Testing ARP on tap interfaces forwarding
make run
This will create ns_tap0, ns_tap1 namespaces and tap0, tap1 adapters
sudo ip netns exec ns_tap0 ip a s
tap0:
inet 10.200.0.2/24 scope global tap0
sudo ip netns exec ns_tap1 ip a s
tap0:
inet 10.200.0.3/24 scope global tap0
arping works as expected, no static ARP required:
sudo ip netns exec ns_tap0 arping -I tap0 10.200.0.3
ARPING 10.200.0.3
42 bytes from 42:8e:ba:0d:ab:de (10.200.0.3): index=0 time=11.571 msec
root@vagrant:/home/vagrant# tcpdump -i tap1 -n -l
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:08:49.209282 ARP, Request who-has 10.200.0.3 tell 10.200.0.2, length 28
13:08:49.209300 ARP, Reply 10.200.0.3 is-at 42:8e:ba:0d:ab:de, length 28
# sudo ip netns exec ns_tap1 python -mSimpleHTTPServer 8000
Serving HTTP on 0.0.0.0 port 8000 ...
10.200.0.2 - - [11/Jan/2018 13:11:01] "GET / HTTP/1.1" 200 -
10.200.0.2 - - [11/Jan/2018 13:12:35] "GET / HTTP/1.1" 200 -
10.200.0.2 - - [11/Jan/2018 13:12:39] "GET / HTTP/1.1" 200 -
sudo ip netns exec ns_tap0 curl -i 10.200.0.3:8000
make run-no-ns
In this case system doesn't respond to ARP requests even if we change mac addr and
sudo arping -I tap0 -s de:ad:be:ef:de:ad -S 10.200.0.55 10.200.0.3
root@vagrant:/home/vagrant# tcpdump -i tap1 -n -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:42:15.758624 de:ad:be:ef:de:ad > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.0.3 tell 10.200.0.55, length 28
13:42:16.760068 de:ad:be:ef:de:ad > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.0.3 tell 10.200.0.55, length 28
13:42:17.762684 de:ad:be:ef:de:ad > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.0.3 tell 10.200.0.55, length 28
13:42:18.764038 de:ad:be:ef:de:ad > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.0.3 tell 10.200.0.55, length 28
Once we remove IP overlapping - ARP starts working again
# change or even flush an IP from tap0
sudo ifconfig tap0 1.2.3.4/24
#sudo ip a f tap0 # this works as well
# inject some ARP request from random ip/mac
sudo arping -I tap0 -s de:ad:be:ef:de:ad -S 10.200.0.55 10.200.0.3
tcpdump -i tap1 -n -e arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:47:52.387049 de:ad:be:ef:de:ad > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.0.3 tell 10.200.0.55, length 28
13:47:52.387068 ba:b4:f0:77:53:68 > de:ad:be:ef:de:ad, ethertype ARP (0x0806), length 42: Reply 10.200.0.3 is-at ba:b4:f0:77:53:68, length 28