[xen-tools-discuss] xen-create-image (Debian Jessie, xen-tools 4.5-1) and duplicate MAC addresses

Pietro Stäheli pietro.staeheli at revamp-it.ch
Mon Feb 20 11:16:27 CET 2017 

Hi Axel

>> I would like to ask if this is intended behavior and the reasoning
>> behind doing it this way, before filing a bug report.
> 
> This is on purpose. The code makes two assumptions:
> 
> * If I regenerate a host with the same hostname/IP/DHCP, it's usually
>   a reinstallation of the same DomU and this implies that it should
>   get the same MAC address, too.
> 
>   Reasoning here: You'll get mad with MAC based security if a
>   throw-away DomU gets a new MAC address upon every reinstallation.
> 
> * Two machines running at the same time in the same LAN have never the
>   same hostname.
>

That does make sense. My network is considerably less fancy and safely
configured.

> It seems the latter is not given in your case. I must admit, I still
> can't imagine a setup where this is not given (i.e. I would have said
> the reasoning for this is "common sense" ;-), so I'd be curious about
> the setup to understand what's needed to fix this.
> 

I was holding a workshop on general server-y things in which I showed
the participants around the things that are possible with xen and
xen-tools. One of the participants seems to have just copied the command
I gave them to create a domU, which lead to the same hostname and MAC
combination being created on two different dom0's.

>> Just randomizing one octet of the MAC would make
>> running into this problem far less likely. Randomizing the addresses
>> entirely would also make them reasonably unique.
> 
> As MAC addresses are split in vendor and local part, at least the
> default should abide to common rules and always use the same vendor
> part. (It's the vendor part of The Xen Project™.

I phrased that poorly, I meant randomizing the local part only, of course.

>> Browsing through the source of xen-tools 4.7 seems to indicate that this
>> function hasn't changed in the new version either.
> 
> Nope. But there's an open issue which is about changing the logic
> behind the MAC address generation — but the idea there is to even
> remove one of the sources for generating the random part, i.e. to make
> it even less random than before:
> https://github.com/xen-tools/xen-tools/issues/33
> 
> It seems to me that we need an additional option (and configuration
> file directive) which defines how the MAC address is generated.
> 
> So please, yes, file a bug report for this issue.

Will do. Is it still preferred to report bugs through Debian's reportbug
tool? The xen-tools website seems a bit out of date, things may have
changed since the copyright notice dated 2010 ;)

I'll see if I can't hack together a possible patch for the issue myself
at some point. How hard can it be?

Regards,

Pietro

More information about the xen-tools-discuss mailing list