Strange Network Behaviour- Revisted

Firstly, thanks to Bit Twister for the suggestions made in reply to my
original post, they've been very helpful.

Here's an overview of what's happening.

LAN -> switch-> linux gateway/router -> DMZ -> ADSL2-modem/router

Hosts on the lan sometimes cannot see the gateway and beyond.

I've set up two linux hosts on the lan to ping around every 5 seconds.
I've done the same in the dmz. The ping errors clearly point to the
gateway machine on the lan side.

Very intermittently, the gateway won't return a ping to the either of the
lan hosts. I've also been pinging from the gateway itself, to the lan.
Pings from the gateway to its own lan interface are okay, but not to hosts
on the lan. Pings between other hosts on the lan are fine. So I've
narrowed the problem down to between the gateway interface and the lan.

The problem would appear to be either the gateway pc, the switch between
the gateway and the lan, or the cable between the switch and the gateway.
The thing is, I've replaced all three and still have the problem.

So I'm starting to wonder if either the switch or the gateway can't handle
the bandwidth?

There's probably at most only six or seven hosts on the lan that would
access the internet or the mail server in the dmz. The gateway is a
pretty old pc, somewhere around 300MHz. The switch is a standard 10/100
24 port, but all the outside world traffic does go through the one port to
the gateway. I wouldn't have thought there would be a problem though.

I'm running out of ideas, thanks for any suggestions.

Dan

On Thu, 04 May 2006 17:08:30 +0800, Dan N wrote:
> Here's an overview of what's happening.
>
> LAN -> switch-> linux gateway/router -> DMZ -> ADSL2-modem/router
>
> Hosts on the lan sometimes cannot see the gateway and beyond.
>
> I've set up two linux hosts on the lan to ping around every 5 seconds.
> I've done the same in the dmz. The ping errors clearly point to the
> gateway machine on the lan side.
>
> Very intermittently, the gateway won't return a ping to the either of the
> lan hosts. I've also been pinging from the gateway itself, to the lan.
> Pings from the gateway to its own lan interface are okay, but not to hosts
> on the lan. Pings between other hosts on the lan are fine. So I've
> narrowed the problem down to between the gateway interface and the lan.
>
> The problem would appear to be either the gateway pc, the switch between
> the gateway and the lan, or the cable between the switch and the gateway.
> The thing is, I've replaced all three and still have the problem.

If you do a /ifconfig lan_ethX_here/ you would see fault counts climb if
you have a gateway hardware problem (nic/cable for instance.)

> So I'm starting to wonder if either the switch or the gateway can't handle
> the bandwidth?

Two methods come to mind. Use crossover cable to rule out switch
and/or swap gateway box with fast lan box.

You might consider buying a crossover cable. It is useful for testing a
suspect system against a working system or when you do not wish to connect a
friends system to your lan but want to see what is comming from it.

Use crossover to hook a fast system to the gateway nic, create a script
which loops doing a ping -c 1 gateway_ip_addy_here and test for ping failure.

On the gateway the script pings the fast ip address.

On the fast box, you start running more and more scripts pinging the
gateway ip addy.

Once you have a feel for gateway max load, you remove the loopback cable,
insert the switch, and see if you can get back to the same load.

If you get the same results, add a system and see if scripts start
failing. I would expect some initial fails, maybe, but not sustained
unless a new system is hogging the connection to the internet for no reason.
Remember, Windows and/or AV software maybe call home for updates.

When you get two more system on the switch and load is
stable, make the two new system chat (ftp/pings) at each other to see
if extra work in the switch causes test load to start faililng.
It should not cause ping failures.

> There's probably at most only six or seven hosts on the lan that would
> access the internet or the mail server in the dmz. The gateway is a
> pretty old pc, somewhere around 300MHz. The switch is a standard 10/100
> 24 port, but all the outside world traffic does go through the one port to
> the gateway. I wouldn't have thought there would be a problem though.

For normal operation, I would have assumed the bottle neck of you
internet connection speed would cause all pcs to be idling waiting for
response back from web pages, mail servers, dns lookups,.....

Just for fun, you can change the test load script from using ip addresses
to using node names to see if dns affects total load.

On Thu, 04 May 2006 07:07:49 -0500, Bit Twister wrote:

> If you do a /ifconfig lan_ethX_here/ you would see fault counts climb if
> you have a gateway hardware problem (nic/cable for instance.)

I did that, everything looks fine.
>
> On the fast box, you start running more and more scripts pinging the
> gateway ip addy.
>
> Once you have a feel for gateway max load, you remove the loopback cable,
> insert the switch, and see if you can get back to the same load.

I would have thought it would take a lot of scripts running to start
causing failures. Care to hazard a guess as to how many?

> For normal operation, I would have assumed the bottle neck of you internet
> connection speed would cause all pcs to be idling waiting for response
> back from web pages, mail servers, dns lookups,.....

I would have thought so too, although it is adsl-2. There's a bit of
traffic to the mail server in the dmz as well.

Thanks for your suggestions.

Dan

On Thu, 04 May 2006 21:20:30 +0800, Dan N wrote:
> On Thu, 04 May 2006 07:07:49 -0500, Bit Twister wrote:
>
>> If you do a /ifconfig lan_ethX_here/ you would see fault counts climb if
>> you have a gateway hardware problem (nic/cable for instance.)
>
> I did that, everything looks fine.

So that rules out nic and cables.

>
> I would have thought it would take a lot of scripts running to start
> causing failures.

<grinn> yup.

> Care to hazard a guess as to how many?

Nope, you create another scipt with a _loop_ calling the ping script.

