New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APs send out ARP broadcast with anycast IP to mesh (and clients) with local MAC address #1488
Comments
Here is a pcap (captured on client0 of the AP) which shows this problem quite clearly anycast_ipv4_icmp_redirect.pcap.gz First you see two packets of a working IPv4 ping. then you will notice the problematic ARP from the other AP (somewhere in Plauen - but I am currently not even in Vogtland and they are just connected via the VPN-Servers). The next seven packets are not really interesting (I just didn't remove them to keep the order of packets as they were). Packet 11 is then received by the AP but destination mac is obviously not anymore the anycast mac address - but the mac address from another AP in the mesh. |
Gluon was modified the following way to integrate the workaround:
|
@T-X: I just had a look at the history an my guess it that both problems (anycast ipv4 anycast traffic on mesh and ) seems to be b3762fc ("gluon-client-bridge: move IPv4 local subnet route to br-client (#1312)"). Please think about reverting it (with a proper upgrade script) for now. Here (duplicate_use_of_anycast_ipv4_arp.pcapng.gz) is for example a pcap from an offline node which uses two different mac addresses for the anycast ipv4 addresses. One is the default gluon anycast mac and the other one is the OpenMesh.com mac address of the device. My device is first trying to ping the anycast ipv4 address (10.204.32.1) and the device is answering with the anycast mac address. The device is then also trying to sent an ICMP reply and therefore also transmits an ARP. This time, the ARP is transmitted via the br-client interface (and is therefore using the wrong mac address). I have have introduced following other new changes (+ran gluon-reconfigure) to work around the problem on my (offline) local testnode for 2018.1
But the ebtables filter rules are still necessary because we have these broken nodes for a while. We must make sure that other nodes are not affected by that. |
It seems like ARP packets are sent around in the mesh which contain different values for the anycast MAC address. These packets are received by the clients - which are then not able to communicate with their connected AP anymore over IPv4. This is especially problematic when dnsmasq is used as DNS forwarder on the node.
I wanted to ask about this on IRC but it seems hackint thought that I am a spammer. So here the full text
The text was updated successfully, but these errors were encountered: