Follow

This week's "why does anything in this world even work?" thing: Linux kernel arp handling.

In the default configuration it's super promiscuous, and doesn't care any about little details like "does this arp entry I have just learned even belong to the subnet on that interface" or "does this arp request match that inbound interface"...

That's great (not), but usually doesn't break (outside of stateful firewallsin the path - different topic), right until you have interfaces with different MTUs...

git.kernel.org/pub/scm/linux/k has fun comments like "This may seem wrong but it usually makes sense, because it increases the chance of successful communication."

Now, until very recently Openstack kept the default kernel configuration - but when you use VXLAN, you usually have a higher MTU on the VXLAN transport interface at the very least... What could possibly go wrong?

@galaxis If you got into linux thinking it wasn't promiscuous, I feel like you have been misled... It's a hack kernel made by a guy who wanted to use unix the way he wanted outside UNI (from memory of posix and everything else I might add, the genius there is well, historic)... Promiscuous by design...

It was always a hack, and for those of us there when it happened, will always be a hack around licensing...

There will always be love (please don't get me wrong here about what was/is accomplished), but don't mistake it for anything it's not, still a hack to get around legal junk, not technically better than a proper UNIX in any fashion...

@seven Oh, I wasn't bitten by this until very recently - it actually becomes a problem under specific circumstances (when you have several Linux systems in the default config that communicate over more than one interface), but tbh I just assumed that Linux works by the book (arp is only valid if it matches the interface subnet) until we had to debug a problem...
But yeah, that kind of default behaviour certainly matches Linus' mindset, so I shouldn't be surprised...

Sign in to participate in the conversation
INFRa Mastodon

This Mastodon instance is not open for public registration. Site administrator is Alexander Bochmann.

Contact email: ab+mastodon@infra.de