I have a Raspberry Pi OS Lite system installed. It has the following interfaces available

ip l                                                                                                        
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00                        
2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
       link/ether bd:1e:96:ac:a3:40 brd ff:ff:ff:ff:ff:ff                           
3: wlan0:  mtu 1500 qdisc noop state DOWN mode DORMANT group default qlen 1000
       link/ether 29:a8:78:cd:57:6d brd ff:ff:ff:ff:ff:ff

I need to create a virtual interface type macvlan. I have a question about how to implement this correctly. I have three options. 1. Add to the file /etc/network/interfaces

auto lan0                                                                           
   iface lan0 inet dhcp                                                                
        pre-up ip link set eth0 up                                                  
        pre-up ip link add link eth0 $IFACE type macvlan                            
        post-down ip link delete $IFACE type macvlan

2. Create a file named lan0 in the /etc/network/interfaces.d directory with the following content

auto lan0                                                                           
    iface lan0 inet dhcp                                                                
        pre-up ip link set eth0 up                                                  
        pre-up ip link add link eth0 $IFACE type macvlan                            
        post-down ip link delete $IFACE type macvlan

3. Create a file named lan0 in the /etc/network/if-up.d directory with the following content

#!/bin/sh                                                                        
                                                                                 
   IPBIN=/usr/sbin/ip                                                               
   test -x $IPBIN || exit 0                                                         
   [ "$IFACE" != "eth0" ] && exit 0                                                 
                                                                                 
   $IPBIN link add link $IFACE lan0 type macvlan                                    
   $IPBIN link set dev lan0 up

However, in option 3, the IP address is not obtained automatically.

I am trying to create virtual interfaces (type MACVLAN) such that all communication between the interfaces is sent out of the host towards the eternal default gateway. There is plenty of writeups describing "private" mode such as here > Private: Filter all incoming packets so that no MAC VLAN bound to an interface can communicate with each other (drop all packets ingressing over the interface that have a source MAC address that matches one of the MAC VLAN interfaces). I configured a couple of interfaces and it looks like the "private" mode isn't working as advertised. Am I doing something wrong? The host is Ubuntu 18.04 Bionic release. The packets are getting switched within the host ignoring the "mode private" command. It is simple to reproduce with just 4 commands. Any help would be appreciated.

root@ubnt-bkp:/home/super# uname -a
Linux ubnt-bkp 4.15.0-96-generic #97-Ubuntu SMP Wed Apr 1 03:25:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1A ens160.3 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.3 up
root@ubnt-bkp:/home/super# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160:  mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:4f:a9:99:99:02 brd ff:ff:ff:ff:ff:ff
...
...
18: ens160.3@ens160:  mtu 1500 qdisc noqueue state UP **mode** **DEFAULT** group default qlen 1000
    link/ether 38:94:ed:99:99:1a brd ff:ff:ff:ff:ff:ff

Commands to reproduce the problem

root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1B ens160.5 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.5 up
root@ubnt-bkp:/home/super# dhclient ens160.5
root@ubnt-bkp:/home/super# ip link add link ens160 address 38:94:ed:99:99:1C ens160.6 type macvlan mode private
root@ubnt-bkp:/home/super# ip link set ens160.6 up
root@ubnt-bkp:/home/super# dhclient ens160.6

Then ping using -I option:

root@ubnt-bkp:/home/super#ping -I

(replace ens160 with your ethernet interface name, e.g. eth0, when trying to reproduce)

I'm trying to make persistent some ip links settings on ubuntu 22.04 desktop. Commands below works fine but are not persistent:

ip link add mynet-shim link eno1 type macvlan  mode bridge
ip addr add 192.168.1.223/32 dev mynet-shim
ip link set mynet-shim up
ip route add 192.168.1.192/27 dev mynet-shim

I have tried using nmcli but it seems macvlan bridge is not available. Do you have any idea or a tutorial explaining how to proceed?

I would like to create a nspawn container connected to the network via macvlan and dhcp. All documentation I have found were very instructive but did not offer a step by step procedure for this setup. What I did so far was to create the container (debian base) using debootstrap including systemd-container: debootstrap --arch=armhf --include=systemd-container stretch /var/lib/machines/raspbian-09 http://archive.raspbian.org/raspbian **Native host network** running: systemd-nspawn -b -M raspbian-09 or machinectl raspbian-09 with the unit file /etc/systemd/nspawn/raspbian-09.nspawn containing: [Exec] Boot=true PrivateUsers=no [Network] Private=no VirtualEthernet=no In both cases, the network connection is fine. **Macvlan** For the macvlan, I either run the command: systemd-nspawn -b -M raspbian-09 --network-macvlan=eth0 or machinectl raspbian-09 with the unit file /etc/systemd/nspawn/raspbian-09.nspawn containing: [Exec] Boot=true PrivateUsers=no [Network] MACVLAN=eth0 In both cases, the connection to the network does not work. Within the container, I can see that an interface mv-eth0 is created: # networkctl IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 mv-eth0 ether degraded configuring however, there is no ipv4 address: # ip a mv-eth0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link valid_lft forever preferred_lft forever What other configurations on the host and container should be made?

