DHCP static mapping for changing MAC-addresses

Started by Swtrse, March 12, 2024, 12:14:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2024, 12:14:23 PM
Hello,

I am moving from openWrt firewall to OPNsense.

I am struggling to copy the DHCP settings.

My problem is, I run a XCP-ng hypervisor with 3 hosts in a pool. Every time a VM is restarted or (automatically) moved to a other host in the pool the MAC-Address of this VMs network card is changing. This behavior can not be turned off and I suspect it is the same on XenServer.

On openWrt I could register the static mappings based on the DUID (or if everything else fails on the hostname). I did not find a way to do that on OPNsense.
Did I miss anything?
March 12, 2024, 01:59:32 PM #1
Any reason why you don't use static IP or dynamic DNS for your servers?

I wouldn't trust DHCP for firewall rules since the client can change them. Better off with VLAN separation.

Bart...
March 12, 2024, 02:01:44 PM #2
Also although I don't know XCP-ng specifically I would expect that a hypervisor capable of VM mobility also includes IP address management for VMs? VMware sure does.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 12, 2024, 02:39:20 PM #3
Quote from: Swtrse on March 12, 2024, 12:14:23 PM
This behavior can not be turned off and I suspect it is the same on XenServer.

Maybe I completely misunderstood the problem here but sure... you can not only change the MAC to your liking, the MAC is fixed.

I've attached a screenshot from XenOrchestra.
March 12, 2024, 03:30:10 PM #4
The MAC should not change, I'm not seeing this on my XCP-NG systems. if it did I have one application that would fail because it is "licensed" against the MAC address.

On my lab system I've moved one win 10 eval all over the place and the mac (and dhcp) did not move.
March 12, 2024, 04:50:20 PM #5
@Greg_E I see this for example every time I restore a Snapshot or the VM is moved to an other host in the same pool, or the vm is stopped and started again. This does not work well with my DHCP-Server where I give static leases to some of the vms based on the MAC address.

The server are in there own subnet with static IP so no problem there.
However, the DEV Environments where VMs are created, restored, started, stopped as needed depend on DHCP.
March 12, 2024, 04:58:00 PM #6
Ok, I found the solution.

I was too focused on Kea.

As I found out ISC is perfectly capable of linking the lease mapping with the DUID and not relying on the MAC Address.

So it looks like Kea is not capable of that yet, and ISC is the way to go. At least for the moment.
May 05, 2024, 12:25:25 AM #7
Quote from: Greg_E on March 12, 2024, 03:30:10 PM
The MAC should not change, I'm not seeing this on my XCP-NG systems. if it did I have one application that would fail because it is "licensed" against the MAC address.

On my lab system I've moved one win 10 eval all over the place and the mac (and dhcp) did not move.
Just to be complete. Here is the forum link where even the devs will tell you that MAC address will change if you do a VM restore or a vm copy operation or a vm move operation. https://xcp-ng.org/forum/topic/5535/preventing-new-network-detection-on-different-xcp-ng-hosts
Print
Go Up Pages1
User actions