Why should the listening interface have a "/32" bit net mask in Invisible Mode?


This article applies to:

  • R3000

Question:

Why should the listening interface have a "/32" bit net mask in Invisible Mode?

Reply

With Linux, either interface is allowed to respond to ARP broadcasts - whether the IP address in the request is bound to that interface or another interface on the same machine. What can happen in this case is that the wrong interface may respond to various ARP requests, telling the machine who is asking for it to connect to the wrong interface.

That in and of itself is not necessarily a problem, as internally the Linux kernel will generally route the packet to the correct interface. However, many managed switches will detect this type of 'flopping' back and forth between two physical ports on the switch - where sometimes the IP address is shown on one physical port, and other times, it is shown on a different physical interface - and will actually disable the physical ports that this machine is connected to.

The condition above is often referred to as "ARP-flux". By assigning a /32 subnet mask, that LAN1 interface will no longer have a routable IP, and will not be able to respond to any broadcast request. This will ensure that only LAN2 ever responds for an ARP broadcast requesting the MAC address of the interface for that IP address.

This article was previously published as:
8e6 KB 276524

Last Modified 2/25/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle12342.aspx