From Igor personal wiki
Jump to: navigation, search

local copy from following public blogs



Step 1: Enable ARP filtering on all interfaces:

# sysctl -w net.ipv4.conf.all.arp_filter=1
# echo "net.ipv4.conf.all.arp_filter = 1" >> /etc/sysctl.conf

From the file networking/ip-sysctl.txt in the Linux kernel docs:

arp_filter - BOOLEAN

   1 - Allows you to have multiple network interfaces on the same
   subnet, and have the ARPs for each interface be answered
   based on whether or not the kernel would route a packet from
   the ARP'd IP out that interface (therefore you must use source
   based routing for this to work). In other words it allows control
   of which cards (usually 1) will respond to an arp request.
   0 - (default) The kernel can respond to arp requests with addresses
   from other interfaces. This may seem wrong but it usually makes
   sense, because it increases the chance of successful communication.
   IP addresses are owned by the complete host on Linux, not by
   particular interfaces. Only for more complex setups like load-
   balancing, does this behaviour cause problems.
   arp_filter for the interface will be enabled if at least one of
   conf/{all,interface}/arp_filter is set to TRUE,
   it will be disabled otherwise

Step 2: Implement source-based routing

I basically just followed directions from, although that page was written with a different goal in mind (dealing with two ISPs).

Assume that the subnet is, the gateway is, the IP address for eth0 is, and the IP address for eth1 is

Define two new routing tables named eth0 and eth1 in /etc/iproute2/rt_tables:

... top of file omitted ...

1    eth0
2    eth1

Define the routes for these two tables:

# ip route add default via table eth0
# ip route add default via table eth1
# ip route add dev eth0 src table eth0
# ip route add dev eth1 src table eth1

Define the rules for when to use the new routing tables:

# ip rule add from table eth0
# ip rule add from table eth1

The main routing table was already taken care of by DHCP (and it's not even clear that its strictly necessary in this case), but it basically equates to this:

# ip route add default via dev eth0
# ip route add dev eth0 src
# ip route add dev eth1 src

And voila! Everything seems to work just fine. Sending pings to both IP addresses works fine. Sending pings from this system to other systems and forcing the ping to use a specific interface works fine (ping -I eth0, ping -I eth1 And most importantly, all TCP and UDP traffic to/from either IP address works as expected.