how-to block ads
|
micoteck
@telus.net
| Interesting problem with Shaw internet - anyone
I have a interesting problem and much appreciate anyone reading this please assist... Shaw cannot figure it out.
I have a windows 2000 (SP4 with all updates applied) server.
Server is very lightly used and it is not hacked or infected.
Server has two network cards. One of them is directly connected to a Shaw Motorola5210 modem which is provisioned for four Static IPs. Windoew2000 box has all four IPs
Configured staticly on same network card (same MAC address).
DHCP client service is disabled as we don't want server to respond or sent any DHCP requests. all 4 IPs are listed statically in the TCp/IP properties of Nic. no drama there.
All IPs are in same Shaw network segment C-class with same Netmask and Default gateway.
For past 3-4 years it has worked flawlessly. No issues, everyone is happy. Now, all of a sudden, every few days, one, or two or three of the IPs disappear (it is random).
they lose their bindings to NIC subsequently inbound connections from internet are dropped. and connection from windows to internet drop. When this occurs, at least one or two of the IPs remain functional, so i know that system, or modem or default gateway has not crashed. It is very puzzling. traffic or services specified bound to disappeared IPs stop, while other traffic bound to IP that is active on modem continue to work.
During one of these epesodes, When speaking to level-1 support, they can see the modem, confirm that missing IPs have dropped and inacessible, but cannot offer any explanation.
Modem signals are in green and no issues there. Can anyone here help? Please. Rebooting the windows or modem doesn’t fix problem. Sometimes after a reboot, a different permutation of
IPs remain active and others disappear. It is very strange.
I have replaced Shaw modem with a new modem. And Shaw has re provisioned it again with same IPs. Replaced network cable also, replaced 3com NIC also and performed windows update as well, but problem continues. Please help and give me some suggestions as what could be wrong. Problem started about a month ago... | |
somenewguy
@telus.com | This is NOT a Shaw issue it is defiantly the OS, if you are hard coding the IP's and the system is losing the binding it is Windows that is hosed.
Have you tried reinstalling your nic drivers? | |
Randsl Dude
join:2000-08-13
Canada
| reply to micoteck
I don't know if this helps but, with Telus and static ip's, they are not really static, but that the server gives out the exact same ip every time your registered mac address asks for it...
It seems to me, that your requests from your registered mac's are not being bound to your your static ip's from the Shaw server...
...or conversely your mac address's are changing, which doesn't seem likely. | |
microteck
@telus.net
| reply to micoteck
Thanks for your thoughts – Sorry I may have confused you earlier. So to clarify again….When I mentioned “bindings” disappear, I meant IP assignment from Shaw modem side disappears.
My server’s IP bindings to its network card remain functional all the time. NIC passes all diagnostics as well. IP is hard coded in TCP/IP properties. There is no DHCP.
And I’ve tested this many times by temporarily connecting a hub to server NIC and confirmed I can reach all IPs bound to Server’s network card from a test laptop. All services bound to each IP can be reached and server functions correctly.
In a support call, Shaw tech can reach modem and he confirms it is provisioned correctly, but Shaw tech himself cannot see the IPs when they disappear from modem.
I don’t know what they are doing. Rebooting the modem does not fix problem. All signals levels are fine and modem logs say modem remains online all the time. When one IP disappears, normally other IPs remain functional.
This windows server has all UDP packets filtered, so DHCP packets sent from Shaw from UDP port 67 are dropped. Windows DHCP client service is also disabled. Server has functioned flawlessly in this fashion for past 4 - 5 years and IP assignments have never faulted.
We have also replaced Shaw modem with new Motorola 5102. (I mentioned Motorola5210 earlier which was a typo).
My understanding is that… unlike Telus, Shaw does not use DHCP to assign IPs when customer has static IP. I have checked... IP assigned by Shaw to me are all static. My understanding is Shaw assigns IP permission to modem… and …modem and network card of customer device exchange ARP packets. Shaw router asks network segment broadcast address: who has this IP=xyx? Device says IP=xyz is at aa:bb:cc:dd:ee:ff Mac address… and this interaction is repeated and cached by Shaw router many times. Very much appreciate if someone can help.
