > 11...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Laine Stump
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-07 07:34 UTC by zhanghaiyan
Modified:	2013-02-04 20:51 UTC (History)
CC List:	9 users (show)
Fixed In Version:	libvirt-0.9.1-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 11:04:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1513	0	normal	SHIPPED_LIVE	libvirt bug fix and enhancement update	2011-12-06 01:23:30 UTC

Description zhanghaiyan 2011-04-07 07:34:59 UTC

Description of problem:
bridges created by libvirtd are not started unless the host has an IP

Version-Release number of selected component (if applicable):
- libvirt-0.8.7-15.el6.x86_64
- 2.6.32-128.el6.x86_64
- qemu-kvm-0.12.1.2-2.153.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. # cat test_noip.xml 
<network>
  <name>test_noip</name>
  <uuid>9d92939c-208a-9cec-5ff9-86b6645ca2a5</uuid>
  <bridge name='test_noip_br' stp='on' forwardDelay='0' />
</network>
2. # virsh net-define test_noip.xml 
Network test_noip defined from test_noip.xml
3. # virsh net-start test_noip
error: Failed to start network test_noip
error: cannot create dummy tap device 'test_noip_br-nic' to set mac address on bridge 'test_noip_br': Invalid argument
4. # ip -o link show test_noip_br | grep -q UP && echo 'Pass' || echo 'Fail'
Device "test_noip_br" does not exist.
Fail
  
Actual results:
Failed to start a bridge when the host doesn't have an ip

Expected results:
Could start a bridge when the host doesn't have an ip like libvirt-0.8.1-27.el6.x86_64.rpm does.
# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes       
test_noip            inactive   no        

# virsh net-start test_noip
Network test_noip started

# ip -o link show test_noip_br | grep -q UP && echo 'Pass' || echo 'Fail'
Pass

Additional info:

Comment 2 RHEL Program Management 2011-04-07 07:43:47 UTC

Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Daniel Berrangé 2011-04-12 12:56:56 UTC

Looks like some oddity introduced by the new dummy tap device

Comment 5 Laine Stump 2011-04-12 21:02:25 UTC

The problem is that an interface device name can be a maximum of 15 characters long, and test_noip_br-nic is 16 characters - removing one character from the name makes it work. We should probably just use the first 11 characters or the bridge device name when creating the dummy tap interface.

Comment 6 zhanghaiyan 2011-04-13 02:16:32 UTC

According to comment 5, I removed one character from the name as below
# cat test_noip.xml
<network>
  <name>test_noip</name>
  <uuid>9d92939c-208a-9cec-5ff9-86b6645ca2a5</uuid>
  <bridge name='est_noip_br' stp='on' forwardDelay='0' />
</network>
Then could define&start the nic with libvirt-0.8.7-16.el6.x86_64, but 2 nic is generated in #ip -o link show
# virsh net-define test_noip.xml 
Network test_noip defined from test_noip.xml
# virsh net-start test_noip
Network test_noip started
# ip -o link show
....
11: est_noip_br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN \    link/ether 52:54:00:33:49:45 brd ff:ff:ff:ff:ff:ff
12: est_noip_br-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500\    link/ether 52:54:00:33:49:45 brd ff:ff:ff:ff:ff:ff

Only 1 nic is show if test with libvirt-0.8.1-27.el6.x86_64
# ip -o link show
...
14: est_noip_br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN \    link/ether 86:65:40:db:20:36 brd ff:ff:ff:ff:ff:ff

Comment 7 Daniel Berrangé 2011-04-13 11:24:40 UTC

> The problem is that an interface device name can be a maximum of 15 characters
> long, and test_noip_br-nic is 16 characters - removing one character from the
> name makes it work. We should probably just use the first 11 characters or the
> bridge device name when creating the dummy tap interface.

Just using the first N characters may introduce uniqueness problems, because it is quite common for users to have a common prefix, and a unique letter/number on the end. Chopping off the end risks removing the entire of the unique part.

