Proxy ARP Shared interface disconnect IPoE sessions

[ultrawave]

Hello everybody.

I have a complicated problem, I have several clients on the same subnet in a shared vlan, these clients do not see themselves, so I enabled proxy-arp on the shared interface vlan and customers began to see, my problem begins when the proxy-arp is enabled, IPoE sessions are unstable and begin to disconnect.

A friend has gone through this problem?

Greetings.

Code: Select all

[ipoe]
verbose=5
username=lua:username
lua-file=/etc/accel-ppp.lua
#password=ifname
lease-time=700
max-lease-time=700
unit-cache=1000
#l4-redirect-table=4
#l4-redirect-ipset=l4
#l4-redirect-on-reject=300
#l4-redirect-ip-pool=pool1
shared=1
ifcfg=1
mode=L2
start=dhcpv4
ip-unnumbered=1
proxy-arp=1
#nat=0
#proto=100
#relay=10.10.10.10
attr-dhcp-client-ip=Framed-Pool
attr-dhcp-router-ip=DHCP-Router-IP-Address
attr-dhcp-mask=DHCP-Mask
#attr-dhcp-lease-time=DHCP-Lease-Time
#attr-dhcp-opt82=DHCP-Option82
#attr-l4-redirect=L4-Redirect
#attr-l4-redirect-table=4
#attr-l4-redirect-ipset=l4-redirect
#local-net=192.168.0.0/16
#offer-delay=0,100:100,200:200,-1:1000
#vlan-mon=eth0,10-200
#vlan-timeout=60
#vlan-name=%I.%N
gw-ip-address=200.xxx.xxx.1/25
gw-ip-address=179.xxx.xxx.1/25
gw-ip-address=179.xxx.xxx.1/24
#ip-pool=ipoe
interface=vlan0110

Logs

Code: Select all

[2015-03-17 02:51:18.712] ipoe137: 960344a832ddba8c: terminate
[2015-03-17 02:51:18.714] ipoe137: 960344a832ddba8c: radius(1): req_enter 1
[2015-03-17 02:51:18.714] ipoe137: 960344a832ddba8c: send [RADIUS(1) Accounting-Request id=c <User-Name "2/5/FHTT-003712b0"> <NAS-Identifier "accel-ppp"> <NAS-IP-Address 127.0.0.1> <NAS-Port 6773> <NAS-Port-Id "ipoe137"> <NAS-Port-Type Ethernet> <Calling-Station-Id "c0:4a:00:dd:16:1c"> <Called-Station-Id "vlan0110"> <Acct-Status-Type Stop> <Acct-Authentic RADIUS> <Acct-Session-Id "960344a832ddba8c"> <Acct-Session-Time 1406> <Acct-Input-Octets 339823> <Acct-Output-Octets 612205> <Acct-Input-Packets 4847> <Acct-Output-Packets 4900> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 179.127.59.18> <Acct-Terminate-Cause User-Request>]
[2015-03-17 02:51:18.715] ipoe137: 960344a832ddba8c: radius(1): req_exit 0
[2015-03-17 02:51:18.715] ipoe137: 960344a832ddba8c: ipoe: session finished

[Dmitry]

hi
please show more logs, before terminate

[ultrawave]

