Title: Alcatel 1000 and Speedtouch Home Duplicate IP problem
Created: 12-Apr-2001
Modified: 12-Apr-2001
Author: L. Baldwin
Here's what happens if you try to connect to the management interface of an Alcatel modem AND your ISP is using a bridged (RFC 1483) architecture:
PC #1 sends and ARP request for 10.0.0.138. Modem #1 receives this. It HAS and IP address that matches the request so it responds to the ARP with its MAC address....but then, following its bridging rules forwards that ARP request out its ADSL interface. The ISP's ADSL Gateway receives this broadcast packet on PVC #1 and following normal bridging rules MUST forward the ARP request out PVCs #2 and #3. When modems #2 and #3 receive the ARP request they are also assigned that address so THEY then send an ARP Reply to PC#1 indicating their MAC addresses.
When a device sends out an ARP request and multiple responses are received, the ARP cache is overwritten by the LAST response received. So ultimately, the ARP tables on PC #1 look like this:
C:\users\default>arp -a Interface: 10.0.0.100 on Interface 5 Internet Address Physical Address Type 10.0.0.138 00-90-D0-0A-BE-08 dynamic
If very FIRST ping you attempt will look like this:
C:\users\default>ping 10.0.0.138 Pinging 10.0.0.138 with 32 bytes of data: Reply from 10.0.0.138: bytes=32 time<10ms TTL=255 Request timed out. Request timed out. Request timed out. Request timed out.
Note how the first ping succeeds. This is because there is a very small window of time where PC#1 has the proper ARP info for 10.0.0.138. But by the time the second ping is attempts, the ARP cache has been overwritten by the MAC addresses for modems #2 and #3. You can see this clearly in the following packet trace:
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Summary
1 M Intel 22B210 Broadcast 60 0:00:00.000 0.000.000 ARP: C PA=[10.0.0.138] PRO=IP
2 0090D00644CE Intel 22B210 64 0:00:00.002 0.002.730 ARP: R PA=[10.0.0.138] HA=0090D00644CE PRO=IP
3 [10.0.0.100] [10.0.0.138] 74 0:00:00.003 0.000.344 ICMP: Echo
4 [10.0.0.138] [10.0.0.100] 74 0:00:00.004 0.001.007 ICMP: Echo reply
5 # Alcatl21BE57 Intel 22B210 64 0:00:00.033 0.028.994 Expert: Duplicate Network Address
ARP: R PA=[10.0.0.138] HA=Alcatl21BE57 PRO=IP
6 0090D00ABE08 Intel 22B210 64 0:00:00.040 0.007.910 ARP: R PA=[10.0.0.138] HA=0090D00ABE08 PRO=IP
7 0090D0179594 Intel 22B210 64 0:00:00.048 0.007.125 ARP: R PA=[10.0.0.138] HA=0090D0179594 PRO=IP
8 [10.0.0.100] [10.0.0.138] 74 0:00:00.992 0.944.035 ICMP: Echo
9 [10.0.0.100] [10.0.0.138] 74 0:00:02.460 1.468.227 ICMP: Echo
Frame 1: Client sends out ARP Broadcast for 10.0.0.138
Frame 2: ARP Reply from Modem #1
Frame 3: Client Sends Echo Request to 10.0.0.138 (MAC address: 0090D00644CE
which is Modem #1)
Frame 4: ICMP Echo reply from Modem #1
Frame 5-7: Modems #2, #3, and #4 ARP Replies received, overwriting ARP cache
on client
Frame 8: Client Sends Echo Request to 10.0.0.138 (MAC address: >0090D0179594<)
...no response, timeeout
Frame 9: Client repeats ...no response, timeout
We never get a response from Modem #4 because Alcatel doesn't respond to pings that are received on the >ADSL< interface, only ones that are received on the Ethernet interface. Altough given the recent CERT advisory regarding these modems, there are ways around this filtering.