I want to implement VRRP on layer 3 switch, but I don't know how to implement it. I have followed these steps to set macvlan , but it still doesn't work. I try to narrow the scope of this issue and I find that the switch0 can't ping to virtual ip address and vice versa. multilayer switch0 configuration:

Switch#configure t
Switch(config)#in vlan 30
Switch(config-if)#ip addr 192.168.30.29 255.255.255.0
Switch(config-if)#vrrp 30 ip 192.168.30.1
Switch(config-if)#exit
Switch(config)#in fastEthernet 0/1
Switch(config-if)#switchport access vlan 30

----------------below operations are for macvlan------------------
ip link set vlan30 promisc on
ip link add link vlan30 name vrid30 address 00:00:5e:00:01:1e type macvlan mode bridge
ip addr add 192.168.30.1/24 broadacst 192.168.30.255 dev vrid30
ip link set dev vrid30 up

multilayer switch1 configuration:

Switch#configure t
Switch(config)#in vlan 30
Switch(config-if)#ip addr 192.168.30.69 255.255.255.0
Switch(config-if)#vrrp 30 ip 192.168.30.1
Switch(config-if)#exit
Switch(config)#in fastEthernet 0/1
Switch(config-if)#switchport access vlan 30

----------------below operations are for macvlan------------------
ip link set vlan30 promisc on
ip link add link vlan30 name vrid30 address 00:00:5e:00:01:1e type macvlan mode bridge
ip addr add 192.168.30.1/24 broadacst 192.168.30.255 dev vrid30
ip link set dev vrid30 up

switch0 configuration:

Switch#configure t
Switch(config)#in vlan 30
Switch(config-if)#ip addr 192.168.30.73 255.255.255.0
Switch(config-if)#exit
Switch(config)#in fastEthernet 0/1
Switch(config-if)#switchport access vlan 30
Switch(config-if)#exit
Switch(config)#in fastEthernet 0/2
Switch(config-if)#switchport access vlan 30
Switch(config-if)#exit
Switch(config)#in fastEthernet 0/3
Switch(config-if)#switchport access vlan 30
Switch(config-if)#exit

topology

I simply need to dedicate 1 host physical port to 1 virtual port of guest without help of libvirt. Host has: - 2 physical interfaces: eth0 and eth1 - 1 virtual bridge(vmbr0), that include virtual interfaces of all VMs - **eth0 is in bridge mode with vmbr0**. Thanks to that all guests and host are in the same subnet (192.168.247.0/24). Here is my config of /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet manual iface eth1 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.247.2 netmask 255.255.255.0 gateway 192.168.247.1 bridge_ports eth0 bridge_stp off bridge_fd 0 eth1 must be connected to ISP modem. So eth1 will be exit to internet. I want to dedicate eth1 to virtual firewall that is one of the virtual machines in the host. And virtual firewall will do all routing job, not the host. As far as I see for that task I must to use MacVTap (macvlan), but all guides that I saw was for KVM+libvirt, **and I don't have libvirt!** There is Proxmox who is doing all "user friendly tasks" As you can see bellow right now there is only 1 VM enabled, it's interfaces tap101i0 and tap101i1, where tap101i0 suppose to be in vmbr0 and share the same subnet mask as eth0 of the host. And tap101i1 must be 100% bound with eth1 of the host, so it will be exit to internet. 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 link/ether 00:15:17:50:95:66 brd ff:ff:ff:ff:ff:ff 3: eth1: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:15:17:50:95:67 brd ff:ff:ff:ff:ff:ff 6: tap101i0: mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 06:97:77:30:cc:a7 brd ff:ff:ff:ff:ff:ff 7: tap101i1: mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000 link/ether ce:b4:f3:40:38:0d brd ff:ff:ff:ff:ff:ff 8: vmbr0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 00:15:17:50:95:66 brd ff:ff:ff:ff:ff:ff

I setup a macvtap interface like this: ip link add link eth0 vlan type macvlan mode bridge ip address add 10.0.0.17 dev vlan ip link set dev vlan up ip route flush dev eth0 ip route flush dev vlan ip route add 10.0.0.0/24 dev vlan metric 0 ip route add default via 10.0.0.1 ip link add link eth0 name vtap address xx:xx:xx:xx:xx:xx type macvtap mode bridge ip link set vtap up ip address flush eth0 ip address flush vtap dhclient -v vtap ip address flush vtap And it works fine for a couple of hours. But after that, any connections to the DHCP (macvtap) IP will start going to the host machine instead. So if I connect to the IP at port 80 for example, I will see a page served by the host instead of the VM. I am trying to understand why it stops working. At first I thought maybe the DHCP lease expired, and dhclient is not renewing it. But the leasetime is 24 hours, and this problem starts earlier than that, sometimes in less than 10 hours. So what can be causing the macvtap interface to stop working?

