On 06/08/2013 08:35 AM, Gavin Henry wrote:
your email to /etc/aliases. We found that the Linux kernel doesn't
send the same arp response out of the same interface. For example, one
interface was a public IP and one was a private IP. The kernel would
send a "I'm on MAC blah" for the private IP out of the public IP port!
arptables is the solution, but in 10 years it's the first time I'd
The behaviour you describe can be disabled by sysctl, which is rather
cleaner than arptables IMO; our cfengine config puts the following
/etc/sysctl.conf:
# These values make linux be sensible about making and replying
# to ARP requests - specifically they force ARP requests to come
# from an in-subnet IP, and ignore ARP replies for out-of-subnet
# addresses
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
AIUI the Linux behaviour is intentional, claiming to be the letter of
the relevant RFCs, but it's certainly problematic in a number of
scenarios, including multihoming, transparent load-balancing and anycast
routes. There's more documentation in the kernel source for the above
sysctls.
I have no idea if this is actually the OPs problem.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
