Stupid Stupid 11.00 "Feature".

For days, we've been having networking problems with a server just being put
into production.   It had been tested thoroughly, but it seems that as soon
as we shifted it to the prod subnet, it lost connectivity.  Everything at
the OS level appeared to be configured correctly.

Second day of this, I notice that after the server boots, I get ~minutes in
which the networking DOES work, after which point, my session is killed, and
I am unable to initiate more.

Third day, network guy who is scrutinizing firewall/router logs notices that 
our server is pinging its gateway every 3 minutes and 3 seconds.

After some research, we find the following:

11.00 pings it's gateway every 183 seconds, and it it doesn't get a
response, it drops the route.  Actually, it doesn't even drop it from the
routing table, it stops using it.  This is a "feature" to allow failing over
to a secondary gateway in case of the failure of the primary.  In our case,
our gateway is also a firewall that drops ICMP.  Once discovered, we were
able to turn off this "feature" using ndd.

1)  Cute feature, but why is it enabled by default?

2)  Many gateways have their own protocols to ensure failover.  Why does
this need to be done at the OS level?

3)  If it's going to drop the route, why doesn't it do so VISIBLY, and
remote it from the routing table?


AFAICT, someone needs their peepee slapped, and hard.



-- 
..............................................................................

"The human rights group [Amnesty International] said Israel has arrested
 more than 1,500 Palestinians in the past year, and that many of the
 detainees were tortured"

                              -Laurie Copans, Associated Press, (28/08/2001)

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
3r1c_3
7/10/2003 6:22:39 PM
comp.sys.hp.hpux 4398 articles. 6 followers. dewi.bening (7) is leader. Post Follow

4 Replies
228 Views

Similar Articles

[PageSpeed] 34
On Thu, 10 Jul 2003 18:22:39 GMT, 3r1c_3$7r4d4@salmahayeksknockers.edu wrote:

[snipped long explanation]

>  AFAICT, someone needs their peepee slapped, and hard.

This _is_ a weird feature, but as long as rfc1812 says:

   4.3.3.6 Echo Request/Reply

     A router MUST implement an ICMP Echo server function that receives
     Echo Requests sent to the router, and sends corresponding Echo
     Replies.

it seems the only thing to blame HP for is (possibly) lack of
documentation on this feature.

I'm not saying you should reconfigure your firewall to respond to icmp 
echo-reqs, but when it actually routes packets and otherwise acts like a 
router, chances are some systems will expect it to behave like a router.  

(And I must admit, I don't see the big risk by letting your own hosts, or
at least your own servers, ping your firewall.)


- Eirik
-- 
New and exciting signature!

0
Eirik
7/10/2003 8:12:34 PM
Eirik Seim <eirik@mi.uib.no> wrote:

> This _is_ a weird feature, but as long as rfc1812 says:

>   4.3.3.6 Echo Request/Reply

>     A router MUST implement an ICMP Echo server function that receives
>     Echo Requests sent to the router, and sends corresponding Echo
>     Replies.

I definitely agree our networking group shouldn't be doing this.  I suspect
this is the result of rote application of an internal standard.

> it seems the only thing to blame HP for is (possibly) lack of
> documentation on this feature.

Feature is cute, but shouldn't be enabled by default.    Same goes for all
special-purpose features that may impact other functionality.


> I'm not saying you should reconfigure your firewall to respond to icmp 
> echo-reqs, but when it actually routes packets and otherwise acts like a 
> router, chances are some systems will expect it to behave like a router.  

> (And I must admit, I don't see the big risk by letting your own hosts, or
> at least your own servers, ping your firewall.)

Niether do I, particularly when it's all internal.... but it ain't my call.


-- 
..............................................................................

"In June 1967, we again had a choice:  The Egyptian Army concentrations in
 the Sinai approaches do not prove that Nasser was really about to attack 
 us.  We must be honest with ourselves.  We decided to attack him"
 
                                                           -Menachem Begin

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
3r1c_3
7/11/2003 6:18:36 AM
Rick Jones <foo@bar.baz.invalid> wrote:

>> 1)  Cute feature, but why is it enabled by default?
> Because enough customers asked for dead gateway detection in the
> timeframe of HP-UX 10.20 that it was added and enabled for 11.0.

