net.ipv4.conf.default.rp_filter = 0

arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses


The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}

arp_announce - INTEGER
Define different restriction levels for announcing the local
source IP address from IP packets in ARP requests sent on
interface:
0 - (default) Use any local address, configured on any interface
1 - Try to avoid local addresses that are not in the target's
subnet for this interface. This mode is useful when target
hosts reachable via this interface require the source IP
address in ARP requests to be part of their logical network
configured on the receiving interface. When we generate the
request we will check all our subnets that include the
target IP and will preserve the source address if it is from
such subnet. If there is no such subnet we select source
address according to the rules for level 2.
2 - Always use the best local address for this target.
In this mode we ignore the source address in the IP packet
and try to select local address that we prefer for talks with
the target host. Such local address is selected by looking
for primary IP addresses on all our subnets on the outgoing
interface that include the target IP address. If no suitable
local address is found we select the first local address
we have on the outgoing interface or on all other interfaces,
with the hope we will receive reply for our request and
even sometimes no matter the source IP address we announce.


The max value from conf/{all,interface}/arp_announce is used.


Increasing the restriction level gives more chance for
receiving answer from the resolved target while decreasing
the level announces more valid sender's information.

rp_filter - INTEGER
0 - No source validation.
1 - Strict mode as defined in RFC3704 Strict Reverse Path
   Each incoming packet is tested against the FIB and if the interface
   is not the best reverse path the packet check will fail.
   By default failed packets are discarded.
2 - Loose mode as defined in RFC3704 Loose Reverse Path
   Each incoming packet's source address is also tested against the FIB
   and if the source address is not reachable via any interface
   the packet check will fail.


Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.


conf/all/rp_filter must also be set to non-zero to do source validation
on the interface


Default value is 0. Note that some distributions enable it
in startup scripts.

兩塊網絡卡在同一網段會出現一塊斷線但是ping這塊網絡卡的ip依然能夠ping通，這兩個ip被指向了同一的MAC地址

eth0 192.168.1.10
eth1 192.168.1.11

echo "252    net2" >> /etc/iproute2/rt_tables
echo "251    net3" >> /etc/iproute2/rt_tables

ip route add 192.168.1.0/24 dev eth0 src 192.168.1.10 table net2
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.253 table net3
ip route add default dev eth0 table net2
ip route add default dev eth1 table net3

ip rule add from 192.168.1.10 table net2
ip rule add from 192.168.1.11 table net3

ip route flush cache

ping通，然後arp驗證mac地址不一樣

arp -a