I want to ask about network options on virt-manager. I used to have the options shown in the given picture host device eth0 : macvtap host device wlan0 : macvtap and I would see the eth0 and wlan0 interfaces when I want to forward NAT to eth0 in virt-manager when adding a new virtual network. I'm on Debian 11 after installing qemu kvm virt-manager and the extras and everything related sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin virt-manager libspice-client-glib-2.0 libspice-client-gtk-3.0 qemu-utils sudo adduser $USER libvirt-qemu sudo adduser $USER libvirt sudo modprobe macvtab macvlan but still after restart, the macvtap options are not there whatever I do. Of course, I enabled macvtab in the kernel and even if I add it using: ip link add link eth0 name macvtap0 type macvtap mode bridge/or vepa / or passthrough still doesn't show. eth0 and wlan0 options or other interfaces like proton0 [created by ProtonVPN] or tun0 created by OpenVPN do not show up when I try to create a new virtual network on virt-manager and forward NAT to any of these interfaces. What's the problem here? How can I get these options again?

While working on some unit test code that basically sends raw Ethernet packets from one MACVLAN to another MACVLAN (virtual) network interface I noticed that most of the time the test code fails to receive any of the packets sent from the first to the second MACVLAN. Using Wireshark I could see that the packets leave the first MACVLAN, but never reach the second MACVLAN or the listening raw socket. Only in a few odd instances do any packets go through at all -- without any change in the test code. The host system is Ubuntu 22.10 (kernel 5.19.0-38-generic) with **systemd** and **network manager**. Only after some time systemd-resolved, systemd-networkd and network manager arose my suspicion. By running the test in its own isolated transient network namespace I could successfully establish that out of the reach of these host services the test always correctly succeeds. Suspecting network manager -- even if nmcli device status tells me that the virtual dummy and MACVLAN interfaces are "unmanaged -- I found https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.conf.html and then added wildcards for unmanaged devices:

[keyfile]
unmanaged-devices=interface-name:docker*;interface-name:br-*;interface-name:veth*;interface-name:mcvl-*;interface-name:dumy-*

Unfortunately, this didn't improve the situation and the test was still failing on almost every run (even after restarting network manager multiple times and making sure that the config file is correct). In Wireshark I noticed MDNS broadcasts on the MACVLAN network interfaces where there shouldn't be any. How can I tell both systemd's networkd as well as resolved to keep their dirty paws off any virtual network interface, especially dummy, MACVLAN and VETH network interfaces? I searched for configuration options but couldn't find anything suitable. Any idea how to keep systemd's component off of things they should never touch in the first place? The following is a Ginkgo/Gomega-based unit test that reproduces the situation.

package pingpong

import (
	"bytes"
	"context"
	"fmt"
	"net"
	"os"
	"strings"
	"time"

	"github.com/mdlayher/ethernet"
	"github.com/mdlayher/packet"
	"github.com/thediveo/notwork/dummy"
	"github.com/thediveo/notwork/link"
	"github.com/thediveo/notwork/macvlan"
	"github.com/thediveo/notwork/netns"
	"github.com/vishvananda/netlink"

	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"
	. "github.com/thediveo/success"
)

func TestPingPong(t *testing.T) {
	RegisterFailHandler(Fail)
	RunSpecs(t, "pingpong package")
}

const (
	experimentalEthType = 0xffee // something (hopefully) unused
	pings               = 10
	pingInterval        = 100 * time.Millisecond
)

var payload = bytes.Repeat([]byte("HELO"), 100)

var _ = Describe("pingponging netdevs", Ordered, func() {

	BeforeAll(func() {
		if os.Geteuid() != 0 {
			Skip("needs root")
		}
	})

	DescribeTable("virtual network pingpong",
		func(ctx context.Context, dropall bool) {
			// By("creating a new network namespace")
			// defer netns.EnterTransientNetns()()

			By("creating two MACVLANs connected via a dummy network interface")
			dummy := dummy.NewTransientUp()
			macvlan1 := macvlan.NewTransient(dummy)
			netlink.LinkSetUp(macvlan1)
			macvlan2 := macvlan.NewTransient(dummy)
			netlink.LinkSetUp(macvlan2)

			macvlan1 = Successful(netlink.LinkByIndex(macvlan1.Attrs().Index))
			mac1 := macvlan1.Attrs().HardwareAddr

			macvlan2 = Successful(netlink.LinkByIndex(macvlan2.Attrs().Index))
			mac2 := macvlan2.Attrs().HardwareAddr

			Expect(mac1).NotTo(Equal(mac2))

