Interesting Traces - Dead Gateway Detection Under HP-UX 11X

Blue Bar separator

In this trace we were trying to determine why an HP-UX 11.00.03 system (172.16.32.90) acting as a web server (yes, I realize the address is from the private range but you don't expect me to display the real address do you :)) would work for a few minutes right after it was booted then stop working. But it only stopped working for some web clients not others. This trace shows one of the non-working clients (172.16.32.5).

Other important things to know are that the subnet mask is 255.255.255.192 so the server and client are on different subnets and the default router is 172.16.32.65. The web client that continued to work was 172.16.32.67, which is on the same subnet as the server.

Packets 1 thru 59 show a working HTTP connection right after the server was booted. I left out most of those frames in the interests of brevity. We then have a series of pings from the server to the default router -- which go unanswered. The next HTTP connection attempt starting at frame 64 (in red) does not get a response. We then have a series of pings to from the server to the router at roughly 3 minute intervals followed by HTTP and FTP connection attempts - both of which fail.

The key is the unanswered pings to the default router at 3 minute intervals. HP-UX 11x detects a dead gateway by pinging it. If the ping fails it doesn't even try to send a packet. The default gateway was configured to ignore pings for security reasons. 

Packet	Source			Destination		Time			Protocol	Details
1	IP-172.16.32.5		IP-172.16.32.90		20:44:58.784351		HTTP	Src=38073,Dst=   80,....S.,S=3188083764,L=    0,A=         0,W=65535
2	IP-172.16.32.90		IP-172.16.32.5		20:44:58.784807		HTTP	Src=   80,Dst=38073,.A..S.,S=2034399939,L=    0,A=3188083765,W=32768
3	IP-172.16.32.5		IP-172.16.32.90		20:44:58.787039		HTTP	Src=38073,Dst=   80,.A....,S=3188083765,L=    0,A=2034399940,W=65535
4	IP-172.16.32.5		IP-172.16.32.90		20:44:58.792324		HTTP	C PORT=38073 GET /
. . .
51	IP-172.16.32.90		IP-172.16.32.5		20:44:59.151841		HTTP	R PORT=38074 HTML Data
52	IP-172.16.32.5		IP-172.16.32.90		20:44:59.286310		HTTP	Src=38073,Dst=   80,.A....,S=3188086738,L=    0,A=2034415905,W=64866
53	IP-172.16.32.5		IP-172.16.32.90		20:44:59.286560		HTTP	Src=38074,Dst=   80,.A....,S=3188176851,L=    0,A=2034537018,W=65535
54	IP-172.16.32.90		IP-172.16.32.5		20:45:14.837015		HTTP	Src=   80,Dst=38073,.A...F,S=2034415905,L=    0,A=3188086738,W=32768
55	IP-172.16.32.90		IP-172.16.32.5		20:45:14.837067		HTTP	Src=   80,Dst=38074,.A...F,S=2034537018,L=    0,A=3188176851,W=32768
56	IP-172.16.32.5		IP-172.16.32.90		20:45:14.838025		HTTP	Src=38073,Dst=   80,.A....,S=3188086738,L=    0,A=2034415906,W=64866
57	IP-172.16.32.5		IP-172.16.32.90		20:45:14.838374		HTTP	Src=38074,Dst=   80,.A....,S=3188176851,L=    0,A=2034537019,W=65535
58	IP-172.16.32.5		IP-172.16.32.90		20:45:19.151762		HTTP	Src=38073,Dst=   80,...R..,S=3188086738,L=    0,A=2686592550,W=    0
59	IP-172.16.32.5		IP-172.16.32.90		20:45:19.152092		HTTP	Src=38074,Dst=   80,...R..,S=3188176851,L=    0,A=2686592550,W=    0
60	IP-172.16.32.90		IP-172.16.32.65		20:46:18.395616		PING 	Req Echo: 172.16.32.65
61	IP-172.16.32.90		IP-172.16.32.65		20:46:20.445531		PING	Req Echo: 172.16.32.65
62	IP-172.16.32.90		IP-172.16.32.65		20:46:22.495485		PING	Req Echo: 172.16.32.65
63	IP-172.16.32.90		IP-172.16.32.65		20:46:24.545452		PING	Req Echo: 172.16.32.65

64	IP-172.16.32.5		IP-172.16.32.90		20:46:57.493632		HTTP	Src=38081,Dst=   80,....S.,S=3218618761,L=    0,A=         0,W=65535

