Dear all, Has anyone experienced this whilst running DRBD over eth1 between two CentOS 5.7 servers? eth1 is a private IP address, unroutable. eth0 is the public address. CentOS will reply sometimes once every 3 days or every 14mins~ saying "My public IP is on eth1" to arp requests when it's not, it's eth0. This freezes traffic and causes issues. We've looked at arp* /etc/sysctl.conf etc. and arptables, but wondered if anyone had a recipe? We have this already which didn't help as it happened Christmas Eve too as we kept eth1 up for a few days to test: # For the dual interface - 06.12.12 net.ipv4.conf.eth0.arp_filter = 1 net.ipv4.conf.eth0.arp_ignore = 1 net.ipv4.conf.eth1.arp_filter = 1 net.ipv4.conf.eth1.arp_ignore = 1 net.ipv4.conf.all.arp_filter = 1 eth0 and eth1 are on the same VLAN/broadcast domain, but eth1 is a 169.xx and eth0 is a routable public IP. We're having to shut eth1 down and bring it up for sync at night. Thanks, Gavin.
-- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1> Dear all, > > Has anyone experienced this whilst running DRBD over eth1 between two > CentOS 5.7 servers? > > eth1 is a private IP address, unroutable. eth0 is the public address. > CentOS will reply sometimes once every 3 days or every 14mins~ saying > "My public IP is on eth1" to arp requests when it's not, it's eth0. > > This freezes traffic and causes issues. We've looked at arp* > /etc/sysctl.conf etc. and arptables, but wondered if anyone had a > recipe? > > We have this already which didn't help as it happened Christmas Eve > too as we kept eth1 up for a few days to test: > > # For the dual interface - 06.12.12 > net.ipv4.conf.eth0.arp_filter = 1 > net.ipv4.conf.eth0.arp_ignore = 1 > net.ipv4.conf.eth1.arp_filter = 1 > net.ipv4.conf.eth1.arp_ignore = 1 > net.ipv4.conf.all.arp_filter = 1 > > > eth0 and eth1 are on the same VLAN/broadcast domain, but eth1 is a > 169.xx and eth0 is a routable public IP. > > We're having to shut eth1 down and bring it up for sync at night.To what type of equipment are your ethernet devices connected? Are they both connected to the same device? I've seen some devices (particularly 2Wire) that do not like two interfaces from the same system connected to them. You note that eth1 is on a 169.xx IP, and earlier in your email, you note that it's non-routable. Perhaps that's not the wording you wished, to use, or perhaps you meant that it's not routed out to the internet, however, 169.xxx.xxx.xxx is most certainly a "routable" IP block, as far as internet standards go. The only "non-routable" (i.e. reserved for private networks) IP blocks are: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 While certainly not an undertaking to be done lightly, you may wish to renumber your internal network.
Gordon Messmer
2012-Dec-26 16:31 UTC
[CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
On 12/26/2012 02:06 AM, Gavin Henry wrote:> # For the dual interface - 06.12.12 > net.ipv4.conf.eth0.arp_filter = 1 > net.ipv4.conf.eth0.arp_ignore = 1 > net.ipv4.conf.eth1.arp_filter = 1 > net.ipv4.conf.eth1.arp_ignore = 1 > net.ipv4.conf.all.arp_filter = 1First things first... Can you confirm that those are still the values in place? cat /proc/sys/net/ipv4/conf/eth0/arp_filter cat /proc/sys/net/ipv4/conf/eth0/arp_ignore cat /proc/sys/net/ipv4/conf/eth1/arp_filter cat /proc/sys/net/ipv4/conf/eth1/arp_ignore cat /proc/sys/net/ipv4/conf/all/arp_filter
Gordon Messmer
2012-Dec-26 17:18 UTC
[CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
On 12/26/2012 04:33 AM, Mike Burger wrote:> 169.xxx.xxx.xxx is most certainly a "routable" IP block, as far as > internet standards go.Most of 169/8 is, but presumably he meant 169.254.0.0/16.> The only "non-routable" (i.e. reserved for private networks) IP blocks are:The list is slightly longer than that: http://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses
First things first... Can you confirm that those are still the values in> place? > > cat /proc/sys/net/ipv4/conf/eth0/arp_filter > cat /proc/sys/net/ipv4/conf/eth0/arp_ignore > cat /proc/sys/net/ipv4/conf/eth1/arp_filter > cat /proc/sys/net/ipv4/conf/eth1/arp_ignore > cat /proc/sys/net/ipv4/conf/all/arp_filterObviously when we ifdown eth1 the eth1 statements above are 0. Right now eth1 is up with a sysctl -p and all set to 1. Thanks, Gavin.