			By(fmt.Sprintf("waiting for MACVLANs (%s-%s, %s-%s) to become operationally UP",
				macvlan1.Attrs().Name, macvlan1.Attrs().HardwareAddr.String(),
				macvlan2.Attrs().Name, macvlan2.Attrs().HardwareAddr.String()))
			link.EnsureUp(macvlan1)
			link.EnsureUp(macvlan2)

			By("opening data-link layer sockets")
			txconn := Successful(packet.Listen(
				&net.Interface{Index: macvlan1.Attrs().Index}, packet.Raw, experimentalEthType, nil))
			defer txconn.Close()
			rxconn := Successful(packet.Listen(
				&net.Interface{Index: macvlan2.Attrs().Index}, packet.Raw, experimentalEthType, nil))
			defer rxconn.Close()

			ctx, cancel := context.WithCancel(ctx)
			defer cancel()

			By("sending data-link layer PDUs")
			go func() {
				defer cancel()
				defer GinkgoRecover()
				f := ethernet.Frame{
					Destination: mac2,
					Source:      mac1,
					EtherType:   experimentalEthType,
					Payload:     payload,
				}
				frame := Successful(f.MarshalBinary())
				toAddr := packet.Addr{HardwareAddr: mac2}
				for i := 0; i =", len(payload)))
				Expect(f.Payload[:len(payload)]).To(Equal(payload))
				received++
			}

			if !dropall {
				Expect(received).To(BeNumerically(">=", (2*pings)/3), "too much packet loss")
			} else {
				Expect(received).To(BeZero())
			}

		},
		Entry("receives passed-on packets", false),
	)

})

I have a use case to create multiple MACVLAN devices from the same physical ethernet device. The requirement is also that some MACVLANs could offer jumbo packets (MTU=9215) and some disallow jumbo packets and support only small frames. I kept MTU=9000 for the physical device, and created required MACVLAN device. Noticed that MACVLAN device by default got the MTU of 9000 and were also working fine with jumbo frames (tested via ping with jumbo packets).. but then post changing the MTU of the MACVLan to 1500, it kept on working fine with jumbo frames. Below example shows just one MACVLAN

`
$ ip link add K9AT9i1G2x link eth6 type macvlan mode bridge
$ ip link set dev K9AT9i1G2x mtu 1500
$ ip a
123: eth6:  mtu 9000 qdisc mq state UP group default qlen 1000
    link/ether 00:60:16:a6:90:3a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::260:16ff:fea6:903a/64 scope link
       valid_lft forever preferred_lft forever

129: K9AT9i1G2x@eth6:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ba:c7:36:3f:9a:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.40/21 scope global K9AT9i1G2x
       valid_lft forever preferred_lft forever
    inet6 fe80::b8c7:36ff:fe3f:9a76/64 scope link
       valid_lft forever preferred_lft forever

` Below ping worked, even though MTU of macvlan device is set to 1500 -

`
 # ping -c 3 -M do -s 8972 192.168.15.40

PING 192.168.15.40 (192.168.15.40) 8972(9000) bytes of data.
8980 bytes from 192.168.15.40: icmp_seq=1 ttl=64 time=27.0 ms
8980 bytes from 192.168.15.40: icmp_seq=2 ttl=64 time=0.955 ms
8980 bytes from 192.168.15.40: icmp_seq=3 ttl=64 time=5.33 ms

--- 192.168.15.40 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.955/11.098/27.009/11.391 ms

` Can somebody please suggest, how do I restrict only smaller packet transport in this case ?

I need to config two different MAC and IP addresses on the same physical device (eth1). But when I configure a macvlan interface in the default/global namespace and configure a vlan on top of it. I can ping the vlan IP address directly from a external host, without tagging it (ping). But on the other side: tagged pings does not work. The same happens when I set up the network configuration in a non-global/non-default namespace. ip addr add 169.254.255.126/16 dev eth1 ip link set dev eth1 up # ping 169.254.255.126 # PING from external host is working: fine ip link add macvlan link eth1 type macvlan mode bridge ip addr add 169.254.255.127/16 dev macvlan ip link set dev macvlan up # ping 169.254.255.127 # PING from external host is working: fine ip link add link macvlan name vlan2 type vlan id 2 ip addr add 169.254.255.128/16 dev vlan2 ip link set dev vlan2 up # ping 169.254.255.128 # PING from external host works without vlan tag: FAIL # ping 169.254.255.128 -I VLAN2 # no PING response external host with vlan tag: FAIL **So how can I set up two virtual interfaces (different MAC+IP) on the same physical interface in its global/default namespace, which are acting like real devices?** Optional: If global is no option, namespaces are acceptable. FYI: I tested it on UBUNTU 18.04 with kernel 5.4 and also an embedded buildroot system with kernel 4.9 (both times, same result).

