RE: [USR-TC] Big Problem - Need Help
MTU is set to 1514 - which is the default and what is set on both racks. I know that my radius on the "Good" rack is not sending any MTU. I'll have to check about the radius server (different Radius) on the "bad" rack. What do you all recommend for MTU? I've seen some places say 576. Suggestions? Thanks! Joel -----Original Message----- From: Seth Jacobs [mailto:sjacobs@onramp113.com] Sent: Thursday, December 26, 2002 2:21 PM To: usr-tc@mailman.xmission.com Subject: Re: [USR-TC] Big Problem - Need Help Joel, That sounds like an MTU problem. I'm not sure where the MTU settings are located, but I believe if they are set at greater than 1,500 you can have the symptoms you describe. Seth ----- Original Message ----- From: "Joel - Fox Computers" <jfox@foxcomputers.com> To: <usr-tc@mailman.xmission.com> Sent: Thursday, December 26, 2002 11:57 AM Subject: [USR-TC] Big Problem - Need Help Hoping someone here can help out on this: Have a TC rack with Hiper NMC 8.6.3, 10 Hiper DSP's 3.5.105, and Hiper ARC 5.3.107. 5 DSPs are not used. The other 5 have CT1's into them. Have another TC with same cards, same codes, all same except it has only 3 DSPs, all three with CT1's into them. The config on the two racks is practically identical, except the 10-DSP rack is on D4/AMI trunk settings, the 3-DSP rack is on ESF/B8ZS. The location with the 10 DSPs is the problem. Have some old Quad-modem racks at that location that work perfectly, trunk settings are all correct. I have a Windows ME machine that I can dial long distance into the "bad" rack, get a 44000 connection, and the 10-DSP rack works perfectly, regardless of what modem I use in the WinME machine. But I have a Win2K machine that when I dial up, on particular web pages, I only get half the page. On pages with JPEG images, (ebay auctions, for example), I fail to get any images to download. I've tried a Windows XP machine with a different modem and it has the same problem. Several customers with everything from Win98 to WinXP all having same problems. In fact, the only machine that works, and it works perfectly, is this one WinME machine I have. When the problem occurs, and images don't download, the browser sits there trying to download the images, like the network connection went away. But that's not the case, I can ping anywhere, I can open a different page, etc. That's working OK. On the particular page that I only get half of, the browser loads the first part, some GIF's at the top of the page, and then stops and says "Done" in the status bar at the bottom - it just quit transfering data. Like I said, configuration of modems on the DSP and settings for the ARC, as well as code versions, are all nearly identical to my 3-DSP rack that's working perfectly and has been for a long time. Any ideas? Anyone? Thanks, Joel _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Joel, I Have All Mine Set To 1500 Take A Look A The Bellow Info From An Older Post Thanks, Travis Ok, here's my candidate for weird problem of the year. I'll try to be brief, but please don't confuse that with a lack of having tried a billion things to figure out what's going on. :) Our users are unable to connect to a VERY SMALL number of IP hosts when they connect to our HiperDSP/HiperARC Chassis. For instance, it seems that we cannot open www.harvard.edu in a web browser. Don't confuse this with an inability to open any web site, far over 99% seem to work just fine, including www.law.harvard.edu, www.hup.harvard.edu, www.med.harvard.edu... the list goes on and on (by the way, we have no special affiliation with harvard (like a peering arrangement), from our point of view they are just a random web server). In fact, I'm only sure of three Web servers on the whole internet that we have problems with (I'm sure there are more, but those are the only ones I know). Those three display the same symptoms every time: a web browser hangs on "host contacted, waiting for reply..." And never gets through. Ok, to make sure you believe this is weird, we can access these sites no problem from workstations on the same ethernet as the TC Chassis. We can access the sites no problem from dialup connections to an old PortMaster with analog lines in the back (also on the same ethernet). And in fact I created a special user in the hiperarc, dialed up, logged in as that user, and had no problems. I thought it might be related to the IP address (like the web server being unable to reverse lookup the address), but no, I can connect using a specified IP address using an account set up in the hiperarc, and it works fine, but if I get the same IP address after RADIUS authentication, no dice. SO, the obvious candidate for the problem is the RADIUS server, which is cistron, just upgraded because of a security problem (making it look even more suspicious). My problem is, I have no idea what kind of information the RADIUS server could be sending to the HiperArc to cause this problem. I mean, I couldn't cause this problem if I wanted to! I couldn't even cause anything similar to this problem! Furthmore, log information in the "detail" file looks essentially identical regardless of how the connection is authenticated... I've got those, as well as output from "monitor radius" and the like, if anyone really wants to dig deep. But naturally, what I'm really hoping for is just that someone will say "OH, it sounds like a such-and-such kind of problem, try that". Thanks for even reading about my woes, and especially for any thoughts you may be able to share... -- -----Original Message----- From: usr-tc-admin@mailman.xmission.com [mailto:usr-tc-admin@mailman.xmission.com] On Behalf Of Joel - Fox Computers Sent: Thursday, December 26, 2002 3:54 PM To: usr-tc@mailman.xmission.com Subject: RE: [USR-TC] Big Problem - Need Help MTU is set to 1514 - which is the default and what is set on both racks. I know that my radius on the "Good" rack is not sending any MTU. I'll have to check about the radius server (different Radius) on the "bad" rack. What do you all recommend for MTU? I've seen some places say 576. Suggestions? Thanks! Joel -----Original Message----- From: Seth Jacobs [mailto:sjacobs@onramp113.com] Sent: Thursday, December 26, 2002 2:21 PM To: usr-tc@mailman.xmission.com Subject: Re: [USR-TC] Big Problem - Need Help Joel, That sounds like an MTU problem. I'm not sure where the MTU settings are located, but I believe if they are set at greater than 1,500 you can have the symptoms you describe. Seth ----- Original Message ----- From: "Joel - Fox Computers" <jfox@foxcomputers.com> To: <usr-tc@mailman.xmission.com> Sent: Thursday, December 26, 2002 11:57 AM Subject: [USR-TC] Big Problem - Need Help Hoping someone here can help out on this: Have a TC rack with Hiper NMC 8.6.3, 10 Hiper DSP's 3.5.105, and Hiper ARC 5.3.107. 