6

I'm attempting to setup a server that needs to have interfaces on the same IP subnet, but different VLANs:

eth1.102  Link encap:Ethernet  HWaddr 00:50:56:b1:00:0f  
          inet addr:10.1.1.6   Bcast:10.1.1.255  Mask:255.255.255.0

eth1.103  Link encap:Ethernet  HWaddr 00:50:56:b1:00:0f  
          inet addr:10.1.1.12  Bcast:10.1.1.255  Mask:255.255.255.0

The issue I'm seeing is that when an ARP request comes in from a device on one of the subnets, the server only responds to the ARP on one interface and appears to ignore any ARP on the other interface:

1st interface:

# ping -I eth1.102 10.1.1.1
PING 10.1.1.1 (10.1.1.1) from 10.1.1.6 eth1.102: 56(84) bytes of data.
^C
--- 10.1.1.1 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7008ms

2nd interface:

# ping -I eth1.103 10.1.1.1
PING 10.1.1.1 (10.1.1.1) from 10.1.1.12 eth1.103: 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.400 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.332 ms
^C

(for the record, 10.1.1.1 exists on both subnets in both VLANs)

# arp -an
? (10.1.1.1) at 02:00:1a:f2:00:02 [ether] on eth1.103
? (10.1.1.1) at 02:00:72:a3:00:08 [ether] on eth1.102

Even if I ping from the client device to the specific IP of the server interface it is still ignored on one and responds on the other.

Ubuntu has a few arp/spoofing filters by default, so I've turned off what I can find, i.e.

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

I've seen a fair few questions with similar issues but that's usually with ARP flux because its the same segment (not separated by VLAN) and the ARP request is being replied to by both, which isn't the case here. If I tcpdump both interfaces, the ARP coming in that doesn't get replied to is not seen anywhere on any other interfaces (thinking along the lines its responding on a different interface) - it just seems to silently ignore the request.

Anyone come across this before?

EDIT:

Okay feel like a bit of an idiot, but might help others...

I was in the right area by disabling rp_filter, but presumably because it is on by default with Ubuntu it had applied it to all interfaces, so whilst I'd set rp_filter=0 for the two listed entries above, the per-interface settings were still 1, thus..

# sysctl -w net.ipv4.conf.eth1/102.rp_filter=0
# sysctl -w net.ipv4.conf.eth1/103.rp_filter=0

... did the trick.

Andy Coates
  • 91
  • 1
  • 6
  • 2
    If you found the answer, you can answer your own question and accept it. – Khaled Mar 10 '12 at 08:06
  • Could you tell us why you need to have two different subnets with the same address range, or two separate non-bridged links to the same subnet ? i'm curious :) – b0fh Mar 11 '12 at 17:08
  • 1
    Turns out all you need is the "all" flag and your VLAN interfaces "eth1/102" etc etc. THANK YOU for sharing this, you have saved me soooooo much frustration!!!! –  Jan 03 '13 at 05:48
  • Great tip! Especially the Edit part. Saved my day :-) –  Jan 24 '13 at 08:44

1 Answers1

4

You need to disable the reverse path filter (rp_filter) for each individual interface

# sysctl -w net.ipv4.conf.eth1/102.rp_filter=0
# sysctl -w net.ipv4.conf.eth1/103.rp_filter=0
user9517
  • 114,104
  • 20
  • 206
  • 289