Hi list members,
Many thanks to Shachar Shemesh and Amichai Rotman for their help on this
problem.
The symptoms were 50-70% packet loss on TCP packets to an address at the
end of a fractional E1 ("timsoret") managed by Netvision with 5-10% packet
loss for ICMP.
The symptoms appeared after the customer moved offices from one location
to another but retained the same IP address subnet.
We immediately suspected that Netvision had forgotten to remove the static
routes from an internal router and that these routes were poluting a
gateway router, but we expected the packet loss for TCP and ICMP to be the
same.
We were not able to reach people at Netvision service who would take us
seriously. We kept getting first and second line service people who
told us "you have a firewall problem" and who were sitting in front of
Microsoft Windows machines and who did not know what "Wireshark" or
"tcpdump" means. Even though we were able to show one of these people the
problem in a way that he could reproduce it independently, Netvision would
not act on the problem.
Only after a week of complaints we were able to get Netvision to send an
"integrator" to the site. After about 30 minutes the integrator called
someone at Netvision who admitted that there was a routing error and fixed
it.
It is clear to me that in order to get high-level of service from
Netvision you have to know whom to call. The regular service people will
effectively prevent you from solving anything more that the simplest of
problems.
Regards,
- yba
On Sun, 23 Mar 2008, Shachar Shemesh wrote:
Date: Sun, 23 Mar 2008 16:46:55 +0200
From: Shachar Shemesh <[EMAIL PROTECTED]>
To: Jonathan Ben Avraham <[EMAIL PROTECTED]>
Cc: ILUG <linux-il@cs.huji.ac.il>
Subject: Re: [YBA] SYN dropped from Netvision "timsoret"
Jonathan Ben Avraham wrote:
What should we do next?
apt-get install hping2 (or hping3, if you prefer)
RTFM the --traceroute option. It should probably go something along the lines
of:
hping2 <ip> -S -p <port num> -M0 --traceroute
Whenever it gets stuck, press "^Z" to make it skip that hop.
Do the same with a ping packet (hping2 <ip> -1 --traceroute), and see which
router is the faulty one.
Also, read about "firewalking".
- yba
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
--
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- [EMAIL PROTECTED] - tel: +972.2.679.5364, http://www.tkos.co.il -
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
