Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

Fixed my WAN connection failover problem tonight

By Andrew Pollack on 11/01/2011 at 09:36 PM EDT

For the last couple of weeks, my WAN connection here has been failing over from the Cable Modem to the backup DSL connection pretty frequently and the root cause has left me baffled.  Until tonight.

The failover is handled by my trusty old Sonicwall TZ-170 firewall.  It handles both the cable and dsl connections and can handle load balancing and failover.  For me, this combination makes sense since my public facing servers are all located at hosting centers so there's no need for a commercial network connection here. The total cost to have two different consumer grade connections isn't bad, and the reliability I get with the fail-over is worth it.

The problem has been that for the last couple of weeks, the faster cable connection has been periodically failing for no visible reason. Tests show me that the link is good, and if reboot the firewall it goes back to being happy...for a while. This configuration has been stable and reliable for a long time so it really had me scratching my head. It turns out that the answer was right there in the words "Trusty Old Sonicwall". The system had been reliable and stable, so I'd had no reason to look into updated firmware and it completely slipped my mind for the last several years.

You may remember that in 2007 we changed the date on which we switch the clocks for Daylight Savings Time. Well, I'd been lax in updating that trusty old Sonicwall and it was using the old dates. For the last few weeks, it's been off by one hour. When the system boots, it makes a brand new DHCP request and gets an address, then every few hours, it issues a DHCP "RENEW" transaction so that the address remains valid. When the DHCP RENEW transaction hit the provider's DHCP server, it had a timestamp that was off by an hour and was ignored. The firewall decided that since it couldn't renew its address, it had to invalidate that network port. Failover occurred.

I was able to test this theory by turning off the NTP (Network Time Protocol) settings and manually set the time on the firewall. Once I validated the fix, I went out and got an updated firmware for the TZ-170 and all is well.



There are  - loading -  comments....

Site Links

Useful Links



Other Recent Stories...

  1. 01/26/2023Better Running VirtualBox or VMWARE Virtual Machines on Windows 10+ Forgive me, Reader, for I have sinned. I has been nearly 3 years since my last blog entry. The truth is, I haven't had much to say that was worthy of more than a basic social media post -- until today. For my current work, I was assigned a new laptop. It's a real powerhouse machine with 14 processor cores and 64 gigs of ram. It should be perfect for running my development environment in a virtual machine, but it wasn't. VirtualBox was barely starting, and no matter how many features I turned off, it could ...... 
  2. 04/04/2020How many Ventilators for the price of those tanks the Pentagon didn't even want?This goes WAY beyond Trump or Obama. This is decades of poor planning and poor use of funds. Certainly it should have been addressed in the Trump, Obama, Bush, Clinton, Bush, and Reagan administrations -- all of which were well aware of the implications of a pandemic. I want a military prepared to help us, not just hurt other people. As an American I expect that with the ridiculous funding of our military might, we are prepared for damn near everything. Not just killing people and breaking things, but ...... 
  3. 01/28/2020Copyright Troll WarningThere's a copyright troll firm that has automated reverse-image searches and goes around looking for any posted images that they can make a quick copyright claim on. This is not quite a scam because it's technically legal, but it's run very much like a scam. This company works with a few "clients" that have vast repositories of copyrighted images. The trolls do a reverse web search on those images looking for hits. When they find one on a site that looks like someone they can scare, they work it like ...... 
  4. 03/26/2019Undestanding how OAUTH scopes will bring the concept of APPS to your Domino server 
  5. 02/05/2019Toro Yard Equipment - Not really a premium brand as far as I am concerned 
  6. 10/08/2018Will you be at the NYC Launch Event for HCL Domino v10 -- Find me! 
  7. 09/04/2018With two big projects on hold, I suddenly find myself very available for new short and long term projects.  
  8. 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino? 
  9. 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back. 
  10. 02/15/2018Andrew’s Proposed Gun Laws 
Click here for more articles.....


pen icon Comment Entry
Subject
Your Name
Homepage
*Your Email
* Your email address is required, but not displayed.
 
Your thoughts....
 
Remember Me  

Please wait while your document is saved.