Nico Schottelius wrote:
Hello guys! I currently set lo to not send arp replies for virtual ipn (realserver of linux virtual server pool) this way: ip link set lo arp off
arp off is ignored in case of lo interface (no link level address at all here).
What you're experiencing, is that by default, Linux treats ip addresses as assigned to the host instead of interface. And you can "change" that with arp_ignore.
When you set arp_ignore=1, you pretty much told your system to limit arp reply to the address configured on incoming interface, not anywhere on your host. arp_ignore=2 limits it further to the same subnet as well.
Another way is to add your address with scope host (on any interface), and set arp_filter=3. This will keep "address belongs to host" behaviour, but will ignore requests for host scoped addresses.
arp_filter is used for something else - actually it's roughly analogous to rp_filter. Considering that reverse path check was successful, arp_filter accepted it.
Btw, it's probably better to leave lo alone, and use dummy driver, if you need another interface.
There's always heavier artillery like e.g. arptables, should your config become complex enough to require it.
Is there some document available that summarises the problems with arp on Linux including those when using an ip-address on lo for load balancing?
Well - Documentation/networking/ip-sysctl.txt is tight, but pretty detailed. Googling for 'virtual server arp' variations will get some results as well.
Regards -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
