On 03/16/2018 02:54 PM, Leroy Tennison wrote:
Posting for other's benefit in case someone else does this. I searched the web without finding an answer then discovered the issue. What I saw in a tcpdump output (because things weren't working) wasRequest who-has <target IP address> tell <target IP address>Where <target IP address> was a local interface address, quite odd since the local interface should know its own MAC address.
That sounds like a Gratuitous ARP.
The problem was that I had accidentally used the local interface IP address in 'ip route add default via <local interface IP address> dev <local interface>' instead of 'ip route add default via <gateway IP address accessible from local interface> dev <interface>'.
I think I just reproduced this in a network namespace.When I do this, I don't see "Request who-has <target IP address> tell <target IP address>". Instead I see "Request who-has <target IP address> tell <NetNS IP address>".
19:26:13.919415 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28 19:26:14.943348 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28 19:26:15.967318 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28 19:26:16.991390 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28 19:26:18.015337 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28This in and of itself seems odd to me. Why is Linux ARPing for an address that is obviously not local to the subnet? (I bound 192.0.2.1/24, Test-Net-1, to the interface in the NetNS.)
Once I bound 8.8.8.8/32 to the vEth in my main NetNS [1] I saw an ARP reply. But pings to 8.8.8.8/32 timed out.
19:28:22.651995 ARP, Request who-has 8.8.8.8 tell 192.0.2.1, length 28 19:28:22.652010 ARP, Reply 8.8.8.8 is-at ca:b0:eb:fa:ef:ab, length 2819:28:22.652013 IP 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11202, seq 1, length 64 19:28:23.711384 IP 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11202, seq 2, length 64 19:28:24.735382 IP 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11202, seq 3, length 64 19:28:25.759387 IP 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11202, seq 4, length 64
When I checked routing on my main NetNS, I found that 192.0.2.0/24 was going out my default gateway. [2]
So I added a route for 192.0.2.1/32 to go out the vEth device that had 8.8.8.8/32 bound to it. (But now "via <IP>", just "dev <device>".
ip route add 192.0.2.0/24 dev n1After doing that, I'm actually able to ping 8.8.8.8 from within the network namespace. IMHO this shouldn't be possible as it's only got a route to 192.0.2.0/24.
1) I actually don't know what the main / default routing namespace equivalent is. As far as I can tell, there's no term for it. At least not that I've found. 2) What's surprising by this is that I frequently have 192.0.2.0/24 bound to a dummy interface on my machine.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
