Deployment of 3rd IP on Gateway seems to cause network issue issues
Article ID: 113744
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
I tried to deploy a 3rd Gateway IP on my current linux box so that I can filter an entire service to that IP. Seemed like this went well in regards to the installation, however after running a continues ping on the box, I seemed to get a lot of dropped packets. I need to re-verify if I completed the steps properly, or if I was missing something.
Environment
Applies to all Appliance Gateway's
Cause
Need to be careful when using PING as a tool to test network stability, many network devices and operating system have setting put in place to avoid ICMP storms
The gateway uses iptables to prevent ICMP storms, the default setting will drop packets when more than 2 PING's occur in the same second
The gateway uses iptables to prevent ICMP storms, the default setting will drop packets when more than 2 PING's occur in the same second
Resolution
Resolution to allow more ping sessions
Needed to increase how many per-second iptables:
#/etc/init.d/iptables stop
# vi etc/init.d/iptables
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 2/sec -j ACCEPT
T o
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec -j ACCEPT
#/etc/init.d/iptables start
Needed to increase how many per-second iptables:
#/etc/init.d/iptables stop
# vi etc/init.d/iptables
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 2/sec -j ACCEPT
T o
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec -j ACCEPT
#/etc/init.d/iptables start
Feedback
Yes
No
Powered by