That explains why we have it, but not why it's enabled by default.  I've no
problem with it being available for those who may need it, but it's of
little use to those who don't even know about it, and havn't made the extra
configurations necessary.


>> 2) Many gateways have their own protocols to ensure failover.  Why
>> does this need to be done at the OS level?

> It is done in the host's networking stack because not all gateways
> had/have that failover functionality you describe.  The host needs to
> be liberal in what it accepts, and that means accepting gateways
> without their own failover mechanisms.

Fair enough.

>> 3) If it's going to drop the route, why doesn't it do so VISIBLY,
>> and remote it from the routing table?

> If the route were simply removed from the output of netstat -r that
> would probably just confuse people and make them think that something
> was deleting routes. 

At least that would be a far more tangible troubleshooing starting point
than routes that look like they should work, but don't.


>> AFAICT, someone needs their peepee slapped, and hard.

> You might include the firewall for not responding to ICMP echo
> requests from the "inside" side :)

I definitely agree.   I think denying ICMP internally is ridiculous.


-- 
..............................................................................

"In the name of "security" Israel has effectively legalized torture, held 
 people under administrative detention and allowed the security forces to
 carry out extra-judicial and other unlawful killings with impunity"
        
                           -Amnesty International Press Release, 23/12/98

..............................................................................
dswan@m3m3t1ccand1ru.com                        http://www.memeticcandiru.com
0
3r1c_3
7/11/2003 6:26:16 AM
3r1c_3$7r4d4@salmahayeksknockers.edu wrote:
> Rick Jones <foo@bar.baz.invalid> wrote:

>>> 1)  Cute feature, but why is it enabled by default?
>> Because enough customers asked for dead gateway detection in the
>> timeframe of HP-UX 10.20 that it was added and enabled for 11.0.
> That explains why we have it, but not why it's enabled by default.
> I've no problem with it being available for those who may need it,
> but it's of little use to those who don't even know about it, and
> havn't made the extra configurations necessary.

I can only presume that when the decision was made, no-one figured
there would be many devices out there acting as IP routers that did
not adhere to the protocol standards :)

>>> 3) If it's going to drop the route, why doesn't it do so VISIBLY,
>>> and remote it from the routing table?

>> If the route were simply removed from the output of netstat -r that
>> would probably just confuse people and make them think that something
>> was deleting routes. 

> At least that would be a far more tangible troubleshooing starting point
> than routes that look like they should work, but don't.

I suppose I could see both sides.  It would certainly be worth calling
the RC and having an enhancement request submitted so it can flow
though official channels.  

Not that it helps in your specific situation (since the hrose is
already gone as it were) in another forum, I saw mention that some of
the ndd output might show a flag for a dead gateway - probably one of
the things that can be retrieved via ndd /dev/ip - ndd /dev/ip ?
should give a complete list.
ftp://ftp.cup.hp.com/dist/networking/briefs/annotated_ndd.tx might
also help.  I must say that I've never used the ndd thing to see a
gateway marked dead myself.

rick jones
-- 
oxymoron n, commuter in a gas-guzzling luxury SUV with an American flag
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to raj in cup.hp.com  but NOT BOTH...
0
Rick
7/15/2003 11:04:31 PM
Reply:
Similar Artilces:

Videos/demos of the new geospatial features
FYI, for any who might be interested: http://www.fosslc.org/drupal/content/brief-introduction-ingres-geospatial-features Andrew ...

ATT not supporting new iPhone features
NO MMS support!! NO tethering!! http://macdailynews.com/index.php/weblog/comments/21443/ Cute toy, the iPhone. zara wrote: > NO MMS support!! > NO tethering!! > > http://macdailynews.com/index.php/weblog/comments/21443/ > > Cute toy, the iPhone. > > At the WWDC, they never mentioned who many apps Windoze Mobile has. Windoze Mobile is NOWERE! "jon.in.durham" <jon@no.email.co.uk> wrote in message news:h10iea$k18$2@news.eternal-september.org... > zara wrote: >> NO MMS support!! >> NO tethering!! >> >> http://macd...

