0

In order to have a virtual ip, I sometimes add another IP for my interface enp2s0f0 using 

# ifconfig enp2s0f0:1 192.168.201.33 up

I also send a gratitus arp in order to publish the new ip of the device.
I've noticed that the device answers to pings alternatively: when it answers to 192.168.201.224 (its original ip) it doesn't answer to 192.168.201.33 (vip), and the opposite.

#  ip addr show dev enp2s0f0
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 78:e7:d1:e2:2f:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.201.224/24 brd 192.168.201.255 scope global enp2s0f0
   valid_lft forever preferred_lft forever
    inet 192.168.201.33/24 brd 192.168.201.255 scope global secondary enp2s0f0:1
   valid_lft forever preferred_lft forever

Even though there's no ping, I was able to connect through ssh to both of the ips.
Once after removing the vip with ifconfig enp2s0f0:1 192.168.201.33 down I couldn't login the device using ssh and lost connectivity for open sessions, but unfortunately I can't say what happened.

Is this behavior normal? What should I expect?

hudac
  • 136
  • 2
  • 2
    That's rather strange. Is your switch perhaps doing something strange? – Michael Hampton Dec 09 '18 at 21:31
  • I was not able to reproduce those symptoms. I'd try to reach the server through other means such as ssh to another network interface on the server, or ssh using IPv6 rather than IPv4, or use a console. If you can get in touch with the server that way, it will be easier to figure out what's going on. – kasperd Dec 10 '18 at 00:12
  • @MichaelHampton I don't think so, it's mostly default configured... I've also seen in wireshark, while the device answers to icmp of ip 192.168.201.33 `vip`, it does receive the icmp of ip 192.168.201.224, but it doesn't answer it. I'm using `ubuntu 16.04`. @kasperd except from the "couldn't login issue" I am logged it while it happens. I don't see anything strange - as I said, I see the icmp request, but the device doesn't send response – hudac Dec 10 '18 at 07:08
  • When pinging to those 2 ips from the same device, I don't see this strange behavior - only when pinging them from another device – hudac Dec 10 '18 at 07:11

1 Answers1

0

My bad.
I had an iptables rule: 

-A DDOS-GUARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT

Even two pings torwards the same ip failed.
:O

hudac
  • 136
  • 2