Hi Rob, > Eric, > > > -I can ping other hosts. Just not hosts on the network in question.
Strange... Do you have a drawing of the network and how the LEAF router fits in? I guess you use NAT? > -I'm not sure what you mean by 'status of the interfaces'. They are up > because I'm ssh'd into the box. > Ok, that's what I meant. I didn't know if you where using a console or sshd. > I ping by ip address. > Ok, so no DNS issue... My best guess would be connection tracking limit. > > Rob > Eric > > -----Original Message----- > From: Eric Spakman [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 31, 2006 3:43 AM > To: Rob Ogle > Cc: [email protected] > Subject: Re: [leaf-user] What to do next time > > > Hi Rob, > > > That's indeed weird, especially because the issue seems to resolve by > itself. > > Some things to check: > -Can you ping other hosts when this issue happens? > -What is the status of the interfaces when it happens? > -Maybe the amount of connections tracked hit a limit, you can tune this in > /etc/sysctl.conf: > > > # Set the ip_conntrack limit > #net.ipv4.netfilter.ip_conntrack_max=65000 > > > There is some documentation about this in the guides, but unfortuanatly I > can only find the raw XML document: > http://leaf.cvs.sourceforge.net/leaf/doc/guide/user-bering-uclibc/bucu-co > nnt rack.xml?view=markup > > -Do you ping by name or ip-address? > > > Eric > > >> I've been having a weird situation occur sporadically. The monitors at >> my office will show customers as unpingable. >> >> When they are not pingable, we tracert it to see the point of failure. >> The >> issue usually shows in the next hop outside my T1 provider. >> >> Usually by the time I can check it the issue has resolved itself. My >> T1 provider says there are no issues. >> >> >> Tonight I caught the issue as it happened. I could not ping certain >> customers from my office, but I was able to ping them from my home via >> charter cable. >> >> After working with the T1 provider, it looks like it was my leaf box! >> (??) >> >> >> >> While telnet'd into the T1 router (adtran), the T1 tech could ping the >> ip's in question. After I booted the firewall, I was able to get to them >> as well. >> >> >> I checked dmesg, shorewall.log and messages. I saw nothing that stuck >> out. I tried an arp -a. It took approximately 45 seconds to respond with >> the info for the T1 router on eth0. >> >> So...if I catch this again, what should I check next? >> >> >> >> >> ---------------------------------------------------------------------- >> --- Using Tomcat but need to do more? Need to support web services, >> security? Get stuff done quickly with pre-integrated technology to make >> your job easier Download IBM WebSphere Application Server v.1.0.1 based >> on Apache Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=1216 >> 42 >> ---------------------------------------------------------------------- >> -- leaf-user mailing list: [email protected] >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- http://leaf-project.org/ >> >> >> > > > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
