Re: Frame Relay & tail -f hanging

To: Fraser Campbell <fraser@wehave.net>
Cc: debian-isp@lists.debian.org, Nenad Corbic <ncorbic@sangoma.com>
Subject: Re: Frame Relay & tail -f hanging
From: Brian May <bam@snoopy.apana.org.au>
Date: Sat, 2 Aug 2003 10:53:00 +1000
Message-id: <[🔎] 20030802005300.GA26026@snoopy.apana.org.au>
Mail-followup-to: Brian May <bam@snoopy.apana.org.au>, Fraser Campbell <fraser@wehave.net>, debian-isp@lists.debian.org, Nenad Corbic <ncorbic@sangoma.com>
In-reply-to: <[🔎] 200308010654.01207.fraser@wehave.net>
References: <[🔎] 20030801083010.GA27721@snoopy.apana.org.au> <[🔎] 200308010654.01207.fraser@wehave.net>

On Fri, Aug 01, 2003 at 06:54:00AM -0400, Fraser Campbell wrote:
> Is it safe to say that anything which generates significant traffic is causing 
> the connection to freeze?  At the same time as the connection is frozen, you 
> can ssh in, exactly as before, and all seems well?  I would expect that 

Yes, new ssh connections work fine.

> cat'ing /var/log/messages (or any file of significant size) will also freeze 
> things up.  What about scp'ing or ftp'ing a file over the connection?

Need to investigate scp. It seems to somehow depend on the actual data,
but that doesn't make sense.

> > Standard shorewall firewalls are used on both ends, but I really doubt
> > this would be an issue. Firewalls can't filter packets based on the
> > encrypted data transferred via a ssh connection...
> 
> My guesses:
> 
> - someone somewhere is dropping important icmp messages (types 3, 4, 11 or 12)
> - someone somewhere is dropping fragmented packets.

Thanks for the suggestion.

I suspect this is important, but don't have time to analayse right now:

melbourne tcpdump, just after crash:

10:52:12.190202 192.168.100.130.ssh > 192.168.100.129.1052: P 2928:2976(48) ack 2072 win 9648 <nop,nop,timestamp 397564575 23403288> (DF) [tos 0x10] 
10:52:12.190253 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 2976 win 10304 <nop,nop,timestamp 23403298 397564575> (DF) [tos 0x10] 
10:52:12.218479 192.168.100.129.1052 > 192.168.100.130.ssh: P 2072:2120(48) ack 2976 win 10304 <nop,nop,timestamp 23403301 397564575> (DF) [tos 0x10] 
10:52:12.317937 192.168.100.130.ssh > 192.168.100.129.1052: P 2976:3024(48) ack 2120 win 9648 <nop,nop,timestamp 397564587 23403301> (DF) [tos 0x10] 
10:52:12.357976 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 3024 win 10304 <nop,nop,timestamp 23403315 397564587> (DF) [tos 0x10] 
10:52:17.122837 192.168.100.129.1052 > 192.168.100.130.ssh: P 2120:2168(48) ack 3024 win 10304 <nop,nop,timestamp 23403791 397564587> (DF) [tos 0x10] 
10:52:17.228900 192.168.100.130.ssh > 192.168.100.129.1052: P 3024:3104(80) ack 2168 win 9648 <nop,nop,timestamp 397565078 23403791> (DF) [tos 0x10] 
10:52:17.228958 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 3104 win 10304 <nop,nop,timestamp 23403802 397565078> (DF) [tos 0x10] 
10:52:17.445515 192.168.100.130.ssh > 192.168.100.129.1052: P 4552:5008(456) ack 2168 win 9648 <nop,nop,timestamp 397565088 23403802> (DF) [tos 0x10] 
10:52:17.445573 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 3104 win 10304 <nop,nop,timestamp 23403823 397565078,nop,nop,sack sack 1 {4552:5008} > (DF) [tos 0x10] 

auckland tcpdump, just after crash:

10:40:35.924737 192.168.100.129.1052 > 192.168.100.130.ssh: P 2120:2168(48) ack 3024 win 10304 <nop,nop,timestamp 23403791 397564587> (DF) [tos 0x10] 
10:40:35.927567 192.168.100.130.ssh > 192.168.100.129.1052: P 3024:3104(80) ack 2168 win 9648 <nop,nop,timestamp 397565078 23403791> (DF) [tos 0x10] 
10:40:35.928257 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397565078 23403791> (DF) [tos 0x10] 
10:40:36.024864 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 3104 win 10304 <nop,nop,timestamp 23403802 397565078> (DF) [tos 0x10] 
10:40:36.024959 192.168.100.130.ssh > 192.168.100.129.1052: P 4552:5008(456) ack 2168 win 9648 <nop,nop,timestamp 397565088 23403802> (DF) [tos 0x10] 
10:40:36.242676 192.168.100.129.1052 > 192.168.100.130.ssh: . ack 3104 win 10304 <nop,nop,timestamp 23403823 397565078,nop,nop,sack sack 1 {4552:5008} > (DF) [tos 0x10] 
[crash about here]
10:40:36.361786 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397565122 23403823> (DF) [tos 0x10] 
10:40:37.041781 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397565190 23403823> (DF) [tos 0x10] 
10:40:38.401786 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397565326 23403823> (DF) [tos 0x10] 
10:40:41.121782 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397565598 23403823> (DF) [tos 0x10] 
10:40:46.561790 192.168.100.130.ssh > 192.168.100.129.1052: . 3104:4552(1448) ack 2168 win 9648 <nop,nop,timestamp 397566142 23403823> (DF) [tos 0x10] 

Notice that communications from 192.168.100.130 is not getting through to 192.168.100.129.

However, they don't appear to be fragmented messages, as far as I can tell. In fact, I think DF
means don't fragment.

No icmp messages observed.
-- 
Brian May <bam@snoopy.apana.org.au>

Reply to:

Follow-Ups:
- Re: Frame Relay & tail -f hanging
  - From: Brian May <bam@snoopy.apana.org.au>

References:
- Frame Relay & tail -f hanging
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: Frame Relay & tail -f hanging
  - From: Fraser Campbell <fraser@wehave.net>

Prev by Date: Re: motherboard and raid controller
Next by Date: Re: Frame Relay & tail -f hanging
Previous by thread: Re: Frame Relay & tail -f hanging
Next by thread: Re: Frame Relay & tail -f hanging
Index(es):
- Date
- Thread