Hi, On a multi-homed host (2 interfaces for example), I'm finding that if I administratively set one of the interfaces down, eg, "ip link set eth1 down", the multi-homed host still replies to ARP requests for the IP address assigned to the downed interface. After ARP resolution occurs, any IP traffic to the IP address on the downed interface is dropped, eg. ping doesn't work. My network set up is as follows. One host has a single ethernet interface, with both 192.168.0.1/24 and 192.168.1.1/24 addresses assigned. The other host has two ethernet interfaces, with 192.168.0.2/24 assigned to eth0, and 192.168.1.2/24 assigned to eth1. On this host, eth0 is admin up, eth1 is admin down. All ethernet interfaces are attached to the same ethernet switch. Here is the tcpdump output, running on eth0 of the single interface host : -- tcpdump: listening on eth0 15:08:47.575109 arp who-has 192.168.1.2 tell 192.168.1.1 15:08:47.577112 arp reply 192.168.1.2 is-at 0:0:c0:6d:89:51 15:08:47.577156 192.168.1.1 > 192.168.1.2: icmp: echo request (DF) 15:08:48.576355 192.168.1.1 > 192.168.1.2: icmp: echo request (DF) 15:08:49.577150 192.168.1.1 > 192.168.1.2: icmp: echo request (DF) 15:08:50.577972 192.168.1.1 > 192.168.1.2: icmp: echo request (DF) -- I can understand it replying to ARP requests if the "other" interface is operationally down. This is the whole "arp filter" debate. However, if the other interface is adminstrativly down, I would have thought the host would be completely silent regarding the IP address(es) assigned to the downed interface, including not responding to ARP requests for the IP address. Another related thing that I've found is the following. If I assign an IP address to a admin downed dummy0 interface on the multi-homed host, e.g. 1.1.1.1/32, and then create a static "connected" host route on the other machine, pointing out the eth0 interface, not only does the multi-homed host respond to ARPs, IP to that 1.1.1.1 address now works. I find this a bit strange also. Here is the tcpdump output, running on eth0 of the single interface host : -- 15:23:55.615315 arp who-has 1.1.1.1 tell 192.168.0.1 15:23:55.617184 arp reply 1.1.1.1 is-at 0:0:c0:6d:89:51 15:23:55.617230 192.168.0.1 > 1.1.1.1: icmp: echo request (DF) 15:23:55.621434 1.1.1.1 > 192.168.0.1: icmp: echo reply 15:23:56.616068 192.168.0.1 > 1.1.1.1: icmp: echo request (DF) 15:23:56.617894 1.1.1.1 > 192.168.0.1: icmp: echo reply 15:23:57.616858 192.168.0.1 > 1.1.1.1: icmp: echo request (DF) 15:23:57.618607 1.1.1.1 > 192.168.0.1: icmp: echo reply -- This configuration may look a bit obscure, however, I've been looking at setting up an "anycast" server. Configuring a host route in the upstream router, then pushing it into the routing cloud is one way to make this single /32 an available destination, without enabling routing and running a routing protocol on the anycast server. Admittedly, assigning 1.1.1.1/32 to the ethernet interface is probably just simpler. Should Linux be responding in this way ? I would have thought that administratively downing an interface would mean that the host would silently ignore any and all traffic directed towards the IP addresses assigned to the downed interface, including ARP requests. I'd think most people would expect that sort of behaviour. Please CC any replies, I'm not subscribed to the list. Thanks, Mark. -- Confucius say: He who play in root, eventually kill tree. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
