[Bug 229957] [epair] MAC addresses all the same, no randomness

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jul 22 10:05:17 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229957

            Bug ID: 229957
           Summary: [epair] MAC addresses all the same, no randomness
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: ohartmann at walstatt.org

On recent CURRENT (FreeBSD 12.0-CURRENT #248 r336596: Sun Jul 22 09:31:53 CEST
2018 amd64), having vnet jails (VIMAGE kernel) owning their private epair
pseudo NIC and having their external end being part of a bridge(4), results in
a weird behaviour since CURRENT creates on ALL external parts of the epair pair
(b-part in my case) the very same MAC address! Each vnet jail then gets the
appropriate internal part of the epair pair (a-part in my case) but since I
group them on bridge(4) if-devices, then there is a MAC address problem and
this results in a very undpredictable, weirsd behaviour on FreeBSD (nothing is
reported to the console/log/kernel so far).

This is my ifconfig result after creating a bunch of epairs:


epair3b: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0b
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair52b: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0b
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair10013b: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0b
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair17b: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0b
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair10015b: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0b
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active


One of the jails:

root at ns01:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000 
        groups: lo 
enc0: flags=0<> metric 0 mtu 1536
        groups: enc 
epair3a: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0a
        inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255 
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active

And another jail on the very same bridge pseudo device:

root at db01:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000 
        groups: lo 
enc0: flags=0<> metric 0 mtu 1536
        groups: enc 
epair52a: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:48:e2:b0:8c:0a
        inet 192.168.0.52 netmask 0xffffff00 broadcast 192.168.0.255 
        groups: epair 
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active


There was an issue earlier with broken epair code on CURRENT (and prior) which
has been supposedly "fixed" a couple of time ago, but it seems the "fix" broke
more than it fixed.

I tried to solve the problem by applying manually MAC addresses via the
ifconfig "ether" option to guarantee different MACs on each collision doamain
but there is a weird behaviour now using IPFW. While the setup I use including
the workaround with the manually set "ether" on each epair works perfectly on
11.2-RELENG, I have trouble in CURRENT: Although OPEN firewall (ipfw) setting
in each jail, pinging the host owning the physical NIC which is part of the
bridge from any jail also member of the bridge doesn't work until the host
owning the physical NIC is pinging first that jail's address. I can not say
whether this is an IPFW issue or also related to the corrupt epair handling.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list