[networking-discuss] Gratuitous ARP and Solaris 10

Tue, 06 Jul 2010 11:08:40 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, everybody.

My hosting requires that I disable the gratuitous ARP packets my Solaris
servers are sending every 5 minutes (for detection of address
duplication).

Disabling gratuitous ARP at the kernel level seems to have unexpected
consequences when mixed with Solaris 10 Zones, so I rather prefer to
avoid it. That is, doing

    [r...@xxx /]# ndd -set /dev/arp arp_probe_count 0
    [r...@xxx /]# ndd -set /dev/arp arp_defend_interval 0

avoids the Gratuitous ARP, but the zones networking is not working at
all (if you start the zones AFTER issuing those commands).

If I do

     /usr/sbin/ndd -set /dev/arp arp_probe_count 1
     /usr/sbin/ndd -set /dev/arp arp_publish_count 1
     /usr/sbin/ndd -set /dev/arp arp_fastprobe_count 1
     /usr/sbin/ndd -set /dev/arp arp_defend_interval 0

then the zones networking works and there is not Gratuitous ARP during
normal operation, but when the zones are started, the interface
activation generates a short burst of ARPs, and my hosting is very
hostile to that.

So I was wondering if IPFILTER could filter outgoing broadcast ARP
replies (Gratuitous ARP). I don't find anything useful in the docs.

The only suggestion my hosting is doing is to configure a virtual MAC
for each Zone (having different MACs evades their automated monitors),
but Solaris 10 doesn't allow for virtual interfaces to have different
MAC addresses than the physical NIC. The machine has a single NIC.

Thanks for your time and attention.

Solaris 10, Update 7 here.

PS: Some details in Spanish: <http://www.jcea.es/artic/solaris-arp.htm>.
Automatic english translation in
<http://translate.google.com/translate?u=http%3A%2F%2Fwww.jcea.es%2Fartic%2Fsolaris-arp.htm&sl=es&tl=en&hl=&ie=UTF-8>

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
j...@jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:j...@jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTDNwqplgi5GaxT1NAQKKAQP9H7ReKPVf4Xqydtva8qcfPIeHq1scVAdI
17+pOSmYRAlWGBINDw19mLE2xHBZDbqakNjmhvxU1o/6g6xEOZPQ2XiR+DygXHOB
msz8DBLTc06Ynq+kqoJZZFl9jMFGUnbIOTOSnycs5dq6gznkx1xmB1CNWSQ4eEdY
HGmlY+tPsHI=
=g2QU
-----END PGP SIGNATURE-----
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org

Reply via email to