Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Strange connectivity issue.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Strange connectivity issue.

NomadNomad Member

Hello,

I am having connectivity problems from Online.net server to some random sites/services with my main IP in my server. The weird thing is I can connect those services when I use my failover IP.

I realized this whilst I was on VPN connection and some sites that worked before failed to respond to my request. When I dug the problem, I realized that it was with my IO.

From here on I'll refer to my IP's as:

My servers IP is: SERVER-MAIN-IP-ADDR   
My failover IP is: FAIL-OVER-IP-ADDR  

For example, I am using minhateca.com.br to demonstrate it. It's a random site I realized I couldn't access. Too bad I don't remember any other examples.

For the sake of the problem and just in case I will be starting with flushing my IPTables:

[01:06] root@Loki: /home/nomad # iptables -F
[01:06] root@Loki: /home/nomad # iptables -X
[01:06] root@Loki: /home/nomad # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

Now, let me check my routing:

[01:24] root@Loki: /home/nomad # ip route show
default via 62.210.xyz.1 dev eth0  initcwnd 10 initrwnd 10
62.210.xyz.0/24 dev eth0  proto kernel  scope link  src SERVER-MAIN-IP-ADDR 

When I check it, the server responds to ping from both IP's
Ping from SERVER-MAIN-IP-ADDR

[01:26] root@Loki: /home/nomad # ping -I eth0 -c4 minhateca.com.br
PING minhateca.com.br (174.36.198.58) from SERVER-MAIN-IP-ADDR eth0: 56(84) bytes of data.
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=1 ttl=55 time=80.7 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=2 ttl=55 time=80.8 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=3 ttl=55 time=80.8 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=4 ttl=55 time=80.8 ms

--- minhateca.com.br ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 80.714/80.831/80.890/0.355 ms

Ping from FAIL-OVER-IP-ADDR

[01:26] root@Loki: /home/nomad # ping -I FAIL-OVER-IP-ADDR -c4 minhateca.com.br
PING minhateca.com.br (174.36.198.58) from FAIL-OVER-IP-ADDR eth0:0: 56(84) bytes of data.
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=1 ttl=55 time=81.0 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=2 ttl=55 time=80.9 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=3 ttl=55 time=80.8 ms
64 bytes from 174.36.198.58-static.reverse.softlayer.com (174.36.198.58): icmp_req=4 ttl=55 time=80.7 ms

So, I try getting the index:
My main network interface can not access it:

[01:27] root@Loki: /home/nomad # curl -I minhateca.com.br --interface eth0
curl: (7) couldn't connect to host

My hand configured failover IP can access it though...

    [01:28] root@Loki: /home/nomad # curl -I minhateca.com.br --interface eth0:0
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Length: 20083
    Content-Type: text/html; charset=utf-8
    Set-Cookie: __RequestVerificationToken_Lw__= --toolong token, bad for the post --; path=/; HttpOnly
    X-Server: m31
    Date: Wed, 01 Apr 2015 23:28:31 GMT

Let me try it with wget this time:

[01:44] root@Loki: /home/nomad # wget minhateca.com.br --bind-address=SERVER-MAIN-IP-ADDR
--2015-04-02 01:44:52--  http://minhateca.com.br/
Resolving minhateca.com.br (minhateca.com.br)... 174.36.198.58
Connecting to minhateca.com.br (minhateca.com.br)|174.36.198.58|:80... failed: Connection timed out.
Retrying.

--2015-04-02 01:44:56--  (try: 2)  http://minhateca.com.br/
Connecting to minhateca.com.br (minhateca.com.br)|174.36.198.58|:80... failed: Connection timed out.
Retrying.

--2015-04-02 01:45:01--  (try: 3)  http://minhateca.com.br/
Connecting to minhateca.com.br (minhateca.com.br)|174.36.198.58|:80... ^C




[01:44] root@Loki: /home/nomad # wget minhateca.com.br --bind-address=FAIL-OVER-IP-ADDR
--2015-04-02 01:44:38--  http://minhateca.com.br/
Resolving minhateca.com.br (minhateca.com.br)... 174.36.198.58
Connecting to minhateca.com.br (minhateca.com.br)|174.36.198.58|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20078 (20K) [text/html]
Saving to: `index.html'

100%[===========================================================================================================>] 20,078      --.-K/s   in 0.08s   

Last-modified header missing -- time-stamps turned off.
2015-04-02 01:44:39 (244 KB/s) - `index.html' saved [20078/20078]

This time let me try nc

[01:49] root@Loki: /home/nomad # nc -s SERVER-MAIN-IP-ADDR minhateca.com.br 80
minhateca.com.br [174.36.198.58] 80 (http) : Connection timed out

nc with FAIL-OVER-IP-ADDR works, not surprizingly.

