[j-nsp] Odd issue with ARP in different subnet
Chris Adams
cmadams at hiwaay.net
Wed Mar 9 19:56:44 EST 2011
Once upon a time, Gordon Smith <gordon at gswsystems.com> said:
> Check the default router config.
>
> When the server sends the arp request, the router should reply with
> it's own MAC address
> Does it not have a route back to the switch?
No, the router isn't proxy ARPing. Let me put some IPs to the problem:
EX switch: 10.1.1.5/27
Linux server eth0: 10.1.1.10/27
router (M10i): 10.1.1.30/27
DNS IP: 10.2.2.2/32 (secondary IP on Linux server eth0)
EX wants to reach 10.2.2.2, so it sends the packet to the M10i at
10.1.1.30. Router has route for 10.2.2.2/32 pointing to 10.1.1.10, so
it sends the packet to the Linux server. Linux server realizes it
doesn't need to route back to EX in the same subnet and is going to send
a packet directly from 10.2.2.2 to 10.1.1.5. Linux server doesn't have
an ARP entry for 10.1.1.5, so it sends an ARP request, using a source IP
of 10.2.2.2 (since that's the source of the desired packet).
At this point the EX sees the ARP request for its IP, but doesn't
respond to it. I'm guessing it is ignoring the ARP request because the
source IP is in a different subnet (but that's just a guess).
There's also an old Cisco switch on the same segment, and it replies to
out-of-subnet ARP requests just fine. I also tried a FreeBSD host in a
similar setup with a different Linux server, and it also works okay. I
don't have any other OSes handy to try.
Per another email, I tried setting the Linux server to put the DNS IP on
a loopback interface instead of the ethernet, but it still sent the ARP
request with the DNS IP as the source.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp
mailing list