Interface vethbe68c466 Mac doesn't match

Question

Interface vethbe68c466 Mac doesn't match

kwangabc opened this issue 5 months ago · comments

Dear cni developers, I encountered a problem when using cnitool
cnitool check mynet /var/run/netns/katanet Interface vethbe68c466 Mac doesn't match: a6:52:4d:e7:56:ab not found
But I have successfully added the network device
cnitool add mynet /var/run/netns/katanet { "cniVersion": "1.0.0", "interfaces": [ { "name": "cni0", "mac": "5e:af:9a:a2:d3:46" }, { "name": "vethbe68c466", "mac": "a6:52:4d:e7:56:ab" }, { "name": "eth0", "mac": "ae:38:d8:16:d4:ea", "sandbox": "/var/run/netns/katanet" } ], "ips": [ { "interface": 2, "address": "10.88.0.16/16", "gateway": "10.88.0.1" } ], "routes": [ { "dst": "0.0.0.0/0" } ], "dns": {}
Please tell me how should I solve this problem? Because just changing the mac address kata container network will not work in the end
Thank you very much for your answers!

kwangabc · Answer 1 · Mon Jan 15 2024 14:16:31 GMT+0800 (China Standard Time)

This problem occurred when I manually changed the MAC address
**cnitool check katanet /var/run/netns/katanet
Interface eth0 Mac 52:59:2d:7e:87:60 doesn't match container Mac: 5e:cd:4b:bf:43:8c
**

kwangabc · Answer 2 · Mon Jan 15 2024 15:39:40 GMT+0800 (China Standard Time)

When I changed the mac address of the container to be consistent with the address of eth0, I encountered this problem.
**cnitool check katanet /var/run/netns/katanet
Failed to match addr 10.88.0.2/16 on interface eth0
**

Casey Callendrello · Answer 3 · Mon Jan 15 2024 19:00:11 GMT+0800 (China Standard Time)

So, a plugin implementing CHECK is supposed to ensure the state of the system matches the CNI result that was returned. If you're manually changing the mac address after CNI ADD, then it is going to fail CHECK.

One option is to use the "tuning" chained plugin to change the mac. That will also change the returned CNI result, so that a future CHECK will succeed.

However, there are some manipulations that will never be CHECK-able. In that case, you can set the disableCheck: true field and it will cause CHECK to always return true.

kwangabc · Answer 4 · Tue Jan 16 2024 09:43:16 GMT+0800 (China Standard Time)

So, a plugin implementing CHECK is supposed to ensure the state of the system matches the CNI result that was returned. If you're manually changing the mac address after CNI ADD, then it is going to fail CHECK.

One option is to use the "tuning" chained plugin to change the mac. That will also change the returned CNI result, so that a future CHECK will succeed.

However, there are some manipulations that will never be CHECK-able. In that case, you can set the disableCheck: true field and it will cause CHECK to always return true.

Thank you very much for your answer，I found that when I executed this command
cnitool add katanet /var/run/netns/katanet
A bridge device and veth pair are created, one veth is in the host and the other veth is in netns.
Can I manually create the bridge device and veth pair in this step, and then add the container?