From: Jeffrey S. R. <jef...@ru...> - 2009-01-31 00:36:27
|
If your primary IPCop Red Interface IP arps for the gateway (ISP), then your alias IPs will not need to do so. The ARP entry for the ISP gateway will already be in the arp table in IPCop. All ARP requests out of the red interface will have the IP address of the Red interface as the source address. -----Original Message----- From: Joe Bennett [mailto:jam...@gm...] Sent: Friday, January 30, 2009 10:09 AM To: Jeffrey S. Russell; Ipc...@li... Subject: Re: [IPCop-user] Alias IP - No arp refresh Don't know much about their core network. Their UNI is made by Tellabs. It is an 'all in one' type media converter box. Fiber in, Ethernet, cable TV and phone out their respective ports... I have a ticket opened with them, so far they have requested a network map of my equipment (which I provided) but no response yet. If I run the servers off of a layer 2 switch connected to the ISP's UNI (bypass IPCop), it'll work like a hose... My interface IP does not exhibit this issue... Traffic always flow to it, but it is sending an arp to their gateway every minute (based on some research, this looks like its by design)... If I could get the alias IPs to do the same it would, at minimum, mask this problem. Can anyone point me to some documentation on how alias IPs are supposed to behave? Been doing some Google searching, but I must not be feeding it the magic words....??? -Joe On Fri, Jan 30, 2009 at 4:29 AM, Jeffrey S. Russell <jef...@ru...> wrote: > I'd be interested to know the hardware that your ISP is using. What > about your primary address on IPCop that is used for the rest of your > traffic flow? Does that still work? It honestly sounds like either a > bug on the ISP side. Or perhaps it's the method that the ISP hardware > is using to populate, refresh and maintain their arp tables and > forwarding database. > > I know that some switching equipment used out in the enterprise will > stop forwarding unicast traffic when they lose an arp entry, but then > the traffic would then begin to send out a subnet-directed broadcast. > > I think for this, we need to know more about the ISP side to really > understand what is going on here. > > -----Original Message----- > From: Joe Bennett [mailto:jam...@gm...] > Sent: Thursday, January 29, 2009 10:51 PM > To: ipc...@li... > Subject: Re: [IPCop-user] Alias IP - No arp refresh > > I do not see the ISP send me any arp requests, just the IPCop > interface IP send arp requests from the interface IP asking for the > MAC related to the ISPs gateway IP every minute... Its always a > directed frame, destination MAC is not broadcast, it is directed to > the gateway interface MAC.... > > 03:31:59.272370 00:00:d1:1f:bb:34 > 00:1b:0d:ec:38:80, ethertype ARP > (0x0806), length 42: arp who-has 74.222.xxx.xxx tell xxx.xxx.xxx.xxx > 03:31:59.275043 00:1b:0d:ec:38:80 > 00:00:d1:1f:bb:34, ethertype ARP > (0x0806), length 64: arp reply 74.222.xxx.xxx is-at 00:1b:0d:ec:38:80 > > I would suspect that if the gateway had data to send to my IP, and the > gateway didn't know I existed (MAC), it should send an arp...??? Since > these servers are sending frames constantly, I would expect that the > ISP would not send me an arp.... Why they stop forwarding traffic to > me is puzzeling at the moment (tcpdump shows me transmiting frames, no > responses). When I force an arp to them, things start again.... > > > > -Joe > > On Thu, Jan 29, 2009 at 8:43 PM, Jeffrey S. Russell > <jef...@ru...> wrote: >> Are you saying that your alias IPs are not responding to ARP requests >> from your provider? >> >> -----Original Message----- >> From: Joe Bennett [mailto:jam...@gm...] >> Sent: Thursday, January 29, 2009 9:25 PM >> To: ipc...@li... >> Subject: [IPCop-user] Alias IP - No arp refresh >> >> Anyone else having an issue with alias IPs and arp? I see arp requests >> for the interface IP every minute, but the alias IPs only send an arp >> request when the IP is initialized or IPCop is rebooted. Been having >> issues with my ISP halting forwarding traffic to me and found that all >> I have to do is uncheck and recheck the alias IP box in the GUI >> (forces an arp request) and things magically start working again... >> >> Running 1.4.21 RED/GREEN/BLUE/ORANGE >> >> Have this statement in my rc.firewall.local to SNAT the Orange IP to >> the public IP: >> >> /sbin/iptables -t nat -A CUSTOMPOSTROUTING -s 192.168.253.18 -o eth3 >> -j SNAT --to [PUBLIC IP] >> >> Inbound traffic is port forwarded to the Orange IP. >> >> >> >> >> -Joe >> KA3NAM >> >> > ------------------------------------------------------------------------ >> ------ >> This SF.net email is sponsored by: >> SourcForge Community >> SourceForge wants to tell your story. >> http://p.sf.net/sfu/sf-spreadtheword >> _______________________________________________ >> IPCop-user mailing list >> IPC...@li... >> https://lists.sourceforge.net/lists/listinfo/ipcop-user >> >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >> Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) >> AntiSpam: SpamAssassin 3.2.3 >> AntiVirus: ClamAV 0.93.3/8920 - Thu Jan 29 13:30:26 2009 >> by Markus Madlener @ http://www.copfilter.org >> >> ---------------------------- >> Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) >> AntiSpam: SpamAssassin 3.2.3 >> AntiVirus: ClamAV 0.93.3/8920 - Thu Jan 29 13:30:26 2009 >> by Markus Madlener @ http://www.copfilter.org >> > > ------------------------------------------------------------------------ > ------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > IPCop-user mailing list > IPC...@li... > https://lists.sourceforge.net/lists/listinfo/ipcop-user > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) > AntiVirus: ClamAV 0.93.3/8920 - Thu Jan 29 13:30:26 2009 > by Markus Madlener @ http://www.copfilter.org > > ---------------------------- > Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) > AntiVirus: ClamAV 0.93.3/8921 - Thu Jan 29 23:08:44 2009 > by Markus Madlener @ http://www.copfilter.org =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.93.3/8923 - Fri Jan 30 05:49:06 2009 by Markus Madlener @ http://www.copfilter.org =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6) AntiVirus: ClamAV 0.93.3/8928 - Fri Jan 30 16:34:16 2009 by Markus Madlener @ http://www.copfilter.org |