Thanks Andrey... what you say below makes sense to me, unfortunately my static/persistent route is not being used in favor of whatever poisoned route is present. I even went so far as to add 192.168.3.254 255.255.255.255 into the PC's routing tables and it was ignored as well.
Thanks Randy, I can give this a try and see what happens. Seems like everything we've been discussing so far relates to trying to "work around" this weirdness. I'm definitely interested in work-arounds, but I must confess that what I'm even more concerned with is why this problem is happening in the first place and how do I determine where it's coming from. I'm guessing it's having other affects on our network that have been harder to notice or at least harder to connect with this problem. Anybody have any ideas regarding what I can sniff for on our network that contributes to these routing tables being built on an XP workstation? Larry Fountain Systems and Network Administrator II Physicians Immediate Care Rockford, IL -----Original Message----- From: Andrey Gordon [mailto:[email protected]] Sent: Wednesday, June 24, 2009 1:50 PM Subject: Re: [IM-Talk] Problem with poisoned routes in Windows XP I don't think the workstation cares how routers are configured. I believe the only time this entry is used is to make a decision which ARP request to send. Now, I'm assuming here that this XP workstation has one NIC, which is on one subnet of 192.168.1.0/24 with 192.168.1.254 as a gateway. Basically, if the destination node is not in 192.168.1.0/24 it will send the packet to 192.168.1.254 anyway. If there is a route to 192.168/16 it will use that to make that decision instead of using 0.0.0.0/0 to do so __________________________________________________________ Andrey Gordon | Integrity Interactive | Network Engineer | +1.781.398.3518 On Jun 24, 2009, at 2:17 PM, Randy Millsop wrote: > Hi Larry, > > The route you added introduces classless routing, trying to combine > 2 Class C subnets into 1 Class B network. Is that how the rest of > your network is configured? > > My experience with Windows (and, to be fair, any older or sub-par IP > stack) is that Ip classless only works consistently if all the network > equipment broadcasting those subnets are configured the same. If this > static route doesn't exactly match how your actual routers are > configured, then you're going to have very mixed results. i.e. if the > Class C networks 192.168.0.x and 192.168.1.0 are configured in your > router with regular independent Class C masks of 255.255.255.0 then > you'll need to add both route statements to your XP box and not try to > combine them into 1 Class B subnet. > > Good Luck, > Randy Millsop > Network Administrator > San Joaquin Delta College > > ----- Original Message ----- > From: "Larry Fountain" <[email protected]> > To: [email protected] > Sent: Wednesday, June 24, 2009 5:53:26 AM GMT -08:00 US/Canada Pacific > Subject: RE: [IM-Talk] Problem with poisoned routes in Windows XP > > Hi Jakob, > > Thanks for the idea. Unfortunately, I forgot to mention that I've > already tried this. I already used the route command to add a > persistent route (ROUTE ADD 192.168.0.0 MASK 255.255.0.0 > 192.168.1.254 METRIC 1 -p) and it just seems to ignore it. It shows > it in the ROUTE PRINT at the bottom but the dynamic routes keep > appearing and they seem to take precedence. > > Persistent Routes: > Network Address Netmask Gateway Address Metric > 192.168.0.0 255.255.0.0 192.168.1.254 1 > > Larry > > > -----Original Message----- > From: Jakob Peterhänsel [mailto:[email protected]] > Sent: Wednesday, June 24, 2009 1:14 AM > Subject: Re: [IM-Talk] Problem with poisoned routes in Windows XP > > Hi Larry, > > Welcome to the list! > > I used to run a IM installation on a XP box, and we ended up adding > =20 static routes to the networks known, since Windows and dynamic > routing =20= > > is, as you found out, not that great. > > I don't have a XP box here, but you use the ROUTE command to add a =20 > static route. Play around with it. > There is a parameter to make the route static, even over reboots, so > =20 keep that in mind when it's working. > > > Best, > > > Jakob Peterh=E4nsel > > "Be a part of the Love Generation - carry a smile, not a gun." > - JP, May 2006 > > Email: [email protected] > AIM: Marook > Phone: +45 30787715 > > On 23/06/2009, at 22.47, Fountain, Larry wrote: > >> Hi folks, >> >> I'm new to this list. For me, Intermapper is running on a Windows XP >> SP3 desktop PC. Recently I've been experiencing a maddening issue >> =20 >> where many times a day Intermapper will report devices on my WAN as >> being =20= > >> down >> when I know they're actually not. Basically, Intermapper just can't >> ping them. The weird thing is that at one moment in time it might >> report 192.168.3.254 (the router/gateway for that network segment) as >> being down while it reports 192.168.3.250 (another monitored device >> on >> that segment) as being up. Clearly this is impossible since traffic >> can't get to 250 except through 254. The problem is simply that >> 192.168.3.250 is pingable while 192.168.3.254 is not. What really >> =20 >> threw me for a while was that from elsewhere on the network I could >> ping =20 both devices just fine. This scenario is not limited to >> these two =20 addresses and it's not limited to this order. In other >> words, the reverse could just as easily be true (254 is pingable >> while >> 250 isn't). What I've since learned from a ROUTE PRINT command on >> the >> Intermapper PC while =20= > >> the >> devices are unpingable from the Intermapper PC is that each device >> =20 >> that is unpingable has an associated bad route in the Intermapper >> PC's >> routing table. So no wonder it's unreachable if the route is =20 >> incorrect and it's sending packets to the wrong gateway. >> >> I've discovered that there are two ways of temporarily "fixing" the >> problem. One is to wait 5-15 minutes and eventually the bad route >> disappears and things are fine again. The second is to go to a DOS >> prompt and execute a ROUTE DELETE 192.168.3.254 (or whatever the IP >> =20= > >> is) >> and instantly Intermapper is happy again. The problem is that before >> long the bad route (or different ones) will reappear. This causes >> Intermapper to show devices as bouncing all day long when they're =20 >> really not. >> >> In short, the problem is that somehow my routing tables are being >> poisoned on the Intermapper PC. I suspect that it's not just on =20 >> this PC but that PC's on this entire subnet are being affected. It's >> just =20 that we're not noticing it elsewhere as much. Something on >> our network is poisoning the routes but I have no clue where it's >> coming from. It =20= > >> can >> happen 10 times or more per day and there doesn't seem to be any >> rhyme >> or reason for when it occurs. >> >> Does anybody know how Windows XP gets it's routing table populated? >> I've got WireShark running on that PC and could easily sniff for the >> appropriate packets if I only knew what I was looking for. Any ideas >> would be much appreciated. I've already run this past Dartware's >> tech >> support and they suggested posting this issue here. The good news at >> least is that this is clearly not an Intermapper problem. More than >> likely it's something on our network that needs to be resolved anyway >> and Intermapper is just extra sensitive to the routes being poisoned. >> >> Thanks in advance... >> >> Larry >> ____________________________________________________________________ >> List archives: >> http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ >> To unsubscribe: send email to: [email protected] >> > > ____________________________________________________________________ > List archives: > http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ > To unsubscribe: send email to: [email protected] > > ____________________________________________________________________ > List archives: > http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ > To unsubscribe: send email to: [email protected] > ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [email protected]
