I'm trying to find out why a single interface is causing packet loss on my entire network.
The network consists of four 2924's trunked to a 3550. I have about 20 vlans and a single default route for all traffic my uplink.
The network is perfect until I enable a single server. After I issue a 'no shut' on the interface packet loss is anywhere from 5% to 20% for anything going through the 3550 or even pings from the 3550 to other switches or the uplink.
Here's the statistics/settings of the interface after 1 minute of activity:
I have a dedicated windows 2003 server at a colocation facility that i use for game server hosting. Over the past 7 months, packet loss has become horrible with random periods of massive lag. My host says it's something on my end. I use a firewall with SPI enabled. Could that be causing it?
Strange thing is, the first few months my server was at that colo, they only had around 40 other servers on a single OC-192 pipe and i never had packet loss despite having the same SPI firewall. But now they have over 300 servers on the same OC-192 pipe. Could the packet loss be caused by my SPI firewall or them overloading the network with servers?
Basically I registered with a new host. They sent me the details with obviously includes the IP address. I tested the IP address on just-ping.com and it came back with all of them having between 80% to 100% packet loss. Surely this is not normal is it? I havent moved my domain yet but it doesnt look good does it? Should I cancel?
Computer A (GigE) Switch 1 (gigE) Media Converter (Fiber Run) Media Converter (gigE) Switch 2 (gigE) Computer B
We have a cross connect in our data center that uses media converters (fiber) to regular 1000FD on each end.
Each end of the 1000FD handoff is plugged into port 1 of the 3870's (switch 1 and switch 2).
Pinging from Computer A to Computer B we receive a 50% packet loss. Pinging from Computer B to Switch 1, no packet loss. Pinging from Computer A to Switch 2, 50% packet loss.
Looking in the interface, the port 1's on each switch auto negotiate to 1000FD, however flow control shows as off.
We asked our data center to run tests on the media converts and fiber runs and everything comes back 100% fine. Has anyone seen a weird issue like this before with 3com switches not playing nicely with media converters?
I have no clue whats going on and our data center said the fiber run/media converter is fine... [url]
I have smokeping monitoring my game servers and so far in the little time that it has been running all my game servers have been encountering an average of 4 to 10% packet loss. Are there are tweaks i can run on the server computer to reduce packet loss? (registry modifications, etc.)
I downloaded a TCP tweak program called "TCP Optimizer" is it safe to run on a Windows 2003 Server OS?
The colo connection is an OC 192 and i have a 100Mbit ethernet card.
Recently I have been having this problem with two high traffic servers on two different network.
Both servers are Quad-Core Xeons with CentOS 4.5 x86_64 and they are on 100mbps full duplex network. Software configuration is Nginx+Apache+MYSQL control panel is Directadmin.
The servers are serving lots static files and some php scripts.
When the servers start push near or over 30mbps, there will be packet loss when I ping them. around 5% loss, push more bandwidth the more packet loss. I have checked all the log files, I don't see any unusual errors.
Server Load is fine. The NICs were on 100mbps full-duplex mode.
The datacenters claim the networks were fine and all the other servers running on the same switches were fine with no packet loss.
a tool that can measure how much packet loss we are having on a given server by looking at the packets being sent from it. I.e, something than looks at all TCP/80 connections and measures how many packets and bytes are being retransmitted vs actual packets and bytes sent.
This documents explains it:
[url]
We need this to measure network performance of different hosts where we have dedicated servers. This would be a good way of measuring performance with the actual data of our users.
Does anyone know of such tool? I.e, something that can say
2532 packets/second - 132 retransmits/second (4.8%) 25.43Mbps/sec total traffic - 24.84 Mbps/sec actual data sent - 0.59Mbps retransmits
Even better if it can then break it out on IP prefixes. like
I recently switched over to SoftLayer for dedicated hosting and the servers are great. However we've been getting hit on and off with massive (50-80%) packet loss, which has been crippling our performance and causing all sorts of problems
I put in a support ticket and they linked me to the Internet Health Report website and said it was due to one of their bandwidth providers (I think Global CrossinG) and not on their internal network and to be patient as it could take time to resolve
Are any other SoftLayer customers going through this? Is this an unusual occurrence? I feel like if it was really one of their partners that it would be affecting a lot of their customers and it would be a high priority issue right?
