[j-nsp] MX960 ARP issues
Daniel Dobrijałowski
daniel.dobrijalowski at pwr.wroc.pl
Wed Jan 29 13:49:20 EST 2014
On Wed, Jan 29, 2014 at 10:08:20AM -0600, Chris Adams wrote:
> Once upon a time, John Neiberger <jneiberger at gmail.com> said:
> > Passive learning is an interesting thought, but I'd still like to find
> > the root cause of the problem: why don't the IP addresses respond to
> > ARP requests from only this router? I'm nearly certain it's a server
> > issue but I haven't encountered anything quite like this before.
>
> On Linux, packet capture is handled in the network stack before any
> filter/firewall (so tcpdump will show things that iptables blocks). So,
> if packet capture on the server never shows the ARP request, the problem
> is upstream from the server.
Some sysadmins refers iptables -j LOG as first chain rule as "packet
dump". Such rule is applied after some packet checks - reverse path filtering
for example.
I'm not sure how rp_filter works with ARP packets.
John, ask sysadmins how they looked into incoming packets. If they
used iptables -j LOG then force them to investigate tcpdump output.
If the server will show ARPs in tcpdump but not in iptables - check
routing tables having rp_filter in mind. Setting log_martians to
1 may help.
--
Best Regards
Daniel Dobrijalowski
More information about the juniper-nsp
mailing list