Accidentally find a weird problem in RHEL: when there are more than 1 active network devices, the system will only response to ping from the one through which DHCP DISCOVER is last sent. However, packets sent from the IP address of both devices could be received with no problem.
At first, I thought they are blocked by firewall. It was not resolved though after disabling system firewall. After discussing with a Kernel QE, I was advised to run
echo "0" > /proc/sys/net/ipv4/conf/all/rp_filterto set rp_filter to 0 and it was resolved.
There are explanation about rp_filter in Kernel documentation and Linux Advanced Routing & Traffic Control HOWTO. It is used to verify the routes of reverse traffic packets and expected to prevent IP spoofing from DDoS attacks.
rp_filter - INTEGER
0 - No source validation.
1 - Strict mode as defined in RFC3704 Strict Reverse Path
Each incoming packet is tested against the FIB and if the interface
is not the best reverse path the packet check will fail.
By default failed packets are discarded.
2 - Loose mode as defined in RFC3704 Loose Reverse Path
Each incoming packet's source address is also tested against the FIB
and if the source address is not reachable via any interface
the packet check will fail.
Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.
The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}.
Default value is 0. Note that some distributions enable it
in startup scripts.
The default value according to Kernel documentation would be 0, which denotes no validation. For confirmation, the default value in Debian is indeed 0 (no validation). Yet the default value in Fedora Server in 1 (strict validation), leading to discarding all packets that fail the tests against the reverse path.
It is indeed very safe to do so by default in a server-oriented distribution. It will, however, become a rabbit hole for those who are not very familiar with this feature.
