On Thu, Feb 01, 2007 at 05:25:05PM -0800, Jonathan Whiteman wrote:
> Greetings.
>
> Is there a commonly known cause of *return* TCP/IP traffic
> to reach but be dropped rather than passed back across a
> bridge (ala bridgename.bridge0) but... get this... only on
> the first try?
>
> I'd like to get into a detailed explanation of the network
> topology I'm working with here but I don't want to scare off
> anyone by opening with a 3 page email.
>
> The bridge seems to work fine for everything except every
> 24 hours or so (may be less... like say 2-8 hours actually?)
> individual clients trying to access services on a *certain*
> cluster of servers on the other side of the bridge has to
> either first ping the server (which always works) or
> else just accept that their first connection attempt WILL
> time out but the second one WILL succeed.
>
> Obvious issues like the server machines or even just their
> network devices going to sleep because of misconfigured
> power management has already been excluded as a possiblity
> because tcpdumping on both devices in the bridge clearly
> shows missing return traffic only being passed back to the
> other device AFTER the first attempt.
>
> Anyway, any advice is greatly appreciated.
While OpenBSD doesn't do that, ISTR some other VPN implementations
offering to open tunnels 'on demand' (and, presumably, close them when
not needed). Could this be involved in this case?
Still, I don't know why that would only be a problem one way, but if
this seems to depend on the tunnel in use, something like this might
be the case.
Joachim
