What is a WAN <PPP/SLIP> Interface?

windows domain-name-system vpn wide-area-network
7,547

Solution 1

It sounds like you're saying that it replied from an NDISWANIP interface. That's the virtual interface that the Routing and Remote Access Service (RRAS) uses. You're "seeing" it there because you've got RRAS enabled. It's there to support the function of RRAS, and it will respond to PINGs, etc, because, to the server computer, it's a network interface (albeit virtual). Its IP address is registered under the same name as the server computer itself, so round-robin DNS load balancing will return its IP address, instead of the static IP assigned to the server computer's physical NIC, some fraction of the time.

If you want to prevent the RRAS server from registering the NDISWANIP interface's IP address in DNS, have a look here: http://support.microsoft.com/kb/292822 Generally, I disable the DNS registration for the NDISWANIP interface on domain controller computers that are hosting RRAS.

The answer from Kip about SLIP is right. PPP is used for more than serial-line networking, though. PPP is a generalized protocol that can be used on any media. If you've ever used a DSL line, you've probably used PPP over Ethernet (PPPoE), which is an example of an application of PPP.

Solution 2

That's permitted by the RFCs that define the IP protocol. Actually, to be more specific, it is permitted because it isn't expressly disallowed by RFC 792 (http://www.faqs.org/rfcs/rfc792.html).

Some kernel developers, when writing TCP/IP implementations, have just plain found it easier to write the code that generates ICMP reply packets such that the source address (of the reply packet) is the most convenient IP address laying around (usually the first interface, or the first interface to be configured).

Most people notice this the first time when using traceroute. Traceroute replies tend to come from the "nearest" interface, as one would expect. However, since traceroute is based on ICMP "ttl exceeded" errors, those packets can come from any IP address on the system.

I'm not saying that kernel developers are lazy, I'm saying that this kind of code is non-trivial. Figuring out which interface is "nearest" is actually rather difficult in many TCP/IP implementations because what interface a packet entered the system is not recorded. Carrying that information from cradle to grave just so that traceroute looks pretty is a waste.

Most people are not aware of this because (1) most hosts only have 1 IP address, or (2) many vendors have carefully crafted their TCP/IP implementation to go the extra step of making sure ICMP errors come from the IP address that a human would expect. Cisco was the first to do this and since they are so large anyone that doesn't do this is assumed to have written buggy code. (I worked at a vendor that made a router and, after getting tired of telling customer after customer "it isn't a bug, look at the RFC!" just gave up and implemented it to be "like Cisco" so they didn't have to keep explaining it to customers).

For ping, RFC 792 is pretty clear that the reply should come from the IP address that received the packet. The reason MS might not do that is that you have passed through some kind of NAT, or their alias mechanism is so light weight that the actual IP address the packet was sent to gets thrown away by one layer and by the time it gets to the ICMP (ping) processing there is no other logical thing to do.

If this is causing a problem, ping the other IP address.

Share:
7,547

Related videos on Youtube

stead1984
Author by

stead1984

I've been a member of serverfault since 2008(ish) when I started as a Network Manager role for a small pharmaceutical company. After 3+ years as a network manager, I accepted a role of Deskside Support for a large rail infrastructure business. While the role was perhaps a backwards step technically, it would provide me with the exposure to large networks and a more promising career path. As of last year my company has been acquired by Siemens, which resulted in a nearly 2 year IT integration project. I'm currently employed as an Infrastructure Support Engineer for Siemens. This role involves support of Sun Solaris 10, I have a little knowledge of Unix/Linux gained from training courses. Serverfault has always been an incredibly useful tool for me during the years and if those answers that are not applicable are always enlightening and will continue to prove it's value to me as this role develops.

Updated on September 17, 2022

Comments

  • stead1984
    stead1984 over 1 year

    My colleague recently pinged our DC and instead of replying from it's static IP it replied from it's WAN Interface. I think it has something to do with the VPN connections we allow which we setup through Routing and Remote Access. The interface also has a DNS entry and it's in the same range as it's static IP.

    Any idea's as to what it is, what it does, and why my colleague got a response from it rather than the static IP set?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

DNS resolution failing over to secondary DNS - why?
"Primary" DNS when there are multiple network connections
c# open cmd.exe process and Execute multiple commands
How to Save Password in rasdial?
Cannot mount a CIFS network share over VPN
How to determine my actual external IP address through the windows command line while on a VPN
FortiClient SSL VPN: Failed to start SSLVPN tunnel client
Allow incoming remote desktop connection when connected to VPN
How to share outside your network
A connection to the remote access server was not made because the modem was not found