| inscw00table | Any netplan wizards know the syntax/tricks (if any) for requesting multiple dhcp4 addresses on the same interface? | 00:17 |
|---|---|---|
| sarnold | that's an interesting question, I can't recall seeing it raised before | 00:23 |
| === shokohsc3 is now known as shokohsc | ||
| inscw00table | I'm pretty sure I could do it if I used vlans, but don't really need that kind of separation. | 00:42 |
| tomreyn | can this actually work (without vlans), since dhcp uses arp addressing initially? | 00:43 |
| sarnold | I poked around the systemd-networkd docs a bit and couldn't spot anything that looked like it would get you there :( maybe I just don't know how to drive it.. | 00:43 |
| sarnold | it looks easy enough to get systemd-network to assign multiple static addresses to an interface, but dhcp? I didn't see it :( | 00:44 |
| sarnold | I assume (without knowing) that you'd have to take some steps to get the one nic to do multiple MACs, and I haven't got a clue how you'd configure that | 00:44 |
| tomreyn | https://serverfault.com/questions/223601/multiple-mac-addresses-on-one-physical-network-interface-linux | 00:45 |
| tomreyn | says the internet | 00:46 |
| * inscw00table nods. | 00:46 | |
| blahdeblah | macvlan seems like the most promising of those options... | 01:09 |
| sarnold | is 'vlan' is 'macvlan' at all related to 'vlan' the network segmentation tool? | 01:13 |
| tomreyn | https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking looks useful for telling these apart | 01:17 |
| inscw00table | After dinner I will dive down the vlan rabbit hole. | 01:18 |
| tomreyn | now i'm not sure whether macvlan are only useful / usable with netns | 01:19 |
| tomreyn | if only they'd taught me networking at school... | 01:19 |
| sarnold | "Please see the commit message." -- aka "here be dragons"? :) | 01:21 |
| tomreyn | :) | 01:21 |
| sarnold | tomreyn: so, this page here has more than doubled my knowledge on the matter :) buuuut I think the netns in the macvlan section is strictly about making it *easy* to use the different addresses, rather than having to tell the applications which interfaces or addresses to use | 01:22 |
| tomreyn | if i would be able to remember what i read, this would apply to me as well. | 01:23 |
| sarnold | :D | 01:24 |
| tomreyn | so you're saying the macvlan section on this document is strictly about making it *easy* to use the different MAC or IPv4 addresses? | 01:24 |
| sarnold | you can do ip addr add all you want to add multiple IPs to an address, but they'll all use the same mac | 01:25 |
| sarnold | the macvlan thing lets you give each ip address their own arp addresses, too | 01:26 |
| tomreyn | yes, that's what the goal was, wasn't it? | 01:27 |
| sarnold | I think the bridge *might* let you do the same thing, I'm less sure there :( -- but I think using the tap or veth devices requires something like a netns or vm to use the other half of it.. | 01:27 |
| sarnold | yeah | 01:27 |
| sarnold | I think blahdeblah's right, the macvlan thing seems most likely to work | 01:27 |
| tomreyn | i mean the second image at https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#macvlan looks as it it should be possible to communicate with multiple MACs on a single physical network interface by using MACVLAN, without a network bridge, and without the network switch (or the other endpoint) being aware of it. but it could also be oversimplified. | 01:31 |
| sarnold | I think the opening paragraph takes that away "With MACVLAN, you can create multiple interfaces with different Layer 2 (that is, Ethernet MAC) addresses on top of a single one." | 01:32 |
| tomreyn | the commit message still refers to "VLAN", which makes it sound you would actually need to tag packets, though, so not sure | 01:32 |
| tomreyn | yes, i liked that first sentence, too, sounds nice and simple :) | 01:33 |
| inscw00table | Always a good idea to stop reading after the first sentence. | 01:33 |
| tomreyn | :) | 01:33 |
| * sarnold nods | 01:35 | |
