Line One
asked on
ARP requests not responded to by ISP
I have a situation with a Docsis modem and a SonicWall router. There are 5 IP's connected to the SonicWall. Every once in a while the IP's get knocked off the air. The only way I can get them working is to reprogram everything from scratch. I have tried various things including a brand new SonicWall router which did not work. I have had SonicWall tech support do some testing as well. What we notice is that when we reprogram everything from scratch we send out an ARP request and the ISP responds appropriately. However once an IP goes down we notice that if we send an ARP request out we get no response. Is there any definitive way to prove that the problem is either at the ISP end (which is what we suspect as this is a new service offering they have) or at our end? The ISP is recommending that we go to transparent bridging but we have reasons not to and they have also confirmed that it should work without transparent bridging - they are just 'trying to make it work' but again we don't want transparent bridging - not until we have at least determined which end the problem lies.
Can you do a packet capture with Wireshark or Sniffer showing the ARPs going out to their router but no replies coming back?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rick O Shay:
We've done that - we send out, they don't reply.
harbor235:
" hairpining gratuitous arps" - what exactly is this?
We've done that - we send out, they don't reply.
harbor235:
" hairpining gratuitous arps" - what exactly is this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just using a SonicWall NSA 2400 on this side of the Docsis.
What is the 'hairpin'?
What is the 'hairpin'?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the detail. ARP goes out of Sonicwall - we can see that. We don't control the DOCSIS modem but I'm assuming that the ISP does and could and has been logging ARP. I will bring it up with them though just in case. One additional note - it can be that out of 5 IP's associated with a Sonicwall 2 go off the air and can't be re-programmed without starting the whole firewall programming from scratch - however the other 3 IP's will still be responding. This is very typical on all the SonicWalls - all can be pinged after reprogramming, then 1 or 2 drop off - can't be reached but others stay up. Very irritating. We have recommended that the ISP just delete our account and start again - it sounds like a bug in their programming for our site.
ASKER
Some additional info. The ISP is now saying that the Sonicwall doesn't fully complete ARP negotiation, yet per Sonicwall's specs it complies with the relevant RFC. Is it likely that SonicWall wouldn't do ARP negotiation properly - it seems it's a pretty essential part of being a router and I find it hard to believe Sonicwall would have problems in this area.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Answer was found independently and worked.
Hello lineonecorp.
I'm having the same issue but with a checkpoint firewall (runs a hardended version of linux).
I was able to do a tcpdump on the interface from checkpoint and I can see the ARP requests going out but never getting replied to.
Was was the final solution to this?
Thanks,
I'm having the same issue but with a checkpoint firewall (runs a hardended version of linux).
I was able to do a tcpdump on the interface from checkpoint and I can see the ARP requests going out but never getting replied to.
Was was the final solution to this?
Thanks,