5 DSPs are not used. The other 5 have CT1's into them. Have another TC with same cards, same codes, all same except it has only 3 DSPs, all three with CT1's into them. The config on the two racks is practically identical, except the 10-DSP rack is on D4/AMI trunk settings, the 3-DSP rack is on ESF/B8ZS. The location with the 10 DSPs is the problem. Have some old Quad-modem racks at that location that work perfectly, trunk settings are all correct. I have a Windows ME machine that I can dial long distance into the "bad" rack, get a 44000 connection, and the 10-DSP rack works perfectly, regardless of what modem I use in the WinME machine. But I have a Win2K machine that when I dial up, on particular web pages, I only get half the page. On pages with JPEG images, (ebay auctions, for example), I fail to get any images to download. I've tried a Windows XP machine with a different modem and it has the same problem. Several customers with everything from Win98 to WinXP all having same problems. In fact, the only machine that works, and it works perfectly, is this one WinME machine I have. When the problem occurs, and images don't download, the browser sits there trying to download the images, like the network connection went away. But that's not the case, I can ping anywhere, I can open a different page, etc. That's working OK. On the particular page that I only get half of, the browser loads the first part, some GIF's at the top of the page, and then stops and says "Done" in the status bar at the bottom - it just quit transfering data. Like I said, configuration of modems on the DSP and settings for the ARC, as well as code versions, are all nearly identical to my 3-DSP rack that's working perfectly and has been for a long time. Any ideas? Anyone? Thanks, Joel _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Basically some dolt Admins think that blocking ALL ICMP packets is a good thing... when they really just want to block ICMP echo request/response. ICMP MTU discovery *should* and *does* work.. unless admins do the above (ie block all ICMP packets). I ran into this with a lot of smaller banks and thier online account stuff... they are so afraid (or stupid) that they block everything hoping that it will work/keep out the bad guys. Basically you need to keep your MTU at 1500+ or face the wrath of poorly designed firewalls. -- Paul Farber Farber Technology farber@admin.f-tech.net Ph 570-628-5303 Fax 570-628-5545 On Thu, 26 Dec 2002, Travis M. Best wrote:
Joel,
I Have All Mine Set To 1500 Take A Look A The Bellow Info From An Older Post
Thanks, Travis
Ok, here's my candidate for weird problem of the year. I'll try to be brief, but please don't confuse that with a lack of having tried a billion things to figure out what's going on. :)
Our users are unable to connect to a VERY SMALL number of IP hosts when they connect to our HiperDSP/HiperARC Chassis. For instance, it seems that we cannot open www.harvard.edu in a web browser. Don't confuse this with an inability to open any web site, far over 99% seem to work just fine, including www.law.harvard.edu, www.hup.harvard.edu, www.med.harvard.edu... the list goes on and on (by the way, we have no special affiliation with harvard (like a peering arrangement), from our point of view they are just a random web server). In fact, I'm only sure of three Web servers on the whole internet that we have problems with (I'm sure there are more, but those are the only ones I know). Those three display the same symptoms every time: a web browser hangs on "host contacted, waiting for reply..." And never gets through.
Ok, to make sure you believe this is weird, we can access these sites no problem from workstations on the same ethernet as the TC Chassis. We can access the sites no problem from dialup connections to an old PortMaster with analog lines in the back (also on the same ethernet). And in fact I created a special user in the hiperarc, dialed up, logged in as that user, and had no problems. I thought it might be related to the IP address (like the web server being unable to reverse lookup the address), but no, I can connect using a specified IP address using an account set up in the hiperarc, and it works fine, but if I get the same IP address after RADIUS authentication, no dice.
SO, the obvious candidate for the problem is the RADIUS server, which is cistron, just upgraded because of a security problem (making it look even more suspicious). My problem is, I have no idea what kind of information the RADIUS server could be sending to the HiperArc to cause this problem. I mean, I couldn't cause this problem if I wanted to! I couldn't even cause anything similar to this problem! Furthmore, log information in the "detail" file looks essentially identical regardless of how the connection is authenticated... I've got those, as well as output from "monitor radius" and the like, if anyone really wants to dig deep. But naturally, what I'm really hoping for is just that someone will say "OH, it sounds like a such-and-such kind of problem, try that".
Thanks for even reading about my woes, and especially for any thoughts you may be able to share...
participants (3)
-
Joel - Fox Computers -
Paul Farber -
Travis M. Best