1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
samba-mirror/ctdb
Martin Schwenke 919510d86b ctdb-scripts: Don't set arp_filter=1 by default in 10.interface
That is, no longer set sysctl net.ipv4.conf.all.arp_filter=1 in
10.interface.  Only do this in 13.per_ip_routing.

This effectively reverts commit
0ebd7beb4b by Ronnie Sahlberg from 2007.
I have discussed this with Ronnie.  This setting was originally added
to force incoming traffic to the interface hosting each IP.  This
would spread the load across multiple interfaces hosting the same
subnet.  Without the setting, incoming traffic would go to the first
interface to answer an ARP request, so could be unbalanced if one
interface tended to answer more quickly.

However, networks are now faster and interface bonding/teaming works
well in Linux, so it is less likely that multiple interfaces will be
used in this way.

Also, problems are occurring in exactly the case this is meant to
help: when multiple interfaces host the same subnet.

The Linux kernel documentation for this option says:

  arp_filter - BOOLEAN
        - 1 - Allows you to have multiple network interfaces on the same
          subnet, and have the ARPs for each interface be answered
          based on whether or not the kernel would route a packet from
          the ARP'd IP out that interface (therefore you must use source
          based routing for this to work). In other words it allows control
          of which cards (usually 1) will respond to an arp request.

        - 0 - (default) The kernel can respond to arp requests with addresses
          from other interfaces. This may seem wrong but it usually makes
          sense, because it increases the chance of successful communication.
          IP addresses are owned by the complete host on Linux, not by
          particular interfaces. Only for more complex setups like load-
          balancing, does this behaviour cause problems.

        arp_filter for the interface will be enabled if at least one of
        conf/{all,interface}/arp_filter is set to TRUE,
        it will be disabled otherwise

Note the part for arp_filter=1 that says "you must use source based
routing for this to work".  The problems are probably due to a lack of
source-based routing when this is only used with 10.interface.  In
this case, outbound packets can come from a different
interface (corresponding to the first matching route), with a
different MAC address.  There is clearly some infrastructure or packet
filtering out there that objects to such asymmetric packet flows.

So, drop this setting from 10.interface because it isn't working as
intended.  Continue to enable it in 13.per_ip_routing, which exists to
set up the required source-based routing.

This change may affect balancing of packet flows when public IP
addresses can be hosted by multiple interfaces, but does not stop that
feature from working.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Oct 17 18:53:32 UTC 2024 on atb-devel-224
2024-10-17 18:53:32 +00:00
..
client ctdb-client: Remove unused function 2024-03-06 06:05:38 +00:00
common ctdb-common: Reimplement ctdb_sys_have_ip() using new infrastructure 2024-10-07 15:58:38 +00:00
conf ctdb-conf: add boolean arg for verbosity when loading config 2024-08-06 00:43:36 +00:00
config ctdb-scripts: Don't set arp_filter=1 by default in 10.interface 2024-10-17 18:53:32 +00:00
doc ctdb-tcp: Only attempt to automatically bind to local IPs 2024-10-07 15:58:38 +00:00
event ctdb-conf: add boolean arg for verbosity when loading config 2024-08-06 00:43:36 +00:00
failover ctdb-failover: Add ctdb_smnotify_helper 2024-08-29 22:48:33 +00:00
ib ctdb-ib: Remove a use of ctdb_set_error() 2024-08-20 13:06:33 +00:00
include ctdb-daemon: Drop unused arguments 2024-10-08 05:34:30 +00:00
protocol ctdb-protocol: Add function ctdb_sock_addr_from_sockaddr() 2024-10-07 15:58:38 +00:00
server ctdb-server: Use find_public_ip_vnn() in a couple of extra places 2024-10-08 06:42:04 +00:00
tcp ctdb-tcp: Modernise a DEBUG 2024-10-07 17:12:18 +00:00
tests ctdb-tests: Add test code for ctdb_sys_have_ip() 2024-10-07 15:58:38 +00:00
tools ctdb-scripts: Remove unused variable NFS_HOSTNAME 2024-08-29 22:48:33 +00:00
utils ctdb-scripts: Use nfs-utils' sm-notify instead of CTDB's smnotify 2024-08-29 22:48:33 +00:00
.bzrignore
.gitignore ctdb-scripts: Use nfs-utils' sm-notify instead of CTDB's smnotify 2024-08-29 22:48:33 +00:00
configure configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts 2022-03-29 22:32:32 +00:00
configure.rpm ctdb-packaging: Update library versions to upstream versions 2018-12-18 07:12:09 +01:00
COPYING
Makefile Python: remove pydoctor 2023-02-02 21:15:54 +00:00
README
wscript ctdb-build: Add missing ctdb-tcp dependency 2024-10-08 12:27:17 +00:00

This is the release version of CTDB, a clustered implementation of TDB
database used by Samba and other projects to store temporary data.

This software is freely distributable under the GNU public license,
a copy of which you should have received with this software (in a file
called COPYING).

For documentation on CTDB, please visit CTDB website http://ctdb.samba.org.