Micromax Q1 Price and Features
The new Micromax Q1 is a dual Sim mobile phone comes with full QWERTY keypad and outstanding features. The multipedia phone comes with GPRS and WAP connectivity options. The Micromax Q1 ezpad has Stereo FM radio, multi-format music player with background music playback, games, STK and supports GPRS/WAP/MMS services. The handset has 4GB expandable memory card slot and powered by Li-ion 3.7V 1000mAh standard battery for talk time of up to 3 hours. To buy Micromax Q1 visit- http://www.naaptol.com/price/729969-Micromax-Q1.html Colors available with Micromax Q1 Mobile =96 Red Micromax ...

Leopard
Now that I have had the time to properly think about all of the features announced for Leopard, I have been pondering on the question. What feature is so good, it should have been kept a secret until the WWDC? Perhaps spaces might have had a more positive interest. Time Machine was very interesting the first time it was announced, but the second time through, the audience was silent. I just do not feel that the new desktop was such a big deal. Oh sure, the Mighty "M" could have implemented those simple "eye candy" ideas into Vista first - blah! Want to see somethi...

Feature Extraction #3 849339
Hello everybody, Can anyone help me to recognize an object using feature extraction in MATLAB? I also want to know about feature extraction. Thanks "Tamanna" <ovi_cse@yahoo.com> wrote in message news:ef316af.-1@webx.raydaftYaTP... > Hello everybody, > Can anyone help me to recognize an object using feature > extraction in MATLAB? I also want to know about feature extraction. > Thanks You might find some of the Image Processing Toolbox demos informative: http://www.mathworks.com/products/image/demos.html particularly those in the "Measuring Image Fe...

Anybody using new toolbox feature in 2007
Has anybody tried out the new Toolbox feature that will create missing configs on a user's local database? I've used this several times playing around, but would like to know if anyone has seen it working in a production environment? >From the What's New PDF: Page 152 Recreate Fasteners Assembly files now contain data necessary to recreate SolidWorks Toolbox fasteners if another user opens the assembly file and the appropriate part or configuration is not found in that user's toolbox. Thanks, Steve O ...

How can I disable SSS feature?
I have developed LAC and PPP client and, I tried to interoperate my lac with cisco 7500 LNS.(IOS 12.3(4)T) L2TP Tunnel establishment waw successed. but, on PPP authentication state, Cisco 7500 doesn't send CHAP Challange packet to my ppp client. at this time, CISCO LNS's Session state is wt-sss ... I think that CISCO's Subscriber service switch (sss) feature makes a this problem. How can I disable SSS feature. and, How can I make Cisco LNS send CHAP Challenge to my ppp client. on the IOS ver 12.0, there is no problem like this. I want for cisco to authenticate my ppp client ...

K12> [WWWEDU] Forum to feature "Beyond the Fire"
From: NetHappenings Moderator Date: Tuesday, April 13, 2004 From: Gleason Sackmann <gleason@edu-cyberpg.com> Subject: K12> [WWWEDU] Forum to feature "Beyond the Fire" ************************************************************** Net Happenings - From Educational CyberPlayGround ************************************************************** To: <wwwedu@yahoogroups.com> From: "Michael Hutchison" <mhutch@CHARTER.NET> Date: Sun, 11 Apr 2004 14:21:44 -0500 Subject: [WWWEDU] Forum to feature "Beyond the Fire" Imagine.You have j...

Major problem with Norton Antivirus auto-update feature
I discovered this problem in Norton Antivirus 2003 (version 9.05.15). I dont know if the problem exists in other versions of the product. I also contacted Symantec's tech support but they never gave me an answer of when would it be fixed. This is a major bug in the software, which can leave the computer vulnerable to new viruses unless the user manually updates the virus definition files. PROBLEM: the software has a feature called "LiveUpdate". In theory, this feature runs all the time in the background, and constantly checks if it needs a newer virus definition file...

