From: Erin Carroll (amoeba@amoebazone.com)
Date: Wed Mar 28 2007 - 18:35:26 EST
I kept hoping that this subject would work its way around to a
pen-test-related issue but this seems to have devolved into a routing debug
issue. Further posts on this subject, unless pen-test related, will be
rejected.
-- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball" > -----Original Message----- > From: listbounce@securityfocus.com > [mailto:listbounce@securityfocus.com] On Behalf Of Buz Dale > Sent: Wednesday, March 28, 2007 3:53 PM > To: WALI > Cc: pen-test@securityfocus.com > Subject: Re: The cat came and stayed.. > > I'm going to ask some questions to clarify my spotty > networking knowledge. Essentially, you have routers > connecting buildings "A" and "B" and when you turn off the > routing and make them layer two devices (Bridging mode) > things work as expected. To me this implicates a layer three problem. > Perhaps an IP conflict with the router, a machine > masquerading as the gateway (perhaps responding to arps for > the gateway ip) or a bad route. I would start looking at > layer three misconfigurations. Maybe a dhcp server is giving > a bad gateway or somesuch. What happens when you traceroute > between the networks? Do you have extra hops? Are there > specific places with time lags? > > Thanks, > Buz > > On 3/28/07, WALI <hkhasgiwale@gmail.com> wrote: > > > > By the time you have finished reading this, I am sure you > would have > > come across the most fascinating networking issue haunted by our > > friendly ghost Casper. > > > > With reference to my earlier thread, (Re: When cat comes > chasing...), > > this time the cat came and stayed. Having exploited most of my > > resources , I finally decided to involve our ISP hoping that this > > would be the end of it...but it wasn't supposed to be that way. > > > > So, to cut a long story short, ISP had provided us with > EoATM 100 mbps > > link between two locations, say A and B. > > > > But, since the line was given, we felt that we were not only having > > intermittent problems that required switch reset but also > felt that we > > were not getting the right speed and the data transfer > rates(FTP copy > > and other > > stuff) was really not befitting a 100Mbps link. > > > > In order to make sure, this time the ISP guy brought some > equipment to > > our premises and confirmed that speed at Layer 2 is indeed 100. > > > > There are two cisco routers across Sites A and B and two media > > changers at each end converting Fiber to UTP. Media > converters are also set at 100Mbps. > > > > Now a strange thing is that when we configure the two > routers (Site A > > and > > B) in 'bridging' mode and start data transfer across, the speed > > becomes incrementally fast ( which should be taken as normal at all > > times). There is also another 100Mbps link provided by the > same ISP to > > us between Buildings A and C, which works just fine, as it > should be. > > > > The moment we enable our routers at Site A and B in Routing > mode, We > > get to suffer delays and all data transfers slow down, without > > bringing any core/edge switches into the picture. > > > > Various things have been done to reach some conclusion: > > > > 1. Ip Router configurations has been reset and put to bare minimum > > needed with ipcef enabled, all QoS commands disabled. > > 2. Configurations has been checked with all combinations of Speed > > Auto/100 FullDuplex/Auto with best results coming out of FD/100 but > > still far below satisfactory. > > 3. Equipment which serves between Site A and C has been temporarily > > put between Site A and B, with same non-satisfactory results. > > 4. Earthing issues/Electrical disruption in the Room where > routers are > > located has been looked into. Routers on both sides have > been changed > > to rule out hardware issues. We also did a test on the line by > > bringing our routers into another room ruling out some > electrical disturbance of any sort. > > > > Seems like, at Layer 2, despite being showing us full > 100mbps, Layer 3 > > and above transfers are unable to provide the required service. > > Opening applications across the two buildings is very slow > as most of > > our servers reside at Site A with user base at Site B. > > > > Currently this ISP engineer has provided us with a patched > pure fibre > > link between Sites A and B without any intervening ISP equipment in > > between and we have connected our two core switches in both > buildings > > directly to the UTP interface of Media converter but that's not the > > permanent solution. ISP Engineer is also trying hard to find this > > ghost problem. He says that he has found no problems on his > side and > > the only thing that comes in the middle is a MPLS enabled > router. But even he is a bit baffled. > > > > What else can we look at? > > > > Thanks for taking time to read this whole ghost story. If you have > > read this all, I am sure you won't stop thinking ;) > > > > At 12:57 AM 3/24/2007 +0100, Antonin Kral wrote: > > >Hi Wali, > > > > > >* WALI <hkhasgiwale@gmail.com> [2007-03-24 00:50] wrote: > > > > Crazy Solution: I take out any patch cable and > re-inserts it, the > > > > problem gets resolved. I reset any switch, the problem gets > > > > resolved. I disconnect any uplink cable between the > four switches > > > > or do a ARP reset thru command line, the problem gets > resolved for couple of hours or even days. > > > > > >This sounds like problems with spanning tree in the > network. Do you > > >run STP? Take a look at the topology changes reported by > stp. Or one > > >more thing - this could happen because of over-fulling CAM > > >(switching) tables of particular switch. Check if you are > not running > > >out of memory somewhere. > > > > > > Cheers, > > > > > > Antonin > > > > > > >--------------------------------------------------------------------- > > >--- > > >This List Sponsored by: Cenzic > > > > > >Need to secure your web apps? > > >Cenzic Hailstorm finds vulnerabilities fast. > > >Click the link to buy it, try it or download Hailstorm for FREE. > > > > > > >http://www.cenzic.com/products_services/download_hailstorm.php?camp=7 > > >01600000008bOW > > > >--------------------------------------------------------------------- > > >--- > > > > > > > ---------------------------------------------------------------------- > > -- > > This List Sponsored by: Cenzic > > > > Need to secure your web apps? > > Cenzic Hailstorm finds vulnerabilities fast. > > Click the link to buy it, try it or download Hailstorm for FREE. > > > > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=70 > > 1600000008bOW > > > ---------------------------------------------------------------------- > > -- > > > > > > > -- > Buz Dale buz.dale@usg.edu > IT Security Specialist 1-888-875-3697 (In GA) > 1-706-583-2005 > Office of Information and Instructional Technology University > System of Georgia GMT -5:00 > > -------------------------------------------------------------- > ---------- > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > > http://www.cenzic.com/products_services/download_hailstorm.php > ?camp=701600000008bOW > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:41 EDT