(once again I apologize for top-posting) Would you mind listing what you change (and if possible a reason)?
I've grown up with *BSD-style environments (started out on NetBSD 1.2 back in the 90's on non-x86 hardware), and I keep beeing "amazed" by Linux. While some vendors and distros are doing good jobs with documentation and features, statements like you own about using a patchset for more than 10 years always gives me a queasy stomach. What if - oh the horror - I should have done something differently than what I think is "the right way"? My recent experiences with arp_filter etc tells me that I've still got something to learn.. Regards, Jens Dueholm Christensen -----Original Message----- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Saturday, March 31, 2012 6:36 PM To: Jens Dueholm Christensen (JEDC) Cc: haproxy@formilux.org Subject: Re: haproxy with keepalived Clearly on linux it's common to have ARP working in a "strange way" for some people, because its IPv4 stack works exactly like the IPv6 one, with addresses having a host scope, so any network card is able to respond to an ARP request. I've been using Julian Anastsov's patchset for more than 10 years on 2.2 then 2.4 to add the arp_announce, arp_filter, arp_ignore etc... sysctls. Now they're in 2.6 by default but I too think that the default values are confusing, so one of the very first things I do when I install a system is to switch them. The second one is to set ip_nonlocal_bind :-) Regards, Willy