Bug 68658

Summary: hidden-2.4.5-1.diff patch not included in 2.4 kernel leaving loopback arping problem
Product: [Retired] Red Hat Linux Reporter: Matthew Crawford <mcrawford>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: rparish
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.linux-vs.org/~julian/hidden-2.4.5-1.diff
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-30 15:39:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Crawford 2002-07-12 04:19:33 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513

Description of problem:
Additional IP addresses bound to the loopback interface for load balanceing will
ARP for broadcast ARP requests on the network. When you have network load
balanceing equiptment you do not want the loopback device to ARP for addresses
on the loopback. In the 2.2 kernel you included in your default patches the
"hidden" patch that added the proc entry that allowed you to hide an interface
like "looback" or "all" from broadcast ARP requests. In the 2.4 kernel it seems
to either been decited not to include or was forgotten about causeing anyone in
a HA or load balanced enviroment useing loopback addresses to create custom
kernels each time.You can get a copy of the patch at the following address:
http://www.linux-vs.org/~julian/hidden-2.4.5-1.diff

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Add valid IP to loopback address
2.ping IP attached to loopback address on remote box.
3.type "arp" on the remote box and you will see the mac address of the physical
nic on the remote box assigned to that ip address.
	

Actual Results:  The box responds to broadcast ARP requests without the option
or proc entry to hide an interface so it does not respond.

Expected Results:  With the "hidden" patch it adds the "hidden" proc value to
the net interfaces and allows you to hide an interface such as "lo" and "all"
from broadcast ARP requests.  With the "hidden" value set in HA or load balanced
solutions the server will not respond to broadcast ARP requests allowing the
traffic to be handled by the network load balanceing equiptment. The patch was
included in the 2.2 kernel and needs to be added as well to the 2.4 kernel.

Additional info:

The following is a patch that was successfully applied and tested on the
2.4.9-37 kernel rpm. http://www.linux-vs.org/~julian/hidden-2.4.5-1.diff

Comment 1 Arjan van de Ven 2002-07-12 07:57:23 UTC
The hidden diff is vetoed by the TCP/IP people. There also is a better method
available in the AS and 7.3 kernels by means of netfilter-for-arp.

Comment 2 Matthew Crawford 2002-07-12 13:53:59 UTC
netfilter as well as useing "ARP=no" in the ifcfg-lo:0 seem to not be 
effective in this type of case. The loopback addresses seem to still respond 
to broadcast ARP requests. The hidden patch was the only thing found that 
resolved the problem.

Comment 3 Arjan van de Ven 2002-07-12 13:58:11 UTC
2.4.18 (and the Advanced Server kernel) add a special netfilter-for-arp-packets
mode, THAT is what I meant

Comment 4 Matthew Crawford 2002-07-12 14:10:28 UTC
Our production enviroment runs on Redhat linux 7.2 currently running the 2.4.9-
37 kernel. I can't seem to be able to find any feature that has been able to 
successfully hide the loopback address from broadcast ARP requests. Disableing 
proxy_ARP does not solve the problem either. It seems all the news group 
mention your suggestion but then that gets shot down as it does not solve the 
problem.

Comment 5 Matthew Crawford 2002-07-12 14:13:37 UTC
If you are able to successfully hide the loopback addresses from answering a 
broadcast ARP address in your testing on the RedHat provided 2.4.9-37 kernel 
for redhat 7.2 without the hidden patch please let the world know as anyone in 
a HA/load balanced solution is being forced to create custom kernels right now.

Comment 6 Bugzilla owner 2004-09-30 15:39:45 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/