Re: Losing connection...

In article <430d8808$0$38037$bed64819@xxxxxxxxxxxxxxxxx>,
Chris Kranz <chris@xxxxxxxxx> wrote:
:I'm not 100% sure whether this is an Exchange issue, or something on our
:network, but either way it is very strange...

:My problem is, I run a constant ping (as I'm trying to debug this
:problem) from my machine to 3 of our servers, the Exchange server, the
:DC and SQL server and a NetApp Filer. The trouble is, I'll lose
:approximately 5-10% of these pings over the course of the day, for no
:particular reason.

:The bizarre thing is when I look at the ARP tables on my machine. During
:the ping outage, which usually last about 5 minutes, if i bring up the
:ARP tables, the IP of the failing machine is identical to the IP of the
:gateway box (PIX 515e). If I clear the ARP cache, it will immediately
:regain connection to the failing machine.

Install ethereal or equivilent and have it watch ARP packets.
I hypothesize that you'll see an ARP reply from the PIX's MAC with the
IP address of the servers, but if so then one would have to look at
the packet details to see if it is the PIX itself or some other machine
that is triggering that. Another possibility is that a gratitious ARP
with incorrect information is seen by your machine and acted on.

Either way, it's still odd that it'd appear to come from the PIX, which
is effectively a router for this purpose and wouldn't pass ARP packets
(but would do proxy arp.) Unless, perchance, your PIX 515E is running
PIX 7.0 and you have a "transparent tunnel" configured so layer 2
packets -are- going through it? [That's something not possible with
PIX 6.x or earlier.]
--
Entropy is the logarithm of probability -- Boltzmann
.

Relevant Pages

  • Re: Migrating from one server to another
    ... Fresh from a set of HACMP classes, I have a bit more to offer on this, ... accept the gratuitous ARP requests to refresh their cache. ... We've also had a problem on some servers where there are lots of aliases ...
    (AIX-L)
  • [fw-wiz] PIX v7: routing without NAT?
    ... network before touching the production environment. ... I've run some tests (and mind you I am new to pix), and it seems that the ARP ... no sysopt noproxyarp outside ...
    (Firewall-Wizards)
  • Bonding and arp monitoring
    ... multiple HP BL30p blade servers running Red ... Alle servers in the chassi share two internal switches, ... The ARP monitor relies on the network device driver to maintain two ... If the current slave goes down, ...
    (comp.os.linux.networking)
  • Re: Any reasons to filter ARP packets?
    ... hundreds and maybe even thousands machines. ... the network device is open for ARP packets since ... Essentially the goal of this attack is similar, ...
    (comp.os.linux.security)
  • Re: Personal stats on comp.glam.ac.uk traffic
    ... dialup to worldnet.att.net, dynamic IP ... Blyth A J C wrote: ... Now I'm floored by the ARP traffic. ... First I> collected 1000 ARP packets to see how fast they were arriving:> ...
    (Incidents)