Hello guys!
I currently set lo to not send arp replies for virtual ipn
(realserver of linux virtual server pool) this way:
ip link set lo arp off
I am running 2.6.24 and it still responds to arp request.
Now I read about the sysctls
arp_ignore, arp_announce (2.6)
conf/*/hidden (2.2)
and I am wondering which is the real correct way to setup Linux 2.6 to
- not respond to arp requests for a specific ip address on lo
- not respond to arp requests for an interface completly
Reading ip-sysctl.txt it says:
arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise
So I did
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_filter
cat /proc/sys/net/ipv4/conf/lo/arp_filter
1
and tried to ping the interface from outside, which results in:
10:20:09.342034 arp who-has 62.65.130.185 tell 62.65.130.161
10:20:09.342056 arp reply 62.65.130.185 is-at 00:14:22:fe:57:1a
So, no success.
What I tested further:
- ip link set lo arp off does not change anythink, as lo is not
connected to anywhere anyway
- echo 1 > /proc/sys/net/ipv4/conf/lo/arp_filter
-> still answers to arp requests on eth0 for addresses on lo
- echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
-> same behaviour
- echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_filter
-> same behaviour
- echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
-> finally does what I want
Is there some document available that summarises the problems with
arp on Linux including those when using an ip-address on lo for load balancing?
Sincerly
Nico
ps: please cc on reply
--
Think about Free and Open Source Software (FOSS).
http://nico.schottelius.org/documentations/foss/the-term-foss/
PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C
Attachment:
signature.asc
Description: Digital signature
