[systemd-devel] NOARP support (systemd-networkd)

Jukka Aho jukka.aho at iki.fi
Sun Jul 31 03:08:32 UTC 2016 

I have searched high and low for this but cannot figure how to make 
systemd-networkd disable the ARP protocol for a given interface. (Note: 
This is _not_ about the dhcpd ARP probe but a different thing.)

What I mean is the effect of doing...

ip link set dev eth0 arp off

...which results in the "NOARP" flag appearing in the flags listed by 
ifconfig for that interface:

     eth0: flags=4291<UP,BROADCAST,RUNNING,NOARP,MULTICAST>

If there is such an option supported by systemd-networkd, I would 
imagine it being part of the /etc/systemd/network .link, .netdev, or 
.network configuration files syntax. Alas, I could not find anything.

The rationale for wanting to do this is creating multiple MACVLAN or 
VLAN virtual interfaces atop a single lower-level physical interface 
(say, "eth0") which will then only serve as a link/"bridge" device 
aggregating traffic to the same physical link and not participate in the 
network otherwise. But it seems that even if I do not configure an IP 
address for that lower (physical) interface, there will be some weird 
ARP cache action going on by default which will interfere with the 
virtual interfaces and cause intermittent, spurious connectivity 
problems. This might be a case of so-called "ARP Flux Problem", or 
something related; I did not investigate thoroughly yet, but the problem 
can be prevented by switching ARP completely off for the interface (as 
it is not needed or wanted and the interface does not do anything 
sensible with it, why have it running there), which will make any 
incorrect entries related to that interface's MAC address go away from 
"arp -a", "ip neighbor show" and other such listings and resolve the 
problem.

If there is a supported way of switching the "NOARP" mode on for a given 
interface, or a workaround, I'd be interested in hearing about it. If 
there is no support for this at all, I would suggest adding it.

(My network configuration is complex. There are multiple physical and 
virtual interfaces with varying configuration needs. Any supported 
method should only configure "NOARP" on when a particular, predefined 
interface is coming up, and do it consistently again if that interface 
is later brought down and then back up.)

More information about the systemd-devel mailing list