I've a Centos 7 Linux server with 2 physical interfaces, each of them has 2 subinterfaces, which are P2P /31 interfaces two Cisco. After changing neighboring Cisco devices Linux router started to incorrectly answer the gratuitous ARP packets from Cisco.
2022 Aug 4 13:19:24.861468 arp: arp_send_gratuitous_internal: Sending GARP: IP=10.254.2.182, Interface=Ethernet1/8.404, SrcMAC=e069.ba6d.d0ff
2022 Aug 4 13:19:24.861535 arp: (Context=5) Sending packet on with exclude phyIOD=105(Ethernet1/8.404), packetPrio=0, hrdType=0x1, hrdLen=6, protType=0x800, protLen=4, opcode=1, packetSize=28
2022 Aug 4 13:19:24.861556 arp: srcMAC=e069.ba6d.d0ff, srcIP=10.254.2.182, destMAC=ffff.ffff.ffff, destIP=10.254.2.182
2022 Aug 4 13:19:24.861794 arp: (Context=5) Receiving packet from logicalIOD=105(Ethernet1/8.404), phyIOD=57(Ethernet1/8), packetPrio=6, hrdType=0x1, hrdLen=6, protType=0x800, protLen=4, opcode=2, packetSize=42
2022 Aug 4 13:19:24.861809 arp: srcMAC=f8f2.1e86.b3c0, srcIP=10.254.2.182, destMAC=e069.ba6d.d0ff, destIP=10.254.2.182
2022 Aug 4 13:19:24 CISCODCI01 %ARP-2-DUP_SRC_IP: arp [18831] Source address of packet received from f8f2.1e86.b3c0 on Ethernet1/8.404(Ethernet1/8) is duplicate of local, 10.254.2.182
2022 Aug 4 13:19:24.861855 arp: arp_process_pak_dad_process:ARP duplicate address detection Event=DADCheck, Result=Detected, Action=sendGARP, IP=10.254.2.182, will be sent on IOD=105, Interface=Ethernet1/8.404 after 60 seconds
On Linux router neighboring int 10.254.2.183/31 we see:
prod [root@linux001prpjay ~]# tcpdump -i p2p1.404 -e arp -nnn
e0:69:ba:6d:d0:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who- has 10.254.2.182 (ff:ff:ff:ff:ff:ff) tell 10.254.2.182, length 46
f8:f2:1e:86:b3:c0 > e0:69:ba:6d:d0:ff, ethertype ARP (0x0806), length 42: Reply 10.254.2.182 is-at f8:f2:1e:86:b3:c0, length 28
It's strange from Cisco side, that it sends DADcheck gratuitous arp with sender IP address, as I know gratuitous ARP difference between DADcheck is that DADcheck shouldnt send the Sender IP address in ARP packet. But still, the more strange thing is that Linux answers to the packet Like Linux would own the IP address. But it's just on the same subnet /31.
Any clues why is that ?
sysctl entries are quite standard ones:
prod [root@linux001prpjay ~]# sysctl -a | egrep "p2p1/404|default|all" | grep arp
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_notify = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.p2p1/404.arp_accept = 0
net.ipv4.conf.p2p1/404.arp_announce = 2
net.ipv4.conf.p2p1/404.arp_filter = 0
net.ipv4.conf.p2p1/404.arp_ignore = 1
net.ipv4.conf.p2p1/404.arp_notify = 1
net.ipv4.conf.p2p1/404.proxy_arp = 0
net.ipv4.conf.p2p1/404.proxy_arp_pvlan = 0
still I cant understand fully why is this happening. arp_filter 0 shouldn't be a case, because i dont have IP 10.254.2.182 anywhere on Linux box. Just 10.254.2.183/31 ip in the same subnet, but that should not count, yes ?
