Hi Rob and Logan thanks much for your time and expertise..
I belive you both have given the right answers. sicne i only manage A's network, i didn't realy have a chance to see what was really happening. Yes, according to B's network support, A router's arp reply won the race. so the client will send packet destinated to servers to A router. when the default route was removed, a returning route to the client was not there any more. Thank again. regard alec -----Original Message----- From: Rob Webber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 20 March 2002 5:53AM To: [EMAIL PROTECTED] Subject: Re: Appreciate Your Expertise On This Strange ARP Problem [7:38828] Alec, This is quite an interesting scenario you ran into. I think I can explain what happened. As you mentioned Cisco enables proxy-arp by default. Usually this is a good thing - in this case it was the cause of the problems. Before the change when a 10.67.7.* DHCP client wanted to connect to a 10.67.1.* server, the client would issue an ARP request for the 10.67.1.* address. This ARP request would reach the actual server as well as the A router. The A router would see that the request was for an address that it believed was on a completely different subnet (10.67.1.0). Since proxy ARP was enabled (by default), the router would answer the ARP request using its own mac address as the destination mac address. At this point there would be a race between the server responding (correctly) to the ARP request and the A router responding to the ARP request. When the server's ARP response won that race, everything worked fine. When the A router won the ARP response race, it would receive the packets destined for the server from the client. The A router would then attempt to route those packets to the correct destination. Its default route said to route them to router B, which it would do. Router B would then know to forward those packets right back out the same interface to the server. In this scenario traffic was taking a strange path, but still working (its likely router B would actually also send an ICMP packet which may have taken router A out of the loop). When the default route for router A was removed, the same race still occurred. Except now when router A won the race it had no route to correctly send the packet. Thus the packets would never make it to router B and/or the server and communication was lost. You correctly fixed the problem, though it would have been interesting to see if disabling proxy arp on router A also would have fixed the problem. My guess is it would have... Rob. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi there > > This is my first time to post a question. > > Here is a real scenario which happened a few days ago. Though the problem > has been resolved, i still cannot understand what the cause is. > > Customer A has a partner connection to B's network. due to lack of > capability on B's Router/Firewall, one of A's router is plugged directly > onto B's internal LAN(sounds silly, but it is true). > > B's LAN use 10.67.0.0/16 address, of which 10.67.1.x is for servers, > 10.67.2.x for routers/switches, 10.67.7.x and 10.67.8.x for DHCP clients. > B's router has 10.67.2.1 addr. > > A's router on B's LAN gets assigned an ip addr 10.67.2.2,but a wrong /24 > mask was given by B. since A's users need to talk to B's server, a static > route(ip route 10.67.1.0 255.255.255.0 10.67.2.1) was added. > > A default route is also configured(ip route 0.0.0.0 0.0.0.0 10.67.2.1) on > the A's router. > > when this default route was taken off(no obvious reason to point a default > route to B's default router), all B's dhcp clients cannot talk to their own > servers(10.67.1.x) any more even they are on the same subnet. > > B's network support was called in, and they found that the A's router is > incorrectly answering ARP requests(by default ip proxy-arp is enabled on the > LAN interface). and somehow the arp respone reaches the client before the > server's, so the client cannot talk to the servers. > > the problem later was resolved by rectifying the subnet mask on A's router. > but i still cannot figure out what went wrong when the default route on A's > router was removed. > > I'll be much appreciated if anyone can shed some lights on this. > > regards > > Alec Shi > > > Senior Support Engineer > Axon Computertime > Auckland > NZ > > > > -- > The information contained in this e-mail message is intended only for the > use of the person or entity to whom it is addressed and may contain > information that is CONFIDENTIAL and may be exempt from disclosure under > applicable laws. > > If you read this message and are not the addressee you are notified that > use, dissemination, distribution, or reproduction of this message is > prohibited. If you have received this message in error, please notify us > immediately and delete the original message. You should scan this message > and any attached files for viruses. > > Axon Computertime accepts no liability for any loss caused either directly > or indirectly by a virus arising from the use of this message or any > attached file. -- The information contained in this e-mail message is intended only for the use of the person or entity to whom it is addressed and may contain information that is CONFIDENTIAL and may be exempt from disclosure under applicable laws. If you read this message and are not the addressee you are notified that use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify us immediately and delete the original message. You should scan this message and any attached files for viruses. Axon Computertime accepts no liability for any loss caused either directly or indirectly by a virus arising from the use of this message or any attached file. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38860&t=38860 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
