Generate unique MAC for bridges used for external networking#34
Draft
Generate unique MAC for bridges used for external networking#34
Conversation
fnordahl
commented
Jan 21, 2021
lib/charms/ovn_charm.py
Outdated
| :raises: OSError | ||
| """ | ||
| with open('/etc/machine-id', 'r') as fin: | ||
| return bytearray.fromhex(fin.read().rstrip()) |
Contributor
Author
There was a problem hiding this comment.
We need to hash this, ref [0]
0: https://www.freedesktop.org/software/systemd/man/machine-id.html
lib/charms/ovn_charm.py
Outdated
| :rtype: str | ||
| """ | ||
| # initialize with 'fa:16:3e' prefix | ||
| generated = bytearray.fromhex('fa163e') |
Contributor
Author
There was a problem hiding this comment.
This matches what is typically used for virtual machines etc. We should probably use a different prefix
lib/charms/ovn_charm.py
Outdated
| # initialize with 'fa:16:3e' prefix | ||
| generated = bytearray.fromhex('fa163e') | ||
| # append last byte of bridge name | ||
| generated.append(ord(bridge_name[-1:])) |
Contributor
Author
There was a problem hiding this comment.
This may easily collide, make this byte from some sort of checksum of the bridge name
When creating a bridge in Open vSwitch, a interface representing that bridge will appear in the system. Open vSwitch will use the lowest MAC address of the interfaces added to the bridge as MAC address of the bridge representor interface. Since the advent of predictable interface naming in Linux it has become common for network configuration renderers and backends to express network configuration in such a way that users will use the MAC address of an interface to match where a certain network config belongs. These two factors together creates a situation where the backend Netplan.io configures may choose to rename and use the Open vSwitch bridge representor interface and apply network config to it instead of using the real interface. To work around this issue we generate an unique MAC address for the bridges we add physical network interfaces to. Related-Bug: #1912643
fnordahl
commented
Jan 23, 2021
| :rtype: str | ||
| """ | ||
| # prefix from the IANA 64-bit MAC Unassigned range | ||
| generated = bytearray.fromhex('b61d9e') |
Contributor
Author
There was a problem hiding this comment.
Need to review if this OUI makes sense to use, we also must make sure we set the unicast/multicast and universal/local bits correctly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When creating a bridge in Open vSwitch, a interface representing
that bridge will appear in the system. Open vSwitch will use the
lowest MAC address of the interfaces added to the bridge as MAC
address of the bridge representor interface.
Since the advent of predictable interface naming in Linux it has
become common for network configuration renderers and backends
to express network configuration in such a way that users will
use the MAC address of an interface to match where a certain
network config belongs.
These two factors together creates a situation where the backend
Netplan.io configures may choose to rename and use the Open
vSwitch bridge representor interface and apply network config to
it instead of using the real interface.
To work around this issue we generate an unique MAC address for
the bridges we add physical network interfaces to.
Related-Bug: #1912643