Hi,
On Wed, Feb 13, 2019 at 02:35:18PM -0800, Paul Hoffman wrote:
> On 13 Feb 2019, at 11:47, Grant Taylor wrote:
> [...]
>
> >You may need to fiddle with some /proc / sysctl settings to make
> >sure Linux is actually using the interface that you expect.
> >
> >Research "strong host model" for more details on what I think may
> >be happening.
>
> Unfortunately, that's exactly the right track. After some digging,
> it seems like the "weak host model" used by Linux/Debian is the
> fault here. I hope I can find a way to make the model strong with
> some sysctl settings, but I'm not hopeful.
Some of the ARP sysctl settings should be able to help:
arp_ignore=1
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
That seems to me to be the most logical setting to ensure sensible
ARP replies.
arp_filter=1 seems to have a similar purpose.
arp_announce=2 seems to be more of a best-effort approach, i.e. any
interface MAC may be returned.
Please let us know if you found a solution.
Thanks,
Erik
P.S. I am no longer sure if "strong host model" vs. "weak host model"
is the correct way to refer to this problem, as it concerns ARP,
not IP routing / interface selection. Nowadays it seems to be
called "ARP flux."
--
It's really easy to write a lousy random number generator, and it's not
at all obvious that it is lousy.
-- Bruce Schneier
