http://kb.linux-vs.org/api.php?action=feedcontributions&feedformat=atom&user=RseveroLVSKB - User contributions [en]2026-04-27T02:03:12ZUser contributionsMediaWiki 1.26.2http://kb.linux-vs.org/wiki?title=Using_arp_announce/arp_ignore_to_disable_ARP&diff=3952Using arp announce/arp ignore to disable ARP2007-03-22T21:29:48Z<p>Rsevero: Fixing the examples.</p>
<hr />
<div>== arp_announce/arp_ignore sysctl ==<br />
<br />
The arp_announce/arp_ignore sysctl on interfaces is available at the Linux official kernel since 2.6.4 and 2.4.26. The description about arp_announce/arp_ignore taken from kernel documentation is as follows:<br />
<br />
<pre><br />
arp_announce - INTEGER<br />
Define different restriction levels for announcing the local<br />
source IP address from IP packets in ARP requests sent on<br />
interface:<br />
0 - (default) Use any local address, configured on any interface<br />
1 - Try to avoid local addresses that are not in the target's<br />
subnet for this interface. This mode is useful when target<br />
hosts reachable via this interface require the source IP<br />
address in ARP requests to be part of their logical network<br />
configured on the receiving interface. When we generate the<br />
request we will check all our subnets that include the<br />
target IP and will preserve the source address if it is from<br />
such subnet. If there is no such subnet we select source<br />
address according to the rules for level 2.<br />
2 - Always use the best local address for this target.<br />
In this mode we ignore the source address in the IP packet<br />
and try to select local address that we prefer for talks with<br />
the target host. Such local address is selected by looking<br />
for primary IP addresses on all our subnets on the outgoing<br />
interface that include the target IP address. If no suitable<br />
local address is found we select the first local address<br />
we have on the outgoing interface or on all other interfaces,<br />
with the hope we will receive reply for our request and<br />
even sometimes no matter the source IP address we announce.<br />
<br />
The max value from conf/{all,interface}/arp_announce is used.<br />
<br />
Increasing the restriction level gives more chance for<br />
receiving answer from the resolved target while decreasing<br />
the level announces more valid sender's information.<br />
<br />
arp_ignore - INTEGER<br />
Define different modes for sending replies in response to<br />
received ARP requests that resolve local target IP addresses:<br />
0 - (default): reply for any local target IP address, configured<br />
on any interface<br />
1 - reply only if the target IP address is local address<br />
configured on the incoming interface<br />
2 - reply only if the target IP address is local address<br />
configured on the incoming interface and both with the<br />
sender's IP address are part from same subnet on this interface<br />
3 - do not reply for local addresses configured with scope host,<br />
only resolutions for global and link addresses are replied<br />
4-7 - reserved<br />
8 - do not reply for all local addresses<br />
<br />
The max value from conf/{all,interface}/arp_ignore is used<br />
when ARP request is received on the {interface}<br />
</pre><br />
<br />
== Disable ARP for VIP ==<br />
<br />
To disable [[ARP]] for [[VIP]] at [[real server]]s, we just need to set arp_announce/arp_ignore sysctls at the interface connected to the VIP network. For example, [[real server]]s have eth0 connected to the VIP network with the VIP at interface lo, we will have the following commands.<br />
<br />
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore<br />
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce<br />
<br />
Or, if /etc/sysctl.conf is used in the system, we have this config in /etc/sysctl.conf<br />
net.ipv4.conf.eth0.arp_ignore = 1<br />
net.ipv4.conf.eth0.arp_announce = 2<br />
<br />
Note that the arp_announce/arp_ignore sysctls must be setup correctly, before the [[VIP]] address is brought up at a logical interface at [[real server]]s.<br />
<br />
== Linux Distributions ==<br />
<br />
* RHEL 4 / CentOS 4<br />
* SUSE 9 Enterprise<br />
* Debian<br />
<br />
== References ==<br />
<br />
* http://ssi.bg/~ja/#arp_announce<br />
<br />
