On Mon, Jan 30, 2012 at 4:27 PM, Joe Maimon <jmaimon@ttec.com> wrote:
Is this normal behavior? Whats the workaround? Why havent I run into this before?
192.168.76.1 is a HSRP address on a ring of routers transiting a private non routed vlan to the service addresses hosted on systems that have independent management interfaces.
Hi Joe, Linux frequently does Really Stupid Things with ARP. You can generally force it to do the right thing with the arp_announce, arp_ignore and arp_filter sysctl's as well as the arptables command. If I understand your problem correctly, you have a virtual IP on a loopback interface and when that virtual IP is pinged, the Linux box uses it as the source address in the arp request instead of using the correct source address for that interface. Because the source address is not valid for that LAN, the router does not respond. Workaround: vi /etc/sysctl.conf: net.ipv4.conf.all.arp_announce = 1 net.ipv4.conf.eth1.arp_announce = 1 sysctl -p This forces the box to use eth1's IP address when making an ARP request from eth1 instead of using the VIP in the source address of the IP packet (the default behavior). #arp_announce - INTEGER # Define different restriction levels for announcing the local # source IP address from IP packets in ARP requests sent on # interface: # 0 - (default) Use any local address, configured on any interface # 1 - Try to avoid local addresses that are not in the target's # subnet for this interface. # 2 - Always use the best local address for this target. # In this mode we ignore the source address in the IP packet # and try to select local address that we prefer for talks with # the target host. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004