[j-nsp] What is this ethernet switching trace telling us?

Gavin Henry ghenry at suretec.co.uk
Sat Jun 8 05:07:10 EDT 2013


Hi Phil,

Thanks. Yes,  we used those too. Forgot to say. There are a few more iirc
in there.

Gavin.
On 8 Jun 2013 09:54, "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:

> On 06/08/2013 08:35 AM, Gavin Henry wrote:
>
>  your email to /etc/aliases. We found that the Linux kernel doesn't
>> send the same arp response out of the same interface. For example, one
>> interface was a public IP and one was a private IP. The kernel would
>> send a "I'm on MAC blah" for the private IP out of the public IP port!
>>
>> arptables is the solution, but in 10 years it's the first time I'd
>>
>
> The behaviour you describe can be disabled by sysctl, which is rather
> cleaner than arptables IMO; our cfengine config puts the following
> /etc/sysctl.conf:
>
> # These values make linux be sensible about making and replying
> # to ARP requests - specifically they force ARP requests to come
> # from an in-subnet IP, and ignore ARP replies for out-of-subnet
> # addresses
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
>
> AIUI the Linux behaviour is intentional, claiming to be the letter of the
> relevant RFCs, but it's certainly problematic in a number of scenarios,
> including multihoming, transparent load-balancing and anycast routes.
> There's more documentation in the kernel source for the above sysctls.
>
> I have no idea if this is actually the OPs problem.
> ______________________________**_________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>


More information about the juniper-nsp mailing list