Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

Fixed my WAN connection failover problem tonight

By Andrew Pollack on 11/01/2011 at 09:36 PM EDT

For the last couple of weeks, my WAN connection here has been failing over from the Cable Modem to the backup DSL connection pretty frequently and the root cause has left me baffled.  Until tonight.

The failover is handled by my trusty old Sonicwall TZ-170 firewall.  It handles both the cable and dsl connections and can handle load balancing and failover.  For me, this combination makes sense since my public facing servers are all located at hosting centers so there's no need for a commercial network connection here. The total cost to have two different consumer grade connections isn't bad, and the reliability I get with the fail-over is worth it.

The problem has been that for the last couple of weeks, the faster cable connection has been periodically failing for no visible reason. Tests show me that the link is good, and if reboot the firewall it goes back to being happy...for a while. This configuration has been stable and reliable for a long time so it really had me scratching my head. It turns out that the answer was right there in the words "Trusty Old Sonicwall". The system had been reliable and stable, so I'd had no reason to look into updated firmware and it completely slipped my mind for the last several years.

You may remember that in 2007 we changed the date on which we switch the clocks for Daylight Savings Time. Well, I'd been lax in updating that trusty old Sonicwall and it was using the old dates. For the last few weeks, it's been off by one hour. When the system boots, it makes a brand new DHCP request and gets an address, then every few hours, it issues a DHCP "RENEW" transaction so that the address remains valid. When the DHCP RENEW transaction hit the provider's DHCP server, it had a timestamp that was off by an hour and was ignored. The firewall decided that since it couldn't renew its address, it had to invalidate that network port. Failover occurred.

I was able to test this theory by turning off the NTP (Network Time Protocol) settings and manually set the time on the firewall. Once I validated the fix, I went out and got an updated firmware for the TZ-170 and all is well.



  • car icon

    Server Performance

    Are your servers underperforming? Just buying new boxes isn't the answer. If you want to get better performance from your existing servers, Contact Me.
    • There are  - loading -  comments....

    Site Links

    Useful Links



    Other Recent Stories...

    1. 06/05/2013A conflict or rights: My question to my Libertarian friends about vaccination.Ok, Libertarian friends – where do you stand on this? I’ve used things like building codes, workplace safety, and similar topics before to frame the discussion of why we need government, but here’s one of best and most thorny conflicts in that debate for you… Vaccination is one of those really difficult subjects that pit personal freedoms against societal requirements. This article in Scientific American spurred me to ask the question. The basic conflict begins with your right over your own body. While ...... 
    2. 05/13/2013Successfully moved away from POSTINI to SPAMHERO - some thoughts...It's been almost a year since Google announced the changes in their "Postini" offering. I've been looking around, and finally chose to give [Spamhero] a try. As of today, I'm 100% switched over. Here's what I found, and a tip... Accuracy: I'm can definitely tell you is that Spamhero is accurate. I've had no false positives so far, and just a few spam messages that have gotten through. I had many more of both with Postini. For what spam does get through, you get a custom email address to forward the ...... 
    3. 03/22/2013BLUG A3 : Stuff Andrew Thinks You Should Know - The Presentation is now available for downloadThe BLUG conference was amazing. I had a great time, saw many people I really like, and watched a great deal of technical skill transfer take place as well as some wonderful peer to peer mentoring happening between some of the most experienced in our community and some of the newest members. Scott Souder gave a fantastic opening keynote talk that was fresh, frank, and encouraging. I love his energy and attitude, as well has his respect for the core products. Louis Richardson also did a great job. He makes ...... 
    4. 03/15/2013Looking at SAML and OAUTH in the Notes and Domino 9 Public Beta 
    5. 02/11/2013Just made plane and hotel reservations for BNUG -- my first time at that event.  
    6. 02/03/2013Can Software be Too Social to Succeed? 
    7. 02/01/2013Thoughts about the Opening General Session at Connect 2013 -- Do you have any? 
    8. 01/27/2013Who is to blame for the failure of Domino as public web server? IBM (Lotus) Product Management 
    9. 01/21/2013Small progress taking the first real steps in moving Second Signal off IBM Domino 
    10. 01/08/2013Does the Executive Branch of the U.S. Government (the President) have the Constitutional Authority to _NOT_ spend money allocated by the Congress? 
    Click here for more articles.....


    pen icon Comment Entry
    Subject
    Your Name
    Homepage
    *Your Email
    * Your email address is required, but not displayed.
     
    Your thoughts....
     
    Remember Me  

    Please wait while your document is saved.