65	IP-172.16.32.5		IP-172.16.32.90		20:47:00.487466		HTTP	Src=38081,Dst=   80,....S.,S=3218618761,L=    0,A=         0,W=65535
66	IP-172.16.32.5		IP-172.16.32.90		20:47:06.522312		HTTP	Src=38081,Dst=   80,....S.,S=3218618761,L=    0,A=         0,W=65535
67	IP-172.16.32.90		IP-172.16.32.65		20:49:21.532282		PING 	Req Echo: 172.16.32.65
68	IP-172.16.32.90		IP-172.16.32.65		20:52:24.588644		PING 	Req Echo: 172.16.32.65
69	IP-172.16.32.90		IP-172.16.32.65		20:55:27.645180		PING 	Req Echo: 172.16.32.65
70	IP-172.16.32.90		IP-172.16.32.65		20:58:30.701697		PING 	Req Echo: 172.16.32.65
71	IP-172.16.32.90		IP-172.16.32.65		21:01:33.758253		PING 	Req Echo: 172.16.32.65
72	IP-172.16.32.90		IP-172.16.32.65		21:04:36.814916		PING 	Req Echo: 172.16.32.65
73	IP-172.16.32.90		IP-172.16.32.65		21:07:39.871301		PING 	Req Echo: 172.16.32.65
74	IP-172.16.32.90		IP-172.16.32.65		21:10:42.927851		PING 	Req Echo: 172.16.32.65
75	IP-172.16.32.90		IP-172.16.32.65		21:13:45.984367		PING 	Req Echo: 172.16.32.65
76	IP-172.16.32.90		IP-172.16.32.65		21:16:49.040923		PING 	Req Echo: 172.16.32.65
77	IP-172.16.32.90		IP-172.16.32.65		21:19:52.097455		PING 	Req Echo: 172.16.32.65
78	IP-172.16.32.5		IP-172.16.32.90		21:20:59.817574		HTTP	Src=38107,Dst=   80,....S.,S=3727604722,L=    0,A=         0,W=65535
79	IP-172.16.32.5		IP-172.16.32.90		21:21:02.793794		HTTP	Src=38107,Dst=   80,....S.,S=3727604722,L=    0,A=         0,W=65535
80	IP-172.16.32.5		IP-172.16.32.90		21:21:08.828631		HTTP	Src=38107,Dst=   80,....S.,S=3727604722,L=    0,A=         0,W=65535
81	IP-172.16.32.5		IP-172.16.32.90		21:21:34.380122		FTP Ctl	Src=38108,Dst=   21,....S.,S=3736405817,L=    0,A=         0,W=65535
82	IP-172.16.32.5		IP-172.16.32.90		21:21:37.393791		FTP Ctl	Src=38108,Dst=   21,....S.,S=3736405817,L=    0,A=         0,W=65535
83	IP-172.16.32.5		IP-172.16.32.90		21:21:43.436505		FTP Ctl	Src=38108,Dst=   21,....S.,S=3736405817,L=    0,A=         0,W=65535
84	IP-172.16.32.90		IP-172.16.32.65		21:22:55.154001		PING 	Req Echo: 172.16.32.65
85	IP-172.16.32.5		IP-172.16.32.90		21:22:55.636727		FTP Ctl	Src=38109,Dst=   21,....S.,S=3756684707,L=    0,A=         0,W=65535
86	IP-172.16.32.5		IP-172.16.32.90		21:22:58.563610		FTP Ctl	Src=38109,Dst=   21,....S.,S=3756684707,L=    0,A=         0,W=65535
87	IP-172.16.32.5		IP-172.16.32.90		21:23:04.603527		FTP Ctl	Src=38109,Dst=   21,....S.,S=3756684707,L=    0,A=         0,W=65535
88	IP-172.16.32.5		IP-172.16.32.90		21:25:52.845861		HTTP	Src=38111,Dst=   80,....S.,S=3800826573,L=    0,A=         0,W=65535
89	IP-172.16.32.5		IP-172.16.32.90		21:25:55.788522		HTTP	Src=38111,Dst=   80,....S.,S=3800826573,L=    0,A=         0,W=65535
90	IP-172.16.32.90		IP-172.16.32.65		21:25:58.211234		PING 	Req Echo: 172.16.32.65
91	IP-172.16.32.5		IP-172.16.32.90		21:26:01.822399		HTTP	Src=38111,Dst=   80,....S.,S=3800826573,L=    0,A=         0,W=65535
You can display the current setting for "dead gateway detection" in the HP-UX system by getting the value of the ip_ire_gw_probe flag. A value of 1 indicates that the system is doing dead gateway detection, a value of 0 indicates that it won't. 
	# ndd -get /dev/ip ip_ire_gw_probe
	1
To set the flag to zero do: 
	# ndd -set /dev/ip ip_ire_gw_probe 0
There is also an ip_ire_gw_probe_interval variable which control the probe interval. To get more details on these values do a 
	# ndd -h dev/ip ip_ire_gw_probe
or
	# ndd -h ip_ire_gw_probe_interval


Blue Bar separator
This page was last modified on 03-09-06
mailbox Send comments and suggestions
to ndav1@cox.net