[j-nsp] Odd issue with ARP in different subnet

[Chris Adams]

Once upon a time, Gordon Smith <gordon at gswsystems.com> said:
> Put the /32 on a loopback instead of a secondary address.

Um, I did that (as I said at the end of the email).  It didn't change
anything.

> You could always fire up WireShark and watch exactly what's going on on 
> the wire

That's how I got all the info; I ran tcpdump on the Linux server and
"monitor traffic interface me0" (which is really tcpdump) on the EX.
Both sides see the same packets; the EX just doesn't respond to the ARP
requests.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


> On Wed, 9 Mar 2011 18:56:44 -0600, Chris Adams wrote:
> >Once upon a time, Gordon Smith <gordon at gswsystems.com> said:
> >>Check the default router config.
> >>
> >>When the server sends the arp request, the router should reply with
> >>it's own MAC address
> >>Does it not have a route back to the switch?
> >
> >No, the router isn't proxy ARPing.  Let me put some IPs to the 
> >problem:
> >
> >EX switch: 10.1.1.5/27
> >Linux server eth0: 10.1.1.10/27
> >router (M10i): 10.1.1.30/27
> >DNS IP: 10.2.2.2/32 (secondary IP on Linux server eth0)
> >
> >EX wants to reach 10.2.2.2, so it sends the packet to the M10i at
> >10.1.1.30.  Router has route for 10.2.2.2/32 pointing to 10.1.1.10, 
> >so
> >it sends the packet to the Linux server.  Linux server realizes it
> >doesn't need to route back to EX in the same subnet and is going to 
> >send
> >a packet directly from 10.2.2.2 to 10.1.1.5.  Linux server doesn't 
> >have
> >an ARP entry for 10.1.1.5, so it sends an ARP request, using a source 
> >IP
> >of 10.2.2.2 (since that's the source of the desired packet).
> >
> >At this point the EX sees the ARP request for its IP, but doesn't
> >respond to it.  I'm guessing it is ignoring the ARP request because 
> >the
> >source IP is in a different subnet (but that's just a guess).
> >
> >There's also an old Cisco switch on the same segment, and it replies 
> >to
> >out-of-subnet ARP requests just fine.  I also tried a FreeBSD host in 
> >a
> >similar setup with a different Linux server, and it also works okay.  
> >I
> >don't have any other OSes handy to try.
> >
> >Per another email, I tried setting the Linux server to put the DNS IP 
> >on
> >a loopback interface instead of the ethernet, but it still sent the 
> >ARP
> >request with the DNS IP as the source.