First off, I am pretty new at diagnosing network issues through linux. I have an intermittent problem with our LAN servers. They seem to lose all connection to the network and if I disable the adapter then re-enable the adapter the servers come back online. It is worth noting these servers are all virtualized and running Windows 2012 Standard.
Now i have in my router (vyatta logs) the following messages. The ip address in the source may vary but are all servers in the network. All traffic is NAT'd out through eth0 from the 172.16.0.0 network. eth0 is external, eth1 is internal.
martian source 172.16.0.5 from 172.16.0.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:50:56:00:00:05:08:06
Now what i know from above:
Source IP: 172.16.0.5 - Server I have off! (repeat it is off) and is not pingable.
From IP: 172.16.0.254 - The router eth1 address
Header. So if i understand this correctly.
ff:ff:ff:ff:ff segment = 255.255.255.255 (broadcast in hex)
00:50:56:00:00:05 = The offending mac address. Which is the mac address of eth1
08:06 = Arp traffic.
Now as the post stated these entries directly relate (at least it appears to be) to servers loosing connectivity (network). This could be coincidental.
Can anyone shed some light on the following.
- Could these martian source log entries be a pointer to why these servers lose connectivity
- Is it possible there is someone else on the network trying to spoof my mac address?
- How can I track down more information \ resolve these messages
Let me know if there is any more information i can provide.
