On 6/6/13, William Herrin <bill@herrin.us> wrote:
Yes, the system default may be tuned for host/desktop usage No, it doesn't default to reasonable desktop settings for ARP... it defaults to a version of wrong that on a desktop with one NIC and one IP doesn't happen to break anything. It'd be nice if it defaulted to RFC compliant instead and let the few folks with wacky needs move it off the standard behavior.
I find Linux's arp defaults annoying also, but they're not "wrong" or "non-RFC compliant". An interpretation that applies in the design of Linux networking, is that IP addresses belong to the host, and IP addresses do not belong to IP interfaces (excepting 'scope local' IPs, such as IPv6 link-local). An interface has a source IP address assigned to it for outgoing traffic from the host. All destination IPs for incoming traffic to the host belong to no specific interface on the host. Any IP address added to any interface, belongs to the host as a valid destination IP, and can be ARP'ed on any of the host's IP interfaces. Excepting a firewall rule to the contrary, traffic for any of the host's destination IPs can come in any interface. This is a totally valid and correct way of a host managing that host's IP addresses. However, it is a tad inconvenient for the administrator, in some real-world circumstances; mainly unusual configs such as servers with multiple NICs plugged into different subnets, or servers behind a load balancer. And the ARP behavior is counterintuitive, because regardless of that fact, in Linux you _still_ configure IP addresses on interfaces; every interface has a preferred IP, and maybe some alias IPs. In most case's Linux's choice not to restrict ARP to a specific interface bound to the IP is not useful. However, it is useful if you have a host that has multiple NICs plugged into the same network. The kernel has its defaults, but distribution vendors such as Redhat/Ubuntu/Debian, are free to supply their own defaults through sysctl.conf or their NetworkManager packages or network configuration scripts... It's interesting to note they have so far chosen to go (mostly) with the defaults. I'm sure most people do not have a problem, or else, someone would have updated the defaults by now
-Bill -- -JH