Networking Implementation Foibles

by Jim Billiter

Copyright © 2005-2010 James H Billiter. All rights reserved.

From time to time I have encountered some questionable implementations in networking hardware, firmware, "middleware", software, services, and support, usually involving some losage to my immediate efforts and to those of my colleagues and customers. Rather than just quietly finding or developing a circumvention, I will, as time permits, additionally document my findings here as constructive criticism for the appropriate manager or development group. I intend to update this page as fixes or circumventions are made available.

There are two discussions so far:

Aplus.net hosting service

Motorola® SURFBoard® Wireless Cable Modem Gateway


Aplus.net hosting service
Updated: 17 March 2010
For two weeks or so in February, 2010 an outfit called Aplus.net hosted my several Web sites after "upgrading" them from another hosting service, Cedant, where all had been working well for some years. I think Aplus.net acquired Cedant somewhat earlier and finally got around to moving my sites onto their host about 1 February.

The "upgrading" was something of a nightmare, and you may find discussions about being "upgraded" by Aplus.net all over the Internet. This is my small contribution to attest Aplus's ineptness. I moved my Web sites to a new hosting service in mid-February in utter disgust with Aplus.net's support.

During my short time trying to get my sites working on Aplus.net's server I used their documentation (knowledge base) extensively and interacted with support personnel by telephone perhaps four times. I also submitted two trouble tickets via their control panel, the last of which is transcribed below.

My big problem at first was that all my CGI scripts stopped working after the "upgrade". Prospective customers could not download my trial software, much less actually buy a license.

To fix this I needed access to my files on Aplus.net's server, so I tried to log on using SSH (secure shell) as I had done with my Cedant service a few days earlier. Not working. Darn! Thus my first call to Aplus.net support. After I established my bona fides, I said that SSH was not working, and the discussion became incomprehensible thereafter, though I recall getting no response to the question, "Is SSH supported on your host?" Inconclusive. So then to the documentation, the knowledge base. There were instructions for enabling SSH and providing a public key. So, I enabled SSH, but the place to provide my public key was not where the documentation pointed. Darn! So, completely frustrated, I gave up on SSH.

Thus my first encounter with Aplus.net support. Not exactly propitious. I will not bore you with my ensuing interactions until the last, except to say that one other Aplus.net person was completely non-responsive (after she somehow articulated her name) and another told me that anonymous FTP was not supported, to be contradicted a day later by yet other support person. (Since I use anonymous FTP to download my software products, you can imagine my panic. And my anger to find anon FTP was really supported after spending 1/2 day's effort to develop and test a circumvention to the sudden lack of an anonymous FTP feature. Grrrrr...)

Now, to my last encounter with Aplus.net support.

I could not mamage my sub-domain's Web sites with SSH, so I ended up using FTP to upload files and a GUI (called File Manager) in the control panel to set permissions and suchlike. The File Manager GUI looks nice but its dozen or so commands cannot compete with the hundreds available with the Unix shell and utilities. I would call Aplus.net's approach to managing Web sites clunky. Maybe even bodgie.

Early in this exercise I had tried telnet, SSH's predecessor, and it too had failed. But now, with my downloads and ordering fuctionality finally working again, I tried telnet once more and documented the problem. I submitted a trouble ticket (#2417161) via Aplus.net's control panel and my ensuing dialogue with Aplus is in the incredible transcript below.

Here is a summary on the five-day interchange in the transcript. As background, I quote from Aplus.net's FAQ or knowledgebase:
==================
"Can I use Telnet?
Telnet can be used on the Aplus.net shared hosting platform."
==================

Me: Telnet is not working. Here's the failure symptom.

Aplus: Why do you want to use telnet?

[What? Hello? Because I want to manage my sub-domain? That last in an e-mail message not recorded by the trouble ticket application.]

Me: I responded by e-mail hours ago, and it is still broken.

Aplus: Provide details, screenshot.

Me: I already did in my initial report four days ago.

Aplus: Telnet is working. See how well our telnet client reads the HTTP port 80?
Ticket closed.

Telnet uses port 23, and it was not working. These support people were actually mocking me, their customer.
Amazing.

Trouble ticket transcript begins:
==================

Management options for ticket: 2417161

Ticket Details
Ticket ID:2417161
Department:Aplus Support
Status:Resolved
Priority:Medium
Date Created:2010-02-04 15:36:19
Date Modified:2010-02-09 21:21:20
Subject:telnet not working
FTP Username:billiter
DS Number:n/a
Domain Name:billiter.com 

<< Back to Listing
Reopen Ticket

Conversation

------------------ 

- James Billiter
jim@billiter.comPosted on: 2010-02-04 15:36:19
I cannot telnet into billiter.com. Here is the failure messaage from
Windows XP's telnet client:
---
C:\>telnet billiter.com
Connecting To billiter.com...Could not open connection to the host, on port 23:
Connect failed
---
Thanks

------------------

- Aplus Support
support@aplus.netPosted on: 2010-02-05 10:56:48
The ticket # 2417161 that was submitted for billiter.com, regarding your request,
requires further information to process the support request. In order for us to
investigate this issue, please provide us with the following information to
assist us in processing the support ticket: 

We kindly ask you to specify your request and tell us the purpose of the telnet
connection. 

If we have not received this information within 24 hours we will send you a
reminder. The ticket will be held in “Pending Status” until we receive a reply.
We look forward to assisting you with resolving this issue; if you have any
questions or concerns about the requested information please do not hesitate
to let us know. 

