0

I have a (experimental) setup where a host myhost.mydomain has three network interfaces all connected to the same VLAN as its default gateway mygateway.mydonain. The setup looks as follows:

interface MAC               IP address
--------- ----------------- ---------------
eth0      aa:aa:aa:aa:aa:aa myhost.mydomain
eth1      bb:bb:bb:bb:bb:bb 192.168.0.7
eth2      cc:cc:cc:cc:cc:cc 192.168.1.7

What I observe is that approx. every 4 hours an ARP request arrives from the default gateway and ARP responses are sent out on all three interfaces. The ARP request (according to tcpdump) that is picked up on all three interfaces reads:

who-has myhost.mydomain tell mygateway.mydomain

The ARP responses read:

myhost.mydomain is aa:aa:aa:aa:aa:aa # on eth0
myhost.mydomain is bb:bb:bb:bb:bb:bb # on eth1
myhost.mydomain is cc:cc:cc:cc:cc:cc # on eth2

Is this how it should be in such a setup? I am a bit surprised because myhost.mydomain apparently "is" only aa:aa:aa:aa:aa:aa, since that address is bound to eth0. I also see that after these responses the default gateway sends further TCP traffic on eth2(instead of eth0), which causes other complications.

I am aware that the problem could propably be solved by arptables or by connecting the host's interfaces to different networks, but I'd also like to understand this specific situation before moving on. The host runs Debian 8.9.

UPDATE Looks like I have encountered ARP flux here.

rookie09
  • 623
  • 1
  • 6
  • 17

1 Answers1

0

This turned out to be a case of ARP flux. The following description applies:

A peculiar feature of Linux is its willingness to respond to ARP requests for any IP bound to any interface. This can lead to ARP flux, a situation where a given IP is sometimes accessed on one MAC address and sometimes another. (here)

The same source suggests this remedy:

One method for preventing ARP flux involves the use of net/ipv4/conf/$DEV/arp_filter. In short, the use of arp_filter causes the recipient (in the case below, real-server) to perform a route lookup to determine the interface through which to send the reply, instead of the default behaviour (shown above), replying from all Ethernet interfaces which receive the request. (here)

In order to arrive at a solution that can persist across reboots of myhost.mydomain I have chosen the following recipe:

echo "net.ipv4.conf.all.arp_filter = 1" > /etc/sysctl.d/arp_filter.conf
sysctl -p /etc/sysctl.d/arp_filter.conf

I've meanwhile also noted that this type of situation was the subject of another recent question in this forum.

rookie09
  • 623
  • 1
  • 6
  • 17