Stupid Stupid 11.00 "Feature".

  • Permalink
  • submit to reddit
  • Email
  • Follow


For days, we've been having networking problems with a server just being put
into production.   It had been tested thoroughly, but it seems that as soon
as we shifted it to the prod subnet, it lost connectivity.  Everything at
the OS level appeared to be configured correctly.

Second day of this, I notice that after the server boots, I get ~minutes in
which the networking DOES work, after which point, my session is killed, and
I am unable to initiate more.

Third day, network guy who is scrutinizing firewall/router logs notices that 
our server is pinging its gateway every 3 minutes and 3 seconds.

After some research, we find the following:

11.00 pings it's gateway every 183 seconds, and it it doesn't get a
response, it drops the route.  Actually, it doesn't even drop it from the
routing table, it stops using it.  This is a "feature" to allow failing over
to a secondary gateway in case of the failure of the primary.  In our case,
our gateway is also a firewall that drops ICMP.  Once discovered, we were
able to turn off this "feature" using ndd.

1)  Cute feature, but why is it enabled by default?

2)  Many gateways have their own protocols to ensure failover.  Why does
this need to be done at the OS level?

3)  If it's going to drop the route, why doesn't it do so VISIBLY, and
remote it from the routing table?


AFAICT, someone needs their peepee slapped, and hard.



-- 
..............................................................................

"The human rights group [Amnesty International] said Israel has arrested
 more than 1,500 Palestinians in the past year, and that many of the
 detainees were tortured"

                              -Laurie Copans, Associated Press, (28/08/2001)

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
Reply 3r1c_3 7/10/2003 6:22:39 PM

See related articles to this posting


On Thu, 10 Jul 2003 18:22:39 GMT, 3r1c_3$7r4d4@salmahayeksknockers.edu wrote:

[snipped long explanation]

>  AFAICT, someone needs their peepee slapped, and hard.

This _is_ a weird feature, but as long as rfc1812 says:

   4.3.3.6 Echo Request/Reply

     A router MUST implement an ICMP Echo server function that receives
     Echo Requests sent to the router, and sends corresponding Echo
     Replies.

it seems the only thing to blame HP for is (possibly) lack of
documentation on this feature.

I'm not saying you should reconfigure your firewall to respond to icmp 
echo-reqs, but when it actually routes packets and otherwise acts like a 
router, chances are some systems will expect it to behave like a router.  

(And I must admit, I don't see the big risk by letting your own hosts, or
at least your own servers, ping your firewall.)


- Eirik
-- 
New and exciting signature!

0
Reply Eirik 7/10/2003 8:12:34 PM

Eirik Seim <eirik@mi.uib.no> wrote:

> This _is_ a weird feature, but as long as rfc1812 says:

>   4.3.3.6 Echo Request/Reply

>     A router MUST implement an ICMP Echo server function that receives
>     Echo Requests sent to the router, and sends corresponding Echo
>     Replies.

I definitely agree our networking group shouldn't be doing this.  I suspect
this is the result of rote application of an internal standard.

> it seems the only thing to blame HP for is (possibly) lack of
> documentation on this feature.

Feature is cute, but shouldn't be enabled by default.    Same goes for all
special-purpose features that may impact other functionality.


> I'm not saying you should reconfigure your firewall to respond to icmp 
> echo-reqs, but when it actually routes packets and otherwise acts like a 
> router, chances are some systems will expect it to behave like a router.  

> (And I must admit, I don't see the big risk by letting your own hosts, or
> at least your own servers, ping your firewall.)

Niether do I, particularly when it's all internal.... but it ain't my call.


-- 
..............................................................................

"In June 1967, we again had a choice:  The Egyptian Army concentrations in
 the Sinai approaches do not prove that Nasser was really about to attack 
 us.  We must be honest with ourselves.  We decided to attack him"
 
                                                           -Menachem Begin

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
Reply 3r1c_3 7/11/2003 6:18:36 AM

Rick Jones <foo@bar.baz.invalid> wrote:

>> 1)  Cute feature, but why is it enabled by default?
> Because enough customers asked for dead gateway detection in the
> timeframe of HP-UX 10.20 that it was added and enabled for 11.0.

That explains why we have it, but not why it's enabled by default.  I've no
problem with it being available for those who may need it, but it's of
little use to those who don't even know about it, and havn't made the extra
configurations necessary.


