[j-nsp] What is this ethernet switching trace telling us?
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jun 8 04:52:52 EDT 2013
On 06/08/2013 08:35 AM, Gavin Henry wrote:
> your email to /etc/aliases. We found that the Linux kernel doesn't
> send the same arp response out of the same interface. For example, one
> interface was a public IP and one was a private IP. The kernel would
> send a "I'm on MAC blah" for the private IP out of the public IP port!
>
> arptables is the solution, but in 10 years it's the first time I'd
The behaviour you describe can be disabled by sysctl, which is rather
cleaner than arptables IMO; our cfengine config puts the following
/etc/sysctl.conf:
# These values make linux be sensible about making and replying
# to ARP requests - specifically they force ARP requests to come
# from an in-subnet IP, and ignore ARP replies for out-of-subnet
# addresses
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
AIUI the Linux behaviour is intentional, claiming to be the letter of
the relevant RFCs, but it's certainly problematic in a number of
scenarios, including multihoming, transparent load-balancing and anycast
routes. There's more documentation in the kernel source for the above
sysctls.
I have no idea if this is actually the OPs problem.
More information about the juniper-nsp
mailing list