[News] Review of Hymera GNU/Linux, Mandriva's Great Feature Revealed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Feature: Hymera and commercial Linux ,----[ Quote ] | Going into this review I was curious to see if | Hymera would bring anything new to the | community. More specifically, does this | distribution provide anything special which | would make it worth purchasing? One thing I | will say for Hymera is that it doesn't fall | into the trap some commercial distributions | before it have: it doesn't try to be Windows. `---- http://distrowatch.com/weekly.php?issue=20100125#feature auto_inst: the best kept Mandriva’s secret ? http://bru...

REQ: Slideshow for X (under Linux) with certain features?
Folks, is there any slideshow program out there under X (or KDE) that allows to quickly select thumbnails from a folder (e.g. by drag and drop) AND allows to change the order of display of these pictures (also by drag and drop)? I can imagine a small tool that just generates symbolic links upon mouse actions, with an order number prepended to the link name. But I could not find any such app on the web... Best regards and thanks in advance - Dudelman. On 6 Apr 2005 03:32:24 -0700, Dudelman <dudelman@yahoo.com> wrote: > Folks, > > is there any slideshow prog...

Need Fingerprint Minutiae feature extraction code
hi folks, am doin a project in extraction of fingerprint minutiae ... am not able get the correct thinned image.. so i would be happy if any one of you mail me the matlab code to my account(vinuprakashv@gmail.com). advance thanks for givin me... ...

T7 features
Take a look at this features. It`s a new concept on automation. The limit is the imagination. TerminalSeven T7 EV3. Carlos Cabrita upchucked the following: > Take a look at this features. It`s a new concept on automation. > The limit is the imagination. TerminalSeven T7 EV3. Please stop posting this useless marketing drivel. Thank you. ...

feature extraction #4
hi, i am working on image processing...recognition of handwritten symbols..so i need to extract features.plz help in extracting loops and arcs in symbols and also i need code for the above if available i need code for size normalization where i hav collected handwritten symbols(database) plzzzzz do help me.. i need it v v v soon.. thnk u ...

medicine socially features Jimmy's powder
implying that Cummings would somehow be a threat to the > president but the judge and the police listened intently. > > This was the first time a Secret Service agent had come to their town. > Varney continued to describe the threatening items that had been found > in Cummings' residence: a copy of The Anarchist's Cookbook, publications > from Loompanix, a mag stripe read head (no electronics) which "could have > been used" to commit fraud, and material thought to be C4 but later > proven not to be. However, Varney said, the fact that ...

PCA- feature selection
Hi All, I'm using PCA in microarray data. According to the plot i saw that the genes that are coorelated have the shape of cloud and those that variance from the others seem to be far away. How could one pick up the corsponding genes that more variance from the others genes. I need the orginal names of those genes to be selected. Please also reply to yousef@wistar.upenn.edu Malik Please post picture somewhere so we can see. Selecting data from region i scoreplot should be fairly easy. /Anders "Malik Yousef" <yousef@mail.wistar.upenn.edu> skrev i meddelandet news:a0cdbc...

JDK 1.7 new features
I was pleased to see some features is JDK 1.7 that I had been asking for since JDK 1.1. I'm surprised at how little there is new in 1.7. I guess the recession made Oracle really pull in their horns. It is mostly just a little syntatic sugar in the compiler. binary literals. underscores in literals to make them easier to proofread string case labels catch can handle multiple Exceptions. I would think the biggest priority for 1.8 would be unifying arrays and generics. They should be compatible, even if it means giving up type erasure. -- Roedy Green Canadian Mind Products http://mindprod...

Anything faster than Saxon with similiar features?
Hi, Is there a XSL transformer that is faster than Saxon but with similiar features? I've come to rely on the saxon:assignable attribute for xsl variables. I also need the <xsl:result-document> element. TIA, Ted "ted" <ted94107@yahoo.com> wrote in message news:beb256dd.0402151206.5b0bc354@posting.google.com... > Hi, > > Is there a XSL transformer that is faster than Saxon but with similiar > features? I've come to rely on the saxon:assignable attribute for xsl > variables. I also need the <xsl:result-document> element. AFAIK no other XSLT...

