How do you handle MACs?

[czechsys]

Hello,

i am interested how you handle MAC for every VM/virtual interface in Proxmox. Are you using static assignement (how you generate MAC? documentation?) or you use dynamic generation (via openvswitch for example)? How it works with firewalls etc?

Why i ask. I have one server (it looks buggy somehow, but his twins works ok) with openvswitch and i have dynamic MACs on it. But because there isn't any arp request on ASA gateway, ASA block any requests to server, because holds old MACs and switches has only new MACs of the server. So i need find the best way to handle those things for VMs too. Documentation/generating/static VM config MAC for every interface is crazy manual job.

 

[ghusson]

I cannot precisely help you (I do not use OVS), but enabling ARP proxy on your gateway can help. Be aware of security problems it can generate. For information, I have used shorewall on PVE host with manual ARP proxy configuration. Now I use a mikrotik VM with ARP proxy.

 

[czechsys]

Well, i reinstalled server and all started works. So probably buggy linux installation. And for arp-proxy, i will probably never use this, because it very problematic thing to have in network.

 

[LnxBil]

To say something on mac generation... they are created at the time the virtual network card is configured to the VM or container. You can use a mac prefix if you want to distinguish your Proxmox VM from others (Datacenter -> Options).