[[Category:ARP Issue]]</div>Rseverohttp://kb.linux-vs.org/wiki?title=Using_arp_announce/arp_ignore_to_disable_ARP&diff=3951Using arp announce/arp ignore to disable ARP2007-03-22T20:16:00Z<p>Rsevero: Changing example from eth0 to lo as it is the common case.</p>
<hr />
<div>== arp_announce/arp_ignore sysctl ==<br />
<br />
The arp_announce/arp_ignore sysctl on interfaces is available at the Linux official kernel since 2.6.4 and 2.4.26. The description about arp_announce/arp_ignore taken from kernel documentation is as follows:<br />
<br />
<pre><br />
arp_announce - INTEGER<br />
Define different restriction levels for announcing the local<br />
source IP address from IP packets in ARP requests sent on<br />
interface:<br />
0 - (default) Use any local address, configured on any interface<br />
1 - Try to avoid local addresses that are not in the target's<br />
subnet for this interface. This mode is useful when target<br />
hosts reachable via this interface require the source IP<br />
address in ARP requests to be part of their logical network<br />
configured on the receiving interface. When we generate the<br />
request we will check all our subnets that include the<br />
target IP and will preserve the source address if it is from<br />
such subnet. If there is no such subnet we select source<br />
address according to the rules for level 2.<br />
2 - Always use the best local address for this target.<br />
In this mode we ignore the source address in the IP packet<br />
and try to select local address that we prefer for talks with<br />
the target host. Such local address is selected by looking<br />
for primary IP addresses on all our subnets on the outgoing<br />
interface that include the target IP address. If no suitable<br />
local address is found we select the first local address<br />
we have on the outgoing interface or on all other interfaces,<br />
with the hope we will receive reply for our request and<br />
even sometimes no matter the source IP address we announce.<br />
<br />
The max value from conf/{all,interface}/arp_announce is used.<br />
<br />
Increasing the restriction level gives more chance for<br />
receiving answer from the resolved target while decreasing<br />
the level announces more valid sender's information.<br />
<br />
arp_ignore - INTEGER<br />
Define different modes for sending replies in response to<br />
received ARP requests that resolve local target IP addresses:<br />
0 - (default): reply for any local target IP address, configured<br />
on any interface<br />
1 - reply only if the target IP address is local address<br />
configured on the incoming interface<br />
2 - reply only if the target IP address is local address<br />
configured on the incoming interface and both with the<br />
sender's IP address are part from same subnet on this interface<br />
3 - do not reply for local addresses configured with scope host,<br />
only resolutions for global and link addresses are replied<br />
4-7 - reserved<br />
8 - do not reply for all local addresses<br />
<br />
The max value from conf/{all,interface}/arp_ignore is used<br />
when ARP request is received on the {interface}<br />
</pre><br />
<br />
== Disable ARP for VIP ==<br />
<br />
To disable [[ARP]] for [[VIP]] at [[real server]]s, we just need to set arp_announce/arp_ignore sysctls at the interface connected to the VIP network. For example, [[real server]]s have eth0 connected to the VIP network with the VIP at interface lo, we will have the following commands.<br />
<br />
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore<br />
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce<br />
<br />
Or, if /etc/sysctl.conf is used in the system, we have this config in /etc/sysctl.conf<br />
net.ipv4.conf.lo.arp_ignore = 1<br />
net.ipv4.conf.lo.arp_announce = 2<br />
<br />
Note that the arp_announce/arp_ignore sysctls must be setup correctly, before the [[VIP]] address is brought up at a logical interface at [[real server]]s.<br />
<br />
== Linux Distributions ==<br />
<br />
* RHEL 4 / CentOS 4<br />
* SUSE 9 Enterprise<br />
* Debian<br />
<br />
== References ==<br />
<br />
* http://ssi.bg/~ja/#arp_announce<br />
<br />
[[Category:ARP Issue]]</div>Rseverohttp://kb.linux-vs.org/wiki?title=Talk:Using_arp_announce/arp_ignore_to_disable_ARP&diff=3950Talk:Using arp announce/arp ignore to disable ARP2007-03-22T20:13:42Z<p>Rsevero: Justification: Removing erroneous "conf/all" entries.</p>
<hr />
