Two NICs, one unplugged, both IPs still work

I'm trying to figure out why this works:

RHEL4 ES U3. I inherited this box and did not configure it.

Two physical NICs installed, each with a different IP (same network).
One of the NICs is unplugged, but still active. However, I can ping
both IP addresses from another box successfully.

Shouldn't I not be able to? I checked /network-scripts and there is no
alias set up, it is truly configured as two separate NICs (eth0, eth1)
with separate MACs and separate IPs. There are no custom routes
configured, nothing else unusual AFAIK. There is nothing specified on
any network devices either.

So shouldn't the unplugged NICs IP address be unresponsive? Connecting
(SSH, Ping) to this IP connects to the other NIC. Is there somewhere
else where this relationship could be setup that I can check?

I'll add that on reboot the NICs are sometimes unresponsive and have
to be manually deactivated and activated again. My plan is to correct /
network-scripts for a proper dual-IP, single-NIC setup, assuming this
will resolve that strange issue. Before I do this, though, I'd like to
know why it's currently acting as it is. Is it possible there is still
some legacy config somewhere retained from when someone had done a NIC
swap or something like that? Boot logs show no problems and nothing
unusual. I've never seen this before.

Thanks!

gt wrote:
> I'm trying to figure out why this works:
>
> RHEL4 ES U3. I inherited this box and did not configure it.
>
> Two physical NICs installed, each with a different IP (same network).
> One of the NICs is unplugged, but still active. However, I can ping
> both IP addresses from another box successfully.
>
> Shouldn't I not be able to?


If you have ip_forwarding enabled, then the physical interface doesn't
matter.

The kernel "pools" the ip addresses and routes between automagically.
The physical interface doesn't matter.

Turn off ip_forwarding ( 'echo 0 > /proc/net/????/ip_forwarding' or some
such) and you won't be able to ping the disconnected if.

On May 14, 1:09 pm, CptDondo <y...@NsOeSiPnAeMr.com> wrote:
> gt wrote:
> > I'm trying to figure out why this works:
>
> > RHEL4 ES U3. I inherited this box and did not configure it.
>
> > Two physical NICs installed, each with a different IP (same network).
> > One of the NICs is unplugged, but still active. However, I can ping
> > both IP addresses from another box successfully.
>
> > Shouldn't I not be able to?
>
> If you have ip_forwarding enabled, then the physical interface doesn't
> matter.
>
> The kernel "pools" the ip addresses and routes between automagically.
> The physical interface doesn't matter.
>
> Turn off ip_forwarding ( 'echo 0 > /proc/net/????/ip_forwarding' or some
> such) and you won't be able to ping the disconnected if.

That's probably what's going on.

Here's an article that describes IP forwarding
http://systemnotesorg.blogspot.com/2...ardarding.html

You should check your /etc/sysconfig/network-scripts/ files.
ifcfg-eth0
ifcfg-eth1
And if you have bonding enabled, ifcfg-bond0
You can turn off eth1 with the command
ifdown eth0

And then make it stay off at boot up:
in /etc/sysconfig/network-scripts/ifcfg-eth1
change
ONBOOT="yes"
to
ONBOOT="no"

On May 14, 4:09 pm, CptDondo <y...@NsOeSiPnAeMr.com> wrote:
> gt wrote:
> > I'm trying to figure out why this works:
>
> > RHEL4 ES U3. I inherited this box and did not configure it.
>
> > Two physical NICs installed, each with a different IP (same network).
> > One of the NICs is unplugged, but still active. However, I can ping
> > both IP addresses from another box successfully.
>
> > Shouldn't I not be able to?
>
> If you have ip_forwarding enabled, then the physical interface doesn't
> matter.
>
> The kernel "pools" the ip addresses and routes between automagically.
> The physical interface doesn't matter.
>
> Turn off ip_forwarding ( 'echo 0 > /proc/net/????/ip_forwarding' or some
> such) and you won't be able to ping the disconnected if.

Good idea, however /proc/sys/net/ip_forward is disabled (0). Could
this still be enabled elsewhere? Anything else to check? Thanks

gt wrote:

> Two physical NICs installed, each with a different IP (same network).

This is a very advanced network configuration. You have to know
exactly what you're doing to make this work.

This configuration will create all sorts of problems if you don't
understand the details of what's going on. Your specific issue is
caused by the following scenario:

1) Another machine on the network wants to reach the IP of the
disconnected network card. It sends out an ARP broadcast on the
network to find out what hardware address to use.

2) Your machine receives that broadcast, sees that it is for a network
address it owns, and responds to it.

