Re: [Nagios-users] [OT] Network help?
Hi, sounds like classic MTU issues to me. Path MTU discovery is broken due to firewalls blocking ICMP and the VPN overhead is introduced, things break in very strange ways. Take one of the windows machines while connected to the non-working network and lower it's MTU, reload and test again: http://www.pctools.com/guides/registry/detail/280/ You can also try this theory out by varying the size of the ping packet you test with. See if your ping breaks at a certain MTU. Get some wireshark packet captures of a session too, this may point you in the right direction. -Robin On 5/8/09 6:38 PM, "Israel Brewster" wrote: On May 8, 2009, at 1:40 PM, Jim Avery wrote: > 2009/5/8 Israel Brewster : >> I apologize for the off-topic post, but I figure the people here tend >> to be involved with networking, so perhaps someone can direct me to >> the right place to post a question about some networking problems I >> am >> having. Any suggestions? > > If it's social-networking problems, I recommend maybe facebook.com! > > Seriously though, it depends. If it's to do with Linux you could seek > out your local LUG, but why not just say what the problem is here, you > never know ... someone might find a solution to your problem AND > explain how Nagios can help you to check how effective their answer to > it was! Nope, not social, although if I don't get it fixed soon (or find another solution) it might become a social problem :-) I didn't post it here because I thought some might get annoyed with me cluttering the list with non-nagios problems, but here goes. Thanks to a recent company acquisition made by my company (Frontier Flying), we are now dealing with two separate networks (they will eventually be combined, but that's a ways off still). The company we bought (Era aviation) uses a piece of software called Sabre for their flight reservations, which contacts a central server to which their network has a direct connection. The Sabre server itself is on a third network, but there are a couple of routers that link the two (Sabre and Era) across a private network, so asside from a couple of routing and NAT statements they are effectively on the same network. In order to be able to run Sabre on our network, we established a VPN tunnel between our network and Era's. As far as I can tell, the VPN is functioning. I can ping computers on the Era network, including the Sabre server, and can access and control various computers on the Era network. For initial testing purposes we installed the sabre software (windows only) inside a parallels installation on one of our Mac laptops. This worked perfectly. So far so good. Until we tried installing the software on one of our Windows desktops. Then the problems started. The Sabre software would make the initial connection and log in the user, but when it tried to download the initial info it needs, it just timed out. Every time. Meanwhile, the laptop, which was connected through the same dumb switch, continued to work perfectly. Every time. We took the Windows machine off our network and put it on Era's (different location, obviously) and it started working. Put it back on ours, timeout. Since then we have tried installing Sabre on a number of different computers on our network. A second Mac laptop running parallels works fine, while a mac desktop with an identical install of parallels doesn't. We have managed get one Windows machine running the software on our network, while a stack of four windows machines that Era sent us which had been working on their network just fine don't work. On one hand it seems impossible that it could be an issue with the network, because you would expect that to affect all computers equally, not the hit-and miss (but mostly miss) scenario that we are facing. On the other hand, it can't be a problem with the individual computer, because the same computer with the exact same configuration (including network settings - DHCP) works fine on the Era network, but stops working when moved to ours. We thought maybe it was a DNS problem (since obviously DHCP on our network would give different DNS servers than DHCP on Era's network), so we tried putting the Era DNS servers in statically, but while it worked as far as DNS went (we still got name resolution) that didn't help with Sabre. We are going bald here tearing our hair out trying to figure out what could be causing this issue. Sabre technical support is no help - they just say it's our problem. Management is coming down on us pretty hard to get something working here, so any help anyone can provide would be GREATLY appreciated :-). Let me know if I left out any relevant details or testing we performed! --- Israel Brewster Computer Support Technician II Frontier Flying Service Inc. 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x293 --- -
Re: [Nagios-users] [OT] Network help?