<div>I believe the "conf/all" entries should not be used as per arp_ignore and arp_announce documentation: the max value from conf/{all,interface}/arp_[announce|ignore] is used for {interface}". -- [[User:Rsevero|Rsevero]] 04:13, 23 March 2007 (CST)</div>Rseverohttp://kb.linux-vs.org/wiki?title=Using_arp_announce/arp_ignore_to_disable_ARP&diff=3949Using arp announce/arp ignore to disable ARP2007-03-22T20:10:56Z<p>Rsevero: Removing erroneous "conf/all" entries.</p>
<hr />
<div>== arp_announce/arp_ignore sysctl ==<br />
<br />
The arp_announce/arp_ignore sysctl on interfaces is available at the Linux official kernel since 2.6.4 and 2.4.26. The description about arp_announce/arp_ignore taken from kernel documentation is as follows:<br />
<br />
<pre><br />
arp_announce - INTEGER<br />
Define different restriction levels for announcing the local<br />
source IP address from IP packets in ARP requests sent on<br />
interface:<br />
0 - (default) Use any local address, configured on any interface<br />
1 - Try to avoid local addresses that are not in the target's<br />
subnet for this interface. This mode is useful when target<br />
hosts reachable via this interface require the source IP<br />
address in ARP requests to be part of their logical network<br />
configured on the receiving interface. When we generate the<br />
request we will check all our subnets that include the<br />
target IP and will preserve the source address if it is from<br />
such subnet. If there is no such subnet we select source<br />
address according to the rules for level 2.<br />
2 - Always use the best local address for this target.<br />
In this mode we ignore the source address in the IP packet<br />
and try to select local address that we prefer for talks with<br />
the target host. Such local address is selected by looking<br />
for primary IP addresses on all our subnets on the outgoing<br />
interface that include the target IP address. If no suitable<br />
local address is found we select the first local address<br />
we have on the outgoing interface or on all other interfaces,<br />
with the hope we will receive reply for our request and<br />
even sometimes no matter the source IP address we announce.<br />
<br />
The max value from conf/{all,interface}/arp_announce is used.<br />
<br />
Increasing the restriction level gives more chance for<br />
receiving answer from the resolved target while decreasing<br />
the level announces more valid sender's information.<br />
<br />
arp_ignore - INTEGER<br />
Define different modes for sending replies in response to<br />
received ARP requests that resolve local target IP addresses:<br />
0 - (default): reply for any local target IP address, configured<br />
on any interface<br />
1 - reply only if the target IP address is local address<br />
configured on the incoming interface<br />
2 - reply only if the target IP address is local address<br />
configured on the incoming interface and both with the<br />
sender's IP address are part from same subnet on this interface<br />
3 - do not reply for local addresses configured with scope host,<br />
only resolutions for global and link addresses are replied<br />
4-7 - reserved<br />
8 - do not reply for all local addresses<br />
<br />
The max value from conf/{all,interface}/arp_ignore is used<br />
when ARP request is received on the {interface}<br />
</pre><br />
<br />
== Disable ARP for VIP ==<br />
<br />
To disable [[ARP]] for [[VIP]] at [[real server]]s, we just need to set arp_announce/arp_ignore sysctls at the interface connected to the VIP network. For example, [[real server]]s have eth0 connected to the VIP network, we will have the following commands.<br />
<br />
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore<br />
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce<br />
<br />
Or, if /etc/sysctl.conf is used in the system, we have this config in /etc/sysctl.conf<br />
net.ipv4.conf.eth0.arp_ignore = 1<br />
net.ipv4.conf.eth0.arp_announce = 2<br />
<br />
Note that the arp_announce/arp_ignore sysctls must be setup correctly, before the [[VIP]] address is brought up at a logical interface at [[real server]]s.<br />
<br />
== Linux Distributions ==<br />
<br />
* RHEL 4 / CentOS 4<br />
* SUSE 9 Enterprise<br />
* Debian<br />
<br />
== References ==<br />
<br />
* http://ssi.bg/~ja/#arp_announce<br />
<br />
[[Category:ARP Issue]]</div>Rsevero