It is probably better to just reduce the size of our postfix from '-nic' to a single letter 't' or 'v' or something.

And also make sure the code has an explicit name length check so we can report a clear error message to users.

Comment 9 Laine Stump 2011-04-15 04:31:49 UTC

A fix was committed upstream (see commit notice below) and a rebased version has been posted to rhvirt-patches:

   http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-April/msg00383.html

commit 020ad8d1a272a7974cdcd897706fa12744802533
Author: Laine Stump <laine>
Date:   Wed Apr 13 12:38:58 2011 -0400

    network: truncate bridges' dummy tap device names to IFNAMSIZ (15) chars
    
    This patch addresses:
    
       https://bugzilla.redhat.com/show_bug.cgi?id=694382
    
    In order to give each libvirt-created bridge a fixed MAC address,
    commit 5754dbd56d4738112a86776c09e810e32f7c3224, added code to create
    a dummy tap device with guaranteed lowest MAC address and attach it to
    the bridge. This tap device was given the name "${bridgename}-nic".
    However, an interface device name must be IFNAMSIZ (15) characters or
    less, so a valid ${bridgename} such as "verylongname123" (15
    characters) would lead to an invalid tap device name
    ("verylongname123-nic" - 19 characters), and that in turn led to a
    failure to bring up the network.
    
    The solution is to shorten the part of the original name used to
    generate the tap device name. However, simply truncating it is
    insufficient, because the last few characters of an interface name are
    often a number used to indicate one of a list of several similar
    devices (for example, "verylongname123", "verylongname124", etc) and
    simple truncation would lead to duplicate names (eg "verlongnam-nic"
    and "verylongnam-nic"). So instead we take the first 8 characters of
    $bridgename ("verylong" in the example), add on the final 3 bytes
    ("123"), then add "-nic" (so "verylong123-nic").  Not pretty, but it
    is much more likely to generate a unique name, and is reproducible
    (unlike, say, a random number).

Comment 12 zhanghaiyan 2011-05-25 10:06:17 UTC

The similar as said in comment 6, 2 nics are shown in #ip link with libvirt-0.9.1-1.el6.x86_64. I don't think it is correct because in because only 1 nic is show if test with libvirt-0.8.1-27.el6.x86_64 (please refer to comment 6)
1. # cat test_noip.xml 
<network>
  <name>test_noip</name>
  <uuid>9d92939c-208a-9cec-5ff9-86b6645ca2a5</uuid>
  <bridge name='verylongname123' stp='on' forwardDelay='0' />
</network>
2. # virsh net-define test_noip.xml 
Network test_noip defined from test_noip.xml
3. # virsh net-start test_noip
Network test_noip started
4. # ip link
....
71: verylongname123: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 52:54:00:12:75:ad brd ff:ff:ff:ff:ff:ff
72: verylong123-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
...

Comment 13 Laine Stump 2011-05-25 23:17:29 UTC

The "xxx-nic" device is a tap device created solely for the purpose of setting a fixed MAC address and attaching it to the bridge, so that the bridge will have a fixed MAC address. libvirt-0.8.1 doesn't have the code that provides a fixed MAC address for the virtual network bridge, so it will not have the "xxx-nic" tap device.

(NB: that tap device is marked as DOWN, so it won't show up in the output of "ifconfig", but of course if you uses a low level enough / verbose enough command (like "ip link") it will show up.

At any rate, the output of "ip link" in 0.8.1 is as expected, and the output in 0.9.1-1 is also as expected.

Comment 14 zhanghaiyan 2011-05-26 01:41:13 UTC

Thanks for Laine. According to comment 12 and comment 13, verified the bug pass.

Comment 18 Min Zhan 2011-07-18 07:25:20 UTC

Move to VERIFIED according to Comment 14

Comment 19 errata-xmlrpc 2011-12-06 11:04:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html

Note You need to log in before you can comment on or make changes to this bug.