3) The other machine then uses the hardware address of that interface.

Whoever told you to turn of ip forwarding is mistaken. Nothing is
forwarded. The packet is send directly to the machine that owns that
IP address.

You can fix this one specific issue fairly easily, Linux has a switch
that causes it to send ARP replies only on the interface that an IP
address is configured on. But that fixes only this one specific issue
and doesn't fix the main problem, which is that you are sort of
bridging and sort of not bridging.

DS

David Schwartz wrote:

> Whoever told you to turn of ip forwarding is mistaken. Nothing is
> forwarded. The packet is send directly to the machine that owns that
> IP address.

DUH! You're right, of course...

It's been a while since I've done this without a heap of iptables rules
and routing tables.

--Yan

On May 14, 5:24 pm, David Schwartz <dav...@webmaster.com> wrote:
> gt wrote:
> > Two physical NICs installed, each with a different IP (same network).
>
> This is a very advanced network configuration. You have to know
> exactly what you're doing to make this work.
>
> This configuration will create all sorts of problems if you don't
> understand the details of what's going on. Your specific issue is
> caused by the following scenario:
>
> 1) Another machine on the network wants to reach the IP of the
> disconnected network card. It sends out an ARP broadcast on the
> network to find out what hardware address to use.
>
> 2) Your machine receives that broadcast, sees that it is for a network
> address it owns, and responds to it.
>
> 3) The other machine then uses the hardware address of that interface.
>
> Whoever told you to turn of ip forwarding is mistaken. Nothing is
> forwarded. The packet is send directly to the machine that owns that
> IP address.
>
> You can fix this one specific issue fairly easily, Linux has a switch
> that causes it to send ARP replies only on the interface that an IP
> address is configured on. But that fixes only this one specific issue
> and doesn't fix the main problem, which is that you are sort of
> bridging and sort of not bridging.
>
> DS

thanks, that certainly makes sense.

as i wrote, this is an inherited machine and i'm going to be adjusting
the /network-scripts to a proper setup (eth0, eth0:0), just wanted
some insight into the current setup. been a few linux boxes i've
inherited with funky network configs.

btw, what's the switch to do what you're saying, for my own knowledge?

thanks again!

Hello,

(E-Mail Removed) a écrit :
>>
>>>Two physical NICs installed, each with a different IP (same network).
>>>One of the NICs is unplugged, but still active. However, I can ping
>>>both IP addresses from another box successfully.
>>
>>>Shouldn't I not be able to?

No. I mean, yes, you should be able to.

Rationale :
On a Linux system, an IP address configured on an active interface
belongs to the whole host, not to that particular interface, and is
usable on all local interfaces.

>>If you have ip_forwarding enabled, then the physical interface doesn't
>>matter.

IP forwarding has nothing to do with this.

>>Turn off ip_forwarding ( 'echo 0 > /proc/net/????/ip_forwarding' or some
>>such) and you won't be able to ping the disconnected if.
>
> That's probably what's going on.

No, it's not.

Pascal Hambourg <boite-a-(E-Mail Removed)> wrote:
> (E-Mail Removed) a ?crit :
> >>>Two physical NICs installed, each with a different IP (same
> >>>network). One of the NICs is unplugged, but still
> >>>active. However, I can ping both IP addresses from another box
> >>>successfully.
> >>
> >>>Shouldn't I not be able to?

> No. I mean, yes, you should be able to.

> Rationale :
> On a Linux system, an IP address configured on an active interface
> belongs to the whole host, not to that particular interface, and is
> usable on all local interfaces.

I believe that in IETF speak, this is a variation on the "weak end
system model" where the "strong end system model" is when an IP
address is associated exclusively with a specific interface and
traffic destined to an IP will only be accepted via the interface to
which that IP has been assigned. Very few systems, if any, default to
a strong end system model.

If the two NICs are connected to the same switch, it could even be the
case that only one MAC is associated with the two IP's on the "other"
systems since the "weakness" of the end system model extends to ARP as
well - responses for IP-MAC translations for any of the IPs will go
out either of the interfaces unless something like arp_ignore or
arp_filter are set (I can never remember which does which
differently).

--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On May 14, 2:49 pm, gt <geofft...@gmail.com> wrote:

> btw, what's the switch to do what you're saying, for my own knowledge?

http://linux-ip.net/html/ether-arp.html
See section 2.1.4

It is unfortunate that there's no good way to 'bond' Ethernet links
together at the Ethernet layer that can be automatically detected by
typical switches.

DS