[Users] proxy_arp setting on host

Solar Designer solar at openwall.com
Thu Oct 25 06:55:20 EDT 2012


On Wed, Oct 17, 2012 at 03:51:25PM +0300, Dmitrijs Jerihovs wrote:
> Can someone explain when i need to use proxy_arp enabled on OpenVZ host and
> why ?

Looks like no one has replied, so let me try.

In my experience, proxy_arp may need to be enabled when a container is
assigned an IP address not in a network that the host has a static route
for on one of its interfaces.  Configuring such static routes appears to
be a better approach.

For example, if your server is initially on 192.168.100.0/24, and thus
it has this network configured on its eth0, you may proceed to use IPs
in this /24 for containers with no issues and no magic needed.  However,
if at a later time you need to use e.g. 192.168.101.101 for a container,
you might have issues unless you either enable proxy_arp or add a static
route on the host's eth0 for a network containing 192.168.101.101 (e.g.,
for 192.168.101.64/26 or whatever network address and netmask is right).

I observed this behavior on RHEL5'ish OpenVZ kernels.

Alexander


More information about the Users mailing list