I thought some of you might find the results of my problem interesting. I went out to the client's on Monday and looked over everything. There were some interesting things in the logs, but not enough to tell me what was causing the problem. After rebuilding the LEAF router, everything worked fine - for about 2 hours. Then, out of the blue, it stopped working.
I found the source of the problem through a bit of luck. I hadn't enabled SSH and was too lazy to walk back to where the router was, so I launched a web browser to check things out (I had weblet loaded). Rather than see the LEAF web interface, a WebRamp screen came up. I asked the person in charge if their ISDN modem was connected to the network - I remembered the WebRamp screen from when I helped them make some configuration changes in the past. Sure enough, it was! It turned out that he trained a few people to unplug and plug back in the power to the ISDN modem if they were having problems (prior to the switch to the cable modem). Unfortunately, he left the ISDN modem in the wire closet and just unplugged it. Apparently, when they first started experiencing unrelated problems with the cable connection, someone went in the wire closet and plugged the ISDN modem back in - which had the same IP address as the internal NIC in the LEAF router. We removed the ISDN modem from the wiring closet and haven't experienced any downtime since. This leads me to another question: Why is another machine able to steal the IP address like that with Linux? Even Windoze prevents this from happening and just gives you an annoying popup to let you know someone else just connected with the same IP. Thanks especially to Ray Olszewski and Brad Fritz for their help! -sr ----- Original Message ----- From: "Ray Olszewski" <[EMAIL PROTECTED]> To: "sr" <[EMAIL PROTECTED]>; "LEAF" <[EMAIL PROTECTED]> Sent: Friday, September 20, 2002 9:02 PM Subject: Re: [leaf-user] Bering LEAF Intermittent downtime > Sorry I dragged you through that initial review. It's clear from your > replies that you've worked on this more than I realized from reading your > first message. > > Still, I am having trouble understanding what you wrote. It *appears* that > you are saying that when an outage occurs, you *can* ping the ISP's gateway > from the LEAF router, but you *cannot* ping it from a LAN client. I get > that from this combination of responses: > > > > 4. During the failure times, if you log into the LEAF router, can you ping > >[...] > > > the gateway IP address? > >Yes > > ... and ... > > >Basically, we can't ping anything external, including the ISPs gateway or > >DNS servers. The ISP claims that the cable modem has been up for over two > >weeks and he was running constant pings today and said there was 1% packet > >loss. However, we can't ping their gateway - at least not from and internal > >machine - I'll have to check if I can ping it from the router. > > Now I may still be minunderstanding you ... but this part is important to > get exactly right. Specifically, during an outage, can the router itself > ping the ISP's gateway? > > If is can, but the LAN clients cannot, then the problem lies somewhere in > the interaction between the LAN clients and the LEAF router. Where? Well, > the fact that the clients do not lose contect with the router itself (or, I > presume, one another) rules out a lot of possibilities on the LAN side > (including failure of the eth1 interface). If the ISP can regularly ping > the router's external interface, that rules out any problems at that end > (including failure of the eth0 interface). > > Almost the only thing in between these two interfaces is the Linux kernel > itself -- most directly its iptables ruleset, as configured by Shorewall. > I'm no Shorewall expert, so I'll leave it to Tom to suggest any > possibilities here. All I can think to suggest is that you examine your > logs (in /var/log/) for any kernel messages from iptables. > > OTOH, if I have misunderstood you and the router *cannot* ping the ISP's > gateway at these times, then we need to understand why your ISP thinks it > *can* ping you. On that score ... if we are talking about close-by pings, > the 1% packet loss the ISP reports seeing is quite a lot. A system with > negligible packet loss normally, and 3 5-minute outages during a day, would > *average* 1% packet loss over the day. So I hope the ISP was doing a more > exact test than this summary conveys. (I mention this concern because I > have way too much experience with ISP sloppiness to trust ambiguous replies > from ISPs.) > > More to the point, what is he pinging? Your external IP address (the one on > the LEAF router)? If so, is his experience consistent with yours -- that > is, if he pings you, and no other traffic is running, do the RX and TX > packet count increase on the external interface? Or does the ISP ping some > address on the interface it provides (the cable modem itself)? If that > device has an IP address, can the router ping it? > > Even more to the point, where is the ISP pinging *from*? Get the IP address > of the machine the ISP is using to do the ping test, then see if you can > ping *it* (from the router) next time you have a failure. If you can, then > the problem lies in the ISP"s gateway machine, specifically its connection > to the network your LEAF router is on. > > At 07:23 PM 9/20/02 -0700, sr wrote: > >Thanks for the reply, Ray. Below are my reponses to your questions. > [details deleted] > > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > -------------------------------------------------------------------------- ----- > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
