I'm looking into some network "weirdness", and I noticed that a CentOS 6 system with multiple IP addresses (load balancer running keepalived) is sending ARP requests from apparently random source IPs. I would have thought that ARP requests would always come from the interface's "primary" IP (especially since keepalived adds all the virtual IPs with a /32 mask).
This is probably not related to my problem, but I just thought it was odd. Is there a way to control this?
On Mar 20, 2015, at 7:38 AM, Chris Adams linux@cmadams.net wrote:
I'm looking into some network "weirdness", and I noticed that a CentOS 6 system with multiple IP addresses (load balancer running keepalived) is sending ARP requests from apparently random source IPs.
It probably isn’t random.
First, isn’t the whole idea behind a load balancer to distribute the traffic over the set of hosts/IPs it’s configured to manage? You *expect* traffic to balance evenly across these, so you’re going to see ARPs on all of them.
Second, the choice of IP comes from the routing layer of the network stack, not from ARP (too low) or the load balancer (too high).
An ARP packet gets sent out for a long-lived connection about every 10 minutes, even when there is no reason to believe the answer will be different when the stack asks the same “who-has” question it asked 10 minutes ago. It still has to check in case that IP is on a different MAC now.
Is there a way to control this?
Why is that useful? You have a box with N IPs (N > 1) and they’re all supposed to behave as if they're interchangeable. If you’re trying to make it easier to write tshark commands or similar, you shouldn’t be load-balancing at all.
I think you made this bed. Sleep in it. :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 20.03.2015 14:38, Chris Adams wrote:
I'm looking into some network "weirdness", and I noticed that a CentOS 6 system with multiple IP addresses (load balancer running keepalived) is sending ARP requests from apparently random source IPs. I would have thought that ARP requests would always come from the interface's "primary" IP (especially since keepalived adds all the virtual IPs with a /32 mask).
This is probably not related to my problem, but I just thought it was odd. Is there a way to control this?
You may be running into the "arp flux" problem:
http://blog.cj2s.de/archives/29-Preventing-ARP-flux-on-Linux.html
HTH
Sven