IP assignment Problem still persists. | |
Randsl Dude
join:2000-08-13
Canada
| Here's what you can do, PM me and I will set you up on a Telus business server ADSL package for a month, to see if your network is wonky or something...
...Telus doesn't have contracts anymore on their residential internet service, not sure about their business service though.
...if it isn't your network on Telus's service, than it must be a Shaw server issue. At least you'll have some ammo to go back on them with. 
PS: I would probably ask Shaw for another modem to try first.... | |
Crunchyfrog
join:2006-05-04
Nanaimo, BC | For 1 month, with no contract? | |
Randsl Dude
join:2000-08-13
Canada | $96.95 for one month with no contract on a 3Mb down 1Mb up Server Plan, 2 static IP's...
It is a bit pricey just to see if it's ones own network is at fault or if it's Shaws, but the option is always there for troubleshooting... | |
twixt
join:2004-06-27
North Vancouver, BC
| reply to micoteck
said by micoteck :
For past 3-4 years it has worked flawlessly. No issues, everyone is happy. Now, all of a sudden, every few days, one, or two or three of the IPs disappear (it is random).
they lose their bindings to NIC subsequently inbound connections from internet are dropped. and connection from windows to internet drop. When this occurs, at least one or two of the IPs remain functional, so i know that system, or modem or default gateway has not crashed. It is very puzzling. traffic or services specified bound to disappeared IPs stop, while other traffic bound to IP that is active on modem continue to work.
During one of these epesodes, When speaking to level-1 support, they can see the modem, confirm that missing IPs have dropped and inacessible, but cannot offer any explanation.
Modem signals are in green and no issues there. Can anyone here help? Please. Rebooting the windows or modem doesn’t fix problem. Sometimes after a reboot, a different permutation of
IPs remain active and others disappear. It is very strange.
I have replaced Shaw modem with a new modem. And Shaw has re provisioned it again with same IPs. Replaced network cable also, replaced 3com NIC also and performed windows update as well, but problem continues. Please help and give me some suggestions as what could be wrong. Problem started about a month ago...
One Possibility:
Most ISPs do not actually have Static IPs. They simply configure their DHCP Server to *reserve* a particular IP address or set of IP addresses for your particular cablemodem Serial Number.
One of the ways that ISPs can check for fraud is to see whether multiple IP addresses are assigned to the same cablemodem Serial Number. If more than one IP address is assigned the same cablemodem Serial Number, the DHCP server can be instructed to devalidate or refuse to renew the IP address for suspected-pirate IP addresses.
Because your situation is non-standard, the security protocols used for Shaw's DHCP Servers must be modified to allow the security system to pass and accept your multiple IP addresses on the same cablemodem Serial Number. If not, the fraud-detection system will detect you as a pirate and quite properly disconnect you.
It is possible that Shaw has recently either implemented the above protection for the first time, updated their existing fraud-protection and mismanaged the upgrade, or there is a configuration error in their fraud-protection system for your account. This will require further investigation.
Note: It is highly probably that the standard techdroids at the end of the phone lines will know little-to-nothing about Shaw's fraud-protection schemes. These things are commonly kept secret - based on the "security by obscurity" principle.
Another possibility:
Vulnerabilities in DNS have led to widespread DNS-poisoning opportunities. Improvements in the DNS assignment-randomization process have been implemented to make DNS-poisoning more difficult. These updates have been implemented on both Client (you) and Server (Shaw) sides of the connection.
Check to see if any of Microsoft's security updates to your Server are implicated in regards to DNS issues. (Read the caveats for those updates and check for compatibility issues that Microsoft is already aware of - and implement the recommended modifications as noted in the Microsoft KB article for the affected update if your issue is noted in an appropriate article.)
If reconfiguration on your end cannot solve the problem (or there is no applicable Microsoft-supported modification as mentioned above), there may be a compatibility issue between the way those security updates have been implemented by Microsoft and the manner in which Shaw's security protocols defending against DNS-poisoning are reacting to your multiple IP addresses with the same MAC address.
If this is the case, then similarly to the above, there will have to be manual intervention and configuration of the DNS-poisoning defences on Shaw's side - in order to allow your particular configuration's data-packets to pass unmolested.
Recommendations:
You'll need to talk to someone on at least Tier2, probably Tier3 before anyone can converse with you intelligently. Good luck trying to get past the gates - there is a high probability that nobody at the level which you are talking to currently will have a clue that something like what I've described above even exists. | |
Chip Douglas
@shawcable.net
| reply to micoteck
Have you a second machine you can replicate issue on? That would point to OS issues.
You suggest that this is episodic. Which means that sometime it is fixed. What seems to fix it?
Also, try enabling DHCP. If that works it would suggest to me that issue is provisioning and registering your machine on the network.
Does NETSTAT -r give you any insight?
I have seen something similar with Digital Phone Service (different cable provider), where failure to register with the DNS correctly would not register the FQDN and without that registration, stuff goes out, but nothing comes back. If you grab your IP, and do a NSLOOKUP on it from the command line, your should get something that looks like this:
Name: S01990005bbccddee.wp.shawcable.net
Address: 24.99.99.99
Theoretically it should return all the IP's. I haven't messed with multiple IP's on a single MAC address though.
(faked to protect the innocent)
The last 12 should match your MAC associated with that IP on your machine. Anything else and it won't work. If nothing comes back, won't work.
ARP -a might give you a hint about the other IP's, but somehow I don't think so.
If connected directly, take a look at the Motorola's status page. 192.168.1.1 or maybe 192.168.100.1 I think (Sorry I am too lazy to remove my router). There may be an error log that is of assistance.
I am really inclined to think it is a DNS issue though. The NSLookup will be a clue to that. Especially when you say 1 2 or 3 stop working. The last is still registered.
I am assuming that whoever you talked to at Shaw made sure you are getting the correct boot file. My experience has been (another cable ISP), that if you are getting a non traditional boot file (ie Static IP's), someone typically has to actually build the boot file, do the subnet, make sure the network IP is correct etc etc. I don't even know if Motorolas 5XXX can handle those custom config files (to be honest I doubt it). Most modems, once they have authenticated on the DHCP server, are given their IP and stuff, and told where the TFTP server is located and which generic boot file to ask for. Once that is done the PC makes it's DHCP call, the DHCP associates that with the modem, and resisters it with an IP from its pool (or if there was already an active lease it renews it).
Even an unregistered modem or when you forget to pay your bill will get a boot file. They just get a 'special' one that doesn't let them go to very many places, depending on the ISP. Sort of like when you don't pay your cell phone bill, but can still call the phone company or 911.
If you are using true Static, you would need something like the Motorola SBG XXX (Gateway = Modem and Router). When I built boot files for true Static IP's we were using Gateways, and actually uploaded the config / boot file from the WAN side. We would do this to replace the 'special' one that wouldn't let them do anything, and would bridge the devices that they configured for the Static IP's we would give them at that time. The IP's actually came from a different range compared to 'residential' customers.
I am inclined to think that Shaw uses what I think of as Sticky or Persistent ones (long lease) for residential customers. BTW if you do enable DHCP and it works you can discover the lease length with IPCONFIG /all.
When I look at Shaws packages. I don't even see a residential option for other than Dynamic. If you are a business customer you have to have the Server Connect Package to get more than 2 Static (as I read the packages). I am surprised that you would be calling into Tier 1 help. Normally business customers get a 'special' number for support. If you are a residential maybe you had a package that then no longer offer and didn't grandfather.
Oh one last thing. Shaw and other cable companies have been implementing the advances in DOCSIS. I remember in the beginning it was a propriatory network. Headend (CMTS) and modem spoke only their own language. Then came DOCSIS 1.0, 1.1, 2.0 and now DOCSIS 3.0 is being rolled out. What does this mean for you? Well maybe Shaw has implemented some new feature of DOCSIS.
Oh oh oh, one more last thing. Do you by chance also have the Digital Phone service and a second box? .... N'ah, forget that one. Makes no logical sense.
I go with the DNS registration and FQDN thing.
Ok so those are a few things off the top of my head. Man I talk toooooo much. | |
-
|
