Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Strange connection dropout on a server
New Posts  All Forums:Forum Nav:

Strange connection dropout on a server - Page 2

post #11 of 20
The other thing I would try is to ping the "problem" device from a host that is plugged into the same switch when you are having the problem. Since both of these devices are on the same subnet the traffic should be switched based on the mac table, and the traffic will never leave the switch.

If you can ping it from the same switch, I bet you have a layer 3 issue. Over all I do think this is network related though.

Have you always had this problem since you took over management?
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #12 of 20
Quote:
Originally Posted by mdymes View Post
Not to be a stickler, but a 255.255.240.0 mask on a class C IP range? Im pretty sure a class C is defined and limited to 254 hosts per subnet. If you need a bigger subnet, wouldnt you bump up to a class B ip range.
Nope... plug the info into this calculator.... http://www.subnet-calculator.com/cidr.php

A class C still has 254 subnets with 254 hosts in each subnet.

If you were using a /24 bit mask, then yes you only have 254 hosts.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #13 of 20
Thread Starter 
Staying after hours and doing some more testing regarding MAC and IP conflicts.

Just shut down the server, and tried to ping it after cleaning my machines ARP. Can not ping 192.168.1.2 and wont get an entry in ARP either, which would suggest that i dont have MAC nor IP conflicts.

Checked ARP tables on the server, router and few random PCs, all seems correct.

Quote:
Originally Posted by Thorn-Blade View Post
The other thing I would try is to ping the "problem" device from a host that is plugged into the same switch when you are having the problem. Since both of these devices are on the same subnet the traffic should be switched based on the mac table, and the traffic will never leave the switch.

If you can ping it from the same switch, I bet you have a layer 3 issue. Over all I do think this is network related though.

Have you always had this problem since you took over management?
As mentioned before, if the probem is occuring, it is occuring for only a single host to the server connection. Server communicates with everyone else, and the host communicates with everyone else, but they cant communicate between each other for a few minutes, then if fixes itself again and the server picks a different host.

UPDATE: Ran wireshark on the server. Apparently EVERY single packet that was leaving the server had a bad checksum. Found out that the NIC on the server had checksum calculation off-loading turned on and it didnt work. Turned that off and now every packet leaving the server has a correct checksum. Could this have caused it?

Continuing testing, see if the problem persists even after this.
post #14 of 20
Thread Starter 
Alright, update, this is getting interesting!

Im sitting at a desk with 2 PCs: 192.168.2.16 and 192.168.2.20 who are both on the same ZyXel 1524 switch.

2.16 just lost connection to the server. Cant ping, cant access SMB share, nothing. Server cant access 2.16 either. 2.20 works just fine with the server. 2.20 and 2.16 communicate with each other just fine as well.

Rest of the network communicates with the server just fine as well.

Wireshark running: server actually receives packets from 2.16! The problem is that for example each ICMP request is 5 seconds apart. Server actually responds to it right away, but yeah, no joy. When trying to access SMB share, server gets packets and all that, but no joy either.

ARP table on the host has right server MAC. Suprise suprise, arp table on server has a wrong MAC entry for the hosts IP. Looking at wireshark again, server gets packets from correct MAC, but since it has a different MAC in its ARP, it responds to a different MAC adress, therefore the communication is not working!

You were dead on on ARP problems, thanks so much man!

So, what is causing this... It would seem we have a malfunctioning device on the network messing with ARP entries. How would I go around locating it? I know its mac address, thats all i know about it.Wireshare also sais Cisco_8d:8e:63 about it, to my knowledge there is no Cisco devices on the network, off to investigate more!
Edited by tomaskir - 1/17/11 at 9:02am
post #15 of 20
The network should not be giving your server any information on the IP / Mac info. The switches should just be add encapsulation, and it is striped at the next hop.

Check the machine for static arp entries.

See if any of your host ips are static with "arp -a". You can also use "arp -d" to delete some of them to see if they are discovered correctly.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #16 of 20
Thread Starter 
Quote:
Originally Posted by Thorn-Blade View Post
The network should not be giving your server any information on the IP / Mac info. The switches should just be add encapsulation, and it is striped at the next hop.

Check the machine for static arp entries.

See if any of your host ips are static with "arp -a". You can also use "arp -d" to delete some of them to see if they are discovered correctly.
No static ARP entries anywhere. Just as I said before, when the problem happends the IP of the device which doesnt get responded by the server has a wrong ARP record on the server, with the Cisco's device MAC in it.

Example:

IP 192.168.2.16 cant communicate with the server.

When i do arp -a on the 2.16 the servers ARP entry is correct.
When i do arp -a on the server, the 2.16s ARP entry is not correct, instead of its MAC, the MAC of the Cisco device is in the ARP table.
post #17 of 20
Now that is odd... Just a long shot, but your host file is ok?
I am grasping at straws now.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #18 of 20
Thread Starter 
Quote:
Originally Posted by Thorn-Blade View Post
Now that is odd... Just a long shot, but your host file is ok?
I am grasping at straws now.
Hosts file is empty, what is strange tho is that this acffects different IPs randomly, im gonna assume a faulty device somewhere on the network and look for it tommorow, unplug it and see if that solves the problem
post #19 of 20
Seen something similar to that before too. One of the guys kept getting his AD account locked out, and host in the DC log was Cisco. It ended up being his IPhone.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #20 of 20
Thread Starter 
Just an update, this is now solved, thanks very much guys!

In the end, it was a Cisco router in one of the offices, which had some very damn strange routing configuration. It was routing 192.168.2.0/24 somewhere off through a VPN. Noone knows why its there, or what the VPN connects to or w.t.f. its there for.

Reconfigured the Cisco router, all is fixed now.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Strange connection dropout on a server