๐ Linux is anwering (wrong?) to Gratuitous ARP message
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
Hello,
We're using Centos Linux 7 with 2 interfaces which works as a router. After changing the neighboring Cisco devices we saw a strange log from both Cisco devices which sounds like this:
2022 Aug 3 09:49:53.178080 arp: arp_send_gratuitous_internal: Sending GARP: IP=10.254.2.182, Interface=Ethernet1/8.404, SrcMAC=e069.ba6d.d0ff 2022 Aug 3 09:49:53 CISCODCI01 %ARP-2-DUP_SRC_IP: arp [18831] Source address of packet received from f8f2.1e86.b3c0 on Ethernet1/8.404(Ethernet1/8) is duplicate of local, 10.254.2.182 2022 Aug 3 09:49:53.178672 arp: arp_process_pak_dad_process:ARP duplicate address detection Event=DADCheck, Result=Detected, Action=sendGARP, IP=10.254.2.182, will be sent on IOD=105, Interface=Ethernet1/8.404 after 60 seconds
And goes over and over.
Nothing is Bad here, Cisco sends gratuitous ARP to check if there're any duplicates in the network, but the Linux device for some reason answers for that duplicate, even it DOESN'T have requested IP address.
tcpdump -i p2p1.404 arp -nn (The gratuitous arp request comes to linux box): 10:47:32.131539 ARP, Request who-has 10.254.2.182 (ff:ff:ff:ff:ff:ff) tell 10.254.2.182, length 46 And the STRANGE arp reply is sent: 10:47:32.131602 ARP, Reply 10.254.2.182 is-at f8:f2:1e:86:b3:c0, length 28
Seems like something is not right here. Why Linux answers to ARP request of 10.254.2.182, if Linux itself doesn't use that IP address ? the p2p1.404 interface has this IP address 10.254.2.183.
p2p1.404: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.254.2.183 netmask 255.255.255.254 broadcast 0.0.0.0 inet6 fe80::faf2:1eff:fe86:b3c0 prefixlen 64 scopeid 0x20<link> ether f8:f2:1e:86:b3:c0 txqueuelen 1000 (Ethernet) RX packets 310407365593 bytes 287023806230381 (261.0 TiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 324822283502 bytes 435532267355721 (396.1 TiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
So the situation is that Linux answers with IP address, even it doesnt OWN the requested IP address (10.254.2.182)
The ARP table of Linux host is as follows:
arp -an ? (10.254.2.182) at e0:69:ba:6d:d0:ff [ether] on p2p1.404
the arp table on Cisco:
10.254.2.183 00:10:40 f8f2.1e86.b3c0 Ethernet1/8.404
Any suggestions ? Of course i could turn off the gratuitous ARP on Cisco side, but this would be like a workaround. Maybe this a some Linux secret feature ? Thanks
I think the Linux device should just skip that gratuitous arp message.
Btw - the sysctl entries looks like this:
net.ipv4.conf.p2p1/404.arp_accept = 0 net.ipv4.conf.p2p1/404.arp_announce = 2 net.ipv4.conf.p2p1/404.arp_filter = 0 net.ipv4.conf.p2p1/404.arp_ignore = 1 net.ipv4.conf.p2p1/404.arp_notify = 1
Any help ? Thanks
[link] [comments] ...