Re: Traffic Shaping Question

On 10 Mar 2006 18:52:23 -0800, "X" <kasey@xxxxxxxx> wrote:

Well, just about the time I left work, I got a call saying that our
remote site was down, so I had to go back. Long story short, I had our
application servers plugged into both networks (our old T1 is connected
to the old network that I want to shape, and our new T1, which I used
to test the "transparent" shaping server, is connected to a separate
network, the app servers have a NICs attached to both networks), and
the Proxy ARP linux server most likely made an entry in the app
servers' ARP cache. I have no idea why this would cause us to lose
connectivity, but it did. It was so strange, the rest of my network
could see the remote computer and vice versa, but the app servers could
not (and vice versa). The internet could also not see our application
servers from the outside. Very strange. Anyway, once I figured out
they were the problem, I guessed that it had to do with their ARP
cache, so I reset the default gateway on both of them to a different
(bogus) number and then back to what it's supposed to be and that
seemed to clear the cache and do the trick.

This is something to watch out for if you have multi homed computers
with one of them on a network that uses a proxy-arp server. I hope
this problem was only caused because I unplugged the server. I hope
this problem does not happen by default when you use a transparent
proxy arp server, as I need them to be on both networks and to
proxy-arp one. I guess worse comes to worse, I could fall back on
using bridging instead. Bridging is less manipulative, it seems, but I
am against the idea of using my network cards in promiscuous mode, and
also I don't know that the machine that we have for the shaping box
could handle as much traffic as promiscuous mode would force it to.

Food for thought,

X

Bridging also sucks because to effectively firewall you must use
ebtables, further complicating things. ProxyARP is the way to go, but
as already stated we strongly prefer selective ProxyARP rather than
altering /proc to ARP the interface(s).

Don't forget 'ip route flush cache'
--
buck
.

Relevant Pages

  • Re: Very Strange Network Problem HELP!!!
    ... 'zero connectivity' and worries about 'touching' the old network seem odd. ... First, a single user, with the servers on just ... > switch, and we do have the problem again. ...
    (microsoft.public.win2000.networking)
  • Re: Dcidag errors
    ... Port blockage between servers ... Other sorts of networking issues (lack of connectivity between the points ... These errors are typically a result of a network connectivity issue of some ... > replicating this nc. ...
    (microsoft.public.windows.server.active_directory)
  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)
  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)
  • Re: Strange Terminal Server problem
    ... 898060 - Network connectivity between clients and servers may not ... > I have two terminal servers on a private network. ... > running on Win2k, the other on Win2k3. ...
    (microsoft.public.windows.terminal_services)
Loading