nanog mailing list archives

Re: ARP is sourced from loopback address

From: Keegan Holley <keegan.holley () sungard com>
Date: Mon, 30 Jan 2012 17:53:59 -0500

Even though TCP dump doesn't show it the ARP packets should have a
source mac address that is reachable on the link.  I think the reply
is unicast to that mac address regardless of the IP in the request.
Otherwise the receiving station would have to do an arp request for
the source IP in the packet before it replied, in order to reply that
station would need to have the very mapping it just requested making
the whole thing useless.   I've never seen arp sourced from a
non-local interface IP unless there was some sort of tunnel or
bridging configured, but then again I don't spend my days staring at
ARP packets so I could be missing something.


2012/1/30 Joe Maimon <jmaimon () ttec com>:


Hey All,

Anycast related.

Is this normal behavior? Whats the workaround? Why havent I run into this
before?

192.168.76.1 is a HSRP address on a ring of routers transiting a private non
routed vlan to the service addresses hosted on systems that have independent
management interfaces.

Best,

Joe


root@debian31:~# ifconfig lo:0
lo:0      Link encap:Local Loopback
         inet addr:209.54.140.64  Mask:255.255.255.255
         UP LOOPBACK RUNNING  MTU:16436  Metric:1

root@debian31:~# ip rule list
0:      from all lookup local
32764:  from 209.54.140.0/24 lookup pbr1-exit
32765:  from 216.222.144.16/28 lookup pbr1-exit
32766:  from all lookup main
32767:  from all lookup default
root@debian31:~# ip route list table pbr1-exit
default via 192.168.76.1 dev eth1
192.168.34.0/24 dev eth1  scope link  src 192.168.76.16
192.168.76.0/24 dev eth1  scope link  src 192.168.76.16
root@debian31:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:10.035126 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 517, seq 0, length 80
11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:12.035964 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 517, seq 1, length 80
^C

root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1  FAILED
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE

root@debian31:~# uname -a
Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686
GNU/Linux

root@debian31:~# ping 192.168.76.1
PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
64 bytes from 192.168.76.1: icmp_req=1 ttl=255 time=2.95 ms
^C
--- 192.168.76.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.952/2.952/2.952/0.000 ms
root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
root@debian31:~# !tcp
tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:12:22.476479 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 518, seq 0, length 80
11:12:22.476572 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 0, length 80
11:12:22.479495 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 518, seq 1, length 80
11:12:22.479533 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 1, length 80
11:12:22.484346 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 518, seq 2, length 80
11:12:22.484392 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 2, length 80
11:12:22.487670 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 518, seq 3, length 80
11:12:22.487705 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 3, length 80
11:12:22.490639 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
request, id 518, seq 4, length 80
11:12:22.490675 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 4, length 80
^C

Current thread:

ARP is sourced from loopback address Joe Maimon (Jan 30)
- Re: ARP is sourced from loopback address Keegan Holley (Jan 30)
  - Re: ARP is sourced from loopback address Joe Maimon (Jan 30)
    - Re: ARP is sourced from loopback address Keegan Holley (Jan 31)
- Re: ARP is sourced from loopback address William Herrin (Jan 30)
  - Re: ARP is sourced from loopback address Joe Maimon (Jan 30)
    - Re: ARP is sourced from loopback address William Herrin (Jan 30)
    - Re: ARP is sourced from loopback address Ray Soucy (Jan 31)