No IP unreachables (and Cacti)

 | 11 Oct 2007 15:49

*Sigh* Took me an hour or two to figure this one out. Cacti now does a ping before actually polling a device for stats. I’m running a small cacti site which had been neglected for a long time. After updating cacti and cleaning up some mess I was confused why one router did get polled and the other’s graphs remained a dumb “nan”.

I debugged and pinged, even installed hping3 to do UDP pings. I don’t want to run cacti as root, especially not on a vhost. So the UDP ping had to work. The pings arrived but still no replies.

Getting sidetracked I noticed that the one router that did work was being hit by SSH login attempts and it’s cpu was spiking. An ACL took care of the break-in attempts but then I noticed that directed broadcasts were made to my server’s segment. So I nailed that down plus proxy-arps when I noticed that the router which had worked before now was causing errors in Cacti as well.

Tracking back I noticed that the UDP ping ‘replies’ were unreachables rather than ICMP replies (doh, how obvious!) . I enabled IP unreachables on both routers again and I was done. It’s amazing how blind one can be at times to the blatantly obvious…

No Responses to “No IP unreachables (and Cacti)”