ARP bugs on Sonic's end
Posted: Tue Oct 18, 2011 10:50 am
I was having some trouble using a few of my static addresses this morning, and I've tracked it down to some very strange behavior, apparently on Sonic's end.
I have addresses x.x.x.208-x.x.x.215. From an outside box, if I ping .208, all is well. If I pinged .209-.215 I saw no traffic whatsoever on my DSL link, *including ARP*. This happens regardless of whether I've claimed .209 on my router or not. So only one of my addresses was working this morning.
But here's the really weird part. I can do this from my router:
root@Aether:~# arping -I eth1.1 -s x.x.x.208 x.x.x.1
ARPING to x.x.x.1 from x.x.x.208 via eth1.1
Unicast reply from x.x.x.1 [ec:44:76:63:5f:43] 23.393ms
Unicast reply from x.x.x.1 [ec:44:76:63:5f:43] 18.618ms
^CSent 2 probe(s) (1 broadcast(s))
Received 2 reply (0 request(s), 0 broadcast(s))
That's expected -- that's sonic.net answering with proxy ARP to maintain the illusion that I have eight addresses on a /24 (when, of course, I actually have eight addresses on a /29).
But this is wrong:
# arping -I eth1.1 -s x.x.x.208 x.x.x.215
ARPING to x.x.x.215 from x.x.x.208 via eth1.1
Unicast reply from x.x.x.215 [ec:44:76:63:5f:43] 23.413ms
^CSent 1 probe(s) (1 broadcast(s))
Received 1 replies (0 request(s), 0 broadcast(s))
Hi, Sonic's router. You're answering proxy ARP on *my* address. If I send an unsolicited ARP to forcibly update your cache on that address, then you stop answering and that address starts working. So I can bring my IPs to life one at a time by sending unsolicited ARPs.
I think you have a bug. I have the ZTE single-port device in bridge mode. I doubt that it's the problem.
I have addresses x.x.x.208-x.x.x.215. From an outside box, if I ping .208, all is well. If I pinged .209-.215 I saw no traffic whatsoever on my DSL link, *including ARP*. This happens regardless of whether I've claimed .209 on my router or not. So only one of my addresses was working this morning.
But here's the really weird part. I can do this from my router:
root@Aether:~# arping -I eth1.1 -s x.x.x.208 x.x.x.1
ARPING to x.x.x.1 from x.x.x.208 via eth1.1
Unicast reply from x.x.x.1 [ec:44:76:63:5f:43] 23.393ms
Unicast reply from x.x.x.1 [ec:44:76:63:5f:43] 18.618ms
^CSent 2 probe(s) (1 broadcast(s))
Received 2 reply (0 request(s), 0 broadcast(s))
That's expected -- that's sonic.net answering with proxy ARP to maintain the illusion that I have eight addresses on a /24 (when, of course, I actually have eight addresses on a /29).
But this is wrong:
# arping -I eth1.1 -s x.x.x.208 x.x.x.215
ARPING to x.x.x.215 from x.x.x.208 via eth1.1
Unicast reply from x.x.x.215 [ec:44:76:63:5f:43] 23.413ms
^CSent 1 probe(s) (1 broadcast(s))
Received 1 replies (0 request(s), 0 broadcast(s))
Hi, Sonic's router. You're answering proxy ARP on *my* address. If I send an unsolicited ARP to forcibly update your cache on that address, then you stop answering and that address starts working. So I can bring my IPs to life one at a time by sending unsolicited ARPs.
I think you have a bug. I have the ZTE single-port device in bridge mode. I doubt that it's the problem.