Had me a bit of an experience at work the other day, and I thought ‘d commit it to disk here so that others possibly trawling teh InterTubes looking for answers to a similar problem might come across my words and derive some edification therefrom.
Last week I took it upon myself to build a Virtual Machine server for our office. We have more than a few folks—myself included—who need to be able to tie into our office system from home or abroad. For lots of applications, VPN works just fine. However, when it comes to running our order-fulfillment software, a VPN tunnel just won’t cut it. You can’t run a piece of ‘ware that is at its heart a database-hashing program over a cable or DSL Internet connection, with the database itself on one side of a long string of hops and the client on the other. Not unless you want to take a time-out to go make a sandwich between every minor step in the process. No, for this sort of thing, Remote Desktop is the way to go; you fire up a VPN tunnel, launch the remote desktop client, and you can connect to and control a PC at work as though you were right there in the building. It’s like you never left work at all! 🙄
Thing is, in this age of 500-dollar supercomputers, it doesn’t make sense to build and maintain five extra computers just for people to hook into from home. Not when you can build one computer and have it host five virtual machines instead.
When I started this project I originally planned to run the beast using Citrix’s free XenServer, which is an operating system and virtual server package for 64-bit computers all rolled into one. But since everything in our whole damned office runs on Microsoft software, sticking with the more plain-Jane but also free Microsoft Virtual PC, running on a Windows OS. Likely not as fast, definitely not as exhilarating, but at least I’m fully familiar with all the components, and am not likely to run into any surprises.
Remember that last line, would you? That’s what we writer types like to call “foreshadowing”.
So I toodled on down to my favorite local computer store and picked up a nice spirghtly motherboard and processor, four 2-gigabyte sticks of RAM, and a hard drive to stuff into a spare server case I had sitting around. My first choice for an operating system was Windows XP Pro x64 because it can handle the 8 gigabytes of RAM (32-bit XP can only recognize 4 gigs), but they no longer carry the 64-bit version, having fairly little call for it. The closest thing they had was Windows Vista Business x64. I’d worked with Vista a bit in the last 6 months or so and had found it to be not entirely horrifying, so I figured I’d give Vista Business a try. It was that or waylay the whole project by at least 24 hours.
The install went off without a hitch—Microsoft has really improved the setup process over the days of XP—and a number of hours later I had a fully-functional Vista computer running three (to start) independant Windows XP virtual workstations. All that remained was to slot it into place in our server rack at work and fire it up.
Recall that word I told you to remember earlier….?
Connecting the computer to our domain controller went like butter. Everything was fine….for about five minutes. I had to reboot the machine after joining the domain, and shortly after coming back up, the activity lights on our switches were flashing almost solid yellow. Some piece of network equipment was shrieking volumes of unintelligible gobbledygook into our network, causing all other network conversations—like the ones between all of our clients and our servers—to fail to be heard. Of course, I had a pretty good idea what piece of equipment was responsible, and pulled the Ethernet jacks out of the network ports on the back of the new computer.
The shrieking did not go away.
Frantically, I and David the network guru searched for the source of the problem, or at least the other half, since the incident was almost certainly initiated by the new VM server even if it were no longer capable of perpetuating it. It was David who thought to try taking down the cheap civilian router that manages our guest wireless connections (it’s a little surprising how many network crises can be solved, at least temporarily, by removing one router in a dual-router environment) and the feces-fusillade ground to a halt. Keep the router off and everything was fine, even with the new computer wired into the network. Plug the router back in and everything went to Sheol in a satchel, even if you then removed the computer from the network.
We looked at the usual suspects in multi-router setups: no multiple DHCP servers, no weird NAT traversals, etc. Nothing seemed to be out of place. However, while poring over the router’s settings, I noticed that UPnP was enabled. I disabled it, and voila, the problem disappeared.
Universal Plug and Play is supposed to help various network devices, including computers, talk to and work with each other. In my limited experience, UPnP does little more than help network devices to fail faster and more spectacularly than they would be able to otherwise. You are reading my newest case in point.
Like other pipe dreams of zero-config, UPnP generates a lot of “chatter”, conversations of varying levels of usefulness between two or more devices on the network. In my case above, that conversation took place between our new Vista Business workstation and the guest wireless router, and would seem to have gone something like, “Hey any UPnP devices out there Yeah I’m a UPnP device how about you Yes in fact I am a UPnP device but what about you Oh you betcha I’m a UPnP device and how about yourself Oh indeedy I’m a UPnP device are you Oh hellzyeahI’maUPnPdeviceareyouYesIambutareyouYourFucking-AIamandhowaboutyouaaaaaaaaAAAAAAHHHHHHHHHH….” On and on, growing ever more frenetic, until the two devices were for all intents and purposes executing a Denial of Service attack against our network.
It’s like a TCP/IP version of those pointless, crazy-making round-robin conversations that take place between every dog in a given municipality on many a summer night: “Hey I’m a dog are you a dog Yeah I’m a dog are you a dog Yeah I’m a dog what about you over there are you a dog Yeah I’m a dog what about you three over there are you dogs Yeahwethreearedogsareyou twentyeightovertheredogsYEAHWE’REALLDOGS—“
Turns out there’s a reason why this technology is often referred to as “Plug and Pray”. Though “Plug and Scream Obscenities While Clawing Your Eyes Out of Your Skull to Relieve the Pressure of Your Exploding Neocortex” would also apply.