ARP behavior in FreeBSD vs Linux
mshindo at mshindo.net
Sun Sep 18 19:14:22 PDT 2005
Chuck, Pieter, and Sam,
From: Sam Leffler <sam at errno.com>
Subject: Re: ARP behavior in FreeBSD vs Linux
Date: Sun, 18 Sep 2005 10:51:30 -0700
> Pieter de Boer wrote:
> > Chuck Swiger wrote:
> >>> In contrast, on Linux (by default), it
> >>> responds as long as the target IP address in ARP Request matches with
> >>> any "local" IP address on the system, which is not necessarily an IP
> >>> address assigned to the interface through which the ARP request is
> >>> received.
> >> This sounds like "proxy ARPing" is enabled by default on your
> >> particular flavor of Linux. I don't think they all do that,
> >> hopefully, any more than ipforwarding should be enabled by default
> >> just because a machine has two NICs.
> > What Motonori Shindo described is actually the default behaviour for
> > Linux kernels (at least my 2.6.8-kernel does it by default).
It seems that it has been so for a long time since 2.2 kernel days.
> > It could be
> > seen as a sort of proxy-arp, but only for the host itself, not other
> > systems. Let me try to describe when it happens. Say you have
> > 192.168.42.42 bound on eth0 and have eth1 connected to some ethernet
> > LAN. When a host on that eth1-connected LAN sends an 'arp who-has
> > 192.168.42.42', a Linux system will answer that arp-request with it's
> > eth1 MAC-address, although the IP-address is bound on eth0 and the arp
> > request comes in on eth0. FreeBSD obviously doesn't do this.
This is exactly the situation I experienced this Linux ARP behavior.
> >>> Is there any advantage/disadvantage in ARP implementation on FreeBSD
> >>> over that of Linux? Thanks.
> > I was unhappily surprised by this 'feature'. I find it pretty
> > counter-intuitive. I expect two interfaces to be seperated inside a
> > kernel, but Linux more or less binds them together.
I have the same feeling as yours.
> > Incoming traffic on
> > the 'wrong' interface will gladly be accepted, too. This broke things
> > for me, because I didn't want to have that certain IP-address accessible.
> > That said, this happens only when you have two interfaces connected to
> > the same subnet, which is a bit evil anyhow. It may be beneficial for
> > Linux to do things this way, perhaps for redundancy-purposes (two
> > interfaces, one IP-address, IP reachable over both interfaces, when one
> > fails, the other takes over.. no idea if that works out-of-the-box).
> The linux design philosophy, based on postings from various
> implementors, is that ip addresses are bound to a host, not to a
> particular interface. I believe the arp behaviour reflects this.
Good point! Some router today have similar philosophy. It is sometimes
convenient, but at the same time it can be counter-intuitive
particularly for those who are familiar with host-based TCP/IP
implementation such as the one in most UNIX systems.
Based on the feedback returned so far, I guess it is fair to say that
there is no obvious drawback in the way how ARP Reply is implemented
in FreeBSD compared to that of Linux.
More information about the freebsd-net