Re: [chrony-dev] Multihomed (multiple) network interfaces support !

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Tue, Sep 05, 2023 at 03:44:35PM +0300, CpServiceSPb wrote:
> Due to Weak ES mode in Linux OSes, please remake a test but change a little
> bit test conditions:
> When aiming for Strong ES Model in Linux, you'll first need these sysctl
> settings:
> net.ipv4.conf.all.arp_filter=1
> net.ipv4.conf.all.arp_ignore=1 # or even 2
> net.ipv4.conf.all.arp_announce=2

It makes no difference. These settings are about ARP (L2->L3
translation) and multiple interfaces in the same network.

> *And I see the only way is to implement not bindaddress but binddevice
> available multiple times for listening and receiving requests to.*

That would make more sense for security. However, it's not a simple thing
to implement as peer associations use the server sockets too, so there
would need to be some code selecting the right socket.

My recommendation is to run multiple instances of chronyd, each bound
to a different interface.

-- 
Miroslav Lichvar


-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/