>> 2) Many gateways have their own protocols to ensure failover.  Why
>> does this need to be done at the OS level?

> It is done in the host's networking stack because not all gateways
> had/have that failover functionality you describe.  The host needs to
> be liberal in what it accepts, and that means accepting gateways
> without their own failover mechanisms.

Fair enough.

>> 3) If it's going to drop the route, why doesn't it do so VISIBLY,
>> and remote it from the routing table?

> If the route were simply removed from the output of netstat -r that
> would probably just confuse people and make them think that something
> was deleting routes. 

At least that would be a far more tangible troubleshooing starting point
than routes that look like they should work, but don't.


>> AFAICT, someone needs their peepee slapped, and hard.

> You might include the firewall for not responding to ICMP echo
> requests from the "inside" side :)

I definitely agree.   I think denying ICMP internally is ridiculous.


-- 
..............................................................................

"In the name of "security" Israel has effectively legalized torture, held 
 people under administrative detention and allowed the security forces to
 carry out extra-judicial and other unlawful killings with impunity"
        
                           -Amnesty International Press Release, 23/12/98

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
Reply 3r1c_3 7/11/2003 6:26:16 AM

3r1c_3$7r4d4@salmahayeksknockers.edu wrote:
> Rick Jones <foo@bar.baz.invalid> wrote:

>>> 1)  Cute feature, but why is it enabled by default?
>> Because enough customers asked for dead gateway detection in the
>> timeframe of HP-UX 10.20 that it was added and enabled for 11.0.
> That explains why we have it, but not why it's enabled by default.
> I've no problem with it being available for those who may need it,
> but it's of little use to those who don't even know about it, and
> havn't made the extra configurations necessary.

I can only presume that when the decision was made, no-one figured
there would be many devices out there acting as IP routers that did
not adhere to the protocol standards :)

>>> 3) If it's going to drop the route, why doesn't it do so VISIBLY,
>>> and remote it from the routing table?

>> If the route were simply removed from the output of netstat -r that
>> would probably just confuse people and make them think that something
>> was deleting routes. 

> At least that would be a far more tangible troubleshooing starting point
> than routes that look like they should work, but don't.

I suppose I could see both sides.  It would certainly be worth calling
the RC and having an enhancement request submitted so it can flow
though official channels.  

Not that it helps in your specific situation (since the hrose is
already gone as it were) in another forum, I saw mention that some of
the ndd output might show a flag for a dead gateway - probably one of
the things that can be retrieved via ndd /dev/ip - ndd /dev/ip ?
should give a complete list.
ftp://ftp.cup.hp.com/dist/networking/briefs/annotated_ndd.tx might
also help.  I must say that I've never used the ndd thing to see a
gateway marked dead myself.

rick jones
-- 
oxymoron n, commuter in a gas-guzzling luxury SUV with an American flag
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to raj in cup.hp.com  but NOT BOTH...
0
Reply Rick 7/15/2003 11:04:31 PM
comp.sys.hp.hpux 4390 articles. 6 followers. Post

4 Replies
201 Views

Similar Articles

[PageSpeed] 11


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

Stupid Stupid 11.00 "Feature".
For days, we've been having networking problems with a server just being put into production. It had been tested thoroughly, but it seems that as soon as we shifted it to the prod subnet, it lost connectivity. Everything at the OS level appeared to be configured correctly. Second day of this, I notice that after the server boots, I get ~minutes in which the networking DOES work, after which point, my session is killed, and I am unable to initiate more. Third day, network guy who is scrutinizing firewall/router logs notices that our server is pinging its gateway every 3 minutes and 3 ...

C++11 Features in Visual C++ 11
(Apologies if this has already been posted here.) C++11 Features in Visual C++ 11: http://blogs.msdn.com/b/vcblog/archive/2011/09/12/10209291.aspx I think a great big *sigh* is in order. Not much new for V11. cheers, Martin -- Stop Software Patents http://petition.stopsoftwarepatents.eu/841006602158/ http://www.ffii.org/ [ See http://www.gotw.ca/resources/clcm.htm for info about ] [ comp.lang.c++.moderated. First time posters: Do this! ] On 27/09/2011 18:29, Martin B. wrote: > (Apologies if this has already been posted here.) > > C++11 F...