| sarnold | maybe even just skim it! | 01:35 |
| tomreyn | chatgpt: make it work for me! | 01:36 |
| sarnold | :D | 01:39 |
| ladeda | I have a fresh installation of Ubuntu 22.04 server minimal install, I have the network configured and a default route set but when the host comes up and the network interface comes up it's not arping it's default gateway so no host not on the same subnet can connect to it, how can I fix this? | 04:24 |
| blahdeblah | ladeda: Put your network configuration along with 'ip route' and 'ip addr' output in a pastebin and we'll be able to help better. | 04:41 |
| ladeda | Sure, I'll also include the arp table as well. | 04:42 |
| blahdeblah | sarnold, inscw00table, tomreyn: My understanding of macvlan is that it allows you to set up virtual networking in such a way that the traffic is segregated simply by its MAC address and doesn't need any specific VLAN tags. | 04:42 |
| blahdeblah | ladeda: good plan :-) | 04:42 |
| blahdeblah | ladeda: 'ip neigh ls' is the better way to do that nowadays, BTW. | 04:44 |
| ladeda | Actually just thinking, I can't copy and paste I dont have access to a shell or anything I am accessing the host over KVM... | 04:44 |
| blahdeblah | Links to screenshots are OK, as long as the text is clearly legible. | 04:45 |
| ladeda | Both those commands pull from the same data in /proc right? so no difference really. | 04:46 |
| blahdeblah | I believe iproute2 uses the netlink API under the covers rather than reading from /proc, but don't quote me on that. The important thing is that iproute2 isn't deprecated, whereas the traditional commands like arp, ifconfig, netstat, route, etc. are. | 04:54 |
| ladeda | Ahh, understood. Thank you for the information. | 04:55 |
| ladeda | blahdeblah: where do you recommend I upload the screen shots? | 05:07 |
| blahdeblah | Wherever works for you; imgur or just google "image pastebin" | 05:08 |
| ladeda | Alright here it is. Just to restate the problem even though the interface is properly configured and has a default gateway set when the interface comes up it never does a gratuitous arp to populate it's arp table with the mac address of it's gateway. https://pasteboard.co/jQXR8foi2I27.png | 05:11 |
| blahdeblah | Should it be doing a gratuitous ARP by default? I wouldn't have thought so, but it has been a long time since I've read any RFCs on the matter. I would normally expect a normal ARP for the gateway MAC, followed by a normal ARP from the gateway for its MAC. Can you ping the default gateway and then run 'ip neigh ls' again? | 05:23 |
| ladeda | I can ping the default gateway | 05:23 |
| ladeda | but that will initiate an ARP and populate the arp table. | 05:24 |
| blahdeblah | Which is correct.. | 05:24 |
| ladeda | What I can't do is ping the host from outside of the subnet | 05:24 |
| blahdeblah | Can you grab a packet capture of a ping for the default gateway followed by a ping for a remote host? | 05:24 |
| ladeda | well let me step back. | 05:24 |
| ladeda | so I am spinning up this Ubuntu 22.04 through an automated provisioning workflow I am testing | 05:24 |
| ladeda | so Ill spin it up and then tear it down | 05:25 |
| ladeda | so the IP it gets is getting a new mac address associated with it every time. | 05:25 |
| ladeda | my switches are keeping the old mac address and IP in their arp table. | 05:25 |
| ladeda | so when I spin up a new host with the same IP address but different mac address I can't connect to it until it sends out an garp so the switches know the update their arp table. | 05:26 |
| blahdeblah | So the switch is the default gateway? | 05:27 |
| ladeda | every other template I use in this provisioning workflow never have this issue CentOS 7, Rocky, RHEL, not even Ubuntu 18.04 and 20.04 they all send out a garp when the interface comes up, but Ubuntu 22.04 is not | 05:27 |
| blahdeblah | OK, that's weird | 05:27 |
| ladeda | and yes the switch would be its default gateway | 05:28 |