I'm kind of stuck on what to do; I just invested a lot of energy into moving content onto these new servers and am concerned about whether to wait it out or whether to start finding a new company. This kind of packet loss is really unacceptable...
root@server [~]# tail -f /var/log/messages Jun 10 14:14:49 server kernel: printk: 56 messages suppressed. Jun 10 14:14:49 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:14:54 server kernel: printk: 59 messages suppressed. Jun 10 14:14:54 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:14:59 server kernel: printk: 85 messages suppressed. Jun 10 14:14:59 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:15:04 server kernel: printk: 90 messages suppressed. Jun 10 14:15:04 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:15:09 server kernel: printk: 58 messages suppressed. Jun 10 14:15:09 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:15:14 server kernel: printk: 70 messages suppressed. Jun 10 14:15:14 server kernel: ip_conntrack: table full, dropping packet. Jun 10 14:15:19 server kernel: printk: 193 messages suppressed. Jun 10 14:15:19 server kernel: ip_conntrack: table full, dropping packet.
Anyone know what this is about?
Using Centos / Cpanel
Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Thu May 8 10:52:19 EDT 2008 i686 i686 i386 GNU/Linux
I have mrtg working fine on about 10 2650's, however now that I am trying to add 2950 and 3550's I cant seem to get MRTG to connect to get data.
I added the community the same as our other communities.
snmp-server community blah-r34d RO 30 snmp-server host 10.10.0.134 blah-r34d snmp
the 10.10.48.3 is the IP to vlan1 for the switch.
SNMP Error: no response received SNMPv1_Session (remote host: "10.10.48.3" [10.10.48.3].161) community: "blah-r34d" request ID: 554709748 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/local/mrtg-2/bin/../lib/mrtg2/SNMP_util.pm line 627 SNMPWALK Problem for 1.3.6.1.2.1.1 on blah-r34d@10.10.48.3::::::v4only at ./cfgmaker line 940 WARNING: Skipping blah-r34d@10.10.48.3: as no info could be retrieved
What is the best way to handle prevent data loss in the event a hard drive goes bad in a server. We have never had one go yet but I can only imagine what a server load of domains suddenly losing their databases or sites. (giving that they didn't back their stuff up).
I know one was is a RAID setup. I just wanted to hear more.
What about if you need to move everyone from one server to another due to major upgrades? Like adding more hdd space.
Quick scenario, I run a few public game servers, and we have had a member go insane.
This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.
While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).
So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.
We just had an issue with our colo provider. The thing is, from the day we ordered our colo with them we ordered, signed, and paid for a GigE (1000Mbps) port. We have been using and paying for a GigE pipe and 300Mbps worth of bandwidth for the past 11 months.
Just this month we find out that our colo provider actually only drop us a 100Mbit connection and not the GigE which we paid for and signed for on the contract.
I asked our sales rep there, he replied to us saying that we should have "asked" for a GigE drop, since many of their customers are buying GigE while their switches does not support GigE, so they said, they ussually drop 100Mbit anyway.
That does not seem right, right? Our switches from the first day has been GigE enabled even with 4 fiber optic port on each managed switch on every rack we have.
We have suffered loss and damages, as soon as they switched our port to GigE last week, our bandwidth usage immediately shows we are using 125Mbps with some spike of 800Mbps for a fracture of a moment.
All these times, we experience slowness, we always thought that it was our equipment or something, but it turns out that it's the pipe drop which is causing the problem.
Now, I have a dilema. If say we demand a compensation and become hostile asking for loss and damages compensation, which literally cost us hundreds of thousands of dollars of loss in these past 11 months, I am affraid that our colo provider will be giving us a hard time. We have hundreds of servers there. We don't plan to move, since it will be a lot of trouble.
