Merge pull request #3881 from shaneutt/shaneutt/fix-arp-ignore

fix: set global arp_ignore param for kindnet
2025-11-30 23:16:04 +07:00 · 2025-03-11 17:01:46 -07:00
parent 022bedd494 5e66ec05a5
commit b98dc21ad3
1 changed files with 14 additions and 0 deletions
--- a/images/base/files/etc/sysctl.d/10-network-magic.conf
+++ b/images/base/files/etc/sysctl.d/10-network-magic.conf
@@ -9,3 +9,17 @@
 # Kubernetes mitigates the possible security issue caused by enabling this option.
 # ref: https://nvd.nist.gov/vuln/detail/CVE-2020-8558
 net.ipv4.conf.all.route_localnet=1
+
+# The global kernel parameter net.ipv4.conf.all.arp_ignore governs the
+# conditions under which ARP requests will be accepted or ignored. This global
+# setting will override any individual interface settings. Some host systems
+# might set this global parameter to a more restrictive setting of 2 (or
+# greater). Specifically, in mode 2, the system ignores ARP requests directed to
+# /32 addresses (this is what kindnet assigns to its veth interfaces) because
+# the request originates from a different subnet. This behavior breaks routing
+# for kindnet (specifically the ptp plugin), so we opinionatedly set this to 0
+# when kindnet is in use to ensure proper networking.
+#
+# For more information see:
+# https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#arp_ignore
+net.ipv4.conf.all.arp_ignore=0