POP 11 Time Feature??????????
I'm making a program which involves the use of time. is there a function in pop11 that knows that there are 60 minutes in an hour. For example, when adding 55 minutes to 1230, it should be 1325, not 1285 !?? "sae2003us" <sae2003us@yahoo.com> writes: > I'm making a program which involves the use of time. > is there a function in pop11 that knows that there are > 60 minutes in an hour. For example, when adding > 55 minutes to 1230, it should be 1325, not 1285 !?? You may find something in REF times. I suspect the closest thing is sys_con...

Features removed in iTunes 11
http://news.cnet.com/8301-13579_3-57556548-37/7-features-apple-killed-off-in-itunes-11/ In article <zFeus.19599$eZ7.19565@newsfe14.iad>, sean_q <no.spam@no.spam> wrote: > http://news.cnet.com/8301-13579_3-57556548-37/7-features-apple-killed-off-in-i > tunes-11/ Wow, they killed off features that I never used, most of which I never even knew existed. -- The 2012 elections are over; let the 2016 campaigning begin! On Fri, 30 Nov 2012 21:29:30 -0700, Michelle Steiner wrote: >In article <zFeus.19599$eZ7.19565@newsfe14.iad>, sean_q <no.spam@n...

Q: IDS 11.5x
--_2e96bc39-cf54-44e1-be60-795c8cd9e643_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ok here's the question... I'm assuming that the Time Series Datablade still works and that the realti= me loader also still works. However neither works with solidDB and solidDB doesn't natively support TS. So if one wanted to do TS in Memory and synch with IDS=2C You'd have to do = a bit of work. So do you do a shared memory segment with persistent objects=2C then have a= thread that would run queries and synch w...

What to C++ 11 features to cover in my C++ courses?
Hi folks, I am finally covering some of the new C++ features in my C++ course. I am interested in getting input from the C++ community as to the priority of new features to cover. To give you some idea of the features I am planning to cover, these are some of the new features I plan to cover: array container auto for type inference delegating ctors explicit conversion operators final classes final member functions inheriting base class ctors list initialization changes move assignment operator move ctor non-deterministic random number generation nullptr override keyword ...

C++ 11 Feature Support in VC++ 2012
Does anyone have a link showing C++ 11 feature support in VC+++ 2012? The following link shows C++ 11 feature support in VC++ 10 and 11: http://blogs.msdn.com/b/vcblog/archive/2011/09/12/10209291.aspx On 26.08.2012 08:51, Ansel wrote: > Does anyone have a link showing C++ 11 feature support in VC+++ 2012? The > following link shows C++ 11 feature support in VC++ 10 and 11: > > http://blogs.msdn.com/b/vcblog/archive/2011/09/12/10209291.aspx Well, you know, Visual C++ version 11.0 = Visual C++ 2012. Cheers & hth., - Alf Alf P. Steinbach wrote: > ...

ClS feature on multiple sets Option 11
What i want to know is what load do I go to if I want to place a specific feature on several different extensions without having to do them one by one. For example, i want to put the class of service feature 'HFA'on 30+ extensions... a little help would be nice There is no load to change features on a group of phones at one time. You must do them one at a time. There are tools such as ProComm scripts and otm to do it for you, but if you only have to do 30+ phones it's quicker to do them the old fashioned way, one at a time. ...

Re: Numerical accuracy/precision
On 7/15/2011 11:54 AM, Andrzej Kozlowski wrote: > > On 15 Jul 2011, at 16:49, Richard Fateman wrote: > >> On 7/14/2011 11:55 PM, Andrzej Kozlowski wrote: >> >> Gee, Andrzej, all I can think of is the childhood playground chant (I don't know where you might have been a child, so this may not >> bring back memories...) >> >> "I'm rubber, you're glue; everything You say sticks to YOU!" > > Yes, I can also think of a few playground chants that would apply nicely, but unfortunately you would not understand them....

DVD/CD Toys 0.06.00
DVD/CD Toys is a popular burning software for eComStation and OS/2 Warp (it supports all kinds of CD and DVD recorders: PATA, SATA, SCSI, USB) We have published the manual in the Internet so you can read it using web-broswer http://ecomstation.ru/projects/dvdtoys/?action=faq DVD/CD Toys 0.06.00 whatsnew: * Calculation of the size of new session for multisession disks is fixed. * Allow Joliet filenames to be up to 103 Unicode characters. * Blanking operation now have progress bar (CD-RW and DWD+RW only) if CDRTools version 2.01.01a37 or above is installed. * Now it is possible to specify all...

