Skip to content

arp resolution failures in Debian / Ubuntu

by daimon on November 23rd, 2010

When trying to connect to a Linux Server with two interfaces in different Subnets, via multiple switches, under certain circumstances it may occur that the server is unreachable.

The problem has been identified as a faulty arp lookup. When querying the “wrong” interface (i.e. the interface wich is not en-route) of the linux server, you get an arp reply with the “wrong” mac address (i.e. the address of the interface wich is bound to the other subnet). You can test for the fault yourself by checking with arping:

$ arping -i eth0 172.21.14.27
ARPING 172.21.14.27
42 bytes from 00:16:3e:07:b8:62 (172.21.14.27): index=0 time=111.103 usec
42 bytes from 00:16:3e:07:b8:62 (172.21.14.27): index=1 time=101.089 usec
^C
--- 172.21.14.27 statistics ---
2 packets transmitted, 2 packets received,   0% unanswered
$ arping -i eth1 172.21.14.27
ARPING 172.21.14.27
42 bytes from 00:16:3e:04:7a:8d (172.21.14.27): index=0 time=509.977 usec
42 bytes from 00:16:3e:04:7a:8d (172.21.14.27): index=1 time=233.173 usec
^C
--- 172.21.14.27 statistics ---
2 packets transmitted, 2 packets received,   0% unanswered

The Solution is to set the following parameters in /etc/sysctl.conf or /etc/sysctl.d:

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2

and tell sysctl to reload its configuration:

# sysctl -p

done!

$ arping -i eth0 172.21.14.27
ARPING 172.21.14.27
^C
--- 172.21.14.27 statistics ---
5 packets transmitted, 0 packets received, 100% unanswered
$ arping -i eth1 172.21.14.27
ARPING 172.21.14.27
42 bytes from 00:16:3e:f9:7b:1b (172.21.14.27): index=0 time=635.862 usec
42 bytes from 00:16:3e:f9:7b:1b (172.21.14.27): index=1 time=50.068 usec
^C
--- 172.21.14.27 statistics ---
2 packets transmitted, 2 packets received,   0% unanswered

More information about a different, but related, problem can be found here:

http://serverfault.com/questions/22253/ubuntu-linux-multiple-nics-same-lan-arp-responses-always-go-out-a-single-n

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS