ARP proxy going rogue, part 2: tracing the kernel

Introduction This is a story of ARP Proxy going rogue. Writing down that story took more than I expected so it’s split in two different posts. In the first part I explained what proxy ARP is and how it’s used in GRNET Ganeti clusters to provide public IPv4 to guest vms. I referred to the incident of a certain host hijacking all IPv4 addresses within a VLAN. In this second part I track down this particular behavior by reading the linux source code, setting up a Debian Buster testbed environment with network namespaces, and playing around with python scapy, eBPF Compiler Collection toolkit and linux kernel static tracepoints. [Read More]

ARP proxy going rogue, part 1: the incident

Intro This is a story of “Proxy ARP” going rogue. Writing down that story took more than I expected so it’s split in two different posts. In this first part we explain what proxy ARP is and how it’s used in GRNET Ganeti clusters to provide public IPv4 to guest vms. I’m going to investigate a particular incident where certain hosts caused DOS by hijacking all IPv4 addresses within a VLAN. [Read More]

Linux Networking for Ganeti Clusters, explained

Here is a presentation I made at work regarding how we employ Linux powers to establish the networking base for the Ganeti clusters powering ViMa and ~okeanos cloud installations at GRNET.

I plan on writing a detailed blogpost about how IP-less routed networks work and allow us to provide public IPv4 and IPv6 addresses to virtual machines without the burden of sharing the broadcast domain.