[nSLUG] Problems with Eastlink Hosting Multiple IPs on One Network Interface

Jim Campbell jim at jcampbell.ca
Mon Nov 14 22:01:39 AST 2005


We have three static IPs handled by a Cyberguard SG570 firewall 
appliance (embedded Linux 2.4.26). Two of the static IPs are aliases on 
the same firewall port. We have had this arrangement for about 14 
months. Starting about a month ago we have a high packet loss to the 
aliased IPs. I have had several long talks with their tech support, 
basically they believe that the problem is that the ARP table (IP to MAC 
table) on their end is not getting updated as fast as the packets 
originating from our firewall are changing this relationship.They have 
no idea why this behaviour has only occurred recently. Running a tcpdump 
on the internet interface while pinging an aliased IP on the firewall 
from an external client shows the firewall responding to each and every 
ping but only about 30% of the replies actually make it back to the 
client. Eastlink say that another customer with a different firewall 
make are also reporting the same problem. We are running the identical  
firewall hardware handling five static IPs on a single interface with 
Aliant with no difficulty.

I would be interested in hearing reports from anybody else out there 
with a similar network arrangement (Linux 2.4 kernel aliasing static 
IPs) with Eastlink. Does it work for you?

Jim Campbell

!DSPAM:43794194109382009415043!




More information about the nSLUG mailing list