I have set up macvlan in a namespace on a server. I can ping accross default namespace and macvlan namespace, i can even ping the macvlan namespace from any other client in the LAN. But DNS is not working. What do I have to configure additionally? pi@testpi:~ $ ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether b8:27:eb:98:70:4b brd ff:ff:ff:ff:ff:ff inet 192.168.100.222/24 brd 192.168.100.255 scope global dynamic noprefixroute eth0 valid_lft 84768sec preferred_lft 73968sec inet6 fe80::247e:fd3c:36d7:68f5/64 scope link valid_lft forever preferred_lft forever 4: hostmacvlanben0@eth0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether b8:27:eb:98:70:4c brd ff:ff:ff:ff:ff:ff inet 192.168.100.222/24 scope global noprefixroute hostmacvlanben0 valid_lft forever preferred_lft forever inet 192.168.100.174/24 brd 192.168.100.255 scope global secondary dynamic noprefixroute hostmacvlanben0 valid_lft 84792sec preferred_lft 73992sec inet6 fe80::8d5f:20a4:abba:2d1c/64 scope link valid_lft forever preferred_lft forever inet6 fe80::ba27:ebff:fe98:704c/64 scope link valid_lft forever preferred_lft forever pi@testpi:~ $ ip r default via 192.168.100.1 dev eth0 proto dhcp src 192.168.100.222 metric 202 default via 192.168.100.1 dev hostmacvlanben0 proto dhcp src 192.168.100.174 metric 204 192.168.100.0/24 dev eth0 proto dhcp scope link src 192.168.100.222 metric 202 192.168.100.0/24 dev hostmacvlanben0 proto dhcp scope link src 192.168.100.174 metric 204 192.168.100.224 dev hostmacvlanben0 scope link Output for the namespace nsben1: pi@testpi:~ $ sudo ip netns exec nsben1 ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 3: macvlanclient1@if2: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether b8:27:eb:98:70:4d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.100.224/24 scope global macvlanclient1 valid_lft forever preferred_lft forever inet6 fe80::ba27:ebff:fe98:704d/64 scope link valid_lft forever preferred_lft forever pi@testpi:~ $ sudo ip netns exec nsben1 ip r default via 192.168.100.1 dev macvlanclient1 192.168.100.0/24 dev macvlanclient1 proto kernel scope link src 192.168.100.224 Ping IP works, ping URL does not work: pi@testpi:~ $ sudo ip netns exec nsben1 ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=23.0 ms ^[[A64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=24.3 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 2ms rtt min/avg/max/mdev = 23.003/23.667/24.332/0.682 ms pi@testpi:~ $ sudo ip netns exec nsben1 ping google.com ping: google.com: Temporary failure in name resolution traceroute does not give any hints: pi@testpi:~ $ sudo ip netns exec nsben1 traceroute google.com google.com: Temporary failure in name resolution Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1) My /etc/resolv.conf is: pi@testpi:~ $ cat /etc/resolv.conf # Generated by resolvconf nameserver 192.168.100.1 192.168.100.1 is the edge-router in my private LAN. I then have a cable modem from the ISP, also. ----- **Checking with tcpdump** on the IP of the macvlan namespace nsben1 and then pinging from inside the namespace to 8.8.8.8 results in getting some answer back: pi@testpi:~ $ sudo tcpdump --interface eth0 host 192.168.100.224 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:43:45.417310 IP 192.168.100.224 > dns.google: ICMP echo request, id 20611, seq 1, length 64 15:43:45.440190 IP dns.google > 192.168.100.224: ICMP echo reply, id 20611, seq 1, length 64 15:43:46.418707 IP 192.168.100.224 > dns.google: ICMP echo request, id 20611, seq 2, length 64 15:43:46.440392 IP dns.google > 192.168.100.224: ICMP echo reply, id 20611, seq 2, length 64 and pinging to www.google.com is not getting any answer. It is pinging to 8.8.1.1 which I don't understand (note that pinging 8.8.1.1 directly is also not getting any answer): 15:44:13.988596 IP 192.168.100.224.45822 > 8.8.1.1.domain: 22489+ A? google.com. (28) 15:44:13.989314 IP 192.168.100.224.45822 > 8.8.1.1.domain: 25561+ AAAA? google.com. (28) 15:44:18.994541 IP 192.168.100.224.45822 > 8.8.1.1.domain: 22489+ A? google.com. (28) 15:44:18.994660 IP 192.168.100.224.45822 > 8.8.1.1.domain: 25561+ AAAA? google.com. (28) ----- **I used edited /etc/dhcpcd.conf** to change the nameserver from 192.168.100.1 to 8.8.8.8 and restarted the service. Now resolv.conf shows nameserver 8.8.8.8 but still the behaviour is the same.