The thing is they said that it was our fault, that we did not checked that the drop was not 1Gbps. We always have the impression that it was 1Gbps, but we did not checked it though. But still we bought 1Gbps and we paid for it and the contract also says so.
What do you think I should do? Should I "demand" the compensation? Or just leave it be, so we won't get a hard time for our growth in this provider. We will be moving to our own facility, but not anytime soon, probably in 2009, but again it depends on our cash flow, etc.
Anyway, who's fault is this? Is this our fault that we did not check what we bought? Or is it the provider fault, who dropped 100Mbit pipe while we buy and asked for GigE?
I would not want to come to a point wher there will be a legal complaint filed though. Would like to settle this for a good resolution. What steps would you suggest we take?
ERROR 1153 (08S01) at line 2663: Got a packet bigger than 'max_allowed_packet' bytes
why I got this error and how to fix this? vbulletin staff told me that I have to increase the 'max_allowed_packet' in my.cnf, then restart MySQL. Where can I find this file? I use Directadmin control panel for my dedicate server.
I having having issue with few of my servers sending Reset packet to a particular IP. I have disabled my firewall and noticed that few machines (Unix/Windows) is still sending Reset package to one IP only. Reset packet will be sent over on all ports except icmp ping.
Anybody know where to check? Or the server on the other IP is having problem which cause my servers to send the Reset packet
I just had some thoughts cross my mind about oversold VPSes. If a hosting provider oversells their bandwidth and one or more of their clients demands more juice it just doesn't come; there is a lag and the system acts as if the internet itself is choked up. Everything waits for available bandwidth and adapts around it seamlessly.
Now supposing the same host oversells CPU power and has a ton of VPSes with tiny memory allotments. If one or more clients start pounding away then their load average, and to an extent the load of the physical server will go up and all tasks will slow down a bit, very similar to an isolated physical machine that was running some intense application that was slowing everything down. Well in this case too the system will adapt to it and just run things slower.
If a host oversells hard drive space nobody will know about it until space on the physical box runs out so until then it's totally transparent.
But what about RAM? If a host oversells RAM and the VPS thinks a certain block of memory is there but it's really not then what? Supposing 99% of the RAM in a physical box is currently in use and suddenly the demand rises to 110% of the available RAM. Seems to me like applications on the VPS will not slow down but rather crash and vanish into thin air. Or try to start and as they load more and more RAM up suddeny they will just go poof! Taking user data with them.
Am I wrong about this and has openvz impremented some failsafe mechanism to prevent this from happening? Because if not it means anyone who runs anything in an oversold(RAM) VPS is risking losing or at the very least corrupting their data.
I am moving a couple clients over to my server tonight, but I wanted to make sure I took steps that they don't miss any e-mail that might be sent. It is my understanding that say the switch happens tonight at midnight. Any e-mails they did not download from the old server will be stuck on there correct? Because they would come in the next morning and hit outlook and download just from the new server?
Is there a set protocol for doing this move with minimal client hic-ups?
How do packet losses affect running of a website, say i get packet loss for some site like around 30-40% but can still browse their websites, so how do packet losses affect working of a website ?
Our network have been ddosed very heavily for the last 15 days.
These attacks are relatively small 50 - 100 mbits at most but in very very high PPS rate.My firewall counts 10Billion packets in a single hour of an attack period. We are dealing with these attacks with a combination of freebsd pf transparent bridge firewalls and mostly null routing.
I were able to capture some packets from different attacks from last week and today.
After deeply checking these attack capture files I can see that our attack comes from several thousands different spoofed Ip addresses but always the same mac address in their packet headers.So I thought if this attack is coming to us from a single machine rather than hundreds of different zombie servers.
I don't have a clue how to trace back this attack and find the real ip address behind. My upstream provider also don't have enough knowledge to help me.
So after todays attack I thought about sharing my capture files during attack and hope that someone here will help me. And show me a way to trace back these attacks.