Thread: [Ddclient-support] DDClient Detecting a Second Gateway (Provider)???
Brought to you by:
supersandro2000,
wimpunk
Menu
▾
▴
ddclient-support
|
From: Larry H. <la...@gr...> - 2010-01-24 02:35:39
|
DDclient Support: Currently evaluating a "New" Provider, but had left both Gateways left connected to our LAN's Switch. I had assumed that I could just modify Static Gateways on all Computers to switch between "Providers", but to my surprise the DDclient (3.7.3 under Ubuntu 8.04) on occasion would use the Gateway of the "Old" Provider and consequently use that for its IP Address Determination and update my DynDNS Entry accordingly!!! Effectively "Flapping" between Providers, switching back to the "New" Provider 5 Minutes after updating the DynDNS Entry to reflect the "Old" Provider's IP Address... Although I have now disconnected the Router for the "Old" Provider from the LAN's Switch and expect the "Flapping" should stop, I am curious to know by what mechanism the DDclient would have been able to "Discover" the Second Router (Provider) without that being specified as a "Static" Gateway??? To my knowledge I am not running any Routing Protocol Services on the Ubuntu Server... Lawrence Houston -- (la...@gr...) |
|
From: Ingo S. <isc...@as...> - 2010-02-01 12:55:07
|
Hi Larry, Larry Houston wrote on Sat, Jan 23, 2010 at 09:35:29PM -0500: > Currently evaluating a "New" Provider, but had left both Gateways left > connected to our LAN's Switch. You mean, you connect your Internet uplink directly to your LAN network segment? This remark is not related to ddclient, but if i understand correctly what you are doing, it seems like a firewall is missing from that network design. > I had assumed that I could just modify Static Gateways on all Computers > to switch between "Providers", That doesn't look like a good approach, it may cause all sorts of issues. For example, what about incoming connections? They will continue to arrive via both providers, and you may end up with asymmetric routing, just to name one example. Besides, what about your security policy, and how are you planning to enforce it in that kind of setup? > but to my surprise the DDclient (3.7.3 under Ubuntu 8.04) on occasion > would use the Gateway of the "Old" Provider and consequently use that > for its IP Address Determination and update my DynDNS Entry accordingly!!! > Effectively "Flapping" between Providers, switching back to the "New" > Provider 5 Minutes after updating the DynDNS Entry to reflect the "Old" > Provider's IP Address... > > Although I have now disconnected the Router for the "Old" Provider from > the LAN's Switch and expect the "Flapping" should stop, I am curious to > know by what mechanism the DDclient would have been able to "Discover" the > Second Router (Provider) without that being specified as a "Static" > Gateway??? That's hard to say. Ddclient supports are large number of very different algorithms to detect the IP address to publish, and you are telling us absolutely nothing about your ddclient configuration. If you hope for help, you would need to describe your network topology in more detail and to show your ddclient confugration. Yours, Ingo -- Ingo Schwarze <isc...@as...> | Software Engineer | Framework Team Astaro AG | www.astaro.com | 76227 Karlsruhe | Germany |
|
From: Larry H. <la...@gr...> - 2010-02-02 02:09:56
|
Ingo: On Mon, 1 Feb 2010, Ingo Schwarze wrote: > Hi Larry, > > Larry Houston wrote on Sat, Jan 23, 2010 at 09:35:29PM -0500: > >> Currently evaluating a "New" Provider, but had left both Gateways left >> connected to our LAN's Switch. > > You mean, you connect your Internet uplink directly to your LAN network > segment? This remark is not related to ddclient, but if i understand > correctly what you are doing, it seems like a firewall is missing from > that network design. Instead of Gateways I should have a specified NAT Based Routers, such that the Gateways for both Providers were connected to that same LAN Segment/Switch. >> I had assumed that I could just modify Static Gateways on all Computers >> to switch between "Providers", > > That doesn't look like a good approach, it may cause all sorts of issues. > For example, what about incoming connections? They will continue to > arrive via both providers, and you may end up with asymmetric routing, > just to name one example. Besides, what about your security policy, > and how are you planning to enforce it in that kind of setup? To my knowledge there no asymmetric routing, for those computers using Provider #1 the traffic was exiting/returning by Provider 1's Gateway... The same for those computers using Provider #2 and Provider #2's Gateway... >> but to my surprise the DDclient (3.7.3 under Ubuntu 8.04) on occasion >> would use the Gateway of the "Old" Provider and consequently use that >> for its IP Address Determination and update my DynDNS Entry accordingly!!! >> Effectively "Flapping" between Providers, switching back to the "New" >> Provider 5 Minutes after updating the DynDNS Entry to reflect the "Old" >> Provider's IP Address... >> >> Although I have now disconnected the Router for the "Old" Provider from >> the LAN's Switch and expect the "Flapping" should stop, I am curious to >> know by what mechanism the DDclient would have been able to "Discover" the >> Second Router (Provider) without that being specified as a "Static" >> Gateway??? > > That's hard to say. > Ddclient supports are large number of very different algorithms to > detect the IP address to publish, and you are telling us absolutely > nothing about your ddclient configuration. My Dynamic DNS Service is DynDNS and I have DDClient configured for Web Detection of my Public IP Address (checkip.dyndns.org) > If you hope for help, you would need to describe your network > topology in more detail and to show your ddclient