Red Hat Bugzilla – Bug 1320366
ifup-aliases does not send gratuitous ARPs when adding addresses
Last modified: 2017-03-21 07:53:10 EDT
Description of problem: ifup-aliases does not send gratuitous ARP updates when adding addresses. When moving one or more aliases from one server to another, those IPs may not be reachable for some time (depending on the ARP timeout on the upstream router). Version-Release number of selected component (if applicable): Seen in: - initscripts-8.45.42-1.el5_8.1 (RHEL 5) and - initscripts-9.03.46-1.el6 (RHEL 6) Steps to Reproduce: 1. On two hosts, configure an interface with a primary IP and an additional secondary IP. Use the same IPs on both machines -- we'll be bringing them up on only one machine at a time: $ cat /etc/sysconfig/network-scripts/eth1 DEVICE=eth1 IPADDR=192.0.2.1 NETMASK=255.255.255.0 $ cat /etc/sysconfig/network-scripts/eth1:1 DEVICE=eth1:1 IPADDR=192.0.2.2 NETMASK=255.255.255.0 2. On host A, bring the interfaces up: # ifup eth1 Determining if ip address 192.0.2.1 is already in use for device eth2... Determining if ip address 192.0.2.2 is already in use for device eth2... 3. On host A, take the interfaces down: # ifdown eth1 4. On host B, bring the interfaces up: # ifup eth1 Determining if ip address 192.0.2.1 is already in use for device eth2... Determining if ip address 192.0.2.2 is already in use for device eth2... 5. From a host *outside of that subnet*, attempt to ping the primary and secondary IPs: $ fping 192.0.2.{1..2} 192.0.2.1 is alive 192.0.2.2 is unreachable Note that the primary IP was gratuitously ARPed (in ifup-eth), but the secondary IP was *not*, so the ARP entry on the router is incorrect. Only once that entry has expired or forced out with a manual gratuitous ARP is the secondary IP reachable.
> Determining if ip address 192.0.2.1 is already in use for device eth2... > Determining if ip address 192.0.2.2 is already in use for device eth2... Obviously that should say "eth1" there. Missed that when copy-pasting the messages.
Can you try this totally untested patch from top of my head: diff --git a/sysconfig/network-scripts/ifup-aliases b/sysconfig/network-scripts/ifup-aliases index c47d6ef..a014d3f 100755 --- a/sysconfig/network-scripts/ifup-aliases +++ b/sysconfig/network-scripts/ifup-aliases @@ -272,6 +272,13 @@ function new_interface () /sbin/ip addr add ${IPADDR}/${PREFIX} brd ${BROADCAST} dev ${parent_device} label ${DEVICE} + # update ARP cache of neighboring computers + if [ "${REALDEVICE}" != "lo" ]; then + /sbin/arping -q -A -c 1 -I ${parent_device} ${IPADDR} + ( sleep 2; + /sbin/arping -q -U -c 1 -I ${parent_device} ${IPADDR} ) > /dev/null 2>&1 < /dev/null & + fi + if [ "$NO_ALIASROUTING" != yes ]; then GATEWAYDEV=$network_GATEWAYDEV;
(In reply to Lukáš Nykrýn from comment #3) > Can you try this totally untested patch from top of my head: Just tested it. It works well.
Customer is reporting that this also affects RHEL 7.2. Request to clone this for RHEL 7.
Pull-request submitted: https://github.com/fedora-sysv/initscripts/pull/24 However, I think that sleeping for 2 seconds is too much. Was there any specific reason why 2 seconds were chosen?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0786.html