Hi Dmitry,

Code: Select all

[2015-03-17 02:37:54.837] ipoe149: 960344a832ddba6a: recv [DHCPv4 Request xid=710e2f9f ciaddr=179.127.59.95 chaddr=c0:4a:00:dd:45:15 <Message-Type Request> <Client-ID 01c04a00dd4515> <Max-Message-Size 1500> <Request-List Subnet,Router,DNS,Route,Vendor-Specific,44,46,47,Classless-Route,249> <Relay-Agent {Agent-Circuit-ID 1/4/FHTT-003b24d4} {Agent-Remote-ID }>]
[2015-03-17 02:37:54.837] ipoe149: 960344a832ddba6a: send [DHCPv4 Ack xid=710e2f9f ciaddr=179.127.59.95 yiaddr=179.127.59.95 chaddr=c0:4a:00:dd:45:15 <Message-Type Ack> <Server-ID 179.127.59.1> <Lease-Time 700> <Router 179.127.59.1> <Subnet 255.255.255.0> <DNS 187.85.0.6,187.85.0.250>]
[2015-03-17 02:37:55.258] ipoe149: 960344a832ddba6a: recv [DHCPv4 Decline xid=710e2f9f chaddr=c0:4a:00:dd:45:15 <Message-Type Decline> <Client-ID 01c04a00dd4515> <Server-ID 179.127.59.1> <Request-IP 179.127.59.95> <Request-List Subnet,Router,DNS,Route,Vendor-Specific,44,46,47,Classless-Route,249> <Relay-Agent {Agent-Circuit-ID 1/4/FHTT-003b24d4} {Agent-Remote-ID }>]
[2015-03-17 02:37:55.258] ipoe149: 960344a832ddba6a: recv [DHCPv4 Decline xid=710e2f9f chaddr=c0:4a:00:dd:45:15 <Message-Type Decline> <Client-ID 01c04a00dd4515> <Server-ID 179.127.59.1> <Request-IP 179.127.59.95> <Request-List Subnet,Router,DNS,Route,Vendor-Specific,44,46,47,Classless-Route,249> <Relay-Agent {Agent-Circuit-ID 1/4/FHTT-003b24d4} {Agent-Remote-ID }>]
[2015-03-17 02:37:55.258] ipoe149: 960344a832ddba6a: terminate
[2015-03-17 02:37:55.260] ipoe149: 960344a832ddba6a: radius(1): req_enter 1
[2015-03-17 02:37:55.261] ipoe149: 960344a832ddba6a: send [RADIUS(1) Accounting-Request id=6 <User-Name "1/4/FHTT-003b24d4"> <NAS-Identifier "accel-ppp"> <NAS-IP-Address 127.0.0.1> <NAS-Port 6739> <NAS-Port-Id "ipoe149"> <NAS-Port-Type Ethernet> <Calling-Station-Id "c0:4a:00:dd:45:15"> <Called-Station-Id "vlan0110"> <Acct-Status-Type Stop> <Acct-Authentic RADIUS> <Acct-Session-Id "960344a832ddba6a"> <Acct-Session-Time 703> <Acct-Input-Octets 139706> <Acct-Output-Octets 257045> <Acct-Input-Packets 2082> <Acct-Output-Packets 2081> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 179.127.59.95> <Acct-Terminate-Cause User-Request>]
[2015-03-17 02:37:55.261] ipoe149: 960344a832ddba6a: radius(1): req_exit 0
[2015-03-17 02:37:55.261] ipoe149: 960344a832ddba6a: ipoe: session finished

[Dmitry]

so client sends decline
is kernel proxy arp turned off on vlan0110 ?

[ultrawave]

Hello Dmitry,

With the proxy-arp disabled in vlan 0110 interface the problem does not occur when we enable proxy-arp in vlan0110 interface sessions begin to disconnect and are unstable,

Code: Select all

echo 1 > /proc/sys/net/ipv4/conf/vlan0110/proxy_arp

again disabling sessions remain stable.

Thanks.

[ultrawave]

Hello Dmitry,

I performed more tests and found that disconnections occur only in TP- Link routers (crap ). I will check if there is any conf specifies that causes disconnections and I report . I have a client that has 130 access points and all are with TP- Link loadbalance .

Thanks.

[ultrawave]

Hello ,

After many attempts and all frustrated , not reached a consensus motif that happens only with routers TP -Link , friend someone can give me a light? I am sending the Log of an affected TP -Link .
The problem aconcetece only if the Proxy- ARP is enabled on the shared interface.

Thanks.

[Dmitry]

send REQUEST
recv OFFER

this is strange
can you show logs on accel's side at this moment

[ultrawave]

Hello Dmitry,

Solve the problem, the TP-Link sends an ARP probing to see if the offered IP is in use, with the PROXY-ARP enabled it gets Linux responds to any ARP Request and the TP-Link understands that this IP is already in use and sends a decline . The solution was to disable the ARP Protocol on the shared interface keeping the proxy-arp enabled, so the client on the same IP range continued to see and TP-Link started to function normally.

Thanks