KVM: List MAC address table and interface that learned them.
Kernel Virtualization Module (KVM) provides an internal switch with a physical interface or bundle as an uplink and virtual network devices (through virtio driver) as port to each virtual machine’s ethX interfaces.
List KVM mac address table:
This requires brctl command.
Quote:
brctl showmacs <brname> shows a list of learned MAC addresses for this bridge.
Code:
# brctl showmacs vmbr0
port no mac addr is local? ageing timer
1 00:00:1c:17:1c:33 no 0.11
1 00:16:c7:16:11:11 no 0.31
1 00:16:c7:16:11:50 no 0.01
1 00:1f:ca:a7:b7:d1 no 0.07
1 00:61:81:aa:87:6e no 18.01
1 00:61:81:aa:94:da no 117.52
1 00:a0:d1:ea:14:2c yes 0.00
2 12:5a:2c:d5:81:26 yes 0.00
2 e6:da:24:7b:6c:de no 34.93
Port 1 being a bond0 uplink to the server has learned multiple mac addresses.
Code:
# brctl show
bridge name bridge id STP enabled interfaces
vmbr0 8000.00a0d1ec142c no bond0
vmnic1e0
vmnic2e0
Now we know mac addresses learned by KVM switch, port IDs and port names.
KVM: List interface that learned a specific mac address:
Code:
# brctl showstp vmbr0 | grep -E “bond|vmnic”
bond0 (1)
vmnic1e0 (2)
vmnic2e0 (3)
The “showstp” output provides all interfaces inside a bridge and their IDs. “showcase” provides all mac addresses learned by the switch (mac address table) and the port IDs. Based on the two commands, each mac address can be associated to a specific virtual machine (detecting spoofed addresses).
One thing to note, every switch port has two mac addresses learned: a local one (port mac) and non-local one (belonging to the KVM virtual machine).
Code:
# ip a l vmnic1e0
45: vmnic1e0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN qlen 500
link/ether 12:5a:2c:d5:81:26 brd ff:ff:ff:ff:ff:ff
inet6 fe80::105a:2cff:fed6:5116/64 scope link
valid_lft forever preferred_lft forever
News 
Site map 
SitemapIndex 
RSS Feed 