Linux machine does not answer an ARP request

arplinuxnetworkingrouter

We have this situation: A router, which is an Ubuntu VM, has multiple VLAN interfaces on the same physical NIC. Those VLAN interfaces are dynamically configured and torn down and attached to networks where machines can be added or removed by users.

Sometimes we have a situation where, for example, on VLAN 1 the router has the IP 10.0.0.254 and a neighbor machine has the IP 10.0.0.1. While, at the same time, on VLAN 2 the router has the IP 10.0.0.1 and a neighbor machine has the IP 10.0.0.2.

When, on VLAN 1 10.0.0.1 is sending an ARP asking "who has 10.0.0.254 tell 10.0.0.1" the router does not respond. Sniffing traffic on the router shows that the ARP requests arrive with proper VLAN tagging but are discarded.

Does the router discard the ARP message thinking that it arrived in the wrong interface?

A few notes:

  1. On VLAN 2 there are no ARP problems.
  2. Replacing the IP of the neighbor VM on VLAN 1 (10.0.0.1) to 10.0.0.3 solves the problem.
  3. As I mentioned, both IP's (10.0.0.254 and 10.0.0.1) are on the same MAC address.
  4. arp_filter is set to 0 on all interfaces
  5. the router's routing table does not refer all those dynamic interfaces. we use iptables and fwmarks along with IP rules and custom routing tables (all are dynamically set by software) to route traffic separately according to the VLAN it is originated.

Where is the problem?

Best Answer

Having a single network node connect to two different networks that use the same IP addresses is not a supported configuration. Address conflicts is a well known shortcoming of using RFC 1918 addresses. This is the reason why RFC 4193 was introduced and specifies that 40 of the address bits must be randomly generated.

If you don't want to renumber the networks to solve the address conflict, and if you don't want to upgrade to IPv6, which avoids such conflicts happening in the first case, then the most reliable setup you can get is from splitting that single network node into two or more network nodes.

A single Linux VM can operate as multiple independent network nodes simultaneously. That feature is called network namespaces. Each network namespace has its own set of network interfaces, local addresses, routing table entries, and firewall rules. The different network namespaces can communicate with each other through virtual network interfaces.

Documentation on the network namespaces feature can be found using man ip-netns (or man ip if you are using an older version.)

Related Topic