We are renting a Windows root server at Serverloft. Recently, when the server restarted after installing regular Microsoft updates, it restarted properly, but couldn't be accessed anymore, and a Linux server was answering instead!
After convincing the hotline that this was not our mistake (which took some time), they found out that some other server in the same subnet somehow (they didn't explain how) "stole" the public IP of our server (or rather "took precedence").
They disconnected the "thief", and for a short period of time we could see our server again. Then, without restart, it happened again! After another hour or so our server was back.
Question: does this make sense (we are simple developers who don't really know)? And is it possible to prevent such a scenario? Or can anyone in a typical hosting environment simply "steal" another IP, provided s/he knows how to do this?
Static ARP entries in the ARP cache of the switches would help
Ask Serverloft how are configured their switches, and if something like this is scheduled.
edit:
Static arp entries in the switches would not prevent someone to "steal" the IP address if it's wanted (as MAC address can be changed), but it would prevent from beeing accidental.
The other solution I see to prevent IP stealing would be to implement 802.1x on the switches, like with wifi.
802.1x on the switch is port-based authentication. Wikipedia has a good article describing how a host talks to the switch using EAP, and the switch talks to a Radius server.
In the radius server can be set attributes for an host, and would set the client IP address in the mac address table of the switch once authenticated (eg. like a radius does w/ a LNS server).
It's not possible to prevent IP conflicts at the server. I suspect you are at a provider that allows root or admin access to the servers (that or an incompetant managed provider). Once is a mistake, twice is unacceptable. At an ISP that does base configuration for you and manages the servers for you this doesn't happen. I would suggest changing providers. My personal suggestion is orcsweb. The most likly reason this is happening is because linux does not repond or generate gratuitous ARP requests, to help prevent IP conflicts.
Am I missing something here? Or is everybody missing the fact that it seems you are assigning dynamic addresses (with DHCP) to servers?
In general, servers should be assigned static addresses so that situations like this don't occur.
It also helps to ensure that a server doesn't get a new address on restart, seemingly making the server disappear.
There is nothing you can do to prevent a system admin from assigning a static IP address to system that may conflict with your own. And if that machine happens to be in the same vlan as your own box then they will come into conflict (just ask a network guy who has had a user assign their machine the same IP address as the router how much fun that is).
This sounds like user error on the part of another system admin. If you are using dynamic assignments (DHCP) then permanent leases or reservations can make this less likely to happen. Your hosting provider could also implement smaller subnets or private vlans to make this less likely to happen.
Short Answer: Change the MAC address of the machine.
Possible Explanation:
One possible scenario is when the machines are "Virtual Machines" under VMware or Hyper-V. What people usually do is that they create a Reference machine and clone it as and when people request it. So, typically all hardware settings are copied to the 'cloned' machine too.
If we go to the basics, the IP is assigned to a NIC, and the DHCP Server assigns IP's to NIC's.. and NIC's are identified by their MAC addresses..