Assign Interface name using mac address

Rotais · Nov 18, 2022, 3:50 PM

Hi,

I'm currently testing pfsense on work context and i meet a problem with interface naming.

I use a virtualized firewall with a piece of interfaces. The int0 is used by the LAN / mgmt interface for easy access. If i delete this interface and don't move the virtual machine there is no issues. If i move the virtual machine on another hypervisor, the interfaces would be all reassigned from int0 to intx, and the use of any interface is packed by his pci interface assignment.

I would like to know if there is a solution to rename the interfaces, based on mac address configuration for example (defined by the hypervisor), who will permit to use / restore configurations using the wanted interfaces name and not the random intx names ?

Thank you in advance.

Kind regards

SteveITS · Nov 18, 2022, 8:13 PM

@rotais Which hypervisor?

Can you not just leave int0 in place and not use it? Interfaces are numbered as detected so if one is missing they will renumber.

stephenw10 · Nov 19, 2022, 2:48 PM

You can use PCI device wiring to force the interface names based on the physical (or virtual) location on the PCI bus. https://www.freebsd.org/cgi/man.cgi?query=pci#DEVICE_WIRING
Nothing MAC address based though AFAIK.

Steve

Rotais · Nov 21, 2022, 9:27 AM

Hi @SteveITS and thanks for your answer. I have done the tests using Qemu-KVM but i think i will have the same problem using other hypervisors.

I don't want to let unused/unnecessary interfaces on the configuration, and if i delete another interface i will have the same issue

Hi @stephenw10 thank you for answering. Maybe using the PCi sequence could be a way to do the naming but if i do an error on the configuration on the hypervisor level, i will have a bad assignment whereas if i use mac addresses for determine the network assignment at hypevisor level, it should allways be good (i have done the test of moving an entire firewall one time, the network assignement was wrong and i detected this after viewing at the startup than the interfaces haven't the mac addresses in the right order).

Maybe there is a way to name (and keep naming) of the interfaces after a fresh install and apply a configuration after renaming (using the shell with the ifconfig int0 name wan command don't survive at the reboot).

stephenw10 · Nov 21, 2022, 1:12 PM

If you recreate a VM with the same number of interfaces they should come up in the same order. If you remove an interface entirely though the others may be renumbered if it was not the last interface previously. That is true of real hardware using NICs with the same driver.

If you want to be able to do that I suggest adding the mgmt NIC as a different NIC type. Use e1000 as opposed to vtnet for example. That way when you remove em0 any vtnet interfaces are unaffected.

Steve

Rotais · Nov 24, 2022, 8:12 AM

Hi @stephenw10 thanks for your answer.

It's true, i have done the test deleting two interfaces in the pfsense configuration, and after in the kvm xml and the interfaces have been renumbered from 0-9 to 0-7, and without moving the virtual machine from the original host. So the firewall will not be accessible until i undo my change or reassign the interfaces.

This is uncomfortable at the use and this is why i am looking for an ability to rename the interface at the BSD source, and i hope doing this task will not affect the interfaces assignment if i delete one of them.

Thanks in advande for your help.

Kind regards

stephenw10 · Nov 28, 2022, 9:49 AM

Currently that's not possible in pfSense. I couldn't find a feature request open for it, which is surprising. https://redmine.pfsense.org/

One significant issue with referencing interfaces by MAC would be recovering from a hardware failure. A lot of larger users will keep a cold spare for that situation but that would no longer be able to accept a backup config directly without re-assigning.

Steve

Rotais · Nov 28, 2022, 9:49 AM

Hi @stephenw10 , thanks for your answer,

You are right, maybe focus on the mac address parameter to assign name is not the right way, however i think that a way to name (and surviving the reboot) to the interfaces at the BSD level would be the right option.

For example, if i have 10 interfaces, one for the wan, 1 for a DMZ and all others for different services (comptability, sales, IT and more), if i name evey intefaces by the service name and i delete one of them (because the service is not more behind the interface), even if the "numbering" of the interfaces change at the BSD level i should not have to reassign keeping interfaces, isn't it ?

I think it's possible in pfSense, probably by the shell, but i don't know how to do.

Kind Regards

stephenw10 · Nov 28, 2022, 12:48 PM

You can add and remove interfaces in pfSense and it doesn't affect the ordering.

The problem is if you delete the NIC from the VM. I'm not sure what you could do about that other than using the MAC address since in a VM even the PCI device location may not be fixed.

Steve