Prepare your server for additional IP addresses

If your server was not recently created, and does not use Gandi IA, you must update the appropriate Gandi support later. This software later is in charge of automatically configuring the server's interface during attachment.

Note that the installation is not mandatory if you are an expert and would like to configure the interface by yourself. We nevertheless recommend using the gandi-hosting-vm package in order to benefit from this feature. With Debian:

  • apt-get update to update the list of packets
  • apt-get install gandi-hosting-vm to install the latest gandi-hosting-vm package

In expert mode, you must force the ARP responses to be sent from the most appropriate interface. For security reasons, we filter requests and ARP responses of each virtual server. This hinders you from transmitting the eth1 address/mac via eth0. You will also need to deactivate the reverse path RFC1812 origin validation, because your default route is on eth0, and the other interfaces will refuse any packet that does not come from their local network.

With Linux, you will obtain this configuration by modifying your configuration: in /etc/sysctl.conf : 

net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.rp_filter=0

then, by reloading the configuration file: 

sysctl -f /etc/sysctl.conf

or manually: 

sysctl -w net.ipv4.conf.all.arp_announce=2 
sysctl -w net.ipv4.conf.all.arp_filter=0
sysctl -w net.ipv4.conf.all.rp_filter=0

Due to the way that these interfaces are attached to the system, it may be that the sysctl settings mention “all”, and are defined *before* the current interface is configured/mounted on the server.

Define the sysctl settings that mention 'default' with the appropriate value in order to facilitate the dynamic attaching of interfaces. A specific configuration may therefore be applied to each interface.

Here is an example of the 'sysctl.conf' configuration file for three eth0, eth1, and eth2 interfaces, where eth1 is not used for outgoing traffic and filters incoming packets: 

net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 1 ## Trafic local uniquement

If a new interface is attached to your server filters incoming traffic and if the above systl does not fix the problem (the parameters 'all' and 'default' which are not taken into account), then you must force the settings of the interface in question, by indicating for example: 

 net.ipv4.conf.eth1.arp_announce = 2
 net.ipv4.conf.eth1.rp_filter = 0

Last modified: 05/29/2013 at 14:45 by Ryan A. (Gandi)

Page Tools