Virtual interfaces with different MAC addresses

Question

I try to figure out how to set up two logical network interfaces (at one physical interface) with separate MAC addresses on a Linux machine.

My first attempt was to use macvlan which seemed to work at first:

[root@localhost ~]# ip link add link enp0s3 name veth0 type macvlan
[root@localhost ~]# ip link set veth0 up 
[root@localhost ~]# dhclient veth0 
[root@localhost ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.6  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fe3b:d08b  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:3b:d0:8b  txqueuelen 1000  (Ethernet)
        RX packets 356  bytes 58787 (57.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 210  bytes 24203 (23.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.11  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::2462:42ff:fecb:5090  prefixlen 64  scopeid 0x20<link>
        ether 26:62:42:cb:50:90  txqueuelen 0  (Ethernet)
        RX packets 83  bytes 9099 (8.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 34  bytes 3871 (3.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

However, when scanning the local network from another machine, both interfaces (192.168.1.6 and 192.168.1.11) are shown to have the same MAC address 08:00:27:3b:d0:8b.

Any ideas if this is possible? What is the use of macvlan if I cannot use it for this purpose?

Thanks.

EDIT:

As suggested by Otheus, I tried the same as before with the settings

sysctl -w net.ipv4.conf.all.arp_ignore=1
sysctl -w net.ipv4.conf.all.arp_announce=2

This apparently makes interfaces to reply only to those arp requests explicitely directed to them.

In my setup, this led to failing DHCP requests to assign an IP address to veth0. With a static IP address on veth0, I could not reach this address from other hosts in the network (I tried arp/nmap/ping).

My (preliminary) conclusion is that it is not possible to have a virtual interface with a different MAC address on the same subnet. However, I still wonder what is the exact purpose of macvlan then, and why I see the virtual interface with its own MAC address on the local machine (where I set up the virtual interface), but not from other machines.

I think there exist a driver called `macvlan` designed for that exact purpose. — kasperd, Apr 13 '15 at 12:01

score 1 · Answer 1 · edited Apr 13 '17 at 12:37

The fact that dhclient was able to assign an IP address to veth0 indicates the separate MAC address is working as intended. How did you "Scan the network"? A better test would be this: from the second host, sniff the packets (I'm old-school and use "tcpdump -e icmp". Then from this above host, ping via each interface (ping -I lets you do this), and look at the sniffed packets's MAC addresses.

Meanwhile, there are some sysctl variables for dealing with ARP packets on virtual IP interfaces. A related post here points to this page which discusses the topic at-length. The solution may be confounded by the network switch and how it chooses to deal with one port having several directly-connected MACs.

I'm still not convinced it wasn't working in the first place. How did you determine that the 2nd MACs weren't getting used? Are you sure it's not a _routing_ problem? Again, how are you scanning the network? — Otheus, Apr 19 '15 at 08:52

Virtual interfaces with different MAC addresses

1 Answers1