LINUXMAKER, OpenSource, Tutorials

Proper handling of the ARP flux on Linux multi-NIC interfaces

The Linux kernel is implemented on a Linux host so that a default Weak Host Model is implemented. By this is meant that the host accepts every locally delivered IP packet, regardless of the network interface on which the packet was received. Just as independently, he sends the packet back via one of his network interfaces.
This is a behavior that can lead to complications in network communication. Because every IP address is also assigned a MAC address of the respective network interface. However, in certain cases, ARP Flux generates unexpected application behavior due to an incorrect mapping between IPv4 addresses and MAC addresses. Examples of this could be applications such as firewalls or FreeRadius, which expect the correct MAC address in the answer exactly to the IP address and terminate the connection as soon as this assignment is no longer consistent. For MAC address resolution ARP is used, which is described in detail here.

Avoiding the ARP flux

Since by default the weak kernel model implements the weak host model, it is advisable to convert it into a strong host model. The behavior in the kernel is initialized by the following parameters.

systctl -w net.ipv4.conf.all.arp_announce=1
systctl -w net.ipv4.conf.all.arp_ignore=2

arp_announce = 1
Try to avoid local addresses that are not in the subnet of the destination for this interface. This mode is useful when target hosts reachable through this interface need the source IP address in ARP requests as part of their logical network configured on the receiving interface. When the request is generated, it checks all subnets that contain the destination IP and preserves the source address if it comes from such a subnet. If there is no such subnet, the source address will be chosen according to the level 2 rules.

arp_ignore = 2
It only responds if the destination IP address is the local address configured on the incoming interface, and both with the sender's IP address are part of the same subnet on that interface.

In addition, it makes sense to set these two kernel parameters as well.

systctl -w net.ipv4.conf.default.arp_filter=1
systctl -w net.ipv4.conf.all.arp_filter=1

Because in the kernel documentation clearly writes
arp_filter - BOOLEAN
1 - Allows you to have multiple network interfaces on the same
    subnet, and have the ARPs for each interface be answered
    based on whether or not the kernel would route a packet from
    the ARP'd IP out that interface (therefore you must use source
    based routing for this to work). In other words it allows control
    of which cards (usually 1) will respond to an arp request.

To be able to do this after a reboot, these parameters should be saved in the configuration file /etc/sysctl.conf.

Ergänzend dazu macht eine Priorisierung des Netzwerk-Interfaces einen Sinn. Durch den Parameter "metric 1" in der Datei /etc/network/interfaces bei der bevorzugten Netzwerkkarte und ein "metric 0" bei den weniger bevorzugten Netzwerk-Interfaces, lässt sich eine Priorisierung erreichen. Um diese Priorisierung umsetzen zu können, bedarf es der Installation des Paketes "ifmetric"

In addition, a prioritization of the network interface makes sense. The parameter "metric 1" in the file /etc/network/interfaces in the preferred network card and a "metric 0" in the less preferred network interfaces allow prioritization to be achieved. To implement this prioritization requires the installation of the package "ifmetric"

apt-get install ifmetric

Settings for the clients

If the Linux clients also have at least two network interfaces, and there are usually laptops with Wi-Fi and LAN interfaces, then you can configure Linux again so that an interface is treated preferentially.

The following scenario should be sought:
If the user inserts his LAN cable into his laptop, the LAN interface should be activated or deactivated when it is no longer plugged in. Accordingly, routing over the LAN interface should be preferred or via the WLAN interface, but not both.

Also for this we explicitly need the packages "ifmetric" and for the hotplug-daemon "ifplugd"

apt-get install ifmetric ifplugd

The configuration of the interfaces in /etc/networking/interfaces is done in this way

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
    metric 0

iface wlan0 inet dhcp
    metric 1

The lower metric generally applies here than the more preferred one. Alternatively, as shown in this article, you can start the experiment and configure both network interfaces with your own default gateway to reach the destination.