RE: IDS Next Version
> -----Original Message----- > From: owner-informix-list@iiug.org > [mailto:owner-informix-list@iiug.org] On Behalf Of Data Goob > Sent: Tuesday, May 31, 2005 4:40 AM > To: informix-list@iiug.org > Subject: Re: IDS Next Version - features wanted. > > david@smooth1.co.uk wrote: > > What features do you want for the next version of IDS? > > > > The Key Features in IDS Version 10.00 by Jerry Keesee > > > > mentions... > > > > - Smooth Upgrade of HDR > > - Online table re-org > > - Dynamic Reconfig...

[News] Video Demo of Fedora 11, Features Roundup
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Screencast: Virtual Machine Manager, Fedora 11 Preview ,----[ Quote ] | I've been doing quite a few Fedora 11 installs on various hardware in | preparation for the review of I'm working on but I wanted to give a short | glimpse of KVM in Fedora 11 with the Virtual Machine Manager (virt-manager). | I also show MontanaLinux (a Fedora 11 remix), some of the new features in | Fedora 11 and some additional software. `---- http://www.montanalinux.org/kvm-virt-manager-fedora11-preview.html What's new in Fedora 11 ,----[ Quote ] | ...

Re: Call for 7.5 feature completion #11
> What might be handy is an alpha build of the win32 version=20 > once the folks developing it feel it's stable enough to merit=20 > such a thing... http://www.hagander.net/pgsql/win32snap/ Merlin has set a job up that compiles it daily. It may be broken right this minute because of the exec stuff, but it updates there normally. The link is also on the win32 status page. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html ...

New Gen feature from RG 11
Hiya, If you have read that article, you should have seen about the charity auction myself and my dad, Malcolm Evans, are organising for Cancer Research. However we are having issues locating three games, and desperate times have meant I am contacting everyone possible who may be able to help out. The three games for spectrum/zx81, all by New Generation Software, that I need are: Breakout Escape Knot in 3D If you know anyway I can locate these games, it would be grately appreciated. Thanks, Rachel Evans www.ngsworld.net ...

[News] Breakdown of Fedora 11's Great Features
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fedora 11's best five features ,----[ Quote ] | Personally, I like having absolute control of my audio system, but then | before I ever touched a computer I was working with stereo equipment. For | most users, the multiple slider approach is over-kill. Jonathan Corbet, the | well-known Linux developer, has the best answer: "the volume control should | have an 'expert mode.'" Hopefully this common-sense suggestion will be | implemented as the default in forthcoming versions of GNOME. `---- http://blogs.computerwor...

internal compiler error with c++11 features on 4.6.2
there is a 4.6.3 out, don't know if this fixes the problem or not, there have been other people reporting internal compiler errors. I am using <vector> <iterator> <map> and <initializer_list>. does the new 4.6.2 still use @responsefiles on the commandline? Sat 11/26/2011 18:54:00.78|C:\prj\phone\phone-1.12\dos|>c:\djc462~1\bin \gcc -x c++ -Wall -W -Wextra -v -save-temps -s -std=gnu++0x -oa.exe @_TMPSRCQ.LST 2> errgp Using built-in specs. COLLECT_GCC=c:/djc462~1/bin/gcc.exe COLLECT_LTO_WRAPPER=c:/djc462~1/bin/../libexec/gcc/djgpp/4.62/lto- wrapper.exe T...

[News] Thunderbird 3 Among the Great Features Promised for Fedora 11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thunderbird 3 Coming To Fedora 11 ,----[ Quote ] | Fedora 11 is reaching an impressive number of accepted features. Beyond | introducing Intel and NVIDIA kernel mode-setting, Nouveau becoming the | default NVIDIA driver, and a new volume control interface, there will be a | plethora of package updates. Fedora 11 will have available Xfce 4.6, GNOME | 2.26, and KDE 4.2 for the desktops. `---- http://www.phoronix.com/scan.php?page=news_item&px=NzEwNQ Recent: Thunderbird 3 Beta 2 is Now Available ,----[ Quote ] | We're happy to ...

SN#23686 New Features in Oracle Solaris 11 Express for Sys Admins
SYSTEM NEWS FOR SUN USERS Vol 154 Issue 2 2010-12-11 Article 23686 from section "SysAdmin's Section" 32-minute OTN Video Pulls Back the Curtain Have questions about the capabilities of Oracle Solaris 11 Express? Answers to many of them are available on the OTN video hosted by Rick Ramsey with guests Markus Flierl, Dan Price and Liane Praza of Core Solaris engineering, who share their expertise on the new features in the release. Sys admins will benefit from the numerous use cases cited in the 32:57 video, where only a few of m...