confugration. Internet / \ / \ / \ / \ / \ / \ Provider #1 Provider #2 | | | | | | Cable Modem DSL Modem | | | | | | Router #1 Router #2 \ / \ / \ / \ / \ / \ / \ / Switch / | \ / | \ / | \ / | \ / | \ / | \ PC (Cable) Server (DDClient) PC (DSL) Gateway #1 Gatway #1 ---> #2 Gateway #2 After adjusting the Gateway on the Server where the DDClient was running from Gateway #1 to Gateway #2, for short period of time Detect the Public IP Address of Provider #1, then switch back 5 Minutes later to picking up the "Correct" Public IP Address of Provider #2!!! -------------------------------------------------------------------------------- # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf pid=/var/run/ddclient.pid protocol=dyndns2 ## To obtain an IP address from Web status page (using the proxy if defined) use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address server=members.dyndns.org login=username password='password' wildcard=yes hostname1.dyndns.org mail=ro...@ho... -------------------------------------------------------------------------------- Since observing the DDClient momentarily "Flapping" between Providers, I now have two separate LAN Segments on two separate Switches until the Provider "Evaluation" has been completed... I was trying to understand what within DDClient or on the Server where the DDClient is running would account for the DDClient NOT detecting the Public IP Address of Router #2 for whom the Server had been assigned the Gateway Address of Router #2??? Any insite would be appreciated, since I have been using DDClient for years with a Single Provider/Router/Gateway without any problems??? Larry ..... > Yours, > Ingo > > -- > Ingo Schwarze <isc...@as...> | Software Engineer | Framework Team > Astaro AG | www.astaro.com | 76227 Karlsruhe | Germany > |
|
From: Larry H. <la...@gr...> - 2010-02-03 21:03:12
|
Ingo:
On Mon, 1 Feb 2010, Ingo Schwarze wrote:
> Larry Houston wrote on Sat, Jan 23, 2010 at 09:35:29PM -0500:
>
>> I had assumed that I could just modify Static Gateways on all Computers
>> to switch between "Providers",
>
> That doesn't look like a good approach, it may cause all sorts of issues.
> For example, what about incoming connections? They will continue to
> arrive via both providers, and you may end up with asymmetric routing,
> just to name one example. Besides, what about your security policy,
> and how are you planning to enforce it in that kind of setup?
Using Wireshark I was able to Capture a TCP Stream in which there appears
to be some Asymmetric Routing, leading DDClient to "Detect" the Public IP
Address of Provider #2 instead of Provider #1!!! I have attached a
Capture of TCP Stream #581 to this Posting, although I do NOT know if the
DDClient List "Accepts" Attachments???
Within Stream #581: MAC Address of Provider #1's Gateway (00:1c:10:9e:ae:2b)
MAC Address of Provider #2's Gateway (00:13:46:43:8c:4c)
All Frames leaving the Ubuntu Server are correctly targeting the MAC
Address of Provider #1's Gateway, although of the Frames returning from
checkip.dyndns.com (208.78.70.70) [Frames 2, 5, 6 & 12] have returned from
the MAC Address of Provider #2's Gateway and have therefore DDClient
has instead detected the Public IP Address of Provider #2!!!
If List Users have time to look at Stream #581's Capture, could they
provide possible explanations as to why this Asymmetric Routing has
occurred??? Within a Fully Switched Segment it would be more
"Challenging" to verify from which Provider's Router the TCP Stream
actually exited the Private Segment, although it might be that the TCP
Stream actually left the Switched Segment via Router #2, even though
initially the Frame was sent to Router #1's Gateway Interface??? If that
was the case, then I might have created a "Dynamic" Routing Issue without
know it???
Thanks again for everone's patience...
> Yours,
> Ingo
>
> --
> Ingo Schwarze <isc...@as...> | Software Engineer | Framework Team
> Astaro AG | www.astaro.com | 76227 Karlsruhe | Germany
> |
|
From: Ingo S. <isc...@as...> - 2010-02-04 20:14:49
|
Hi Larry, i admit i didn't look at the captured packets, but the following explanation looks plausible in general: Larry Houston wrote on Wed, Feb 03, 2010 at 03:55:41PM -0500: > possible explanations as to why this Asymmetric Routing has occurred? Usually, DNS changes do not take effect immediately. It is very common to employ caching on DNS servers. Sometimes, it takes up to a full day until some caches expire. Thus, if you change DNS information on the DynDNS server, some servers may pick it up fairly quickly, but some others may take more time. In your case, even very small delays can make a difference. In general, the routing of a response IP packet does not depend on the routing of the packet it responds to. Thus, if you send a packet via the new route to a host using a caching DNS server still having your old IP address in its cache, the response packets will arrive via the old route, possibly triggering another switch of the address you have registered with DynDNS. Again, this is just one relatively simple, plausible explanation. The real effects may be more involved; both DNS and routing can be quite tricky. In any case, i think combining "use=web" in your ddclient configuration with multiple Internet uplinks is asking for trouble - in fact, just the trouble you are experiencing, unstable DNS and routing. The "use=web" method may be sufficient for trivial setups, but it's not that useful once things get more complicated. You might wish to look at other configuration methods; as i said, there are plenty. So far, i see no indication that you suffer from a bug in ddclient. Yours, Ingo -- Ingo Schwarze <isc...@as...> | Software Engineer | Framework Team Astaro AG | www.astaro.com | 76227 Karlsruhe | Germany |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X