On Fri, May 8, 2009 at 11:38 PM, Israel Brewster wrote: > On May 8, 2009, at 1:40 PM, Jim Avery wrote: > >> 2009/5/8 Israel Brewster : >>> I apologize for the off-topic post, but I figure the people here tend >>> to be involved with networking, so perhaps someone can direct me to >>> the right place to post a question about some networking problems I >>> am >>> having. Any suggestions? >> >> If it's social-networking problems, I recommend maybe facebook.com! >> >> Seriously though, it depends. If it's to do with Linux you could seek >> out your local LUG, but why not just say what the problem is here, you >> never know ... someone might find a solution to your problem AND >> explain how Nagios can help you to check how effective their answer to >> it was! > > Nope, not social, although if I don't get it fixed soon (or find > another solution) it might become a social problem :-) I didn't post > it here because I thought some might get annoyed with me cluttering > the list with non-nagios problems, but here goes. > > Thanks to a recent company acquisition made by my company (Frontier > Flying), we are now dealing with two separate networks (they will > eventually be combined, but that's a ways off still). The company we > bought (Era aviation) uses a piece of software called Sabre for their > flight reservations, which contacts a central server to which their > network has a direct connection. The Sabre server itself is on a third > network, but there are a couple of routers that link the two (Sabre > and Era) across a private network, so asside from a couple of routing > and NAT statements they are effectively on the same network. > > In order to be able to run Sabre on our network, we established a VPN > tunnel between our network and Era's. As far as I can tell, the VPN is > functioning. I can ping computers on the Era network, including the > Sabre server, and can access and control various computers on the Era > network. For initial testing purposes we installed the sabre software > (windows only) inside a parallels installation on one of our Mac > laptops. This worked perfectly. So far so good. Until we tried > installing the software on one of our Windows desktops. Then the > problems started. The Sabre software would make the initial connection > and log in the user, but when it tried to download the initial info it > needs, it just timed out. Every time. Meanwhile, the laptop, which was > connected through the same dumb switch, continued to work perfectly. > Every time. We took the Windows machine off our network and put it on > Era's (different location, obviously) and it started working. Put it > back on ours, timeout. > > Since then we have tried installing Sabre on a number of different > computers on our network. A second Mac laptop running parallels works > fine, while a mac desktop with an identical install of parallels > doesn't. We have managed get one Windows machine running the software > on our network, while a stack of four windows machines that Era sent > us which had been working on their network just fine don't work. > > On one hand it seems impossible that it could be an issue with the > network, because you would expect that to affect all computers > equally, not the hit-and miss (but mostly miss) scenario that we are > facing. On the other hand, it can't be a problem with the individual > computer, because the same computer with the exact same configuration > (including network settings - DHCP) works fine on the Era network, but > stops working when moved to ours. We thought maybe it was a DNS > problem (since obviously DHCP on our network would give different DNS > servers than DHCP on Era's network), so we tried putting the Era DNS > servers in statically, but while it worked as far as DNS went (we > still got name resolution) that didn't help with Sabre. > > We are going bald here tearing our hair out trying to figure out what > could be causing this issue. Sabre technical support is no help - they > just say it's our problem. Management is coming down on us pretty hard > to get something working here, so any help anyone can provide would be > GREATLY appreciated :-). Let me know if I left out any relevant > details or testing we performed! > > --- > Israel Brewster > Computer Support Technician II > Frontier Flying Service Inc. > 5245 Airport Industrial Rd > Fairbanks, AK 99709 > (907) 450-7250 x293 > --- Hi Israel, You do have a weird problem. It's difficult to give any hints -- it seems you should try to solve this as methodically as possible, e.g. with root cause analysis or some other troubleshooting method. At least, try to record what is working and what is not working in some kind of matrix. Maybe some trend comes out. For example, you mention that Sabre works inside a VM on Mac; how about in a VM on Windows? Maybe some network sniffing could be useful also. What TCP/UDP ports
Re: [Nagios-users] [OT] Network help?
2009/5/8 Israel Brewster : > We are going bald here tearing our hair out trying to figure out what could > be causing this issue. Sabre technical support is no help - they just say > it's our problem. Management is coming down on us pretty hard to get > something working here, so any help anyone can provide would be GREATLY > appreciated :-). Let me know if I left out any relevant details or testing > we performed! You have my every sympathy. That kind of network problem can be a right pain to solve. I had a similar problem with a VPN from home to work a while ago. After lots of googling I found the home router I was using had some problem with packet reassembly (whatever that is) which was fixed by upgrading to the latest firmware. It was a bit strange because when I wasn't using the VPN to work (just using normal internet) the router seemed to work flawlessly. It was only when I was connected to the work network over SecuRemote that the problem reared its ugly head. Once I'd upgraded the firmware, it was fine ... ... then I replaced the router with a wireless one from a different manufacturer and even when I connected wired the problem was back again! Served me right for buying a cheapo one. Not sure if that will help you at all though :-( Jim -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] [OT] Network help?
