Multiple permanent linux interfaces with dhcp allocated addresses

tuxRecently I have been doing some on the HP 5500EI including a port security feature limiting the number of MAC addresses to 8. This is not a difficult configuration at all – in fact it is just one command on the interface itself .

mac-address max-mac-count 5

So now with the limit in place I would like to test it. The first thought was to use Linux alias as a fast and dirty way of doing this but unfortunately I soon found out that tit doesn’t allow for the requirements I had in mind.

  • There have to be 5 or more virtual interfaces on one physical interface
  • Each virtual interface must have its own individual MAC address
  • All virtual interfaces must be getting their own IP addresses from the DHCP server
  • All the virtual interfaces must receive an IP address from the same subnet (as they as plugged into an access port)

The main issue with just aliasing the interface is that it is a L3 interface only (uses the same MAC) and definitely doesn’t allow for DHCP allocations from the same subnet. But fortunately on Linux this is not an issue and this can be done via “ip link” feature which is part of the iproute package in Debian. The usage is rather simple:

ip link add dev intX link eth0 type macvlan
ip link del dev intX link eth0 type macvlan

Where int will be name and X the number of the new interface and eth0 is the physical interface you want to bind to. This can be repeated multiple times and the MAC address will be generated randomly. There is also a way for setting it up to whatever you want by changing the syntax to this:

ip link add dev intX link eth0 address aa:aa:aa:aa:aa:aa type macvlan

If you run this couple times and get some IP addresses on those interfaces from DHCP server you will soon notice the following messages on your switches.

%Jun 7 11:03:01:411 2000 Core1 ARP/5/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict.
The device with MAC address 6e99-1b38-2b8c connected to Bridge-Aggregation2 in VLAN 100 and the device with MAC address d6b2-1ac8-9bd2 connected to Bridge-Aggregation2 in VLAN 100 are using the same IP address 10.0.3.248.

Quick check will reveal that there are no duplicate addresses assigned nor allocated so what is the system complaining about? The answer is that the defaul behavior of linux kernel is that it will repli to ARP from the first interface in the list (eth0) also it can reply from all interfaces /and or random interface making the Comware go crazy.

Fortunately this default behavior can be adjusted by the following commands:

echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 8 > /proc/sys/net/ipv4/conf/eth0/arp_announce

There has been a lot of people around the net suggesting the second value should be 5 but that didn’t work for me at all. If you want to make these changes persistent add the line with the values into /etc/sysctl.conf

There is some more explanation of the values above here

From Huawei to HP…

This post will be slightly atypical for this blog, but I think it is rather important to sum up what happened in last approximately three years. I’ll try summarize some history behind the Huawei/H3C/3Com/HP products. The reason for this “history” lesson is that quite a lot of people is confused of what was/is/will be and that is mostly thanks to communication from biased sales representatives and some strange articles that could be found on the Internet. So without further delays – let’s get to the history.

2003 – H3C Joint Venture

A this date emerging Chinese company (outside China mostly known just for its copyright war with Cisco systems) created a joint venture with and declining US company 3Com. This enterprise has a lucky beginnings – 3Com’s name was still widely known (even though the company didn’t have a new product in ages at this point) and the $160M  was a great contribution to the starting point. Huawei provided R&D, human resources and an entry point to the massive and ever hungry Chinese market. This joint venture was named H3C. There was one important glitch in the agreement though – 3com will have the option to buy majority in H3C after two years.

2006 – From Huawei to 3Com

After some negotiations the controlling 2% share in the company was bought by 3Com for $28M and later also the rest of the shares owned by Huawei were bought. And that is how 3Com became the only owner of H3C company. The sell of the remaining shares was approved on November 29, 2006. In an attempt to keep at least some control in the company Huawei tried to buy 16% share in 3Com itself. This was stopped by US authorities as they were afraid of the possibility that some strategically important data might be revealed as 3Com equipment was used by Pentagon.

After this attempt it became obvious that the relationships between Huawei and H3C will decline (even though Huawei was still the biggest customer of H3c with over 50% share). So that is the time when VRP stopped to be VRP on H3C and became Commware and that is also the time of the launch of the “metro” switching platform (also known as PTN in Huawei Optix line). To be exact last “Huawei” VRP is VRP4.x all marked as VRP5.x is Commware. This is beginning of  significant technological difference (not that there wouldn’t be any differences before – there were but rather minor in both HW so as SW) between Huawei and 3Com/H3C products.

2008 – 2010 from 3Com to HP

The H3C company helped 3Com to return into the high-end segment but also left the company without much needed cash which gradually led to talks about buyout from somebody else (in 2009 it was sure that that “somebody” will be HP). At this point Huawei started with replacement of all H3C low-end and mid-end datacom devices in its portfolio and thus returned at least two years back in development. The other thing that happened is that HP moved the unfortunate Procurve line where it belonged long time ago (via “merging the portfolios”).

Well you might ask why I wrote this article (even though I already described the reasons at the beginning).  I think it is necessary to clear out all the sales crap-talk about “continuity”, “compatibility” etc. So basically what has happened is:

Huawei has new (low-end and mid-end) datacom lines are totally separately developed and have nothing in common with their previous equipment (even though the CLI looks similar on some devices).

HP integrated the  H3C/3Com portfolios  and is leaving the Procurve line behind. Which means (at least from the looks of it) that there will be continuity of the H3C products but there seems to be no further development of the “ProCurve” line planned.

Well I hope this was informative and I promise that next time I will post something more interesting – preferably some config tutorial of some sort :)