Re: [PVE-User] ARP issue

Tue, 30 Nov 2021 00:54:20 -0800

--- Begin Message --- 
Hi 

The only situation where I can imagine this happening is a PVE host that has 
Proxy ARP enabled.

This is not enabled by default AFAIK.

root@pve5:~# sysctl net.ipv4.conf.all.proxy_arp
net.ipv4.conf.all.proxy_arp = 0

On my PVE7 hosts, all the kernel’s ARP features are in fact off (by default).

root@pve5:~# sysctl -a | fgrep arp | grep -vc ' = 0$'
0

> Somehow, the other physical servers connected to ens19 get an ARP reply with 
> the mac address of ens19 for the IP on vmbr1 (which, again, has no physical 
> interface).


Even if Proxy ARP were configured on your PVE7 hosts, your servers would 
normally only get an ARP reply when they send a specific ARP request e.g. “who 
has 10.A.B.C, tell 10.A.B.D”.

Here are questions you should ask yourself:

Why would your servers configured with IP 10.X.Y.Z and connected to vmbr2 via 
ens19 send ARP requests for 10.A.B.C/24 on that link?
Why do they? How do the requests look like (who is asking)?

Hope that helps in tracking it down.

Stefan 

> On Nov 23, 2021, at 20:58, ic <[email protected]> wrote:
> 
> Hi,
> 
> I’m running PVE 7.0 on a bunch of servers. I noticed something strange.
> There is a vmbr2 containing one physical interface (ens19) with an IP 
> (10.X.Y.Z/24).
> There is a vmbr1 containing NO physical interface with another IP 
> (10.A.B.C/24) (outside of the range of vmbr2, even if this is irrelevant for 
> this problem).
> 
> Somehow, the other physical servers connected to ens19 get an ARP reply with 
> the mac address of ens19 for the IP on vmbr1 (which, again, has no physical 
> interface).
> 
> In an “ip a” output, this mac address appears only in ens19 and vmbr2. vmbr1 
> has its own mac (different from the physical mac of ens19/vmbr2).
> 
> What am I missing?
> 
> In my setup I need vmbr2 to have the same IP on each physical host and not 
> leak on the outside network so this is pretty annoying :(
> 
> BR, ic
> 
> 
> _______________________________________________
> pve-user mailing list
> [email protected]
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user

--- End Message ---
_______________________________________________
pve-user mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Reply via email to