0

My workstation is connected to one of the corporate ethernet switches. There are multiple VLANs. ipv4 broadcast and ipv6 FF02::1 only work within current VLAN.

I have enabled wake on lan and waking it with a magic packet from another workstation, which is in another VLAN/subnet. Therefore I cannot use a broadcast address. Instead I have to use a unicast address.

However, this only works if I put an intermediate 5-port domestic switch between my workstation and the corporate switch. Can somebody explain that?

It is obviously not a timeout, because I send the packet right after I put my workstation to sleep. It looks like that side somehow notices my actions and instantly erases the ARP and ipv6 neighbor cache. With a domestic switch WOL works, at least for several minutes.

My network card is old and does not support ARP offload (I never saw one).

Upd:

I was able to simulate a sleeping workstation by running this command on Linux:

iptables -I OUTPUT -j DROP

...and then launched tcpdump. Initially a lot of packages come. If I replug the cable between my switch and the PC, packages are still coming, but if I replug the cable between my switch and the corporate switch, they stop coming. There are rare CDPv2 packets.

I think that when I put my workstation to sleep, a short disconnect occurs, possibly due to the card lowering the network speed. My card has no "WOL speed" setting.

basin
  • 548
  • 1
  • 3
  • 20
  • 1
    What kind of switch is it? Can you monitor what happens on the switch when you go to sleep? Do you see Ethernet link going down for that port when the computer goes to sleep? – Zoredache May 04 '17 at 18:34

1 Answers1

0

If you stick another box on that domestic switch, you should be able to see arp packets flying around (tcpdump or similar). Once the domestic switch forgets your sleeping box's address, you'll get any arp requests on your new monitoring box. If you ping your sleeping box (or send the WOL thingy) you should see the arp who-has on the monitoring box. If you don't, that's solid evidence that something in the switch and beyond is at fault. If you do see those packets on your monitoring box, that means your sleepy box is at fault.

An ethernet device should send out packets on all ports when it doesn't know the destination. The domestic switch will keep an arp cache for a while, which is why it works temporarily. While the domestic switch keeps your IP addr in cache, it convinces the switch to send packets to it.

Another possibility is that someone else is using your same IP address. This can happen without immediately blowing things up, especially if the two machines don't do a lot of traffic a lot of the time. It often manifests as weird slowness, rather than a complete disconnection. It only works because your computer is sending out regular requests, which updates everyone's arp cache (until the other guy does the same thing). So, you and I can download files successfully even if we have the same IP. If the source of the files retries transmissions, you can even have two computers downloading with the same IP simultaneously. The download just seems really jerky.

An easy way to check for that is disconnect your computer and then ping (or whatever) it from somewhere else.

Hope that helps

-Dylan

Dylan Martin
  • 538
  • 4
  • 13