| blahdeblah | But regardless, it shouldn't matter; an ARP who-has for the default gateway address from its IP address should be enough to get the gateway to flush its ARP cache. | 05:28 |
| blahdeblah | (because the IP/MAC combo doesn't match what's in the gateway's cache) | 05:29 |
| ladeda | but it never does that | 05:29 |
| ladeda | It never does any kind of ARPing when the interface comes up | 05:29 |
| blahdeblah | even when you ping something? | 05:29 |
| ladeda | bare minimal it should at least being arping the default gateway | 05:29 |
| ladeda | That would be enough to make this problem not happen, but it is not | 05:29 |
| ladeda | no | 05:29 |
| ladeda | if I ping that will trigger the ARP and the problem will resolve. | 05:30 |
| ladeda | but other distros even other versions of Ubuntu do the arp when the interface comes up they don't wait for some type of network activity internally to happen | 05:31 |
| ladeda | It would break things like its doing for me :( | 05:31 |
| blahdeblah | That's definitely not expected; feels like something else is not quite right, like a missing NIC driver or busted config. | 05:34 |
| blahdeblah | What are you using for network configuration? Netplan? ifupdown? | 05:34 |
| ladeda | Enabling arp_notify doesn't even fix this issue which is unusual. | 05:37 |
| ladeda | Yes netplan | 05:37 |
| === shokohsc8 is now known as shokohsc | ||
| sarnold | blahdeblah: cool, thanks ;) (re macvlan, vlan tagging) | 19:31 |
| ladeda | blahdeblah: you think it's a driver issue? I mean once I talk to my gateway then things resolve and the host can be accessed from outside the subnet | 19:48 |
| rfm | ladeda, I've been doing some poking, and here's what I think: the key is arp_notify=1 sends a garp when the interface comes up and when the hardware (mac) address has changed, but not when an IP address is added. | 22:39 |
| rfm | ladeda, interfaces are brought up by the kernel very early (to set up the IPv6 link local address and start looking for router advertisements). | 22:40 |
| rfm | ladeda, I believe at some point networkd , using the network units created by netplan, started just adding the IP address, not bringing up the interface again since it was already up. | 22:42 |
| rfm | ladeda, I suspect the other versions that are sending an arp are either bringing up the interface anew (ifup would probably do that) or are doing something (like fetching the time) which generates a packet going to the gateway, forcing an ARP request to find it. | 22:44 |
| rfm | ladeda, I see three things you could do: set a MAC address in the netplan, run something at boot that would send something to the gateway, or run a garp (9) command sometime late, like in a oneshot unit dependent on the network unit. | 22:47 |
| rfm | ladeda, https://bugzilla.kernel.org/show_bug.cgi?id=194879 was interesting, and googling on various combos of "arp_notify" and "gratuitous arp" pops up quite a few people who've tripped over this. | 22:50 |
| -ubottu:#ubuntu-server- bugzilla.kernel.org bug 194879 in Networking "arp_notify does not send grace ARP on ip address add" [Low, Resolved: Will_not_fix] | 22:50 | |
| rfm | ladeda, oh- one more thing (which is actually what I do and is why I never see this problem) -- if your gateway is also a dhcp server (as most small-network ones are), configure the interface as dhcp and add the static address you need (probably to port-forward to.) This works fine, nothing in Linux cares about having multiple IP addresses configured on an interface. | 22:56 |
| rfm | ladeda, the dhcp transaction would automatically create some traffic on the gateway address and force the ARP query which would clear the poison from the gateway's ARP cache. | 22:58 |
| rfm | ladeda, and after that burst, I'm gonna take a nap. Should be back later... | 22:59 |
| ladeda | rfm: Thank you for looking into it... so you think the interface is coming up before it's actually configured and then netplan is configuring it so no garp goes out? | 23:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