------------------ 

- James Billiter||Pending reply
jim@billiter.comPosted on: 2010-02-05 17:28:05
I responded to your query by e-mail hours ago. It is still broken, and the
problem (issue?) is still in the pending reply state. What goes?

Cordially, Jim Billiter 

------------------
 
- Aplus Support
support@aplus.netPosted on: 2010-02-08 12:31:02
The ticket # 2417161 that was submitted for billiter.com, regarding your request,
requires further information to process the support request. In order for us to
investigate this issue, please provide us with the following information to
assist us in processing the support ticket: 

In order for us to investigate this issue, please provide us with more detailed
description of your issue, your exact steps that trigger experienced issue.
Providing of any clarifying screen shots will be greatly appreciated. 

If we have not received this information within 24 hours we will send you a
reminder. The ticket will be held in “Pending Status” until we receive a reply.
We look forward to assisting you with resolving this issue; if you have any
questions or concerns about the requested information please do not hesitate
to let us know. 
 
------------------

- James Billiter||Pending reply
jim@billiter.comPosted on: 2010-02-08 13:17:10
All that you requested was in my initial ticket four days ago.
The information between the two "---" separators is from a screen shot.

------------------

- Aplus Support
support@aplus.netPosted on: 2010-02-09 21:21:20
The ticket # 2417161 that was submitted for billiter.com, regarding your telnet
connection issue, has returned from our investigation. It has been determined
that telnet connection to your domain works properly and we were able to view
a test.html file, please see connection log bellow: 


:~> telnet billiter.com 80 
Trying 64.29.151.221... 
Connected to billiter.com. 
Escape character is '^]'. 
GET http://billiter.com/test.html 
<html> 
<body> 
<center><font color=red>HElloWorld!!!</font></center> 

</body> 
</html>Connection closed by foreign host. 
:~> 


We have now closed the ticket with regards to this issue. If you do require any
further assistance, please do not hesitate to contact us and we will be glad
continue working with you. 

====================
Trouble ticket transcript ends.

Motorola® SURFBoard® Wireless Cable Modem Gateway
Updated: 3 March 2005
We've used three inexpensive broadband gateways in the last year or so, and the best has been the Motorola SBG900. It is a rich and exacting implementation of many network protocols in hardware and firmware, and its logging features are extensive. It is advertised for use in homes and home offices, but it seems suitable for Internet access serving small to medium sized organizations too.

Given that, I am amazed that its routing function seems to have been deliberately crippled.

The table below shows some tests indicating that the 900 will route packets ONLY if its DHCP server's table contains an entry for the sending host on the local network. I consider this crippling for these reasons: the 900's DHCP server cannot be disabled; traffic from a manually configured host won't be routed until the 900's DHCP server table is somehow populated with an entry for it; this needlessly entangles the very essential OSI layer three routing function with the usually nice-to-have higher layer DHCP functionality. While routing is often constrained by firewalls, NAT port forwarding, blacklisting, and the like, the constraints are configurable by the administrator. In particular, the administrator may choose to turn off some or all constraints. In the 900's case, the routing is constrained by DHCP, which cannot be disabled, even while other features like NAT, port forwarding, and the firewall permit disabling in some fashion.

The other two broadband gateways I used were not crippled in this fashion.

Now I think that the crippling is deliberate because:
a] The 900's gateway status page indicates 'DHCP Server Enabled', and - simple me - this seems to imply that the DHCP server might have some other state, like 'DHCP Server Disabled'. But, there is no way to disable the feature, unlike in the other two implementations.
b] I know quite a bit about DHCP and some about routers. Just from a DHCP perspective, this entanglement with routing seems to be a serious protocol violation. "A host should not act as a DHCP server unless explicitly configured to do so by a system administrator." [RFC 2131, p 2.] Also, "DHCP must coexist with statically configured, non-participating hosts and with existing network protocol implementations." [RFC 2131, p 7.] Like an IP packet routing protocol implementation serving a manually configured host (observation 2 below).

I would like to have a transcript of the meeting in which this bad design decision was made.

The SBG900 firmware under test is version 2.1.7.1a-SCM00-NOSH. Hardware version 2.

The Motorola support folks have told me that the 900's DHCP server may be turned off by disabling NAT. What? Another protocol entanglement with DHCP? I don't intend to investigate this ...hmmm... additional foible. Begging your pardon for a labored automobile analogy, but this is like asking the new car dealer to disable the audible alarm, and being told that it can be done only by permanently removing the doors.

Additional responses from Motorola will be posted here:
----------

DHCP and Router Interaction - SBG900       2/2005 JHB
         
         
DHCP range Router settings Test IP address 900 routes ping? Notes
      (with DNS / wo DNS)  
         
1] 192.168.0.10 - ..25 Fwall off, NAT on ..10 dynamic YES / YES  
         
         
2] 192.168.0.10 - ..25 Fwall off, NAT on ..46 manual NO / NO Ping req timeout,
        but DNS responded
         
3] 192.168.0.10 - ..25 Fwall off, NAT on, ..46 manual NO / NO Can't define ..46 to
  ..46 Static on 900     900 - out of range
         
4] 192.168.0.10 - ..25 Fwall off, NAT on, ..20 manual NO / NO Ping req timeout,
  ..20 not in DHCP tab     but DNS responded
         
5] 192.168.0.10 - ..25 Fwall off, NAT on, ..20 manual YES / YES No DHCP exchange
  ..20 static, inactive     from ..20 to 900
         
6] 192.168.0.10 - ..25 Fwall off, NAT on, ..20 dynamic YES / YES 1 hour static lease!?
  ..20 static, active      
         
DHCP and Router Interaction - SBG900