2

We have a box that's just started acting up and we're not really sure why. It has IP address (dummy examples) 199.199.199.1 on eth0, 127.0.0.2 on eth1, and 199.199.199.2 on eth1:0.

Recently, for some reason, eth0 has started sending gratuitous arps claiming 199.199.199.2. This causes all kinds of havoc for traffic going to 199.199.199.2 that we need routed through eth1. I was reading up on arp flux but it doesn't seem like it's the problem since as far as I understand, that's only replies to arp requests, not gratuitous arps. Not seeing anything obvious in processes that's sending those gratuitous arps.

My question is, is there any way to figure out what's sending those requests? Something like netstat -p but for arp?

This is a box running Linux w/kernel 2.6.18.

KernelM
  • 191
  • 1
  • 7

2 Answers2

1

Sounds like youre running a classic virtual server setup. Put the following 2 options in /etc/sysctl.conf and then run sysctl -p

net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1

These will prevent the box from sending any arps out an interface for an IP that is not the primary of that interface.

phemmer
  • 5,909
  • 2
  • 27
  • 36
0

Are those two addresses on the same subnet, as your example implies? Are by chance the two network cards connected to the same switch, too?

Then this could very well be confusing the box's TCP/IP stack...

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Yeah, same subnet, same switch. In reading about arp flux it does seem like this isn't a great configuration, but everything has worked fine until now. – KernelM Oct 21 '10 at 18:19