That way you can spin up a bunch pretty quick. Code with a command
argument and you can do bumps of whatever you like.
Here is a quick untested kludge called, say, loop_it

#*****************************
if [ $# -eq 0 ] ; then
_cnt=100
else
_cnt=$1
fi

while [ x -lt $_count ] ; do
$HOME/ping_fn_here
x=$(( $x + 1))
done
#*****************************

../loop_it
../loop_it 20
../loop_it 5


>
>> For normal operation, I would have assumed the bottle neck of you internet
>> connection speed would cause all pcs to be idling waiting for response
>> back from web pages, mail servers, dns lookups,.....
>
> I would have thought so too, although it is adsl-2. There's a bit of
> traffic to the mail server in the dmz as well.

Hmmm, why would there be a lot of mail from the lan to the dmz.

Bit Twister wrote:
> >> For normal operation, I would have assumed the bottle neck of you internet
> >> connection speed would cause all pcs to be idling waiting for response
> >> back from web pages, mail servers, dns lookups,.....
> >
> > I would have thought so too, although it is adsl-2. There's a bit of
> > traffic to the mail server in the dmz as well.
>
> Hmmm, why would there be a lot of mail from the lan to the dmz.

Hi Bit Twister and Dan N;
just thought you should be aware of some "possible" other pertinent
info, that may help you guys diagnose the issue concerning Dan N's
problems (perhaps BT (and others) are already aware);

see in c.o.l.n;
http://tinyurl.com/h5fkh (direct google groups link)
or
MessageID : (E-Mail Removed)ldomain

apologies if my info in that thread was not useful in any way...and I
sincerely hope you get all the kinks worked out. I'm just hanging back
and learning from the pros.

btw - i had to drop the c.o.l entry in the [TO:] header in this
"multi-newsgroup" posting, because google stinks.

Regards

On 6 May 2006 14:53:04 -0700, iforone wrote:
> Hi Bit Twister and Dan N;
> just thought you should be aware of some "possible" other pertinent
> info, that may help you guys diagnose the issue concerning Dan N's
> problems (perhaps BT (and others) are already aware);
>
> see in c.o.l.n;
> http://tinyurl.com/h5fkh (direct google groups link)
> or
> MessageID : (E-Mail Removed)ldomain
>
> apologies if my info in that thread was not useful in any way...and I

If so it would help, not hinder.
That would free up packet band width when Windows gives up.

Dan has indicated the linux lan box looses ping packets on and off
between it and the gateway with no pattern seen so far.

I hope Dan comes back with the solution.

Bit Twister wrote:
> On 6 May 2006 14:53:04 -0700, iforone wrote:
> > see in c.o.l.n;
> > http://tinyurl.com/h5fkh (direct google groups link)
> > or
> > MessageID : (E-Mail Removed)ldomain
> >
> > apologies if my info in that thread was not useful in any way...and I
>
> If so it would help, not hinder.
> That would free up packet band width when Windows gives up.
>
> Dan has indicated the linux lan box looses ping packets on and off
> between it and the gateway with no pattern seen so far.
>
> I hope Dan comes back with the solution.

....and well as do I

Thanks for the small vote of confidence :-)

Btw - I've had some funky issues too (I'm thinking DHCP (perhaps
NetBIOS) related as well), using this very simple setup;
LAN (1 PC) --> Router (4port) --> CableModem (OutsideWorld).

The reason I even mention it, is because it seems somewhat MS (and
DHCP) related too.

The 1 PC is DualBoot (win98 (/hda) + Debian Sarge(/hdc))...and after
being on Debian for a few days and then rebooting (or even booting into
98 from a cold shutdown on Debian), and then booting into 98, I end up
with that ridiculous 168.xxx.xxx.xxx (mDNS) configuration on my one and
only NIC. A simple [ipconfig /release /renew] does no good at all. I've
had completely disabled NetBIOS, for years (via binding TCP/IP to
NetBEUI instead of NetBIOS, as per www.grc.com (steve gibson)
instructions). This way, those evil ports 135-139 (NetBIOS related) are
obliviated. (<---is that even a word? ...lol).

It's happened in the past as well, and I blame it on MS - and while I
forget how I resolved the issue last time, this recent time, I ended up
removing components from MS's Network Applet (VPN Adapter, Dialup
Adapters, and related clients, since each then ends up with it's own
TCP/IP config entry as well). I haven't had to use those components so
I removed them, though in order for my winmodem to work (for Fax), I'll
need at some point to reinstall the DUN adapter.

I know NetBIOS (over TCP/IP) is different under 2K/XP/2K3 than it is
under 9x OSes, but I'm set on eventually using only static IPs from now
on nonetheless....(this problem recently occured, and I forgot the
appropriate DNS entries (from ISP) to add into my Router's Config, so I
left it (my NIC) as DHCP for now only - as assigned to via the Router).
I don't trust any of it (MS networking components). BTW - I've never
used any WINS for resolving and am not using HOSTS, nor LMHOSTS files
(though have used HOSTS in the not so distant past for blocking
ad-laden sites only when in 98)...it was/is strictly DHCP from my
router, and still is. Debian does NOT seem to ever lose it's settings
(DHCP also; using 'lo' and 'eth0' as /etc/network/interfaces defines).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

I'll refrain from further input about that unless requested.
All in all, my point was I think Static IPs should be used/considered,
especially when there are MS nodes about.

iforone wrote:
> ...A simple [ipconfig /release /renew] does no good at all. I've
> had completely disabled NetBIOS, for years (via binding TCP/IP to
> NetBEUI instead of NetBIOS, as per www.grc.com (steve gibson)
> instructions).....

Just to clarify - I said that wrong...I mean via binding either Client
for MS Networks, Windows Family Logon, File and Print sharing to
NetBEUI (which is a non-routable protocol)...explained much better
here;
http://www.grc.com/su-bondage.htm
and the following page....there's a graphic showing the connections
explicitly