Howto disable ARP response from lo

From: Nico Schottelius
Date: Thu May 29 2008 - 05:12:46 EST

Hello guys!

I currently set lo to not send arp replies for virtual ipn
(realserver of linux virtual server pool) this way:

ip link set lo arp off

I am running 2.6.24 and it still responds to arp request.
Now I read about the sysctls
arp_ignore, arp_announce (2.6)
conf/*/hidden (2.2)

and I am wondering which is the real correct way to setup Linux 2.6 to

- not respond to arp requests for a specific ip address on lo
- not respond to arp requests for an interface completly

Reading ip-sysctl.txt it says:

arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise

So I did
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_filter
cat /proc/sys/net/ipv4/conf/lo/arp_filter

and tried to ping the interface from outside, which results in:

10:20:09.342034 arp who-has tell
10:20:09.342056 arp reply is-at 00:14:22:fe:57:1a

So, no success.

What I tested further:
- ip link set lo arp off does not change anythink, as lo is not
connected to anywhere anyway
- echo 1 > /proc/sys/net/ipv4/conf/lo/arp_filter
-> still answers to arp requests on eth0 for addresses on lo
- echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
-> same behaviour
- echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_filter
-> same behaviour
- echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
-> finally does what I want

Is there some document available that summarises the problems with
arp on Linux including those when using an ip-address on lo for load balancing?



ps: please cc on reply

Think about Free and Open Source Software (FOSS).

PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C

Attachment: signature.asc
Description: Digital signature