Problem with check_http and a Cisco CSS 11501

Hugo van der Kooij hvdkooij at vanderkooij.org
Wed Feb 28 19:57:20 CET 2007

Previous message: Problem with check_http and a Cisco CSS 11501
Next message: Acknowlegement is not stopping notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 28 Feb 2007, Scott Frazer wrote:

> Ok, I've got a packet capture.
>
> There are three hosts involved: Nagios, CSS and Webserver
>
> In a normal session (one that succeeds) the sequence goes like this:
>
> Nagios -> CSS [SYN]

This would be the CSS VIP, I assume.

> CSS (impersonating Nagios) -> Webserver [SYN]

This would be the CSS itself, I expect.

> Webserver -> CSS (impersonating Nagios) [SYN, ACK]
> CSS -> Nagios [SYN, ACK]
> Nagios -> CSS [ACK]
> CSS (impersonating Nagios) -> Webserver [ACK]
> Nagios proceeds with HTTP GET and session continues normally.  The entire process takes about 0.05 seconds
>
> When I'm seeing a failure the sequence of events looks like this:
>
> Nagios -> CSS [SYN]
> Webserver -> Nagios [SYN, ACK]
> Nagios -> Webserver [RST, ACK]
> ... Pause 5 seconds ...
> Webserver -> Nagios [SYN, ACK]
> Nagios -> Webserver [RST, ACK]
> Nagios -> CSS [SYN]
> ... Pause until 10 second timeout is reached ...
>
> The CSS never seems to respond to the Nagios host, but the Webserver sends packets directly back to the Nagios host, apparently ignoring its default route (that points it to the CSS)
>
> Interestingly, this problem seems to only occur if the nagios daemon is running.  I shut the daemon down to make the capture easier to read, and just ran the check_http command manually.  For awhile I would still get failures, but eventually the command would stop failing completely.

It seems Nagios is overloading the CSS NAT table somehow. It might have to 
do with the number of checks or how the check is done exactly. Reusing 
ports could be something that might kill the CSS.

But I think you need to take this up with Cisco.

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hvdkooij.xs4all.nl/
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Problem with check_http and a Cisco CSS 11501
Next message: Acknowlegement is not stopping notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list