Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1055576 - Duplicate IP Detection Broken in RHEL 6 [NEEDINFO]
Summary: Duplicate IP Detection Broken in RHEL 6
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: initscripts
Version: 6.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Lukáš Nykrýn
QA Contact: Jan Ščotka
Depends On: 1094802 1099488
TreeView+ depends on / blocked
Reported: 2014-01-20 14:52 UTC by Dave Sullivan
Modified: 2018-12-09 17:26 UTC (History)
3 users (show)

Fixed In Version: initscripts-9.03.41-1.el6
Doc Type: Bug Fix
Doc Text:
add possibility to specify ARPING_WAIT value for -w parameter of arping which is used in duplicate adress check. Default value is still 3.
Clone Of: 1055573
Last Closed: 2014-10-14 06:27:58 UTC
Target Upstream Version:
jscotka: needinfo? (lnykryn)

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1448 normal SHIPPED_LIVE initscripts bug fix and enhancement update 2014-10-14 01:05:44 UTC

Description Dave Sullivan 2014-01-20 14:52:49 UTC
+++ This bug was initially created as a clone of Bug #1055573 +++

Description of problem:

Currently the ifup-eth scripts in RHEL 5/6 are failing to determine if a duplicate IP address exists on the network before assigning an IP to a NIC during the NIC's initialization.  This appears to be happening due to a race condition that is caused by the NIC coming up on layer 2 (ethernet auto=negotiation between server NIC and the switch port).  Here is the code that is responsible: 

{code:title=/etc/sysconfig/network-scripts/ifup-eth, line 240|borderStyle=solid}
[ -n "${ARP}" ] && \
    ip link set dev ${REALDEVICE} $(toggle_value arp $ARP)

if ! ip link set dev ${REALDEVICE} up ; then
    net_log $"Failed to bring up ${DEVICE}."
    exit 1


if ! LC_ALL=C ip addr ls ${REALDEVICE} | LC_ALL=C grep -q "${IPADDR}/${PREFIX}" ; then
     if ! arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${IPADDR} ; then
        net_log $"Error, some other host already uses address ${IPADDR}."
        exit 1
     if ! ip addr add ${IPADDR}/${PREFIX} \
        brd ${BROADCAST:-+} dev ${REALDEVICE} ${SCOPE} label ${DEVICE}; then
        net_log $"Error adding address ${IPADDR} for ${DEVICE}."

Line 241 kicks off a call to netlink which brings the NIC up, however this does not block.  Because a link may take a few seconds to initialize and come up at layer 2, the arps that start getting sent on line 267 are only set to wait 3 seconds by default (-w 3), which means that most, or all of the arps will be sent to a NIC that isn't up, resulting in the safeguard failing.

To fix this, we can either add a sleep after line 241 to allow the NIC to come up, or we can increase the delay (-w argument) on line 267.  This may be worth pointing out to Red Hat as well, as you would expect the link being brought up on line 241 to block and not progress until layer 2 has been established.

Version-Release number of selected component (if applicable):

latest rhel5 initscripts

How reproducible:

Put IP on nic1/systemX

On another nic (same system or another) validate that a nic up auto negotiation takes around 3 seconds.

Bring that nic down, this time configiure the second nic with same IP address as nic1 and bring up.

The assumption here is if the autonegotiation nic comes up after 3 seconds or more, that the arp check won't work. 

Thus race condition situation.

Actual results:

duplicate ip not found

Expected results:

duplicate ip found

Additional info:

Same issue exists on RHEL6

Comment 5 Jan Synacek 2014-08-06 07:08:28 UTC
This might be related to bz 902278. See

Comment 7 errata-xmlrpc 2014-10-14 06:27:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.