The provider disables the port, the reason?

B

borg3332018-11-15 21:18:58

Computer networks

borg333, 2018-11-15 21:18:58

Hello.
There are 3 servers on board:
1. Gateway 1gbx2, 10gbx4. pfsense 2.4.4-RELEASE (amd64)
WAN On igb0 Internet (eco-telecom, connected via a stupid switch to amplify the signal).
LAN On igb1 dhcp to LAN in switch 10.10.10.0/24
BR0 mlnx0, mlnx1, mlnx2, mlnx3, in the absence of an inexpensive sfp + switch, set up in bridge0, dhcp 10.10.100.0/24 is configured
on it dns resolver (DoT cloudflare) is raised, pfblocker, squid, suricata (WAN inline, LAN, BR0), OpenVPN, ipsec, l2tp, TFTP
2. ESXi 6.7
nginx, splunk, transmission, winsrv2016 (acts as AD, DNS, backups of all VMs and physical machines, VNC server from local + from outside), icecast, mail, nextcloud, plex, rocketchat. Everything is connected via mlnx1 to the network 10.10.100.0/24
3. FreeNas 11. connected via mlnx0 to the network 10.10.100.0/24
This worked for a month and then recently bam, the Internet disappears, the provider's TP says that we have a switch hanging because of you and we turned off your port. What I just didn't do. I reinstalled everything, ran wireshark for a few days in order to listen to what was happening at the other end of igb0, silence. Blocked 5 times already. They do not provide troubleshooting, they do not provide logs, referring to the fact that the piece of iron hangs, so there are no logs. But for some reason, it is my port that is turned off, yeah. In general, I'm at an impasse.
Please tell me where to dig, what tool to use? In addition, I connected the 2nd Internet, but optics, there are no such problems on it. Next week they will bring in copper from a third provider, let's see how it will be on it.
Many thanks in advance.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

B

borg333, 2018-11-19
@borg333

I think I found a possible reason for blocking. Today I connected another copper, after connecting which, after 10 seconds, pings disappeared. This prompted me to test. In the case of the second provider, it turned out to be ipmi, which was in dhcp mode. After specifying the statics, the pings stopped disappearing, perhaps for the same reason the port was turned off for me. Wait and see...

T

TyzhSysAdmin, 2018-11-15
@POS_troi

Look for contact with the Provo admin.
In your scheme, I don’t like “connected through a stupid switch to amplify the signal” , the “what for” situation is not clear, whether this switch falls into the top ten, whether it shits in a line.
In general, look for contact, without information from the side of the Provo, you will not know anything.

V

Valentin, 2018-11-15
@vvpoloskin

I have seen a lot of situations where TP responded like this to clients (and even told them to answer like that myself). This can be a triggered loopbackdetect, a constantly flapping port (half-full dublex, 10-100M), a buggy poppy address (operator switches do not process the entire poppy address, but the hash from it and the vlan, and only part of this hash), arrange a storm , in the end, just shorten the line and a lot more. Deal with you separately - spend a few days of one (two) network engineer (most likely for nothing, because you will not do anything for six months - you will first have to get a budget).
The switch is not a dumb device, it has a chip and firmware. Dull can only be a hub or a media converter.
Recommend:
1) get rid of this switch, raise the link to 10M and observe (on a normal 200-meter loop it’s not a problem)
2) turn on the upstream to another port of this switch, and connect some computer to the current one and generate traffic into it
3) install a normal switch (or even better a full-fledged border, at least the same cheap mikrotik)

S

Sanes, 2018-11-15
@Sanes

Together with the provider, look for the cause. No other way.