Submitted by ghomem on Sun, 04/28/2013 - 05:01
I have as manually installed Debian VM whose network interface MAC address appears to be chancing all the time.
Inside the VM the mac address seen via ifconfig is 02:54:00:71:a0:1b.
But from time to time the arp cache on the other LAN hosts shows 02:54:00:73:6a:65.
I tried both the "assign automatically" and fixed ethernet address option with 02:54:00:71:a0:1b, but it doesn't help.
You can see that the addr has the same prefix, so it has to come from a Cloudmin VM. But no other VM has the same IP. Furthermore when the arp cache contains the wrong entry, no machine can be accessed, so it can't be a different machine.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Sun, 04/28/2013 - 12:36 Comment #1
If you set the VM to have a fixed MAC address and then check the
kvmprocess on the host system, does the MAC address appear in the command line? Also, does that fixed MAC appear in the output ofifconfig eth0run inside the VM?Submitted by ghomem on Sun, 04/28/2013 - 14:40 Comment #2
The MAC address is set to fixed and appears in the kvm command line with the same value that is seen inside the VM.
Submitted by JamieCameron on Sun, 04/28/2013 - 17:29 Comment #3
So it looks like the MAC is being set correctly then.
If you run tcpdump on traffic from the VM, is the MAC correct?
Submitted by ghomem on Mon, 04/29/2013 - 22:08 Comment #4
I see the problem. The machine has two network interfaces
192.168.5.3 with MAC 02:54:00:71:a0:1b 192.168.6.3 with MAC 52:54:00:12:34:56
and it is answering the arp query with both MACs
02:55:32.580332 arp who-has 192.168.5.3 tell 192.168.5.1 02:55:32.580874 arp reply 192.168.5.3 is-at 52:54:00:12:34:56 (oui Unknown) 02:55:32.580900 IP 192.168.5.1 > 192.168.5.3: ICMP echo request, id 59184, seq 1, length 64 02:55:32.581180 arp reply 192.168.5.3 is-at 02:54:00:71:a0:1b (oui Unknown)
But I don't see a reason for this.
Is this a problem with KVM?
Submitted by ghomem on Mon, 04/29/2013 - 22:31 Comment #5
Guys,
Please leave this on hold. I think we've been bitten by this:
https://lwn.net/Articles/45373/
I'll update the issue as soon as I am sure.
Submitted by ghomem on Tue, 04/30/2013 - 14:51 Comment #6
I was unaware that a colleague left two networks on the same switch in the temporary test setup we have at a customer. It happens that the weird implementation of ARP replies in Linux has bitten us:
https://lwn.net/Articles/45373/
I apologize for the noise, on this.
Submitted by JamieCameron on Tue, 04/30/2013 - 19:27 Comment #7
Ok, glad you got it sorted out.