[j-nsp] Odd issue with ARP in different subnet

Keegan Holley keegan.holley at sungard.com
Wed Mar 9 21:02:41 EST 2011 

On Wed, Mar 9, 2011 at 7:56 PM, Chris Adams <cmadams at hiwaay.net> wrote:

> Once upon a time, Gordon Smith <gordon at gswsystems.com> said:
> > Check the default router config.
> >
> > When the server sends the arp request, the router should reply with
> > it's own MAC address
> > Does it not have a route back to the switch?
>
> No, the router isn't proxy ARPing.  Let me put some IPs to the problem:
>
> EX switch: 10.1.1.5/27
> Linux server eth0: 10.1.1.10/27
> router (M10i): 10.1.1.30/27
> DNS IP: 10.2.2.2/32 (secondary IP on Linux server eth0)
>
> EX wants to reach 10.2.2.2, so it sends the packet to the M10i at
> 10.1.1.30.  Router has route for 10.2.2.2/32 pointing to 10.1.1.10, so
> it sends the packet to the Linux server.  Linux server realizes it
> doesn't need to route back to EX in the same subnet and is going to send
> a packet directly from 10.2.2.2 to 10.1.1.5.  Linux server doesn't have
> an ARP entry for 10.1.1.5, so it sends an ARP request, using a source IP
> of 10.2.2.2 (since that's the source of the desired packet).
>

I don't think the server should arp for 10.1.1.5 from 10.2.2.2.  Devices
don't usually arp (or answer) for things that aren't in the same subnet.  If
it has a static route it would arp for the destination of it's static route
and then create a packet with the source IP of 10.2.2.2 and dest ip of
whatever the final IP is and a destination mac of the arp reply from the
next hop in the static route.  Does the EX4200 have a route pointing
10.2.2.2 to 10.1.1.10?  If so it should do the above.  If not it will
 continue sending the packets to it's default gateway.  This should actually
work if the EX sends packets to it's default gateway and the linux server
replies directly back even though it's asymetric.  Do get any ICMP packets
in response?


> At this point the EX sees the ARP request for its IP, but doesn't
> respond to it.  I'm guessing it is ignoring the ARP request because the
> source IP is in a different subnet (but that's just a guess).


> There's also an old Cisco switch on the same segment, and it replies to
> out-of-subnet ARP requests just fine.  I also tried a FreeBSD host in a
> similar setup with a different Linux server, and it also works okay.  I
> don't have any other OSes handy to try.
>
> Per another email, I tried setting the Linux server to put the DNS IP on
> a loopback interface instead of the ethernet, but it still sent the ARP
> request with the DNS IP as the source.
>
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list