Sample Header Ad - 728x90

Linux Interface Mode MACVLAN with Private mode doesn't seem to work as advertised (Ubuntu)

0 votes
1 answer
2264 views
network-interface macvlan
I am trying to create virtual interfaces (type MACVLAN) such that all communication between the interfaces is sent out of the host towards the eternal default gateway. There is plenty of writeups describing "private" mode such as here > Private: Filter all incoming packets so that no MAC VLAN bound to an interface can communicate with each other (drop all packets ingressing over the interface that have a source MAC address that matches one of the MAC VLAN interfaces). I configured a couple of interfaces and it looks like the "private" mode isn't working as advertised. Am I doing something wrong? The host is Ubuntu 18.04 Bionic release. The packets are getting switched within the host ignoring the "mode private" command. It is simple to reproduce with just 4 commands. Any help would be appreciated. 
root@ubnt-bkp:/home/super# uname -a
Linux ubnt-bkp 4.15.0-96-generic #97-Ubuntu SMP Wed Apr 1 03:25:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1A ens160.3 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.3 up
root@ubnt-bkp:/home/super# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160:  mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:4f:a9:99:99:02 brd ff:ff:ff:ff:ff:ff
...
...
18: ens160.3@ens160:  mtu 1500 qdisc noqueue state UP **mode** **DEFAULT** group default qlen 1000
    link/ether 38:94:ed:99:99:1a brd ff:ff:ff:ff:ff:ff
Commands to reproduce the problem 
root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1B ens160.5 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.5 up
root@ubnt-bkp:/home/super# dhclient ens160.5
root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1C ens160.6 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.6 up
root@ubnt-bkp:/home/super# dhclient ens160.6
Then ping using -I option: 
root@ubnt-bkp:/home/super#ping -I
(replace ens160 with your ethernet interface name, e.g. eth0, when trying to reproduce)
Asked by Ricky (1 rep)
Apr 16, 2020, 05:38 AM
Last activity: Jun 17, 2025, 08:06 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "network-interface"
More questions tagged "macvlan"
Footer Ad - 728x90