You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
If we create two vrrp instances based on the same interface, one with IPv4 address and the other with IPv6 address with use_vmac enabled, the router responds to ARP request with two ARP replies. One from legal virtual interface (IPv4) and the other from illegal interface (IPv6).
Configuration:
Expected behavior
Expected one ARP reply from the interface where IP is configured. If keepalived sets arp_ignore and arp_filter for IPv4 in his code, it will be cool if it sets these parameters to virtual interfaces with IPv6 only too.
Oct 03 13:42:34 debian12 systemd[1]: Starting keepalived.service - LVS and VRRP High Availability Monitor...
Oct 03 13:42:34 debian12 Keepalived[10746]: WARNING - keepalived was built for newer Linux 6.1.52, running on Linux 6.1.0-12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.52-1 (2023-09-07)
Oct 03 13:42:34 debian12 Keepalived[10746]: Command line: '/usr/local/sbin/keepalived' '--dont-fork' '-D'
Oct 03 13:42:34 debian12 Keepalived[10746]: WARNING - using deprecated default config file '/etc/keepalived/keepalived.conf' - please move to 'NONE/etc/keepalived/keepalived.conf'
Oct 03 13:42:34 debian12 Keepalived[10746]: Opening file '/etc/keepalived/keepalived.conf'.
Oct 03 13:42:34 debian12 Keepalived[10746]: Configuration file /etc/keepalived/keepalived.conf
Oct 03 13:42:34 debian12 Keepalived[10746]: NOTICE: setting config option max_auto_priority should result in better keepalived performance
Oct 03 13:42:34 debian12 systemd[1]: Started keepalived.service - LVS and VRRP High Availability Monitor.
The text was updated successfully, but these errors were encountered:
I have tested this on 5.17.12 and 6.5.5 kernels (both Fedora) and I don't see any ARP reply being sent on ens34v20v6 (the IPv6 VMAC). However, since there is no harm in setting arp_ignore = 1 on an IPv6 VMAC, I don't see any harm in doing so (I don't think it is necessary to set arp_filter, and we don't set it on an IPv4 VMAC), but I would be grateful if you could test the patch to see if it resolves your issue or needs arp_filter also set).
Describe the bug
If we create two vrrp instances based on the same interface, one with IPv4 address and the other with IPv6 address with use_vmac enabled, the router responds to ARP request with two ARP replies. One from legal virtual interface (IPv4) and the other from illegal interface (IPv6).
Configuration:
ip addr output:
TCPDUMP output:
It happens because the virtual interface with only IPv6 address does not inherit sysctl options from the parent interface.
To Reproduce
All steps are described above
Expected behavior
Expected one ARP reply from the interface where IP is configured. If keepalived sets arp_ignore and arp_filter for IPv4 in his code, it will be cool if it sets these parameters to virtual interfaces with IPv6 only too.
Keepalived version
Distro (please complete the following information):
Details of any containerisation or hosted service (e.g. AWS)
If keepalived is being run in a container or on a hosted service, provide full details
Configuration file:
System Log entries
The text was updated successfully, but these errors were encountered: