Re: ARP responses broken!

From: Eric Weigle (ehw@lanl.gov)
Date: Mon Apr 16 2001 - 16:26:19 EST


Hello-

This is a known 'feature' of the Linux kernel, and can help with load sharing
and fault tolerance. However, it can also cause problems (such as when one nic
in a multi-nic machine fails and you don't know right away).

There are three 'solutions' I know of:

  * In recent 2.2 kernels, it was possible to fix this by doing the following as
root:
        # Start the hiding interface functionality
        echo 1 > /proc/sys/net/ipv4/conf/all/hidden
        # Hide all addresses for this interface
        echo 1 > /proc/sys/net/ipv4/conf/<interface_name>/hidden
    but 2.4 doesn't have that option, for technical reasons.

   * Use 'ifconfig -arp ...' to force an interface not to respond to ARP
requests. Hosts which want to send to that interface may need to manually add
the proper mac address to their ARP tables with 'arp -s'.

   * Use a packet filtering tool (iptables arp filter module, for example) and
just filter the ARP requests and ARP replies so that only the proper set get
through, i.e. when an arp request for the mac address of an interface arrives,
filter out arp replies from all the other interfaces.

There have been a few threads on this on the linux-kernel mailing list. Search
your favorite archive for them.

-Eric
 
--------------------------------------------
 Eric H. Weigle CCS-1, RADIANT team
 ehw@lanl.gov Los Alamos National Lab
 (505) 665-4937 http://home.lanl.gov/ehw/
--------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Apr 23 2001 - 21:00:20 EST