[nzlug] Virtualization + ethernet/ping issues.
Michael Hutchinson
mhutchinson at manux.co.nz
Wed Feb 13 13:19:29 NZDT 2008
> > Occasionally, a site will be reported as down, where it actually is
not.
> > We often check using a server on the same part of the network as the
> > monitoring server. In this case, the ping packets come back just
fine on
> > the other server, so our monitoring server has a fault.
> Just a shot in the dark, but there's not some firewalling kicking in
> perhaps?
> Something that sees something it thinks is suspect from the remote
host
> and
> starts blocking its traffic?
>
> Doesn't seem likely, but may spark useful ideas :)
Hi Robin,
Thanks for your ideas, this stuff would need explaining anyway...
There isn't a firewall kicking in (I wish it was, because then I could
create a rule to allow it). We tested for this extensively and even got
the link provider involved.
The proof, however, is from tcpdump: (sorry about the obfuscation of
ip's and hostnames).
13:19:05.536107 IP monitor.manux.net.nz > 192.168.51.XX: icmp 64: echo
request seq 509
13:19:05.589215 IP 192.168.51.XX > monitor.manux.net.nz: icmp 64: echo
reply seq 509
We can see here that the ping is coming back from the target. Problem
being that the ping program doesn't seem to recognise the incoming
packets and reports 100% packet loss.
I might have something indicative in strace.. just working out the
output.
Cheers,
Michael.
More information about the NZLUG
mailing list