'[Debian] Re: Bug#574522: clarification of proxy_arp settings'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvz-debian
Subject:    [Debian] Re: Bug#574522: clarification of proxy_arp settings
From:       opal () debian ! org (Ola Lundqvist)
Date:       2010-03-26 16:25:30
Message-ID: 20100326202516.GA17496 () inguza ! net
[Download RAW message or body]

Hi Kir and others in the openvz team

There are some uncertainties on how to set the proxy_arp setting.

I assume it is needed whenever the interface needs to announce its ip
address to the outside network (i.e. when the host do not act as router),
but I'm not 100% in which cases that is.

Can you shed some light on this?

For more information, see http://bugs.debian.org/574522

Best regards,

// Ola

On Fri, Mar 26, 2010 at 07:11:32AM +0100, Stefan Alfredsson wrote:
> 
> On 19 Mar 2010, at 06:49, Ola Lundqvist wrote:
> > However the documentation should also be better described. Suggestions
> > on this is highly welcome.
> 
> Yes, and the primary question is when proxy_arp should be used. I've scouted the \
> net and came up with the following:
> 
> proxy_arp=0
> -----------------
> 
> http://wiki.openvz.org/Quick_installation
> http://wiki.openvz.org/Using_veth_and_brctl_for_protecting_HN_and_saving_IP_addresses
>  
> proxy_arp=1
> -----------------
> 
> http://wiki.openvz.org/Virtual_Ethernet_device
> http://ckdake.com/content/2008/vlans-in-openvz.html
> 
> > make sure that proxy_arp and forwarding are enabled for bond0.10 in \
> > /proc/sys/net/ipv4/conf/bond0.10/
> 
> https://gforge.inria.fr/tracker/index.php?func=detail&aid=8459&group_id=411&atid=5117
>  
> Ambigous
> ---------------
> 
> http://en.gentoo-wiki.com/wiki/OpenVZ_VLAN
> 
> > echo "1" >  /proc/sys/net/ipv4/conf/$x/proxy_arp
> 
> and then later
> 
> > I doubt that
> > echo "1" >  /proc/sys/net/ipv4/conf/$x/proxy_arp
> > is actually needed, at least I've never used it and everything works fine without \
> > proxy arp. I even have: net.ipv4.conf.default.proxy_arp = 0
> 
> http://forum.openvz.org/index.php?t=msg&goto=10089
> 
> > The funny thing is it doesnt matter if i set the proxy arp to 0 or 1 in the \
> > conf-file, networking within the vz is with both options possible.
> 
> 
> Summary:
> --------------
> 
> The openvz wiki recommends proxy_arp=0 in some cases, and in some proxy_arp=1. \
> External sites recommend proxy_arp=1 and then some present varying experiences. \
> Some discussions are based on the debian warning message itself, so there is some \
> feedback loop involved as well :-). 
> 
> The cause for the debian proxy_arp=1 setting seems to be bug 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=387762
> 
> I have a similar setup; one private and one public address on the host node, and \
> then other public addresses for the guests. This works without proxy_arp enabled. \
> Worse, enabling proxy_arp produced arpsend warnings and possibly other problems. 
> Maybe something else has changed from 2006 until now such that proxy_arp is not \
> needed? 
> If only openvz.org is trusted, it seems proxy_arp should only be used when using \
> veth devices, and not venet devices. 
> Perhaps you could contact upstream to get a more definite answer.
> 
> BR
> Stefan
> 
> 
> 
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Annebergsslingan 37      \
> ola@inguza.com                      654 65 KARLSTAD          |
> http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic