Re: Late to the party - multiple search domains on the network.

From: Peter Jones <pjones redhat com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Late to the party - multiple search domains on the network.
Date: Tue, 12 Apr 2005 11:17:31 -0400

On Mon, 2005-04-11 at 12:07 -0400, Dan Williams wrote:

> NM enforces security on devices that are not the "active" device my
> ensuring that those "inactive" devices have no IP address and do not
> show up in the routing table.

Just as a side note, this is (slightly) broken by design.  The Linux
kernel sees a IP address as an attribute of a host, not one of an
ethernet card.  (this is actually what the standard says, though there
are quite a few different interpretations of it)

So you can still have scenarios where it'll send responses on devices
for which there are no IP routes.  In particular, ARP requests will be
responded to on interfaces other than those where "ifconfig" shows the
IP the query was about.

I'm not entirely sure what the right answer here is -- you can change
the behavior with some sysctl's (on either a global or per-interface
basis), but there might be ramifications with other software in use. 

-- 
        Peter

References:
- Late to the party - multiple search domains on the network.
  - From: Simon Kelley
- Re: Late to the party - multiple search domains on the network.
  - From: Dan Williams
- Re: Late to the party - multiple search domains on the network.
  - From: Simon Kelley
- Re: Late to the party - multiple search domains on the network.
  - From: Dan Williams
- Re: Late to the party - multiple search domains on the network.
  - From: Simon Kelley
- Re: Late to the party - multiple search domains on the network.
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]