Re: kernel announcing ip address on wrong interface

To: debian-user@lists.debian.org
Subject: Re: kernel announcing ip address on wrong interface
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Fri, 3 Oct 2014 15:04:56 -0300
Message-id: <[🔎] 20141003180456.GA31360@khazad-dum.debian.net>
In-reply-to: <[🔎] 4b1p5ccivpv8@mids.svenhartge.de>
References: <[🔎] 542EA10D.4000905@pse-consulting.de> <[🔎] 1b1ovetivpv8@mids.svenhartge.de> <[🔎] 20141003142817.GA18601@khazad-dum.debian.net> <[🔎] 4b1p5ccivpv8@mids.svenhartge.de>

On Fri, 03 Oct 2014, Sven Hartge wrote:
> Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> >> It is, if all eth's are conneted to the same network. Google "weak
> >> host model".
> 
> > Indeed.  It is also annoying as all heck, as it is almost never what
> > you want nowadays.  Oh well...
> 
> Annoying? I don't know.

IMHO, yes it is.  As far as I'm concerned, nowadays it is far more important
for badly configured (or incorrectly "wired") nodes to break immediately.

It ends up being better for continued operations in the long run, at least
IME.

Basically, it boils down to the fact that pushing surprising or strange
packets down the wire has not been a good idea for at least 10 years.  And
accepting those is an even worse idea nowadays.

The result of weak host model applied to ARP certainly causes the end node
to both generate and maybe even accept a lot of "strange" traffic.  My
experience with the Linux kernel ARP filter defaults is a bit dated, though.
It is possible that the defaults are a bit more sane than the last time I
had to mess with them, either in 2.6.32.y or early 3.0.  But I doubt it,
there was resistence in LKML to change these defaults.

> In my experience this "problem" mostly happens to people trying to
> cheaply load-balance connections by using two or more ethernet
> interfaces with different IPs on the same network.

If only it were just that.  The Linux ARP defaults used to (and probably
still do) break the perfectly sane scenario of two interfaces connecting two
different subnets that are members of the same broadcast domain (same
vlan/network).  Let's not even try the scenario with two interfaces in the
same subnet and broadcast domain...

You often need to take an extra step for the breakage to be apparent, such
as firewalling, or a switch enforcing a secure L2 domain, etc.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: kernel announcing ip address on wrong interface
  - From: Sven Hartge <sven@svenhartge.de>

References:
- kernel announcing ip address on wrong interface
  - From: Andreas Pflug <pgadmin@pse-consulting.de>
- Re: kernel announcing ip address on wrong interface
  - From: Sven Hartge <sven@svenhartge.de>
- Re: kernel announcing ip address on wrong interface
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: kernel announcing ip address on wrong interface
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Throw clarity to the world
Next by Date: Re: Throw clarity to the world
Previous by thread: Re: kernel announcing ip address on wrong interface
Next by thread: Re: kernel announcing ip address on wrong interface
Index(es):
- Date
- Thread