Jesus Cea wrote: > Disabling gratuitous ARP at the kernel level seems to have unexpected > consequences when mixed with Solaris 10 Zones, so I rather prefer to > avoid it. That is, doing > > [r...@xxx /]# ndd -set /dev/arp arp_probe_count 0 > [r...@xxx /]# ndd -set /dev/arp arp_defend_interval 0 > > avoids the Gratuitous ARP, but the zones networking is not working at > all (if you start the zones AFTER issuing those commands).
This sounds vaguely like a known and fixed bug. Unfortunately, though, this is an OpenSolaris mailing list, not Solaris 10 support. Have you contacted your local Oracle/Solaris support representative? > then the zones networking works and there is not Gratuitous ARP during > normal operation, but when the zones are started, the interface > activation generates a short burst of ARPs, and my hosting is very > hostile to that. Really? That seems a bit silly. Once the non-global zone starts running, there'll be a lot more traffic than just a handful of ARP messages. (Unless it just doesn't use the network at all, in which case it probably doesn't need an address ...) > So I was wondering if IPFILTER could filter outgoing broadcast ARP > replies (Gratuitous ARP). I don't find anything useful in the docs. I don't believe it can, because ARP messages aren't generated directly by IP (at least on Solaris), and IP-Filter filters IP packets alone. > The only suggestion my hosting is doing is to configure a virtual MAC > for each Zone (having different MACs evades their automated monitors), > but Solaris 10 doesn't allow for virtual interfaces to have different > MAC addresses than the physical NIC. The machine has a single NIC. Right. If you want to upgrade to OpenSolaris, then this is definitely the right list. ;-} -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
