Re: Getting domU vif's MAC address from dom0

[Andy Smith <andy@xxxxxxxxxxxxxx>]

On Thu, Sep 26, 2024 at 01:23:10AM +0000, Andy Smith wrote:
> However, even if it does end up that there is some way to alter the
> default link scope address on Linux, I think I am okay with just telling
> people not to do that! 😀

I've found that on systems using NetworkManager, by default it sets the
sysctl net.ipv6.conf.<interface>.addr_gen_mode to 1, which prevents the
kernel from generating the EUI64-based address. It (N-M) then generates
a link address itself based on the connection's ipv6.addr-gen-mode
setting.

At least on CentOS 9 this defaults to "default-or-eui64" which is again
the predictable address, but one can set it to e.g. "stable-privacy" and
then it also makes the link address unpredictable.

This starts to give me pause because of how NetworkManager is the
default on all Red Hat-like distributions. If I find some prominent ones
default to anything other than "default-or-eui64" I might have to think
about this a bit more carefully.

Though privacy extensions still do not make sense for the link address
of a VM on a point to point routed link here because the only people
they would be trying to hide their MAC address from are the operators of
the dom0, who already know their MAC address. But just the support burden
could be irritating.

Thanks,
Andy