Show Table of Contents
19.3. Using PTP with Multiple Interfaces
When using PTP with multiple interfaces in different networks, it is necessary to change the reverse path forwarding mode to loose mode. Red Hat Enterprise Linux 7 defaults to using Strict Reverse Path Forwarding following the Strict Reverse Path recommendation from RFC 3704, Ingress Filtering for Multihomed Networks. See the Reverse Path Forwarding section in the Red Hat Enterprise Linux 7 Security Guide for more details.
The
sysctl utility is used to read and write values to tunables in the kernel. Changes to a running system can be made using sysctl commands directly on the command line and permanent changes can be made by adding lines to the /etc/sysctl.conf file.
- To change to loose mode filtering globally, enter the following commands as
root:~]#
sysctl -w net.ipv4.conf.default.rp_filter=2~]#sysctl -w net.ipv4.conf.all.rp_filter=2 - To change the reverse path filtering mode per network interface, use the
net.ipv4.interface.rp_filtercommand on all PTP interfaces. For example, for an interface with device nameem1:~]#
sysctl -w net.ipv4.conf.em1.rp_filter=2
To make these settings persistent across reboots, modify the
/etc/sysctl.conf file. You can change the mode for all interfaces, or for a particular interface.
To change the mode for all interfaces, open the
/etc/sysctl.conf file with an editor running as the root user and add a line as follows:
net.ipv4.conf.all.rp_filter=2
To change only certain interfaces, add multiple lines in the following format:
net.ipv4.conf.interface.rp_filter=2
Note
When using the settings for all and particular interfaces as well, maximum value from
conf/{all,interface}/rp_filter is used when doing source validation on each interface.
You can also change the mode by using the default setting, which means that it applies only to the newly created interfaces.
For more information on using the all, default, or a specific device settings in the
sysctl parameters, see the Red Hat Knowledgebase article What is the difference between "all", "default" and a specific device in a sysctl parameter?.
Note that you might experience issues of two types due to the timing of the
sysctl service run during the boot process:
- Drivers are loaded before the
sysctlservice runs.In this case, affected network interfaces use the mode preset from the kernel, andsysctldefaults are ignored.For solution of this problem, see the Red Hat Knowledgebase article What is the difference between "all", "default" and a specific device in a sysctl parameter?. - Drivers are loaded or reloaded after the
sysctlservice runs.In this case, it is possible that somesysctl.confparameters are not used after reboot. These settings may not be available or they may return to defaults.For solution of this problem, see the Red Hat Knowledgebase article Some sysctl.conf parameters are not used after reboot, manually adjusting the settings works as expected.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.