[AusNOG] Strange broadcast behaviour on linux 2.6.32 - riddle me this

Beeson, Ayden ABeeson at csu.edu.au
Tue Apr 8 16:46:19 EST 2014 

Yeah that definitely looks like a kernel bug  or software bug with the network apps, check for an update, if you can't find one I would log a bug with centos / RHEL themselves and allow them to escalate it upstream, be prepared to provide a LOT of information though as part of the bug process :)

Thanks,
Ayden Beeson

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joshua D'Alton
Sent: Tuesday, 8 April 2014 2:12 PM
To: Shannon Gernyi
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Strange broadcast behaviour on linux 2.6.32 - riddle me this

Saw similar on an install of Centos 6.4, just figured it was the datacenters rolled version, as it went away when I booted into the OpenVZ kernel I installed on the server. Never saw it again after that.

On Tue, Apr 8, 2014 at 2:32 PM, Shannon Gernyi <shannon.gernyi at xsv.com.au<mailto:shannon.gernyi at xsv.com.au>> wrote:
Hey all,

I have a few boxen running CentOS 6.5 in a very vanilla install.

I ran into some weird behaviour that I couldn't get to the bottom of, and whilst a reboot "fixed" it, I'm not going to be able to sleep at night without asking the question, so riddle me this:

Box A is on a private network:

eth0 172.27.3.111/24<http://172.27.3.111/24>

I'm have a requirement to broadcast on eth0, however, the box isn't sending said broadcast packets to the ethernet broadcast mac - it's sending out ARP requests for 172.27.3.255 instead.

12:49:44.129501 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:45.129494 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:46.129494 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:48.132491 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:49.132488 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:50.132491 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:52.135503 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:53.135486 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:54.135513 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:56.139497 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:57.139491 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:49:58.139494 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:00.131503 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:01.131490 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:02.131495 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:04.134495 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:05.134487 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:06.134490 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:08.137499 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:50:09.137488 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28

eth0 is definitely configured correctly regarding network/mask:

eth0      Link encap:Ethernet  HWaddr REMOVED
          inet addr:172.27.3.111  Bcast:172.27.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:227898706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:219816363 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59578359175 (55.4 GiB)  TX bytes:145429518480 (135.4 GiB)
          Interrupt:245

arp output confirms the above dump:

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.27.3.255                   (incomplete)                              eth0


And finally, manually adding the IP to the arp table with a destination of ethernet broadcast (ie, where the frames should be directed anyway) made things work:

arp -s 172.27.3.255 ff:ff:ff:ff:ff:ff


12:56:30.232505 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:56:31.232506 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:56:32.232496 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:56:34.235510 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:56:35.235505 ARP, Request who-has 172.27.3.255 tell 172.27.3.111, length 28
12:56:36.042743 IP 172.27.3.111.53957 > 172.27.3.255.ha-cluster: UDP, length 225
12:56:36.236321 IP 172.27.3.111.53957 > 172.27.3.255.ha-cluster: UDP, length 246
12:56:36.236353 IP 172.27.3.111.53957 > 172.27.3.255.ha-cluster: UDP, length 225
12:56:38.238098 IP 172.27.3.111.53957 > 172.27.3.255.ha-cluster: UDP, length 225


Now, I can't go back and debug further, but if anyone has seen this or similar behaviour before - please share possible explanations. It's doing my head in!
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


[cid:csu-logo767d.bmp]<http://www.csu.edu.au/>

|   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |   GOULBURN   |   MELBOURNE   |   ONTARIO   |   ORANGE   |   PORT MACQUARIE   |   SYDNEY   |   WAGGA WAGGA   |

________________________________
LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia<http://www.csu.edu.au> The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Charles Sturt University in Ontario<http://www.charlessturt.ca/> 860 Harrington Court, Burlington Ontario Canada L7N 3N4 Registration: www.peqab.ca<http://www.peqab.ca>

Consider the environment before printing this email.

Disclaimer added by CodeTwo Exchange Rules 2007
www.codetwo.com<http://www.codetwo.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/3dae2886/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csu-logo767d.bmp
Type: image/bmp
Size: 37976 bytes
Desc: csu-logo767d.bmp
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/3dae2886/attachment-0001.bin>

More information about the AusNOG mailing list