Reversepath Filter doesn't work properly with illegal clustering settings

Issues related to configuring your network
Post Reply
Ry_I
Posts: 2
Joined: 2019/03/20 02:23:17

Reversepath Filter doesn't work properly with illegal clustering settings

Post by Ry_I » 2019/03/25 14:12:25

Hi,

I'm facing strange situation about Reversepath Filter.

My managing 2 nodes has each 2 NICs and I made a cluster by setting keepalived and macvlan on one of the NICs(both eth1) .
I set all responsible kernel parameter "rp_filter" as 0 because packets are passing asynmetrical route (inbound packets are via vrrp, and outbound are via eth1).

But somehow when rp_filter is reset to 1, contrary to expectation, networking is still alive.
I found I made a mistake to set clustering. I set keepalive on eth0 and set macvlan on eth1.
I know my settings are illegal, but it is strange that networking works properly although all rp_filter parameters are 1.

It would be helpful if someone tells me why this phenomenon occurs.

Thanks,

User avatar
TrevorH
Forum Moderator
Posts: 25557
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Reversepath Filter doesn't work properly with illegal clustering settings

Post by TrevorH » 2019/03/25 16:25:40

CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Ry_I
Posts: 2
Joined: 2019/03/20 02:23:17

Re: Reversepath Filter doesn't work properly with illegal clustering settings

Post by Ry_I » 2019/03/26 04:16:53

Hi,

Thank you for reply.
I understood behavior is different between RHEL5 and 6/7 and reconfirmed how to set rp_filter parameters permanently.

My concern is that rp_filter settings might be invalid if Some network settings are set abnormally.
From a perspective of security, it is indispensable for me to understand how rp_filter works.

Thanks,

Post Reply