내 홈 네트워크에는 Linux를 실행하는 라우터가 있으며 여러 VLAN이 동일한 물리적 인터페이스로 연결됩니다. 라우터의 모습은 다음과 같습니다.
➜ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: wan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 7c:83:34:be:b0:9b brd ff:ff:ff:ff:ff:ff
altname enp1s0
inet 80.x.x.x/20 metric 1024 brd x.x.x.255 scope global dynamic wan0
valid_lft 67664sec preferred_lft 67664sec
inet6 x:x:x:7000:1a86:1082:f9e:41bf/64 scope global temporary dynamic
valid_lft 82400sec preferred_lft 22122sec
inet6 x:x:x:a839:e160:a5b4:8601:7da8/64 scope global temporary dynamic
valid_lft 85823sec preferred_lft 3023sec
inet6 x:x:x:7000:8916:b7a2:bfc:3a40/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:a839:3546:462d:74e4:e284/64 scope global temporary deprecated dynamic
valid_lft 85823sec preferred_lft 0sec
inet6 x:x:x:7000:aef4:f2a8:62bc:8d8d/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:7000:7e83:34ff:febe:b09b/64 metric 256 scope global dynamic mngtmpaddr
valid_lft 82400sec preferred_lft 68000sec
inet6 x:x:x:a839:7c6d:b30d:b272:aebf/64 scope global temporary deprecated dynamic
valid_lft 85823sec preferred_lft 0sec
inet6 x:x:x:a839:7e83:34ff:febe:b09b/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 85823sec preferred_lft 3023sec
inet6 fe80::7e83:34ff:febe:b09b/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
altname enp2s0
inet 10.0.0.254/24 brd 10.0.0.255 scope global lan0
valid_lft forever preferred_lft forever
inet6 x:x:x:7001:3d40:df56:2ca8:e57/64 scope global temporary dynamic
valid_lft 82400sec preferred_lft 63479sec
inet6 x:x:x:7001:e887:62d5:fd5c:1183/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:7001:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
valid_lft 82400sec preferred_lft 68000sec
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
5: guest@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
inet 10.0.20.254/24 brd 10.0.20.255 scope global guest
valid_lft forever preferred_lft forever
inet6 x:x:x:7020:384c:ffca:2bb7:af47/64 scope global temporary dynamic
valid_lft 82400sec preferred_lft 64243sec
inet6 x:x:x:7020:6f98:4139:a482:f1eb/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:7020:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
valid_lft 82400sec preferred_lft 68000sec
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
6: iot@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
inet 10.0.10.254/24 brd 10.0.10.255 scope global iot
valid_lft forever preferred_lft forever
inet6 x:x:x:7010:e395:3d0:37d9:2be/64 scope global temporary dynamic
valid_lft 82400sec preferred_lft 63524sec
inet6 x:x:x:7010:5ccf:38dc:555e:a054/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:7010:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
valid_lft 82400sec preferred_lft 68000sec
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
7: management@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7c:83:34:be:b0:9c brd ff:ff:ff:ff:ff:ff
inet 10.0.30.254/24 brd 10.0.30.255 scope global management
valid_lft forever preferred_lft forever
inet6 x:x:x:7030:2e30:b0b1:8c51:a572/64 scope global temporary dynamic
valid_lft 82400sec preferred_lft 63118sec
inet6 x:x:x:7030:a321:4fcd:7e25:c127/64 scope global temporary deprecated dynamic
valid_lft 82400sec preferred_lft 0sec
inet6 x:x:x:7030:7e83:34ff:febe:b09c/64 metric 256 scope global dynamic mngtmpaddr
valid_lft 82400sec preferred_lft 68000sec
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7e83:34ff:febe:b09c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
➜ ip r
default via 80.x.x.x dev wan0 proto dhcp src x.x.x.x metric 1024
10.0.0.0/24 dev lan0 proto kernel scope link src 10.0.0.254
10.0.10.0/24 dev iot proto kernel scope link src 10.0.10.254
10.0.20.0/24 dev guest proto kernel scope link src 10.0.20.254
10.0.30.0/24 dev management proto kernel scope link src 10.0.30.254
80.x.x.x/20 dev wan0 proto kernel scope link src 80.x.x.x metric 1024
80.x.x.x dev wan0 proto dhcp scope link src 80.x.x.x metric 1024
guest모든 것이 VLAN 과 VLAN 에서 잘 작동 iot하지만 문제는 VLAN에 있습니다 management.
해당 네트워크에는 현재 다른 장치가 없지만 랩톱을 연결하면 올바른 VLAN ID로 인터페이스를 생성하여 분명히 서브넷 외부에 있는 공용 IP에 대한 ARP 요청이 표시되기 시작합니다.