I created a macvlan interface with eth0 as the parent interface. I can see NS for eth0 and NA msgs from eth0 but not for macvlan interface. However when I ping the gateway from macvlan, then NS msgs are seen for macvlan but macvlan is not responding with NA. What configuration would help resolve this? I want to see periodic NS and NA msgs for macvlan the way I am seeing for eth0 currently. There are no namespaces created. I am working in global namespace itself. Also in order to ping to the gateway from macvlan I had to put "iface lo inet6 loopback" in /etc/network/interfaces file. Otherwise, ping6 kept on changing source into whenever I tried to explicitly put macvlan using -I in ping6. Ping6 from macvlan to eth0 is also not working. Ping6 always changes the source address with msg like -> "Warning: source address might be selected on a device other than macvlan1." To reproduce the issue checkout below snippets:

ubuntu@vm0:~$ uname -r
3.13.0-36-generic

ubuntu@vm0:~$ ip -6 link                                                            
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 02:ec:39:e5:22:50 brd ff:ff:ff:ff:ff:ff
3: macvlan1@eth0:  mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/ether ce:99:a8:33:1e:5d brd ff:ff:ff:ff:ff:ff

ubuntu@vm0:~$ ip -6 address
1: lo:  mtu 65536 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qlen 1000
    inet6 2001:db8::3/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::ec:39ff:fee5:2250/64 scope link 
       valid_lft forever preferred_lft forever
3: macvlan1@eth0:  mtu 1500 
    inet6 2001:db8::8/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::cc99:a8ff:fe33:1e5d/64 scope link 
       valid_lft forever preferred_lft forever

ubuntu@vm0:~$ ip -6 route
2001:db8::/64 dev macvlan1  proto kernel  metric 256 
2001:db8::/64 dev eth0  proto kernel  metric 256 
2001:db8::/48 dev eth0  proto kernel  metric 256 
2001:db8::/48 dev macvlan1  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev macvlan1  proto kernel  metric 256 
default via 2001:db8::1 dev eth0  metric 1 
default via fe80::ec:39ff:fee5:22 dev eth0  metric 1024

ubuntu@vm0:~$ ip -6 neighbor
2001:db8::1 dev macvlan1 lladdr 00:00:5e:00:01:00 router REACHABLE
2001:db8::1 dev eth0 lladdr 00:00:5e:00:01:00 router STALE
2001:db8::2 dev macvlan1  router FAILED
fe80::5e00:100 dev macvlan1 lladdr 00:00:5e:00:01:00 router STALE
fe80::5e00:100 dev eth0 lladdr 00:00:5e:00:01:00 router STALE
2001:db8::2 dev eth0 lladdr 00:00:5e:00:01:00 router DELAY
2001:db8::9 dev macvlan1 lladdr 6a:25:a8:4e:23:5d STALE

When trying to ping eth0 from macvlan, ping6 changes the source with below warning:

ubuntu@vm0:~$ ping6 2001:db8::3 -I macvlan1
ping6: Warning: source address might be selected on device other than macvlan1.
PING 2001:db8::3(2001:db8::3) from 2001:db8::3 macvlan1: 56 data bytes
64 bytes from 2001:db8::3: icmp_seq=1 ttl=64 time=4.41 ms
64 bytes from 2001:db8::3: icmp_seq=2 ttl=64 time=0.548 ms
64 bytes from 2001:db8::3: icmp_seq=3 ttl=64 time=0.628 ms
64 bytes from 2001:db8::3: icmp_seq=4 ttl=64 time=0.546 ms
^C
--- 2001:db8::3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3053ms
rtt min/avg/max/mdev = 0.546/1.534/4.417/1.665 ms

Ping to gateway works from macvlan

ubuntu@vm0:~$ ping6 2001:db8::1 -I macvlan1
PING 2001:db8::1(2001:db8::1) from 2001:db8::8 macvlan1: 56 data bytes
64 bytes from 2001:db8::1: icmp_seq=2 ttl=255 time=3.50 ms
64 bytes from 2001:db8::1: icmp_seq=3 ttl=255 time=1.63 ms
64 bytes from 2001:db8::1: icmp_seq=4 ttl=255 time=2.54 ms
64 bytes from 2001:db8::1: icmp_seq=5 ttl=255 time=1.26 ms
^C
--- 2001:db8::1 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4041ms
rtt min/avg/max/mdev = 1.261/2.237/3.501/0.867 ms

tcpdump on eth0 looks like this

ubuntu@vm0:~$ sudo tcpdump -eni eth0 ip6
11:45:39.281934 00:00:5e:00:01:00 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::5e00:100 > ff02::1: ICMP6, router advertisement, length 56
11:45:40.105204 00:00:5e:00:01:00 > 33:33:ff:00:00:03, ethertype IPv6 (0x86dd), length 86: 2001:db8::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2001:db8::3, length 32
11:45:40.105975 02:ec:39:e5:22:50 > 00:00:5e:00:01:00, ethertype IPv6 (0x86dd), length 86: 2001:db8::3 > 2001:db8::2: ICMP6, neighbor advertisement, tgt is 2001:db8::3, length 32

but no NS for macvlan

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on macvlan1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:48:09.316865 00:00:5e:00:01:00 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::5e00:100 > ff02::1: ICMP6, router advertisement, length 56
11:48:10.197974 00:00:5e:00:01:00 > 33:33:ff:00:00:03, ethertype IPv6 (0x86dd), length 86: 2001:db8::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2001:db8::3, length 32
11:48:20.220753 00:00:5e:00:01:00 > 33:33:ff:00:00:03, ethertype IPv6 (0x86dd), length 86: 2001:db8::2 > ff02::1:ff00:3: ICMP6, neighbor solicitation, who has 2001:db8::3, length 32

