[nSLUG] Problems with Eastlink Hosting Multiple IPs on One Network Interface

Jason Kenney jason at ohm.ath.cx
Mon Nov 14 22:39:31 AST 2005


> We have three static IPs handled by a Cyberguard SG570 firewall appliance 
> (embedded Linux 2.4.26). Two of the static IPs are aliases on the same 
> firewall port. We have had this arrangement for about 14 months. Starting 
> about a month ago we have a high packet loss to the aliased IPs. I have had 
> several long talks with their tech support, basically they believe that the 
> problem is that the ARP table (IP to MAC table) on their end is not getting 
> updated as fast as the packets originating from our firewall are changing 
> this relationship.They have no idea why this behaviour has only occurred 
> recently. Running a tcpdump on the internet interface while pinging an

Did they indicate more precisely what "recently" is?

> aliased IP on the firewall from an external client shows the firewall 
> responding to each and every ping but only about 30% of the replies actually 
> make it back to the client. Eastlink say that another customer with a 
> different firewall make are also reporting the same problem. We are running 
> the identical  firewall hardware handling five static IPs on a single 
> interface with Aliant with no difficulty.
> I would be interested in hearing reports from anybody else out there with a 
> similar network arrangement (Linux 2.4 kernel aliasing static IPs) with 
> Eastlink. Does it work for you?

I don't have a static IP, just the regular residential service, but I've 
noticed another problem for at least two months now.
It has been much better this week however, and I haven't seen the usual 
strange behaviour:

- Failure to open any new connections, except to peers for about 
5-10 minutes.

For example, my MSN Messenger would continue to work correctly, but any 
website I tried to visit would just time out (the DNS would resolve 
though). I could however get to any of Dalhousie. (But not cnn.com, etc.)

A temporarily outdated or not updating ARP table somewhere up their line 
might explain this I guess. I know at least three other people on 
different subnets who had the same problem, but I haven't heard any 
complains in the last couple days, so maybe it's been fixed.

I had a theory it might have been due to poorly implemented traffic 
shaping, but this was hard to test, and unclear. It was clear it was 
something in Eastlink, since everywhere else died, but proxying through 
Dal worked fine.

Maybe it's related. *shrug*



More information about the nSLUG mailing list