Linux 正在(错误地)应答免费 ARP 消息

Linux 正在(错误地)应答免费 ARP 消息

我有一台 Centos 7 Linux 服务器,它有 2 个物理接口,每个接口都有 2 个子接口,它们是两个 Cisco 的 P2P /31 接口。更换相邻的 Cisco 设备后,Linux 路由器开始错误地应答来自 Cisco 的免费 ARP 数据包。

2022 Aug  4 13:19:24.861468 arp: arp_send_gratuitous_internal: Sending GARP: IP=10.254.2.182, Interface=Ethernet1/8.404, SrcMAC=e069.ba6d.d0ff

2022 Aug  4 13:19:24.861535 arp: (Context=5) Sending packet on  with exclude     phyIOD=105(Ethernet1/8.404), packetPrio=0, hrdType=0x1, hrdLen=6, protType=0x800,     protLen=4, opcode=1, packetSize=28 

2022 Aug  4 13:19:24.861556 arp: srcMAC=e069.ba6d.d0ff, srcIP=10.254.2.182, destMAC=ffff.ffff.ffff, destIP=10.254.2.182

2022 Aug  4 13:19:24.861794 arp: (Context=5) Receiving packet from  logicalIOD=105(Ethernet1/8.404), phyIOD=57(Ethernet1/8), packetPrio=6, hrdType=0x1, hrdLen=6, protType=0x800, protLen=4, opcode=2, packetSize=42 

2022 Aug  4 13:19:24.861809 arp: srcMAC=f8f2.1e86.b3c0, srcIP=10.254.2.182, destMAC=e069.ba6d.d0ff, destIP=10.254.2.182

2022 Aug  4 13:19:24 CISCODCI01 %ARP-2-DUP_SRC_IP:  arp [18831]  Source address of packet received from f8f2.1e86.b3c0 on Ethernet1/8.404(Ethernet1/8) is duplicate of local, 10.254.2.182

2022 Aug  4 13:19:24.861855 arp: arp_process_pak_dad_process:ARP duplicate address detection Event=DADCheck, Result=Detected, Action=sendGARP, IP=10.254.2.182, will be sent on IOD=105, Interface=Ethernet1/8.404 after 60 seconds

在邻近 int 10.254.2.183/31 的 Linux 路由器上,我们看到:

prod [root@linux001prpjay ~]# tcpdump -i p2p1.404 -e arp -nnn
e0:69:ba:6d:d0:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who- has 10.254.2.182 (ff:ff:ff:ff:ff:ff) tell 10.254.2.182, length 46
f8:f2:1e:86:b3:c0 > e0:69:ba:6d:d0:ff, ethertype ARP (0x0806), length 42: Reply 10.254.2.182 is-at f8:f2:1e:86:b3:c0, length 28

从 Cisco 的角度来看,它发送带有发送方 IP 地址的 DADcheck 免费 ARP 很奇怪,因为我知道 DADcheck 之间的免费 ARP 差异在于 DADcheck 不应在 ARP 数据包中发送发送方 IP 地址。但更奇怪的是 Linux 会响应数据包,就像 Linux 会拥有 IP 地址一样。但它只是在同一个子网 /31 上。

有任何线索可以解释为什么会这样吗?

sysctl 条目非常标准:

prod [root@linux001prpjay ~]# sysctl -a | egrep "p2p1/404|default|all" | grep arp
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_notify = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.p2p1/404.arp_accept = 0
net.ipv4.conf.p2p1/404.arp_announce = 2
net.ipv4.conf.p2p1/404.arp_filter = 0
net.ipv4.conf.p2p1/404.arp_ignore = 1
net.ipv4.conf.p2p1/404.arp_notify = 1
net.ipv4.conf.p2p1/404.proxy_arp = 0
net.ipv4.conf.p2p1/404.proxy_arp_pvlan = 0

我仍然无法完全理解为什么会发生这种情况。 arp_filter 0 不应该是一个案例,因为我在 Linux 机器上的任何地方都没有 IP 10.254.2.182。只有 10.254.2.183/31 ip 在同一个子网中,但这不应该计算在内,是吗?

相关内容