[149193] in North American Network Operators' Group
Re: ARP is sourced from loopback address
daemon@ATHENA.MIT.EDU (Keegan Holley)
Mon Jan 30 17:55:07 2012
In-Reply-To: <4F270B56.1050301@ttec.com>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Mon, 30 Jan 2012 17:53:59 -0500
To: Joe Maimon <jmaimon@ttec.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Even though TCP dump doesn't show it the ARP packets should have a
source mac address that is reachable on the link. I think the reply
is unicast to that mac address regardless of the IP in the request.
Otherwise the receiving station would have to do an arp request for
the source IP in the packet before it replied, in order to reply that
station would need to have the very mapping it just requested making
the whole thing useless. I've never seen arp sourced from a
non-local interface IP unless there was some sort of tunnel or
bridging configured, but then again I don't spend my days staring at
ARP packets so I could be missing something.
2012/1/30 Joe Maimon <jmaimon@ttec.com>:
>
> Hey All,
>
> Anycast related.
>
> Is this normal behavior? Whats the workaround? Why havent I run into this
> before?
>
> 192.168.76.1 is a HSRP address on a ring of routers transiting a private =
non
> routed vlan to the service addresses hosted on systems that have independ=
ent
> management interfaces.
>
> Best,
>
> Joe
>
>
> root@debian31:~# ifconfig lo:0
> lo:0 =A0 =A0 =A0Link encap:Local Loopback
> =A0 =A0 =A0 =A0 =A0inet addr:209.54.140.64 =A0Mask:255.255.255.255
> =A0 =A0 =A0 =A0 =A0UP LOOPBACK RUNNING =A0MTU:16436 =A0Metric:1
>
> root@debian31:~# ip rule list
> 0: =A0 =A0 =A0from all lookup local
> 32764: =A0from 209.54.140.0/24 lookup pbr1-exit
> 32765: =A0from 216.222.144.16/28 lookup pbr1-exit
> 32766: =A0from all lookup main
> 32767: =A0from all lookup default
> root@debian31:~# ip route list table pbr1-exit
> default via 192.168.76.1 dev eth1
> 192.168.34.0/24 dev eth1 =A0scope link =A0src 192.168.76.16
> 192.168.76.0/24 dev eth1 =A0scope link =A0src 192.168.76.16
> root@debian31:~# tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decod=
e
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
>
> 11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, len=
gth
> 28
> 11:08:10.035126 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 0, length 80
> 11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, len=
gth
> 28
> 11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, len=
gth
> 28
> 11:08:12.035964 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 1, length 80
> ^C
>
> root@debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1 =A0FAILED
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
>
> root@debian31:~# uname -a
> Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686
> GNU/Linux
>
> root@debian31:~# ping 192.168.76.1
> PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
> 64 bytes from 192.168.76.1: icmp_req=3D1 ttl=3D255 time=3D2.95 ms
> ^C
> --- 192.168.76.1 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev =3D 2.952/2.952/2.952/0.000 ms
> root@debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
> 192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
> root@debian31:~# !tcp
> tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decod=
e
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 11:12:22.476479 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 0, length 80
> 11:12:22.476572 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 0, length 80
> 11:12:22.479495 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 1, length 80
> 11:12:22.479533 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 1, length 80
> 11:12:22.484346 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 2, length 80
> 11:12:22.484392 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 2, length 80
> 11:12:22.487670 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 3, length 80
> 11:12:22.487705 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 3, length 80
> 11:12:22.490639 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 4, length 80
> 11:12:22.490675 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 4, length 80
> ^C
>
>
>
>
