Re: ARP is sourced from loopback address

[William Herrin <bill () herrin us>]

On Mon, Jan 30, 2012 at 4:27 PM, Joe Maimon <jmaimon () ttec com> wrote:
> Is this normal behavior? Whats the workaround? Why havent I run into this
> before?
>
> 192.168.76.1 is a HSRP address on a ring of routers transiting a private non
> routed vlan to the service addresses hosted on systems that have independent
> management interfaces.

Hi Joe,

Linux frequently does Really Stupid Things with ARP. You can generally
force it to do the right thing with the arp_announce, arp_ignore and
arp_filter sysctl's as well as the arptables command.

If I understand your problem correctly, you have a virtual IP on a
loopback interface and when that virtual IP is pinged, the Linux box
uses it as the source address in the arp request instead of using the
correct source address for that interface. Because the source address
is not valid for that LAN, the router does not respond.

Workaround:

vi /etc/sysctl.conf:
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.eth1.arp_announce = 1

sysctl -p

This forces the box to use eth1's IP address when making an ARP
request from eth1 instead of using the VIP in the source address of
the IP packet (the default behavior).

#arp_announce - INTEGER
#        Define different restriction levels for announcing the local
#        source IP address from IP packets in ARP requests sent on
#        interface:
#        0 - (default) Use any local address, configured on any interface
#        1 - Try to avoid local addresses that are not in the target's
#        subnet for this interface.
#        2 - Always use the best local address for this target.
#        In this mode we ignore the source address in the IP packet
#        and try to select local address that we prefer for talks with
#        the target host.


Regards,
Bill Herrin




-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004