Story background
The link is provided as point-point fibre between our rack in the comms room in the office and one of our racks in the data centre. Except a very long lead-time (75 days) to get the link installed and BT (as usual in the UK) to do the job physically everything seemed to be fine. BT has put some media converters that on one end take fibre and on the other give us ethernet back. I just can't understand why those are 19″ rack mount if they could be smaller... aaah - I forgot... those have exchangable cards - 10 or 100mbit/sec :-) so they can limit your speed in this way. Anyway it's too expensive for what it does - but as the decisions are made in a totally different way than in Poland, that's fine with me...
Finally we got the line (after over 3 months waiting) - wohaaaa! I've been in the data centre with one of the engineers to see as they do the last installation bits and test the link. The test gave us 10mbit/sec full duplex - as it was in the spec. I've plugged it into our switch behind the firewall and went to the office thinking what to download first to test the link :-)
Problems begin
In the office I got my laptop connected and booom! 0.3mbit/sec downlink 0.2mbit/sec uplink - ehmmm.... Again, another test - 0.4 down, 0.2 up... Something is wrong... Back to the data centre - plug the link to a spare port on a firewall and the link was detected as 10mbit full duplex - the same way as on the switch before... so back to the office. Good to mention - each trip office-data centre-office is minimum 1 hour just to travel (and I'm glad it's only 1 hour!) plus security checks on site, etc - 90 minutes average to re-plug one cable...
Loosing hope
Another test... the same - shit! Pages are trying to open, they time out or just stall forever :-( I thought maybe it's about our firewalls - back to the datacentre... I've put the link on the switch in front of the firewall - just next to the port firewall is pluged in. It means that our traffic to the office is not firewalled any more... and back to the office...
Next test (don't even know which one - I stopped counting them 2 or 3 days ago)... a bit better but very moody - once it gave me 3.2mbit downlink, 0.3 uplink, then 1.2 down 2.2 up - no rules nor any logic in it... damn... Let's eliminate other factors - the next victim of mine was a firewall built on a PC box to terminate the fibre in the office... I've changed it to another PC box with the same software - results were the same :-(
Ok - IPCop didn't handle it... Smoothwall 2.0, Smoothwall 3.0 alpha... Mikrotik I've found on a CF card in my drawer (a gift from my old good friend - luckily he also included the L4 license for it - thanks Pawel)... none of them did the job :-( Something strange...
Boom - handover documents came through 5 days after the link was installed - please sign and send back in 14 days... ehmmm - I'm not signing anything, the link doesn't work with our kit :-(
The breakethrough
Out of ideas... maybe one - go for a pint! Last test I tried to avoid - put laptop straight on a fibre link, without any firewall... Ehmmm... not good :-( Of course I have a firewall software on Windows and Ubuntu which I trust much more, but I'm still not sure if it's a good idea... Maybe I should use some other PC with an OS installed just for that purpose?! Maybe I should just say that the link is not working and request engineers on site? No... I'm too lazy and impatient for that...
Totally naked...
I got my laptop on the link and felt something very very strange... I felt like Adam and Eva - just naked! No firewall! First time for about 7-8 years - very strange feeling. I never felt so helpless... just like a sitting duck during open season!
Suddenly it started working - I got 8.7mbit downlink, 6.2mbit uplink - wow! What was that?! 9.5 down, 9.0 up?! Yes - it's not a dream! So what the hell it is - why it does work this way and doesn't any other? Never mind - will think about it later - get me off the net now!
Summary
I think I know how Adam and Eva had to feel - just naked. I felt the same - I left my safe place behind the firewall after so many years behind it... and didn't feel good about it. As soon as I could I got back behind a firewall - a separate hardware firewall!
Sometimes I think how does Adam and Eva feel now and where they are... Well - I can just guess but I think they are hiding themself somewhere behind the firewall...
The greatest sin of the internet - connect yourself without a firewall! Be damned!
Solution to this problem will be presented another day... and believe me - it's very simple... so simple I forgot about it :-(
Leave a comment