Hi, I'm configuring a network namespace during bootup to be connected to the real world via a bridge. physical <-> bridge <-> veth_outside <-> veth_inside The bridge and the veth_inside are configured to retrieve IPv4 configuration via DHCP. The problem is, that the bridge gets it's MAC address either from pyhsical or from veth_outside, except that, everthing is working fine. My approach: I create the veth peer via "ip link" then I add the physical and the veth_outside to the bridge profile via "nmcli con add type bridge-slave" ... Then I modify the bridge profile adding the cloned-mac-address, and then I call "nmcli con up" on the bridge profile. In my opinion, this is the order it should be, right? But the bridge still uses either the mac address of the physical adapter or the one of the veth_outside, depening on the sort order. I wanted to change the bridge profile on disk, to have it configured before anything happens. My hope was, that it just doesn't work because I'm to late with my network namespace script. Cheers, Thilo
It is set after systemd network-pre.target and NetworkManager.service, but before network.target. I add the slaves to the bridge-connection and then I modify the connection to include the 802-3-ethernet.cloned-mac-address property. After that I bring the connection up. Is that the correct order / moment during boot-up? Or shouldn't that be a problem, anyway?I don't understand what you are doing. In NetworkManager, you commonly configure connection (profiles), and then activate them. You first set ethernet.cloned-mac-address in the profile, before activating it. The systemd target does not matter here. If you modify a profile that is already active, you need to re-activate it for the changes to take effect. This means, call `nmcli connection up "$PROFILE"` after modifying a profile.Do you have other ideas what I can try? Can I set the cloned-mac- address property permanent in a /etc/sysconfig/network-script/ifcfg- XXXX file?Sure, you can edit profiles on disk. Note that must be followed by `nmcli connection reload` for the changes to be picked up. And if the profile is currently active, you also will need to re-activate the profile too. However, there is little reason to ever edit files on disk. Just use nmcli connection modify "$PROFILE" ethernet.cloned-mac-address "$VALUE" best, ThomasCheers, Thilo Am Mittwoch, den 23.05.2018, 15:23 +0200 schrieb Thomas Haller:On Wed, 2018-05-23 at 15:08 +0200, Thomas Haller wrote:On Wed, 2018-05-23 at 07:16 +0000, thilo cestonaro ts fujitsu com wrote:Hi! I want to connect a real ethernet adapter and a virtual ethernet adapter to a bridge. The bridge itself is configured to ask a dhcp for an ip address. The problem is, that I can't tell the bridge to always use the mac address of the real ethernet adapter. Rather than it is more or less luck which one's mac address the bridge uses. Mostly the address of the virtual adapter which is not hardcoded and will be generated at every boot (which is ok, I don't want to hardcode this). Is it possible to define which slave provides the mac addr for the bridge? The first slave which is enslaved? The last slave? Or can I set a property in the slaves or bridges settings? Do I need to retrieve the mac addr of the real adapter and assign it via a script to the bridge?Hi, Which version of NetworkManager is this? I think if you configure connection.autoconnect-slaves=yes on the master, activating the master will re-activate the slaves in a defined order. With this, the slaves probably should be all connection.autoconnect=no. Then, you may also configure connection.autoconnect-priority on the slaves, to ensure that the order is as you wish. That should work, but I don't think we test this sufficiently. Hope it's not broken :)Hi, Beniamino just informed me, that this might not work. For bond and team devices, kernel chooses as MAC address the MAC address of the slave that connects first (unless explicitly configured). For bridge devices, apparently kernel chooses the MAC address of the slaves, by sorting the MAC addresses like numbers. This means, if you first activate a slave with numerically higher MAC address, then a second slave with a lower MAC address, the MAC address of the bridge master changes. The order in which slaves are enslaved does not matter. As workaround: - ensure that the slave's MAC addresses are in a way, that kernel will pic the right one. Possibly configuring ethernet.cloned-mac- adddress on the slaves. - just explicitly configure a MAC address on the bridge master, with ethernet.cloned-mac-address. best, Thomas
Attachment:
smime.p7s
Description: S/MIME cryptographic signature