← Back to context

Comment by js2

13 years ago

This is insane. The closest scenarios to this I've seen in my career:

1) A private frame relay network that one day stopped passing packets over a certain size. Worked around by lowering the MTU at both ends till I was able to convince the frame relay provider that yes, the problem was in their network. This was relatively straight-forward to diagnose, but it was still odd being able to ssh into a box, then have the connection hang once I did something that sent a full-size packet (cat a large file, ls -l in a big directory, etc).

2) A paging gateway program I wrote (email to SMS) that worked fine when testing on my Mac, but couldn't establish connections to a particular Verizon web site when I ran it from a Linux box. Turned out that the Linux TCP stack had ECN enabled and at the time the Verizon website was behind a buggy firewall that blocked any packets with ECN bits set.

3) A Solaris box that could randomly be connected to, but not always. Turned out someone had deleted its own MAC address from its ARP table (yes, you can do this with Solaris) so it wasn't replying to ARP packets for itself. As I recall, it could make outbound connections, and then you could connect to it from that same peer until the peer timed out the ARP entry. Then the peer couldn't reach the Solaris box again.

None of these are nearly as complex as the scenario in this story.

5 comments

js2

Reply
derleth  13 years ago

> someone had deleted its own MAC address from its ARP table

blink

Two questions:

- Is there ever a valid reason to do this?

- How do you attain the skills required to do this while not also learning not to?

  • cnvogel  13 years ago

    So, I was working at a very small internet service provider in a rural area in the mid-nineties. For the lack of affordable hardware, we were using Linux machines for routing, and a lot of "unconventional" solutions were necessary due to insufficient hardware being used. Tunelling, and other virtual interfaces of any kind were used often.

    I remember one particular case were we running both routed IP and bridged ethernet over a single frame-relay link, and there we had to resort to fixed ethernet-to-ip mapping (turning off ARP) on the bridged link for some reason I really can no longer remember.

  • malvim  13 years ago

    > How do you attain the skills required to do this while not also learning not to?

    Upvoted for being one of the greatest ways I've ever seen to put what is a VERY common problem. I will quote this mercilessly in the future, if I may. Thanks.

  • peteretep  13 years ago

    > How do you attain the skills required to do this while not also learning not to

    Half-understood StackOverflow answers, natch.

  • drcross  13 years ago

    "First hop redundancy" such as HSRP, VRRP and GLBP use similar techniques to load balance and redundancy. This could be a reason for it's use.