ARP is sourced from loopback address

Keegan Holley keegan.holley at sungard.com
Mon Jan 30 16:53:59 CST 2012


Even though TCP dump doesn't show it the ARP packets should have a
source mac address that is reachable on the link.  I think the reply
is unicast to that mac address regardless of the IP in the request.
Otherwise the receiving station would have to do an arp request for
the source IP in the packet before it replied, in order to reply that
station would need to have the very mapping it just requested making
the whole thing useless.   I've never seen arp sourced from a
non-local interface IP unless there was some sort of tunnel or
bridging configured, but then again I don't spend my days staring at
ARP packets so I could be missing something.


2012/1/30 Joe Maimon <jmaimon at ttec.com>:
>
> Hey All,
>
> Anycast related.
>
> Is this normal behavior? Whats the workaround? Why havent I run into this
> before?
>
> 192.168.76.1 is a HSRP address on a ring of routers transiting a private non
> routed vlan to the service addresses hosted on systems that have independent
> management interfaces.
>
> Best,
>
> Joe
>
>
> root at debian31:~# ifconfig lo:0
> lo:0      Link encap:Local Loopback
>          inet addr:209.54.140.64  Mask:255.255.255.255
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>
> root at debian31:~# ip rule list
> 0:      from all lookup local
> 32764:  from 209.54.140.0/24 lookup pbr1-exit
> 32765:  from 216.222.144.16/28 lookup pbr1-exit
> 32766:  from all lookup main
> 32767:  from all lookup default
> root at debian31:~# ip route list table pbr1-exit
> default via 192.168.76.1 dev eth1
> 192.168.34.0/24 dev eth1  scope link  src 192.168.76.16
> 192.168.76.0/24 dev eth1  scope link  src 192.168.76.16
> root at debian31:~# tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
>
> 11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:10.035126 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 0, length 80
> 11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:12.035964 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 1, length 80
> ^C
>
> root at debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1  FAILED
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
>
> root at debian31:~# uname -a
> Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686
> GNU/Linux
>
> root at debian31:~# ping 192.168.76.1
> PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
> 64 bytes from 192.168.76.1: icmp_req=1 ttl=255 time=2.95 ms
> ^C
> --- 192.168.76.1 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 2.952/2.952/2.952/0.000 ms
> root at debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
> 192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
> root at debian31:~# !tcp
> tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 11:12:22.476479 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 0, length 80
> 11:12:22.476572 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 0, length 80
> 11:12:22.479495 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 1, length 80
> 11:12:22.479533 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 1, length 80
> 11:12:22.484346 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 2, length 80
> 11:12:22.484392 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 2, length 80
> 11:12:22.487670 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 3, length 80
> 11:12:22.487705 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 3, length 80
> 11:12:22.490639 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 4, length 80
> 11:12:22.490675 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 4, length 80
> ^C
>
>
>
>



More information about the NANOG mailing list