On May 8, 2009, at 1:40 PM, Jim Avery wrote: > 2009/5/8 Israel Brewster : >> I apologize for the off-topic post, but I figure the people here tend >> to be involved with networking, so perhaps someone can direct me to >> the right place to post a question about some networking problems I >> am >> having. Any suggestions? > > If it's social-networking problems, I recommend maybe facebook.com! > > Seriously though, it depends. If it's to do with Linux you could seek > out your local LUG, but why not just say what the problem is here, you > never know ... someone might find a solution to your problem AND > explain how Nagios can help you to check how effective their answer to > it was! Nope, not social, although if I don't get it fixed soon (or find another solution) it might become a social problem :-) I didn't post it here because I thought some might get annoyed with me cluttering the list with non-nagios problems, but here goes. Thanks to a recent company acquisition made by my company (Frontier Flying), we are now dealing with two separate networks (they will eventually be combined, but that's a ways off still). The company we bought (Era aviation) uses a piece of software called Sabre for their flight reservations, which contacts a central server to which their network has a direct connection. The Sabre server itself is on a third network, but there are a couple of routers that link the two (Sabre and Era) across a private network, so asside from a couple of routing and NAT statements they are effectively on the same network. In order to be able to run Sabre on our network, we established a VPN tunnel between our network and Era's. As far as I can tell, the VPN is functioning. I can ping computers on the Era network, including the Sabre server, and can access and control various computers on the Era network. For initial testing purposes we installed the sabre software (windows only) inside a parallels installation on one of our Mac laptops. This worked perfectly. So far so good. Until we tried installing the software on one of our Windows desktops. Then the problems started. The Sabre software would make the initial connection and log in the user, but when it tried to download the initial info it needs, it just timed out. Every time. Meanwhile, the laptop, which was connected through the same dumb switch, continued to work perfectly. Every time. We took the Windows machine off our network and put it on Era's (different location, obviously) and it started working. Put it back on ours, timeout. Since then we have tried installing Sabre on a number of different computers on our network. A second Mac laptop running parallels works fine, while a mac desktop with an identical install of parallels doesn't. We have managed get one Windows machine running the software on our network, while a stack of four windows machines that Era sent us which had been working on their network just fine don't work. On one hand it seems impossible that it could be an issue with the network, because you would expect that to affect all computers equally, not the hit-and miss (but mostly miss) scenario that we are facing. On the other hand, it can't be a problem with the individual computer, because the same computer with the exact same configuration (including network settings - DHCP) works fine on the Era network, but stops working when moved to ours. We thought maybe it was a DNS problem (since obviously DHCP on our network would give different DNS servers than DHCP on Era's network), so we tried putting the Era DNS servers in statically, but while it worked as far as DNS went (we still got name resolution) that didn't help with Sabre. We are going bald here tearing our hair out trying to figure out what could be causing this issue. Sabre technical support is no help - they just say it's our problem. Management is coming down on us pretty hard to get something working here, so any help anyone can provide would be GREATLY appreciated :-). Let me know if I left out any relevant details or testing we performed! --- Israel Brewster Computer Support Technician II Frontier Flying Service Inc. 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x293 --- -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-us
Re: [Nagios-users] [OT] Network help?
2009/5/8 Israel Brewster : > I apologize for the off-topic post, but I figure the people here tend > to be involved with networking, so perhaps someone can direct me to > the right place to post a question about some networking problems I am > having. Any suggestions? If it's social-networking problems, I recommend maybe facebook.com! Seriously though, it depends. If it's to do with Linux you could seek out your local LUG, but why not just say what the problem is here, you never know ... someone might find a solution to your problem AND explain how Nagios can help you to check how effective their answer to it was! -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] [OT] Network help?
I apologize for the off-topic post, but I figure the people here tend to be involved with networking, so perhaps someone can direct me to the right place to post a question about some networking problems I am having. Any suggestions? --- Israel Brewster Computer Support Technician II Frontier Flying Service Inc. 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x293 --- -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
