[OT] Network help?

Brown, Robin robin.brown at uconn.edu
Sat May 9 02:19:50 CEST 2009


Hi, sounds like classic MTU issues to me. Path MTU discovery is broken due to firewalls blocking ICMP and the VPN overhead is introduced, things break in very strange ways.  Take one of the windows machines while connected to the non-working network and lower it's MTU, reload and test again:

http://www.pctools.com/guides/registry/detail/280/

You can also try this theory out by varying the size of the ping packet you test with.  See if your ping breaks at a certain MTU.  Get some wireshark packet captures of a session too, this may point you in the right direction.

-Robin



On 5/8/09 6:38 PM, "Israel Brewster" <israel at frontierflying.com> wrote:

On May 8, 2009, at 1:40 PM, Jim Avery wrote:

> 2009/5/8 Israel Brewster <israel at frontierflying.com>:
>> I apologize for the off-topic post, but I figure the people here tend
>> to be involved with networking, so perhaps someone can direct me to
>> the right place to post a question about some networking problems I
>> am
>> having. Any suggestions?
>
> If it's social-networking problems, I recommend maybe facebook.com!
>
> Seriously though, it depends.  If it's to do with Linux you could seek
> out your local LUG, but why not just say what the problem is here, you
> never know ... someone might find a solution to your problem AND
> explain how Nagios can help you to check how effective their answer to
> it was!

Nope, not social, although if I don't get it fixed soon (or find
another solution) it might become a social problem :-) I didn't post
it here because I thought some might get annoyed with me cluttering
the list with non-nagios problems, but here goes.

Thanks to a recent company acquisition made by my company (Frontier
Flying), we are now dealing with two separate networks (they will
eventually be combined, but that's a ways off still). The company we
bought (Era aviation) uses a piece of software called Sabre for their
flight reservations, which contacts a central server to which their
network has a direct connection. The Sabre server itself is on a third
network, but there are a couple of routers that link the two (Sabre
and Era) across a private network, so asside from a couple of routing
and NAT statements they are effectively on the same network.

In order to be able to run Sabre on our network, we established a VPN
tunnel between our network and Era's. As far as I can tell, the VPN is
functioning. I can ping computers on the Era network, including the
Sabre server, and can access and control various computers on the Era
network. For initial testing purposes we installed the sabre software
(windows only) inside a parallels installation on one of our Mac
laptops. This worked perfectly. So far so good. Until we tried
installing the software on one of our Windows desktops. Then the
problems started. The Sabre software would make the initial connection
and log in the user, but when it tried to download the initial info it
needs, it just timed out. Every time. Meanwhile, the laptop, which was
connected through the same dumb switch, continued to work perfectly.
Every time. We took the Windows machine off our network and put it on
Era's (different location, obviously) and it started working. Put it
back on ours, timeout.

Since then we have tried installing Sabre on a number of different
computers on our network. A second Mac laptop running parallels works
fine, while a mac desktop with an identical install of parallels
doesn't. We have managed get one Windows machine running the software
on our network, while a stack of four windows machines that Era sent
us which had been working on their network just fine don't work.

On one hand it seems impossible that it could be an issue with the
network, because you would expect that to affect all computers
equally, not the hit-and miss (but mostly miss) scenario that we are
facing. On the other hand, it can't be a problem with the individual
computer, because the same computer with the exact same configuration
(including network settings - DHCP) works fine on the Era network, but
stops working when moved to ours. We thought maybe it was a DNS
problem (since obviously DHCP on our network would give different DNS
servers than DHCP on Era's network), so we tried putting the Era DNS
servers in statically, but while it worked as far as DNS went (we
still got name resolution) that didn't help with Sabre.

We are going bald here tearing our hair out trying to figure out what
could be causing this issue. Sabre technical support is no help - they
just say it's our problem. Management is coming down on us pretty hard
to get something working here, so any help anyone can provide would be
GREATLY appreciated :-). Let me know if I left out any relevant
details or testing we performed!

-----------------------------------------------
Israel Brewster
Computer Support Technician II
Frontier Flying Service Inc.
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x293
-----------------------------------------------


------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null


------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list