[j-nsp] Odd issue with ARP in different subnet
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 10 04:04:30 EST 2011
On 03/09/2011 03:43 PM, Chris Adams wrote:
> I have run into an odd issue with ARP on an EX switch that I think is a
> bug in JUNOS, but I wanted to see what others thought before I tried
> JTAC (maybe I'm missing something).
>
> I have an EX2200 switch that cannot talk to one of my recursive DNS
> servers. The switch is in subnet a.b.c.0/27, while the DNS IP is in
> x.y.z.0/29. The DNS IP is anycasted, and the primary server serving it
> is in the same a.c.b.0/27 subnet as the switch (the DNS IP is a
> secondary IP on the same interface).
>
> When the switch tries to reach the DNS IP, it sends the packet to the
> default router. The router sends it to the server, and the server sends
> an ARP request for the switch's IP. The sending IP address in the ARP
> request is the DNS IP. As far as I can tell, JUNOS doesn't send a
> response to the ARP request.
Yeah, we see this a lot. You need the following in /etc/sysctl.conf:
# These values make linux be sensible about making and replying
# to ARP requests - specifically they force ARP requests to come
# from an in-subnet IP, and ignore ARP replies for out-of-subnet
# addresses
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
...and then you need to move the anycast /32 to the loopback (lo) interface.
More information about the juniper-nsp
mailing list