LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > Skaperen
User Name
Password

Notices

Rate this Entry

Rethinking network configuration

Posted 04-15-2012 at 02:43 AM by Skaperen

Previously I wrote about configuring interfaces with static IPs based on matching them with what actual network (subnet) the interface is connected to. Now I'm thinking about it in even more different terms. But this concept will need some changes in the kernel itself.

To start with, the kernel already (by default) will "leak" an IP address to other interfaces. Specifically, if an ARP query comes in on one interface for an IP address only configured on another interface, it will be answered, anyway, on the interface it arrives on. The concept is explained in the kernel source tree file Documentation/networking/ip-sysctl.txt where it describes the "arp_filter" setting:

Quote:
0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems.
So it should make sense to simply have all the host IP addresses collected in one common place. Then sort out what goes where by where (interface) the ARP queries come in at. It would still be good to have a way to filter this by policy rules, so you can, for example, disallow certain IPs (or MACs) at certain interfaces.

Then there is also the issue of which IP address to use as a source IP when initiating outbound IP traffic. Normally, the best IP address (if that interface has IPs in the destination subnet, that first of those is best) configured on the interface that is the best path to the destination would be used for that. This much is probably still best solved by exploring the connected subnet to see what is there (ask DHCP, spy on ARP queries, etc).

But for incoming traffic, a master list of IP addresses to recognize would make more sense.

More network rethinking ideas will come later.
Posted in Uncategorized
Views 253 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 04:07 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration