I have a problem that started about November 15th of last year (2012) and it's been a constant problem ever since. I have a block of 4 Sonic static IPs and I run 2 physical hosts and 2 virtual hosts. Each host has a unique IP from the block of 4 static IPs and each host has a unique MAC address. I have an internal network and the firewall is a NAT for all hosts inside. One of the virtual hosts runs a dedicated firewall and the other runs a dedicated web/ftp server and is only addressable via the static Sonic IP. Even the internal network can only get to it via the IP address. It's the web/ftp host that I'm having the problem with, which is this:
If the host doesn't see any network traffic for about 6 minutes, it becomes unaddressable by any external host on the internet. Once this condition occurs, the host must ping out to an external host in order for traffic to reach the host once more. I have a script that pings the Sonic-side router every 3 minutes, but this is less than ideal and defeats the purpose of having static IPs in the first place, plus this wasn't necessary before November, and this wasn't a problem previously up until May when I started using the Sonic Fusion service and got the block of 4 IPs originally.
I have contacted Sonic Tech Support and described my problem. The tech consulted with a senior tech and stated that the "host keeps dropping off" and "because I'm running VMware hosts", but couldn't explain what any of that ment. After some digging, I believe he is refering to the ARP cache that all network devices maintain for peer connections. The ARP cache contains host IPs and their MAC addresses and are designed to age and drop these entries at a regular interval (usually 60 seconds), unless there is activity seen to or from the host address. I suspect this is what the tech ment (I haven't confirmed this), so this is just speculation on my part.
But, this doesn't make sense to me. With static IPs all network packets for those 4 IPs should always be routed to/through my DSL router to whatever hosts I happen to have running those IPs, virtual or otherwise.
Now, it so happens that this same host was hacked back in October and the attacker started doing something with it that caught my attention on November 13th. As of the 14th, I'd wiped the host and re-created the host image from scratch, so there was no possibilty of anything left over from the exploit. And that's when this timed unaddressability issue started.
I'm in a bit of a quandry. I've searched all of the Sonic Blogs and status/events and can't find anything even close to November that seems like a relevent change that might explain this change.
Has anyone else seen anything like this happen?
If the host doesn't see any network traffic for about 6 minutes, it becomes unaddressable by any external host on the internet. Once this condition occurs, the host must ping out to an external host in order for traffic to reach the host once more. I have a script that pings the Sonic-side router every 3 minutes, but this is less than ideal and defeats the purpose of having static IPs in the first place, plus this wasn't necessary before November, and this wasn't a problem previously up until May when I started using the Sonic Fusion service and got the block of 4 IPs originally.
I have contacted Sonic Tech Support and described my problem. The tech consulted with a senior tech and stated that the "host keeps dropping off" and "because I'm running VMware hosts", but couldn't explain what any of that ment. After some digging, I believe he is refering to the ARP cache that all network devices maintain for peer connections. The ARP cache contains host IPs and their MAC addresses and are designed to age and drop these entries at a regular interval (usually 60 seconds), unless there is activity seen to or from the host address. I suspect this is what the tech ment (I haven't confirmed this), so this is just speculation on my part.
But, this doesn't make sense to me. With static IPs all network packets for those 4 IPs should always be routed to/through my DSL router to whatever hosts I happen to have running those IPs, virtual or otherwise.
Now, it so happens that this same host was hacked back in October and the attacker started doing something with it that caught my attention on November 13th. As of the 14th, I'd wiped the host and re-created the host image from scratch, so there was no possibilty of anything left over from the exploit. And that's when this timed unaddressability issue started.
I'm in a bit of a quandry. I've searched all of the Sonic Blogs and status/events and can't find anything even close to November that seems like a relevent change that might explain this change.
Has anyone else seen anything like this happen?