노트북의 네트워크 구성은 다음과 같습니다.
➜ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether f4:4d:ad:02:ac:fd brd ff:ff:ff:ff:ff:ff
altname enp0s20f0u1u2u1
inet 10.0.0.55/24 metric 1024 brd 10.0.0.255 scope global dynamic lan0
valid_lft 4768sec preferred_lft 4768sec
inet6 x:x:x:7001:9667:e56d:71b:9ec8/64 scope global temporary dynamic
valid_lft 3445sec preferred_lft 1645sec
inet6 x:x:x:7001:f64d:adff:fe02:acfd/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 3445sec preferred_lft 1645sec
valid_lft 3445sec preferred_lft 1645sec
inet6 fe80::f64d:adff:fe02:acfd/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: lan1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq state DOWN group default qlen 1000
link/ether 0c:37:96:96:28:5d brd ff:ff:ff:ff:ff:ff
altname enp0s20f0u1u3i5
4: wifi0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether de:5f:48:3b:4a:ee brd ff:ff:ff:ff:ff:ff permaddr 7c:b5:66:65:be:72
altname wlp1s0
5: management@lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f4:4d:ad:02:ac:fd brd ff:ff:ff:ff:ff:ff
inet 10.0.30.63/24 metric 2048 brd 10.0.30.255 scope global dynamic management
valid_lft 4764sec preferred_lft 4764sec
inet6 x:x:x:7030:a44f:5260:dda1:efdd/64 scope global temporary dynamic
valid_lft 3282sec preferred_lft 1482sec
inet6 x:x:x:7030:f64d:adff:fe02:acfd/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 3282sec preferred_lft 1482sec
inet6 fe80::f64d:adff:fe02:acfd/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
6: ztzlggwhus: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq state UNKNOWN group default qlen 1000
link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
inet 172.26.x.x/16 brd 172.26.255.255 scope global ztzlggwhus
valid_lft forever preferred_lft forever
inet6 x:x:x:x:x:x:x:x:x:x:x:x:x:x:x:x/88 scope global
valid_lft forever preferred_lft forever
inet6 x:x:x::1/40 scope global
valid_lft forever preferred_lft forever
inet6 fe80::x:x:x/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
➜ ip r
default via 10.0.0.254 dev lan0 proto dhcp src 10.0.0.55 metric 1024
10.0.0.0/24 dev lan0 proto kernel scope link src 10.0.0.55 metric 1024
10.0.0.254 dev lan0 proto dhcp scope link src 10.0.0.55 metric 1024
10.0.30.0/24 dev management proto kernel scope link src 10.0.30.63 metric 2048
172.26.x.x/16 dev ztzlggwhus proto kernel scope link src 172.26.x.x
라우터나 노트북에서 관리 인터페이스를 실행하면 tcpdump일반 IPv6 NDP 패킷이 표시되고 다음과 같은 전체 ARP 요청이 표시됩니다.
➜ sudo tcpdump -s 1500 -i management -nn -vv
tcpdump: listening on management, link-type EN10MB (Ethernet), snapshot length 1500 bytes
00:29:12.774606 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:12.775206 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:12.775291 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:12.775434 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:12.775633 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:13.792744 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:13.792774 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:13.792779 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:13.792784 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:13.792788 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:14.816739 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 201.206.191.36 tell 10.0.30.63, length 28
00:29:14.816779 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 50.7.252.138 tell 10.0.30.63, length 28
00:29:14.816784 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 103.195.103.66 tell 10.0.30.63, length 28
00:29:14.816788 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 84.17.53.155 tell 10.0.30.63, length 28
00:29:14.816792 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 104.194.8.134 tell 10.0.30.63, length 28
00:29:17.780657 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
00:29:18.784750 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
00:29:19.808723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 70.57.30.7 tell 10.0.30.63, length 28
^C
18 packets captured
18 packets received by filter
0 packets dropped by kernel
그 주소가 확실히 서브넷 외부에 있기 때문에 매우 이상하다고 생각합니다. 따라서 해당 주소에 대한 요청에 대해 커널은 단순히 패킷을 기본 게이트웨이( 10.0.0.254on lan0)로 전달하고 전송을 시도조차 하지 않을 것이라고 예상했습니다. 인터페이스 에서 management.
그래서 서브넷 외부의 주소에 대한 이상한 ARP 요청이 전송되는 이유와 내가 뭔가 잘못 구성한 것이 아닌지 이해하려고 노력하고 있습니다.