Home page logo
/

nanog logo nanog mailing list archives

Re: IP4 address conservation method
From: William Herrin <bill () herrin us>
Date: Thu, 6 Jun 2013 17:19:26 -0400

On Thu, Jun 6, 2013 at 3:00 PM, Bjørn Mork <bjorn () mork no> wrote:
William Herrin <bill () herrin us> writes:
On Wed, Jun 5, 2013 at 6:25 PM, Ricky Beam <jfbeam () gmail com> wrote:
I won't argue against calling Linux "wrong".  However, the linux way of
dealing with ARP is well tuned for "host" and not "router" duty.

I love Linux and use it throughout my work but I can't tell you the
number of times its ARP behavior has bitten me. If you send a packet
to a VIP on a Linux box and it doesn't have an arp entry for the
default gateway, the Linux box will send an arp request... with the
vip as the source. That is just wrong. Wrong, wrong, wrong. Use the
damn interface IP when you arp for something on that interface. If the
router doesn't happen to like the bad arp (since the VIP isn't on the
router's LAN) the router will ignore it. And your service will merrily
pop up and down depending on whether the Linux box has any traffic to
originate.

Did you try setting sys.net.ipv4.conf.all.arp_announce=2 ?

Yes, of course I changed the sysctl. Yes of course that worked. Every
time I've run in to the problem. On server after server after server.

Yes, the system default may be tuned for host/desktop usage

No, it doesn't default to reasonable desktop settings for ARP... it
defaults to a version of wrong that on a desktop with one NIC and one
IP doesn't happen to break anything. It'd be nice if it defaulted to
RFC compliant instead and let the few folks with wacky needs move it
off the standard behavior.

-Bill


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault