Linux 内核参数之Arp_ignore & Arp_announce

最新推荐文章于 2024-06-14 16:30:33 发布

原创最新推荐文章于 2024-06-14 16:30:33 发布 · 794 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#arp_ignore #arp_announce #Linux内核参数

Linux MircSystemctl 专栏收录该内容

49 篇文章

订阅专栏

本文深入探讨了Linux内核中的arp_ignore和arp_announce参数，详细解释了它们如何影响系统的ARP响应和请求行为，特别是在LVS的DR场景下，这些参数的正确配置对于确保DR转发的正常运行至关重要。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

——— Linux 内核参数 ———

Arp_ignore AND Arp_announce

arp_ignore和arp_announce参数都和ARP协议相关，主要用于控制系统返回arp响应和发送arp请求时的动作。这两个参数很重要，特别是在LVS的DR场景下，它们的配置直接影响到DR转发是否正常。

Arp_ignore 参数

0 - (default): reply for any local target IP address, configured on any interface
1 - reply only if the target IP address is local address configured on the incoming interface on any interface
2 - reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface on any interface
3 - do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied
on any interface
4 - 7 - reserved
8 - Do not reply for all local addresses
arp_ignore参数常用的取值主要有0，1，2，3~8较少用到：
0：响应任意网卡上接收到的对本机IP地址的arp请求（包括环回网卡上的地址），而不管该目的IP是否在接收网卡上。
1：只响应目的IP地址为接收网卡上的本地地址的arp请求。
2：只响应目的IP地址为接收网卡上的本地地址的arp请求，并且arp请求的源IP必须和接收网卡同网段。
3：如果ARP请求数据包所请求的IP地址对应的本地地址其作用域（scope）为主机（host），则不回应ARP响应数据包，如果作用域为全局（global）或链路（link），则回应ARP响应数据包。
4~7：保留未使用
8：不回应所有的arp请求
　　sysctl.conf中包含all和eth/lo（具体网卡）的arp_ignore参数，取其中较大的值生效。

Arp_announce 参数

0 - (default) Use any local address, configured on any interface
1 - Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2.
2 - Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.
The max value from conf/{all,interface}/arp_announce is used.
0：允许使用任意网卡上的IP地址作为arp请求的源IP，通常就是使用数据包a的源IP。
1：尽量避免使用不属于该发送网卡子网的本地地址作为发送arp请求的源IP地址。
2：忽略IP数据包的源IP地址，选择该发送网卡上最合适的本地地址作为arp请求的源IP地址。
sysctl.conf中包含all和eth/lo（具体网卡）的arp_ignore参数，取其中较大的值生效。