NIC War
Hello all,
The weirdest thing's been going on lately with the two NICs in my
machine. One has started to respond on behalf of the other (almost
like a proxy arp), and AFAIK, I never set it up to do that. The problem
now is getting them both to respond normally, as they did when I first
set them up.
The first one is set up to receive requests from outside the local
network, and serve the local network internally. The second one is
just for internal stuff.
Initially, I set it up so the second one (internal only) used the
first one as a gateway. On a reboot, since I hadn't set up the first
one to come up automatically, the second one couldn't do much of
anything, as expected, and as soon as the first one was brought up,
both functioned normally.
Recently I noticed that sometimes the connection would hang when I
ssh'ed in remotely, so I set up arpwatch to see if there was anything
interesting going on that it could tell me---and apparently, the two
cards "flip-flop" at seemingly random times and stay swapped for
random intervals. So I used the arp program to permanently set the MAC's
for the appropriate IP's/interfaces. The flip-flops didn't stop, but
the hang times were cut down to just a few seconds---and this was
tolerable.
Last week lots of changes happened to the network, mostly with stuff
that I'm not responsible for. A second T1 and its corresponding router
were added, maintenance stuff was done on who-knows-what equipment, etc.
The only changes I made was that I added a third NIC to the machine to
access a different part of the network. It, along with the other two NICs
seemed to work fine internally.
The only problem was, external requests coming in weren't going anywhere.
There's some kind of switch at the "main office" that forwards requests
from the "external IP" to the "internal" one, which is what my first NIC
was set up for. When we used arping and other monitoring tools, it showed
the second NIC responding---when a request was made for the MAC of the
first NIC, the second card would respond with its MAC. I think this had
been happening all along, according to arpwatch's flip-flop reports, but
maybe this is different.
The first NIC works fine, AFAIK, since you can use arping to ping it
via its MAC. However, when you ping it via its IP, the other card
responds. Again, I've manually set the arp table on the server machine
and on the client I used to ping it, but it didn't help.
I tried disabling the second nic to see if the first one would then
correctly reply to arp requests again, and it did---only problem was,
external requests still weren't coming in.
I also changed the gateway of the second nic to be the same as the
first nic, to avoid the second one going through it. Didn't help.
Then I disabled the first nic, and all of a sudden, everything was
working again---external requests were coming in, internal things were
working correctly---but this was all happening through the second nic,
which never should have been receiving these external requests.
What is going on here? What do I need to do to fix it so that the second
one stops responding to arp requests for the first one with the second
one's MAC? How come external requests weren't working with the first one
enabled on its own, even though it would respond with the correct MAC---
and yet they work fine with the second NIC, which never was set up
to occupy that IP address.
There's no load balancing here, no iptables or anything else configured
on the machine that I know of that would cause such an issue, and I don't
know how this can be fixed. If the interface was *taken down*, why is
the second one STILL responding on the first one's behalf?
I checked with the people at the main office who say all the equipment
in charge of forwarding requests to me from outside is configured
correctly, and they say the router this thing is connected to is not
using permanent arp tables or proxy arp.
And in the middle of all this, the third nic, working for the other part
of the network, is working just fine.
I don't think the first NIC is dead---it DID respond to arping, so I
don't think the second one is taking over for that reason---besides,
it shouldn't do it anyway if the interface is brought down, right?
What could possibly be causing the second one to respond for the first
one? How do I stop it?
Thanks in advance
--
Ian Melnick
VSMSC JN/WS Admin
dazed@vonsteuben.org (at school)
ian@vonsteuben.org (at home)
AIM: dazedyugo
Reply to: