I've brought up a dummy interface on my (Ubuntu 15.10) laptop with an ip address of 10.0.3.144, netmask 255.255.255.255
I have a USB -> Ethernet adaptor. When plugged in this is configured to provide an "eth0" interface, which gets its IP address via DHCP in the range 10.0.3.2 - 10.0.3.10 (netmask 255.255.255.0)
I notice that when eth0 comes up - for example on 10.0.3.2, other machines can reach 10.0.3.144 - this is desired behaviour, but I don't understand exactly WHY this is happening. I do not have any kind of bridging set up, so I would have thought that the machine would not have answered for the dummy interface.
I can see arp requests and replies on the laptops eth interface -
tcpdump -n -i eth0 arp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump -n -i eth0 arp
14:01:31.948781 ARP, Request who-has 10.0.3.144 tell 10.0.3.254, length 48
14:01:31.948842 ARP, Reply 10.0.3.144 is-at 00:23:55:9c:52:31, length 28
This behaviour is repeatable if I remove the ARP entry on 10.0.3.254 (which happens to be a router also running Linux)
Can anyone advise if I can rely on this behaviour? (and why a computer would answer on the an interface for an IP address not bound to it - and relatedly - would this have the potential to, under certain circumstances, stuff up routing in scenarios where there were multiple interfaces on different subnets and packets should be forced to traverse a firewall?).
why a computer would answer on the an interface for an IP address not bound to it
That's not necessarily true on a Linux host.
The IP address by default belongs to the Linux host, not an interface.
See Linux considers an IP address as belonging to a host rather than an interface
This "feature" of Linux is sometimes referred to as the "ARP flux problem", and is described in section 2.1.4 of Address Resolution Protocol (ARP)
There are several methods of changing this behaviour in Linux. I have in the past patched the kernel to eliminate it. Other methods are less intrusive, as mentioned in the LVS HOWTO.
If you do nothing, then this ARP behaviour should be consistent.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments