dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
566
share rss forum feed

dialsoft
Premium
join:2009-05-25
Parsippany, NJ

[OOL] non standard really hard to fix issue i need help with

I currently have 4 static cable ultra/boost accounts and 1 regular old boost account without static ip all on the same ethernet. The reasons are I need static ips for the type of application I use.

I will list the IPs of my gateways here.

N1 24.187.223.1 - Ultra static
N2 75.99.179.33 - Ultra static
N3 108.58.170.17 - Boost static
n4 96.56.208.209 - boost static

Each of these DPQ-3925 cisco devices terminate to my netgear gigabit switch (unmanaged). Then the switch is uplinked to my 2 -24 port switches that are managed but not using anything more than a default config.

My issue is that my dqp-3925 devices lock up randomly and do not lose status lights indicating a good lock to the cable network.

Some wierd things I notice is that devices that have static ips on the N1 N2 N3 N4 devices cannot reach IPs of the devices of other machines on the network. for example I cannot ping N2 devices from N1.

What I need to know is, do I need to terminate all of these routers to a router or switch with the ability to define internal routes? Will this solve the issues? I think what is happenning here is that the N1 device attempts to go out to the internet to find a route back to its internal network..

My second issue is can anyone ping my N1-4 gateways from the outside world? Should they be pingable?

Looking forward to a discussion on this.


dm145

join:2009-12-12
Clifton, NJ

May be time for you to bring in an IT Professional


frdrizzt

join:2008-05-03
Ronkonkoma, NY
kudos:1
Reviews:
·Optimum Online
reply to dialsoft

The gateway IP will be pingable on your system as long as at least a single IP has been assigned by the 3925. There are some systems where that is not the case due to different hardware. As long as your location is accurate it is the case, however you can always test by pinging the gateway from one of the other static IP blocks.


andrewc2

join:2011-06-05
Matamoras, PA
reply to dialsoft

None are pingable.


johnnyboy24

join:2002-04-07
Bayonne, NJ
reply to dialsoft

For one, you will not be able to ping any other hosts since they are on different subnets, and different address blocks. Unless the server has a connection to every subnet so you can add routes.

Secondly, you should consider getting a layer 2 and layer 3 switch to even think of doing such a thing. You should have different vlans for each connection and then a router between vlans so they can talk to each other. You don't have to do it that way, but its a good practice to get into to avoid issues.


dialsoft
Premium
join:2009-05-25
Parsippany, NJ

Johnnyboy24,

When you say a connection to every subnet? You are referring to physical ethernet network?

N1 N2 N3 N4 are all on the same ethernet. MY PC has an IP from N1 and N2 defined on its ethernet interface. I can only ping N1 a nd N2 hosts reliably.

if I use routers, do I need to eat a usable IP for each interface on the router?


cablewizzard

join:2009-06-14
Hicksville, NY
kudos:1
reply to dialsoft

You're talking like this is something new/suddenly happening, while I am pretty sure it's not. Do tell us: is this a new/reconfigured setup?

a.) I recall terms and conditions say you can have only one Static-IP setup - are you telling us you bypassed that by opening 4 different cable accounts under 4 different corporate names all operating out of the same location? Fail...

b.) the DPQ3925's are not known to hang randomly, their reputation and reliability seems vastly improved over a standalone modem+Cisco851 router combo. If you say "lock up", what exactly are you talking about? VOIP service still working? But not getting any traffic IN OR OUT of your static /29? WebUI at 192.168.100.1 still visible? That's not a lock up. A locked up device WILL lose connectivity to the DOCSIS network.

c.) as you have the ethernet (LAN) side of the 3925's hooked directly into the same dumb L2 switch, ARP traffic from ALL of your /29's will start to be visible to ALL devices involved. Something tells me this may be confusing the 3925's internal router and L2 switch: - indeed, if it listens to all those ARP messages, it MAY try to forward packets sourced from an N1 device directly back out it's LAN interface if the destination is N2/N3/N4, and it has an ARP entry for them (with high certainly).

The design of the RG (router component in the 3925) almost certainly has some sort of ACL functionality that may prevent that packet from leaving through the LAN, *despite* an ARP entry saying that it could.

L2/L3 packet processing in the RG may have a rather "soft" boundary, such that an ACL (at L3) may apply to outbound traffic that is technically already at L2 (e.g.: should only be switched, not routed). Do not assume that L2 switching and L3 routing in this device works like a conventional, 2-box router+switch.

While such behavior would be formally incorrect, your non-standard use of the device outside of Cablevision's specific supported use scenarios (e.g.: do not put OTHER networks' traffic in the same L2 domain as the static-IP routers' LAN side) is likely to make this a problem that you will neither find support for, and will not be solved. You will not get around implementing L2 ARP filtering for traffic going to the static-IP routers: good luck.


dialsoft
Premium
join:2009-05-25
Parsippany, NJ

I did nothing to circumvent any policies. I simply asked for more IPs and they said you needed to order multiple accounts in order to get more.

While the issue is not new, it is sporadic. Sometimes I wont have an issue for a month then it goes hog wild for days on end.

Are you saying that I NEED to use L2 to get around this or there is no scenario where this will work correctly?

Marc


cablewizzard

join:2009-06-14
Hicksville, NY
kudos:1

1 edit

said by dialsoft:

Are you saying that I NEED to use L2 to get around this or there is no scenario where this will work correctly?
Marc

To accomplish that (separating L2 (MAC) domains), I'd follow what johnnyboy24 said: separate the traffic by VLAN, then ROUTE between those VLANs.

Look into the Cisco RV* routers (the semi-pro devices in the $150-500 range), but this is not entry-level configuration, but conceptually should work like this:

- create 4 ports, each in their own VLAN (untagged), facing the 4 DPQ3925's
- create additional port(s) as needed, with tagged or untagged VLANs facing your devices (which may support VLAN tagging)
- permit the router to route between VLANs

Your attached devices can and should only live in 1 VLAN (and hence 1 /29) at a time - if they start talking to a different /29, traffic will be routed, not switched, and go into the other VLAN - no exit/re-entry out/from the cable network required.

If it sounds awkward, that's because it is, as you'll truly be operating devices in multiple networks that are independent of one another, and where traffic must be routed, not switched between them.

dialsoft
Premium
join:2009-05-25
Parsippany, NJ

ok this is outside of my expertise. Are you available for hire. Either onsite or via phone


cablewizzard

join:2009-06-14
Hicksville, NY
kudos:1

Sorry, no.