Interface IP Address Is Reachable on an Interface that Is Down

Follow

Issue

The IP address associated with an interface that is administratively up but physically down is reachable through other interfaces from external sources.

Environment

  • Cumulus Linux 1.5.x and higher

Cause

In contrast to the strong host model used by some other routing devices, Linux uses the weak host model and considers the IP address as a property of the device rather than the interface it is defined on. This was historically due to preferring that if the device was reachable via any interface, the connection should be allowed. Note that this is expected Linux behavior is not unique to Cumulus Linux.

Information on the weak host vs strong host models is available from many sources, including RFC-6419. Information on Linux interface operational states is available here.

While this behavior may seem unusual to a network administrator, it is not unexpected and should not create problems for normal operation.

Resolution

If an interface is manually set down, you won't see the above behavior. To remove the local interface address from operation, set the link down using one of the following commands:

sudo ip link set swpXX down
sudo ifdown swpXX

(where XX is the number of the swp interface)

 

Have more questions? Submit a request

Comments

Powered by Zendesk