uuid - Docker MAC Address Generation -

uuid - Docker MAC Address Generation -

i had question applications running within docker containers , uuid generation.

here’s our scenario:

currently our applications using event driven framework.

for events generate uuid’s based on mac address, pid, time-stamp , counter.

for running containers on distributed scheme coreos (while very low chance), there no guarantee parameters used generate uuid unique each container 1 container on 1 server in cluster generate uuid using same mac, pid, time-stamp , counter container on cluster.

in essence if these 2 uuid’s both generate event , send our messaging bus, there conflict.

in our analysis, scenario seems boil downwards uniqueness of mac addresses on each docker container.

so frank:

how unique mac addresses within containers? how mac addresses generated if not manually set?

from reading of generatemacaddr function, mac addresses generated docker ipv4 address of container's interface on docker0 bridge: guaranteed consistent ip address.

the docker0 bridge's subnet have operate in, 255.255.0.0 per this example of 172.17.42.1/16, has 65,534 routable addresses. cut down entropy uuid generation, mac address collision isn't possible ips must unique, , scenario of identical mac, pid, time , counter in 2 containers on same docker server/coreos host should not possibility.

however 2 coreos hosts (each running 1 docker server) potentially take same random subnet, resulting in possibility of duplicated macs containers on different hosts. evade setting fixed cidr docker server on each host:

--fixed-cidr=cidr — restrict ip range docker0 subnet, using standard cidr notation 172.167.1.0/28. range must , ipv4 range fixed ips (ex: 10.20.0.0/16) , must subset of bridge ip range (docker0 or set using --bridge). illustration --fixed-cidr=192.168.1.0/25, ips containers chosen first half of 192.168.1.0/24 subnet.

this should ensure unique mac addresses across cluster.

the original ieee 802 mac address comes original xerox ethernet addressing scheme. 48-bit address space contains potentially 248 or 281,474,976,710,656 possible mac addresses.

source

if concerned lack of entropy (the ip mac mapping reduces considerably), improve alternative may utilize different mechanism uuid generation. uuid versions 3, 4 , 5 do not take mac address account. alternatively include host machine's mac in uuid generation.

of course, whether "considerable mac space reduction" have impact of uuid generation should tested before code changed.

source linked above:

// generate ieee802 compliant mac address given ip address. // // generator guaranteed consistent: same ip yield same // mac address. avoid arp cache issues. func generatemacaddr(ip net.ip) net.hardwareaddr { hw := make(net.hardwareaddr, 6) // first byte of mac address has comply these rules: // 1. unicast: set least-significant bit 0. // 2. address locally administered: set second-least-significant bit (u/l) 1. // 3. "small" possible: veth address has "smaller" bridge address. hw[0] = 0x02 // first 24 bits of mac represent organizationally unique identifier (oui). // since address locally administered, can whatever want long // doesn't conflict other addresses. hw[1] = 0x42 // insert ip address lastly 32 bits of mac address. // simple way guarantee address consistent , unique. copy(hw[2:], ip.to4()) homecoming hw }

docker uuid mac-address linux-containers