Gnuplot Bug and Feature
First, I would like to address what I consider to be a bug in gnuplot's curve fitting function. Simply, the interval over which the curve was fitted should be included in the fit.log. Second, it would also be nice if gnuplot included the definition of the function(s) being fit, all the way down to functions defined by gnuplot. The first is a bad flaw with a tedious workaround. The second is not quite as critical, and more along the lines of "wouldn't it be nice if." Next, I would like to request that a new feature be added to gnuplot - histogram plotting. I know, th...

SN#10501 Key Features of Sun Blade[TM] 2000 900 MHz Systems with Sun[TM] XVR-100 Graphics Accelerator
SYSTEM NEWS FOR SUN USERS Vol 65 Issue 4 2003-07-21 Article 10501 from section "Workstations" The Sun[TM] XVR-100 graphics accelerator provides a low-cost, 2-D display solution for workstations and servers. Users can drive two displays at full 24-bit 2-D resolutions. Increased resolution improves desktop real estate and image quality. The Sun XVR-100 graphics accelerator also provides multiple platform support and supports the latest Sun workstations and servers that are PCI based. It also supports all Sun displays an...

SN#18004 Excellent LOM Features: Sun Fire[TM] X2200 M2 Server Review
SYSTEM NEWS FOR SUN USERS Vol 110 Issue 4 2007-04-23 Article 18004 from section "Servers" Server Helps Photo Sharing Website Keep Customers Happy A recent review of the Sun Fire[TM] X2200 M2 server by Don MacAskill, CEO of an online photo sharing site called SmugMug.com applauds the server's lights-out management (LOM) capabilities and the design of the server. Details at http://sun.systemnews.com/g?A=18004 Have a custom version of 'System News for Sun Users' delivered to you via email each week in PDF, text or HTML. Only th...

Feature Extraction #12
Hi. I'm using GLCM to extract features of an image. I want to use features other than those that GLCM already has (energy, homogeneity, contrast, correlation). For that i have used commands that are built-in inside Matlab. I'm wondering if i should instead make algorithms for those features? Would the results be more accurate if i use algorithms or built-in Matlab commands? This is my current coding. clc; clear all; close all; a=imread('C:\Users\user\Desktop\project\10763.jpg'); a=rgb2gray(a); glcm=graycomatrix(a); ene=graycoprops(glcm,'energy') homo=graycopr...

How another iOS feature came to beq
http://www.theregister.co.uk/2011/06/08/apple_copies_rejected_app/ Simply Apple at its best! On Jun 10, 11:07=A0pm, Tommy Troll <tom_e...@earthlink.net> wrote: > http://www.theregister.co.uk/2011/06/08/apple_copies_rejected_app/ > > Simply Apple at its best! Omit the q in the subject line. Damn, Windows is quick when you press Send! Steve Jobs is EVIL! I hope this guy takes him to the cleaners. On 6/11/11 12:07 AM, Tommy Troll wrote: > http://www.theregister.co.uk/2011/06/08/apple_copies_rejected_app/ > > Simply Apple at its best! This story i...

GIMP feature research
I am currently doing research into the GIMP and other popular image editing package. The current section of my research mainly concerns: - What would you say is good about the package? - What would you say is bad about the package? - What are your favourite features? - What other image editors do you use? - What features would you like included within mainstream image editor applications? Any help would me much appreciated. Yours sincerely, Chris. Chris Peerman wrote: > I am currently doing research into the GIMP and other popular image > editing package. The current section of my re...

Should I study new features for the release 2 also for 1Z0-030 .
Hi! I would like to know if any of the question is comming from 9iR2 on the test. thanks Young Hwang. There probably are, but you should study them anyway if you are serious on working with Oracle. You`re not only looking for a paper to hang on your wall, are you? -- Syltrem OpenVMS 7.3-1 + Oracle 8.1.7.4 http://pages.infinit.net/syltrem (OpenVMS related web site, en fran�ais) ---zulu is not in my email address--- "young" <rootyh@yahoo.com> a �crit dans le message de news:4fac60c4.0404160508.345edd79@posting.google.com... > Hi! > > I would like to know if any of ...