[01:51] root@Loki: /home/nomad # nc -s FAIL-OVER-IP-ADDR minhateca.com.br 80
GET /
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://minhateca.com.br/
X-Server: m33
Date: Wed, 01 Apr 2015 23:51:03 GMT
Connection: close
Content-Length: 147

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://minhateca.com.br/">here</a></body>

Here's a traceroute, there's one because it returns the exact same result for both IP addresses:

[01:19] root@Loki: /home/nomad # traceroute minhateca.com.br
traceroute to minhateca.com.br (174.36.198.58), 30 hops max, 60 byte packets
 1  62-210-XXX-1.rev.poneytelecom.eu (62.210.xyz.x)  3.463 ms  3.576 ms  3.689 ms
 2  a9k2-45x-s43-1.dc3.poneytelecom.eu (195.154.1.94)  2.113 ms  2.119 ms  2.108 ms
 3  pni-th2-a9k2.th2.poneytelecom.eu (195.154.1.75)  1.197 ms  1.402 ms  1.488 ms
 4  softlayer.equinix-ix.fr (195.42.145.33)  1.323 ms  1.288 ms  1.302 ms
 5  ae1.bbr02.tg01.lon01.networklayer.com (50.97.19.101)  7.968 ms  7.410 ms  7.891 ms
 6  ae7.bbr01.tg01.lon01.networklayer.com (50.97.18.206)  8.499 ms  7.931 ms  7.969 ms
 7  ae1.bbr02.tl01.nyc01.networklayer.com (50.97.18.204)  74.316 ms  74.453 ms  74.050 ms
 8  ae7.bbr01.tl01.nyc01.networklayer.com (173.192.18.176)  88.848 ms  87.228 ms  87.767 ms
 9  ae1.bbr01.eq01.wdc02.networklayer.com (173.192.18.156)  87.456 ms  87.216 ms  87.371 ms
10  ae0.dar02.sr01.wdc01.networklayer.com (173.192.18.203)  87.001 ms ae0.dar01.sr01.wdc01.networklayer.com (173.192.18.197)  87.386 ms 
ae0.dar02.sr01.wdc01.networklayer.com (173.192.18.203)  87.690 ms
11  po2.fcr01.sr01.wdc01.networklayer.com (208.43.118.138)  87.608 ms  87.592 ms po1.fcr01.sr01.wdc01.networklayer.com (208.43.118.134)  87.693 ms
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

This is how my network is setup:

[02:39] root@Loki: /home/nomad # cat /etc/network/interfaces 

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

# Online.net Failover IP
auto eth0:0
iface eth0:0 inet static
address FAIL-OVER-IP-ADDR
netmask 255.255.255.255
gateway 195.154.63.1

My ifconfig

[02:00] root@Loki: /home/nomad # ifconfig 
eth0      Link encap:Ethernet  HWaddr 28:92:4a:36:aa:36  
          inet addr:SERVER-MAIN-IP-ADDR  Bcast:62.210.xyz.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:100116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:41815909 (39.8 MiB)  TX bytes:37674648 (35.9 MiB)
          Interrupt:16 Memory:fbbe0000-fbc00000 

eth0:0    Link encap:Ethernet  HWaddr 28:92:4a:36:aa:36  
          inet addr:FAIL-OVER-IP-ADDR  Bcast:FAIL-OVER-IP-ADDR  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:16 Memory:fbbe0000-fbc00000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14077 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2371301 (2.2 MiB)  TX bytes:2371301 (2.2 MiB)

tap_softether Link encap:Ethernet  HWaddr 00:ac:03:c5:72:b6  
          inet6 addr: fe80::2ac:3ff:fec5:72b6/64 Scope:Link
          inet6 addr: 2001:bc8:YYYY:XXX::/64 Scope:Global
          inet6 addr: 2001:bc8:YYYY:XXX::31/128 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16446 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26516 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:1862003 (1.7 MiB)  TX bytes:29331409 (27.9 MiB)

Here is an mtr

  mtr --report --report-cycles 10 --address SERVER-MAIN-IP-ADDR minhateca.com.br > mtr-eth00
cat mtr-eth00
HOST: Loki           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 62-210-XXX-1.rev.poneytel  0.0%    10    2.5   4.5   0.7  14.0   4.1
  2.|-- a9k2-45x-s43-1.dc3.poneyt  0.0%    10    0.8   1.1   0.8   2.9   0.6
  3.|-- pni-th2-a9k2.th2.poneytel  0.0%    10    1.2   3.8   1.0  25.8   7.8
  4.|-- softlayer.equinix-ix.fr    0.0%    10    1.2   1.3   1.1   2.1   0.3
  5.|-- ae1.bbr02.tg01.lon01.netw  0.0%    10    8.0   8.3   7.9   9.3   0.5
  6.|-- ae7.bbr01.tg01.lon01.netw  0.0%    10    8.6   8.5   8.4   8.7   0.1
  7.|-- ae1.bbr02.tl01.nyc01.netw  0.0%    10   75.6  74.5  74.2  75.6   0.5
  8.|-- ae7.bbr01.tl01.nyc01.netw  0.0%    10   87.5  88.3  87.4  89.4   0.7
  9.|-- ae1.bbr01.eq01.wdc02.netw  0.0%    10   87.1  87.3  87.1  87.9   0.3
 10.|-- ae0.dar02.sr01.wdc01.netw  0.0%    10   87.8  87.8  87.7  87.9   0.1
 11.|-- po2.fcr01.sr01.wdc01.netw  0.0%    10   88.0  89.8  87.8 107.5   6.2
 12.|-- 174.36.198.58-static.reve  0.0%    10   80.8  80.8  80.8  80.9   0.1