[News] Fedora 11 Includes Major New Features, New Community Liaison
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fedora 11 Alpha now ships with Windows cross compiler ,----[ Quote ] | Today, Red Hat's Fedora Project division announces that it has released its | new Fedora 11 Alpha version, and has provided OS Today with some of its main | features. | | Fedora's newest release includes a number of new features including the new | Windows Cross Compiler and a development release of Gnome 2.26 as the default | desktop. | | “The new Fedora ver. 11 Alpha should boot on the majority of systems, and | provides a look at what new features are to ...

SW: DFSee version 11.7 released today; fixes and some new features
++ From the VOICE OS/2-eCS News Service http://www.os2voice.org ++ From: jvwDESPAM@DESPAMdfsee.com DFSee version 11.7 has been released It is a minor release, with several fixes and few nice new features, mostly based on user feedback. Free evaluation expiration now set near the end of 2014. (Only the CDROM-ISO's will expire 99 days after release, end of june 2014) DFSee is a very powerful disk-utility with disk partitioning, filesystem and disk analysis, some file recovery and UNDELETE and smart imaging or cloning of partitions or complete disks. More details...

SN#17519 Solaris[TM] 10 11/06 OS Features Security Enhancements and More
SYSTEM NEWS FOR SUN USERS Vol 107 Issue 3 2007-01-15 Article 17519 from section "News" Logical Domains Fault Management The latest version of the Solaris[TM] 10 Operating System (Solaris OS) is Solaris 10 11/06. It includes new security features such as Solaris Trusted Extensions and Secure By Default Networking. Virtualization improvements include Logical Domains and enhanced Solaris Containers. Details at http://sun.systemnews.com/g?A=17519 Have a custom version of 'System News for Sun Users' delivered to you via email e...

Washington Area Informix User Group Meeting - New Features in Informix IDS 11 - Cheetah by Carlton Doe, IBM
Washington Area Informix User Group meeting - Friday, June 29, 2007 ---------------------------------------------------------------------- Folks, Mark the date! This should be an exciting meeting with a deep dive on the next version of Informix IDS - Cheetah by Carlton Doe, IBM, Informix Dynamic Server Specialist. Date: Friday, June 29, 2007, Time: 9:00-2:00pm Location: IBM Technical Exploration Center - McLean 8401 Greensboro Drive - Suite 120 McLean, VA 22102 Directions are on our web site. The meeting is open to all. Please register so we can provide IBM building security with a...

How to add a feature to *features* ?
I looked into the CLtL and the CLHS, but I did not find anything about this. What I would like to do is some conditional compilation to include (declaim (optimize (safety 0))) when a feature is present or not. Can this be done like this, or are there other possibilities to reach this goal ? Currently, I do this via a makefile, and I build targets with separate names, like components.fasl and components_o.fasl. Regards, Jurgen jurgen_defurne wrote: > I looked into the CLtL and the CLHS, but I did not find anything about > this. > > What I would like to do is some conditional ...

SW2008
Extrude a thin flat part, i.e., something sheet metal thin. Sketch on one of the thin edges. Make the sketch cross both of the sketch surface edges. Use select contour to pick the sections to extrude. See if the contour tool doesn't use the underlying face edges as well as the sketched edges. Is this a Feature or not a Feature? TOP TOP wrote: > Extrude a thin flat part, i.e., something sheet metal thin. > Sketch on one of the thin edges. > Make the sketch cross both of the sketch surface edges. > Use select contour to pick the sections to extrude. > See if the contour to...

test for a feature and modify *features*
Hi, I want to check whether the given MOP implementation supports DEFSTRUCT. Specifically, (require "clocc:src;port;mop") ; pull MOP symbols into PORT package (defstruct s a) (unless (port:slot-definition-initargs (car (port:class-direct-slots (find-class 's)))) (pushnew :no-defstruct-mop *features*)) E.g., clisp should _not_ have :no-defstruct-mop in *features*, and sbcl should. Now, the question: what eval-when magic do I put into the file mop-defstruct.lisp so that - after (compile-file "mop-defstruct"), *features* is modified as necessary (this is _...