I'm running Ubuntu 18.04, Linux kernel 5.4.0. My laptop has local IP address 192.168.0.130:

$ sudo ip addr show dev wlp2s0
3: wlp2s0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7c:2a:31:09:3e:e0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.130/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp2s0
       valid_lft 2782sec preferred_lft 2782sec
    inet6 fe80::b375:a43d:9705:556a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

The routing table looks like:

$ sudo ip route
default via 192.168.0.1 dev wlp2s0 proto dhcp metric 600 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.130 metric 600

I want to use an additional IP address visible for other hosts on the local network (e.g. 192.168.0.12). It works like this:

$ sudo ip addr add 192.168.0.95/24 dev wlp2s0
$ ssh 192.168.0.12 ping 192.168.0.95
...
64 bytes from 192.168.0.95: ...
(works)
^C
$ sudo ip addr del 192.168.0.95/24 dev wlp2s0

Now, I want to move this IP address to a separate network namespace called net5, like this:

$ sudo ip netns add net5
$ sudo ip link add link wlp2s0 name net5in type macvlan
$ sudo ip link set net5in netns net5
$ sudo ip netns exec net5 ip addr add 192.168.0.95/24 brd + dev net5in
$ sudo ip netns exec net5 ip link set net5in up
$ ssh 192.168.0.12 ping 192.168.0.95
...
From 192.168.0.95: ... Destination Host Unreachable
(doesn't work)
^C
$ sudo ip netns add net5

**How can this be fixed so that the ping above works?** I was following these tutorials: * https://serverfault.com/a/900666 : ping doesn't work. * https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/ recommends *docker network create*, but I don't have Docker, and I want to make it work without Docker. * https://sreeninet.wordpress.com/2016/05/29/macvlan-and-ipvlan/ doesn't explain how to set up IP addresse. * https://docs.oracle.com/cd/E37670_01/E37355/html/ol_mcvnbr_lxc.html doesn't show what setup commands to run. **Updates**: * I was able to make it work by using type ipvlan mode l2 instead of type macvlan above. A local ping still doesn't work, but -- as I understand -- that's expected for *macvlan* and *ipvlan*.

I have a script that should create a macvlan bridge in the host when it starts up. The host is an up-to-date Arch Linux. This is intended to allow host and guest to share the same network \*and talk to each other\*. I found instructions given at: https://www.furorteutonicus.eu/2013/08/04/enabling-host-guest-networking-with-kvm-macvlan-and-macvtap (Regarding the execution at startup, I also consulted https://unix.stackexchange.com/questions/47695/how-to-write-startup-script-for-systemd and https://stackoverflow.com/questions/21830670/systemd-start-service-after-specific-service) . The problem, however, is that the script is not effective at first try. It creates the macvlan device and the routing table, but doesn't make it possible for the host to ping the guest and vice-versa. But when executed a second time, it works - that is, despite an error message which reads *"create_macvlan_bridge.sh: RTNETLINK answers: File exists"*. Host can now ping guest as expected. **It's supposed to work at first try**, though, and I can't figure out why it's not. Can anyone help? **[Update]** I noticed the result of ip a shows a second inet entry for *macvlan0@enp10s0* after the second execution: > macvlan0@enp10s0: mtu 1500 qdisc > noqueue state UP group default qlen 1000 > link/ether da:a2:21:d1:95:24 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.3/24 scope global macvlan0 > valid_lft forever preferred_lft forever > **inet 192.168.1.22/24 brd 192.168.1.255 scope global secondary macvlan0 > valid_lft forever preferred_lft forever** Notice how this second ip address was provided by the dhcp from the router, and it has secondary attribute. The weird thing is that, after the second execution, the guest can ping the host at 192.168.1.3 **and** at the "secondary" address. --- Code is below. Script: /usr/local/bin/create_macvlan_bridge.sh #!/bin/sh # Evert Mouw, 2013 # Modified by Marc Ranolfi, 2017-07-24 # ------------ # wait for network availability # ------------ TESTHOST=kernel.org while ! ping -q -c 1 $TESTHOST > /dev/null do echo "$0: Cannot ping $TESTHOST, waiting another 5 secs..." sleep 5 done # ------------ # network config # ------------ HWLINK=enp10s0 MACVLN=macvlan0 IP=192.168.1.3/24 NETWORK=192.168.1.0/24 GATEWAY=192.168.1.1 # ------------ # setting up $MACVLN interface # ------------ ip link add link $HWLINK $MACVLN type macvlan mode bridge ip address add $IP dev $MACVLN ip link set dev $MACVLN up # ------------ # routing table # ------------ # empty routes ip route flush dev $HWLINK ip route flush dev $MACVLN # add routes ip route add $NETWORK dev $MACVLN metric 0 # add the default gateway ip route add default via $GATEWAY Systemd unit file: /etc/systemd/system/create_macvlan_bridge.service [Unit] Description=Create_macvlan_bridge Wants=network-online.target After=network.target network-online.target dhcpcd.service [Service] Type=oneshot ExecStart=/usr/local/bin/create_macvlan_bridge.sh [Install] WantedBy=multi-user.target

