Red Hat Bugzilla – Bug 68658
hidden-2.4.5-1.diff patch not included in 2.4 kernel leaving loopback arping problem
Last modified: 2008-08-01 12:22:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513
Description of problem:
Additional IP addresses bound to the loopback interface for load balanceing will
ARP for broadcast ARP requests on the network. When you have network load
balanceing equiptment you do not want the loopback device to ARP for addresses
on the loopback. In the 2.2 kernel you included in your default patches the
"hidden" patch that added the proc entry that allowed you to hide an interface
like "looback" or "all" from broadcast ARP requests. In the 2.4 kernel it seems
to either been decited not to include or was forgotten about causeing anyone in
a HA or load balanced enviroment useing loopback addresses to create custom
kernels each time.You can get a copy of the patch at the following address:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Add valid IP to loopback address
2.ping IP attached to loopback address on remote box.
3.type "arp" on the remote box and you will see the mac address of the physical
nic on the remote box assigned to that ip address.
Actual Results: The box responds to broadcast ARP requests without the option
or proc entry to hide an interface so it does not respond.
Expected Results: With the "hidden" patch it adds the "hidden" proc value to
the net interfaces and allows you to hide an interface such as "lo" and "all"
from broadcast ARP requests. With the "hidden" value set in HA or load balanced
solutions the server will not respond to broadcast ARP requests allowing the
traffic to be handled by the network load balanceing equiptment. The patch was
included in the 2.2 kernel and needs to be added as well to the 2.4 kernel.
The following is a patch that was successfully applied and tested on the
2.4.9-37 kernel rpm. http://www.linux-vs.org/~julian/hidden-2.4.5-1.diff
The hidden diff is vetoed by the TCP/IP people. There also is a better method
available in the AS and 7.3 kernels by means of netfilter-for-arp.
netfilter as well as useing "ARP=no" in the ifcfg-lo:0 seem to not be
effective in this type of case. The loopback addresses seem to still respond
to broadcast ARP requests. The hidden patch was the only thing found that
resolved the problem.
2.4.18 (and the Advanced Server kernel) add a special netfilter-for-arp-packets
mode, THAT is what I meant
Our production enviroment runs on Redhat linux 7.2 currently running the 2.4.9-
37 kernel. I can't seem to be able to find any feature that has been able to
successfully hide the loopback address from broadcast ARP requests. Disableing
proxy_ARP does not solve the problem either. It seems all the news group
mention your suggestion but then that gets shot down as it does not solve the
If you are able to successfully hide the loopback addresses from answering a
broadcast ARP address in your testing on the RedHat provided 2.4.9-37 kernel
for redhat 7.2 without the hidden patch please let the world know as anyone in
a HA/load balanced solution is being forced to create custom kernels right now.
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases,
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/