That's interesting. I'd still think a PCAP that ran during boot of the HMC and maybe watched for a bit could be enlightening. See if / who the IPs are speaking to, any dns lookups etc. Curious what you figure out - but it is certainly suspect.
> On Nov 21, 2015, at 11:18, Tony Thigpen <[email protected]> wrote: > > Thanks. > > When pinging either the hard-coded address or the DHCP assigned address, the > ping fails anytime we unplug the ethernet cable to that nic. > > We think that the HMC has opened up a tunnel in linux which is acting as a > proxy for <someone/some process>. At first we thought maybe the the laptops > in the z10, but the ping does not fail if we disconnect the cable going to > the z10 switch. > > I wish I could get into the real linux and doing some displays. > > Tony Thigpen > > Bigendian Smalls wrote on 11/21/2015 11:54 AM: >> It occurs to me Tony, there could be a multitude things here. But one >> involves routes and routing tables. Presuming the two networks on your >> multi-homed HMC don't overlap (different subnets) I'd wonder how your routes >> in that box are set up (default and otherwise). >> >> #3 concerns me a little that you have the same Mac arp resolution to 2 >> different IPs. While not impossible there could be some issues with this. >> Have you captured the traffic from the host that is suspect - and rebooted, >> see if it is actually dhcp requesting an address? It sounds like there could >> possibly be another box with a MAC address the same as your HMC. That's one >> idea. or a process on it requesting a dhcp address. >> >> If it were me I'd take two traffic captures, one that gets all the traffic >> from the HMC you suspect. and one from the box handing out IPs. Do a >> reboot of the HMC if you can, and see if the traffic coincides with expected >> behavior. That's where I'd start. >> >> Chad >> >> >>> On Nov 20, 2015, at 23:03, Tony Thigpen <[email protected]> wrote: >>> >>> Background: HMC software version 2.11.1 connected to a z10. >>> >>> The HMC is connected to two networks. The first is a small private network >>> with just the laptops in the z10 and the HMC. No other HMCs or other CPUs. >>> The second network is a local network with several items on it, including >>> other HMCs. This network is behind a VPN firewall and is used to access the >>> web services on the HMC. >>> >>> Both interfaces have hard-coded IP addresses. >>> >>> Today we noticed something strange. We had a DHCP address assigned to a box >>> we did not know about. Except for 3 workstations on the network, all other >>> boxes have hard-coded IP addresses. In the DHCP assigned addresses table, >>> the box had provided a name of BMC_DHCP. >>> >>> After a bunch of testing, we isolated the assigned address to the HMC, but >>> the address does not show up in any of the HMC panels that show IP >>> addresses. >>> >>> Items: >>> 1) When we ping the HMC using the hard-coded address, the response is under >>> 3.0ms. >>> 2) When we ping the DHCP assigned address, the response is 10x longer, in >>> the 30.0ms range. >>> 3) The arp tables on another PC show both addresses having the same nic >>> address. >>> 4) The HMC can ping it's own hard-coded address, but it can not ping the >>> DHCP assigned address. >>> 5) We have other CPUs and other HMCs. None of the others are doing the same >>> thing. (z900 though z10). >>> 6) This HMC has the latest software version of all the HMCs. >>> 7) nMap (port mapping tool) says that there are no ports open at this DHCP >>> assigned address. >>> >>> Thoughts on what is happening? >>> Anybody else seeing the same thing? >>> >>> -- >>> Tony Thigpen >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