Lets say i created two namespace in Ubuntu.

ip netns add A

ip netns add B

now create Macvlan corresponding to each namespaces

ip link add macvlanA link wlo1 type macvlan mode bridge

ip link set macvlanA netns A

ip netns exec A ifconfig macvlanA 10.0.0.1

and done the same with namespace B with ip

10.0.0.2

I want to transfer files from one namespace to another using FTP server. how can i do that?

In a Ubuntu 20.04 machine connected to my home LAN, I created macvlans under my ethernet device: $ sudo ip link add macvlan1 link enp37s0 type macvlan mode bridge $ sudo dhclient macvlan1 $ sudo ip link add macvlan2 link enp37s0 type macvlan mode bridge $ sudo dhclient macvlan2 By chance, they got the following addresses from DHCP: * macvlan1: 192.168.0.40 * macvlan2: 192.168.0.41 I could ping my router from each of them: $ ping 192.168.0.1 -I macvlan1 PING 192.168.0.1 (192.168.0.1) from 192.168.0.40 macvlan1: 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.713 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.25 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=1.20 ms ^C --- 192.168.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.713/1.052/1.245/0.240 ms $ ping 192.168.0.1 -I macvlan2 PING 192.168.0.1 (192.168.0.1) from 192.168.0.41 macvlan2: 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.15 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.13 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=1.07 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.548 ms 64 bytes from 192.168.0.1: icmp_seq=5 ttl=64 time=0.619 ms ^C --- 192.168.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4030ms rtt min/avg/max/mdev = 0.548/0.903/1.148/0.263 ms Since they are were created in bridge mode, virtual devices should be connected to each other. But I can't ping one from the other: $ ping 192.168.0.40 -I macvlan2 PING 192.168.0.40 (192.168.0.40) from 192.168.0.41 macvlan2: 56(84) bytes of data. ^C --- 192.168.0.40 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4128ms $ ping 192.168.0.41 -I macvlan1 PING 192.168.0.41 (192.168.0.41) from 192.168.0.40 macvlan1: 56(84) bytes of data. ^C --- 192.168.0.41 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2039ms Why I can't ping one from another? How to fix this?

I am trying to use linux's network name spaces to emulate multiple devices on my local network. I want this to appear as actual network devices, not my laptops IP masquerading on the subnet. Is this possible? I want to use these namespaces to launch a couple of bash scripts that have internet access, i.e: sudo ip netns exec netns1 myscript1.sh sudo ip netns exec netns2 myscript2.sh I am working on a script to create the virtual network. At the moment I am only attempting to make on namespace:

INTERFACE=enp59s0
IP1=192.168.2.101/24

# create macvlan and associate it to network device in bride mode
ip link add macvlan1 link $INTERFACE type macvlan mode bridge

# create new network namespace
ip netns add netns1

# associate the macvlan to the new namespace
ip link set macvlan1 netns netns1

# Set IP address
ip -n netns1 addr add $IP1 dev macvlan1

# set macvlan to up
ip netns exec netns1 ifconfig macvlan1 up

This lets me ping devices within my subnet, i.e. the following works sudo ip netns exec netns1 nmap -sn 192.168.2.1-255 However, when I cannot ping the virtual device from default namespace. In addition, adding the router to route still does not let me connect to the outside world:

sudo ip netns exec netns1 ip route add default via 192.168.2.1
sudo ip netns exec netns1 ping 8.8.8.8

From 192.168.2.1 icmp_seq=1 Destination Net Unreachable

Any ideas? Is this the right approach? Would it be better to alias an IP with ifconfig: ifconfig enp59s0:0 192.168.2.101 up And then bind the new interface to a namespace somehow?

I am setting up a virtual network using macvlans and I have connected traffic-control tc to each of them. I set the delay for each as 90ms. But on ping I get the time of 0.02 seconds. Why is tc not working on macvlan? I am using the following commands: tc qdisc add dev m1 root netem delay 90ms tc qdisc add dev m2 root netem delay 90ms and then ping from ip of m1 to ip of m2. m1 and m2 are macvlans.

I have an OpenWRT Router with embedded switch. I have a KVM machine with macvtap network access. I need guest to host communication. By connecting the host to my Cisco switch hairpin traffic is allowed. How do I achieve this behavior on the OpenWRT device's switch?