mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
919510d86b
That is, no longer set sysctl net.ipv4.conf.all.arp_filter=1 in
10.interface. Only do this in 13.per_ip_routing.
This effectively reverts commit
0ebd7beb4bcae324acf8e733500a983d22b47e9b by Ronnie Sahlberg from 2007.
I have discussed this with Ronnie. This setting was originally added
to force incoming traffic to the interface hosting each IP. This
would spread the load across multiple interfaces hosting the same
subnet. Without the setting, incoming traffic would go to the first
interface to answer an ARP request, so could be unbalanced if one
interface tended to answer more quickly.
However, networks are now faster and interface bonding/teaming works
well in Linux, so it is less likely that multiple interfaces will be
used in this way.
Also, problems are occurring in exactly the case this is meant to
help: when multiple interfaces host the same subnet.
The Linux kernel documentation for this option says:
arp_filter - BOOLEAN
- 1 - Allows you to have multiple network interfaces on the same
subnet, and have the ARPs for each interface be answered
based on whether or not the kernel would route a packet from
the ARP'd IP out that interface (therefore you must use source
based routing for this to work). In other words it allows control
of which cards (usually 1) will respond to an arp request.
- 0 - (default) The kernel can respond to arp requests with addresses
from other interfaces. This may seem wrong but it usually makes
sense, because it increases the chance of successful communication.
IP addresses are owned by the complete host on Linux, not by
particular interfaces. Only for more complex setups like load-
balancing, does this behaviour cause problems.
arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise
Note the part for arp_filter=1 that says "you must use source based
routing for this to work". The problems are probably due to a lack of
source-based routing when this is only used with 10.interface. In
this case, outbound packets can come from a different
interface (corresponding to the first matching route), with a
different MAC address. There is clearly some infrastructure or packet
filtering out there that objects to such asymmetric packet flows.
So, drop this setting from 10.interface because it isn't working as
intended. Continue to enable it in 13.per_ip_routing, which exists to
set up the required source-based routing.
This change may affect balancing of packet flows when public IP
addresses can be hosted by multiple interfaces, but does not stop that
feature from working.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Oct 17 18:53:32 UTC 2024 on atb-devel-224
This is the release version of CTDB, a clustered implementation of TDB database used by Samba and other projects to store temporary data. This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file called COPYING). For documentation on CTDB, please visit CTDB website http://ctdb.samba.org.