Additional subnet with its own gateway routed through existing link

m.schultz · ‎10-05-2016

Hi all,

I have recently been provided with an additional subnet with its own gateway (say, 10.10.10.0/24 and gateway 10.10.10.1). This, and my original subnet (say, 172.16.16.0/24), are both routed through the same physical link from my provider to gig0/1 on my 3750E switch. The two subnets seem to be able to coexist without problems, that is, I have servers connected to the switch, some using the original range while others use the new one. However, when ping'ing servers on the new subnet - from the existing one, locally, it results in duplicate responses from the individual servers. Ping'ing machines within the same subnet works just fine. And, if I ping either servers within the original or new range from the outside, no duplicates either.

What am I doing wrong? And also, as it is, seeing as the two ranges aren't contained within their own VLANs, they exist within the same broadcast domain, and there are obvious security concerns related to this. But how would I configure VLANs for the two ranges, when they must share the same uplink port (gig0/1)? Trunking/ subinterfaces? But that would require my provider configuring their end likewise, right?

King regards

UPDATE: If I recreate the setup using exactly the same equipment at home it all runs just fine. Might it be a misconfig at my provider?

Georg Pauwen · ‎10-05-2016

Hello,

if you do a traceroute locally, what is the path ? Misconfiguration by the provider is possible, since they have given you the range, it is always worth checking.

Check out this link, it lists all kinds of possible reasons for duplicate responses.

http://www.slac.stanford.edu/comp/net/wan-mon/tutorial.html#duplicates

m.schultz · ‎10-05-2016

Hi gpauwen,

Thank you so much for your reply - and the link! Something tells me that it's either the 4th og 5th bullet-point, that is, there are two routes by which the (provider) router can reach the end host - the router's interface has probably been configured with the new subnet as "secondary" or similar, or the ICMP request is forwarded by more than one path.

A traceroute from a host on the original subnet to a host on the new subnet just confirms that ICMP-packets are delivered to the (original subnet's) default gateway, which in turn knows the route locally and thus returns the packet to my switch where both hosts are directly connected.

:-/ ?

Georg Pauwen · ‎10-05-2016

It would be interesting to know what the arp cache on your 3750 looks like for the hosts you are pinging. Can you check that ?

m.schultz · ‎10-05-2016

The arp cache didn't show anything unusual. Cleared it without effect.

Georg Pauwen · ‎10-05-2016

Odd. I guess you could use a packet sniffer such as Wireshark to find out where the ARP entries come from. Is your service provide cooperating in this investigation ?

m.schultz · ‎10-06-2016

So, now I have had some time to look at the ARP requests and replies, and it seems that the gateway (my provider's equipment) in the new subnet range is sending a whole lot of requests - and more often than not several, 3-5, for the same IP. It generates almost 20 times as many requests as the gateway in the original subnet and typically 2-5 every second, randomly asking for the addresses in the subnet range.

Also, when ping'ing some address in the new subnet from the original one, and receiving the duplicates, they seem to originate from the same source - just being exact copies, that is.

I notified my service provider yesterday morning, but they have yet to deal with it.

Georg Pauwen · ‎10-06-2016

It is possible that your provider, for whatever reason, has set a really low arp timeout value.

Since you are probably in a production environment, you likely cannot experiment too much. You might want to try and enable 'storm-control broadcast' on your 3750 switchports. Since ARP requests are essentially broadcasts, this might cut down on the number of responses.