[libvirt] RFC: Setting a permanent MAC address for virtual network bridges

[Laine Stump]

This is in reference to the following bugs that are filed against RHEL, 
but applicable to all Linux distros:

https://bugzilla.redhat.com/show_bug.cgi?id=560994
https://bugzilla.redhat.com/show_bug.cgi?id=609463

"MAC address of virtual network bridge changes when TAP devices are 
added/removed"

The problem is that the MAC address of a bridge that hasn't had its 
address specifically set, will be set to the MAC address of the first 
interface attached to it. If that interface later goes away, it will be 
set to the MAC address of another attached interface.

Daniel's comments in the bug 1) state that the MAC address of a bridge 
device must match the MAC address of one of the attached interfaces, or 
no traffic will pass, and 2) suggest creating a dummy interface that is 
created and used purely to set a fixed MAC address that won't go away 
when any guest is destroyed (because it's not associated with any guest.

I did some quick experimentation and found that:


1) It is possible to set a bridge's MAC address to something that isn't 
the address of an attached interface (although the range of numbers 
seems to be limited, at least when setting it using "ip link set virbr0 
address xx:xx:xx:xx:xx:xx - anything starting with less than "B2" was 
rejected).

2) When a bridge's MAC address is set in that way, as Daniel says, no 
traffic passes. (Why is that, anyway?)

3) If I create a tap device, set a MAC address on it, attach it to the 
bridge, and make sure the bridge is assigned that MAC address, traffic 
does pass, and when guests are destroyed and restarted, the MAC address 
of the bridge doesn't change.

So it looks like this is a viable way to solve the problem. Before 
digging into it, though, I thought I should ask if there are any 
alternate ideas, or problems that anyone sees with this approach.

Also, I'm wondering where the name and MAC address of the dummy 
interfaces should come from, and whether I need to worry about storing 
them in the network XML. So far, this is what I think on those topics:

1) the MAC address can be autogenerated if it's not in the XML, but 
needs to be saved in the XML so that it's persistent across libvirtd 
restarts.

2) the dummy interface name can just be some derivation of the bridge 
device name ("virbr0-mac"?), and probably doesn't need to be saved in 
the XML.

(Also, I just noticed the code that sets the first byte of the MAC 
address of all tap interfaces being attached to virtual network bridges 
to 0xFE. What's the story behind that? Does the bridge always take the 
numerically lowest MAC that's currently connected?)