mtr --report --report-cycles 10 --address FAIL-OVER-IP-ADDR minhateca.com.br > mtr-eth01
cat mtr-eth01


HOST: Loki           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 62-210-XXX-1.rev.poneytel  0.0%    10    3.8   3.0   0.6   9.6   2.7
  2.|-- a9k1-45x-s43-1.dc3.poneyt  0.0%    10    1.0   1.0   0.7   2.1   0.4
  3.|-- pni-th2-a9k1.th2.poneytel  0.0%    10    1.2   2.1   1.1  10.4   2.9
  4.|-- softlayer.equinix-ix.fr    0.0%    10    1.0   1.2   1.0   1.4   0.1
  5.|-- ae1.bbr02.tg01.lon01.netw  0.0%    10   10.3   7.7   7.3  10.3   1.0
  6.|-- ae7.bbr01.tg01.lon01.netw  0.0%    10    8.0   8.2   7.9   9.8   0.6
  7.|-- ae1.bbr02.tl01.nyc01.netw  0.0%    10   86.9  87.1  86.9  87.9   0.3
  8.|-- ae7.bbr01.tl01.nyc01.netw  0.0%    10   86.9  86.9  86.8  87.5   0.2
  9.|-- ae1.bbr01.eq01.wdc02.netw  0.0%    10   86.6  87.5  86.3  97.2   3.4
 10.|-- ae0.dar01.sr01.wdc01.netw  0.0%    10   87.2  87.2  87.1  87.3   0.1
 11.|-- po1.fcr01.sr01.wdc01.netw  0.0%    10   80.0  80.1  79.9  80.2   0.1
 12.|-- 174.36.198.58-static.reve  0.0%    10   80.0  79.9  79.8  80.0   0.1

As you can see I am getting the error with IP SERVER-MAIN-IP-ADDR
Why can this be happening?

My IP is not in any blacklist. I have checked it with Online.net and they said they didn't find any problem on the switch or the internal network of the datacenter.

Now, this shouldn't be a configuration issue as I am getting my IP settings from the dhcp.
Also I can access that kind of sites using my failover IP OR my other server in Online.net

Even with a fresh install this is the same. And that site is just an example.
So...

Any ideas?

Comments

  • MikePTMikePT Moderator, Patron Provider, Veteran

    Hello,

    Have you reported this to online.net?

  • NomadNomad Member

    Yep, I did.

    Nomad said: My IP is not in any blacklist. I have checked it with Online.net and they said they didn't find any problem on the switch or the internal network of the datacenter.

  • MikePTMikePT Moderator, Patron Provider, Veteran

    I'm not sure any of us can get you a solution, something isn't working properly over there.

  • BochiBochi Member

    As you can reach the server with both IPs (ping/mtr) nut don't get an response with you main IP, it seems like an "issue" on their end...
    Maybe some kind of geo-lock and you failover IP reports another location?
    But that are just my humbly conjectures...

  • rm_rm_ IPv6 Advocate, Veteran
    edited April 2015

    @Nomad try ip route get 174.36.198.58 and see if this correctly shows you the main IP and the proper gateway.

    Also setting this up via aliases is a really ancient way, try simply using:

    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    # The primary network interface
    allow-hotplug eth0
    iface eth0 inet dhcp
    post-up ip addr add FAIL-OVER-IP-ADDR/24 dev eth0
  • NomadNomad Member

    @rm_, @bochi, Hmm, when I get the route, it seems they both use the main server ip's gateway to connect the outer world, no matter what. Which means it's not network or config related eh?

    Maybe my assigned IP was in a blacklist and some networks doesn't instantly update their rules. Who knows?

    As for alias, well this is my first time setting up a failover IP actually. And my limited knowledge only had aliases as well as all the tutorials I've seen.
    Moreover, when I post-up add ipv6 addresses they didn't come up all the time so I had to add them to rc.local file as well. I think I was a little bit trying the safe way.

    But I'll go ahead and use it :)

Sign In or Register to comment.