From: Eric Weigle <ehw@lanl.gov>
To: Sampsa Ranta <sampsa@netsonic.fi>,
linux-net@vger.kernel.org, linux-kernel@vger.kernel.org,
zebra@zebra.org
Subject: Re: ARP responses broken!
Date: Mon, 16 Apr 2001 15:26:19 -0600 [thread overview]
Message-ID: <3ADB637B.13E4F1AD@lanl.gov> (raw)
Hello-
This is a known 'feature' of the Linux kernel, and can help with load sharing
and fault tolerance. However, it can also cause problems (such as when one nic
in a multi-nic machine fails and you don't know right away).
There are three 'solutions' I know of:
* In recent 2.2 kernels, it was possible to fix this by doing the following as
root:
# Start the hiding interface functionality
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
# Hide all addresses for this interface
echo 1 > /proc/sys/net/ipv4/conf/<interface_name>/hidden
but 2.4 doesn't have that option, for technical reasons.
* Use 'ifconfig -arp ...' to force an interface not to respond to ARP
requests. Hosts which want to send to that interface may need to manually add
the proper mac address to their ARP tables with 'arp -s'.
* Use a packet filtering tool (iptables arp filter module, for example) and
just filter the ARP requests and ARP replies so that only the proper set get
through, i.e. when an arp request for the mac address of an interface arrives,
filter out arp replies from all the other interfaces.
There have been a few threads on this on the linux-kernel mailing list. Search
your favorite archive for them.
-Eric
--------------------------------------------
Eric H. Weigle CCS-1, RADIANT team
ehw@lanl.gov Los Alamos National Lab
(505) 665-4937 http://home.lanl.gov/ehw/
--------------------------------------------
next reply other threads:[~2001-04-16 21:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-04-16 21:26 Eric Weigle [this message]
2001-04-17 14:12 ` Broken ARP (was Re: ARP responses broken!) Sampsa Ranta
2001-04-17 15:21 ` Eric Weigle
2001-04-17 15:32 ` dean gaudet
2001-04-17 14:19 ` ARP responses broken! Andi Kleen
2001-04-17 14:53 ` Martin Josefsson
2001-04-17 15:01 ` Andi Kleen
2001-04-17 15:07 ` Martin Josefsson
2001-04-17 16:05 ` Alan Cox
2001-04-17 21:43 ` Rogier Wolff
-- strict thread matches above, loose matches on Subject: below --
2001-04-18 1:05 Julian Anastasov
2001-04-18 22:02 ` Sampsa Ranta
2001-04-19 1:46 ` Julian Anastasov
2001-04-17 18:25 Sam.Bingner
2001-04-17 18:07 Bingner Sam J. Contractor RSIS
[not found] <E14pWQ2-0005LM-00@calista.inka.de>
2001-04-17 14:31 ` Bernd Eckenfels
[not found] <4CDA8A6D03EFD411A1D300D0B7E83E8F6972AC@FSKNMD07.hickam.af.mil>
2001-04-17 13:56 ` Eric Weigle
2001-04-16 20:49 Sampsa Ranta
2001-04-16 22:47 ` Bernd Eckenfels
2001-04-17 14:24 ` Christopher Friesen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ADB637B.13E4F1AD@lanl.gov \
--to=ehw@lanl.gov \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=sampsa@netsonic.fi \
--cc=zebra@zebra.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox