On Thu, 11 Dec 2008 15:31:02 +0000 Gavin McCullagh <gmccullagh at gmail.com> wrote:
> On Thu, 11 Dec 2008, Brian Foster wrote:
>[ ... ]
> It would be good to be able to start the tcpdump to file,
> and then note the time when you have the issue. Then stop
> to the tcpdump and use tcpdump -r to read it, snipping out
> the relevant time.
I'll try that next week. (I'd just done that when the
admin showed up, and didn't get a chance to examine it
before we both had to leave (neither of us will be back
the admin and I looked at the firewall's diagnostic.
it's not too specific, and basically just means there
was more than 250 packets which needed some additional
processing (I don't recall now the Français term used).
the admin speculated that means either than there was
more than 250 un-ACK'ed packets, or there were badly
fragmented packet(s?). in essence, the firewall was
using too many resources (having to remember too many
packets), exceeding its threshold of c.250.
the admin also said I'm the only person with this
problem. that probably doesn't mean much since I'm
one of the few who runs Linux natively rather than
via VMWare on windross. on the other hand, I can
download (via the WebMail interface) the problematic
attachment over the internet to my home computer.
this problem has, as far as I know, has only showed
up relatively recently. the only changes either of
us could recall happening was (1) the replacement
of the switch my workstation (and other kit) connects
to; and (2) the moving of the IMAP-server from the
local intranet to its own VPN accessed via the firewall
(thus creating a pseudo-DMZ containing the IMAP-server).
we put my workstation on the firewall's whitelist,
and that made the problem go away. at the moment,
it's not clear if that means the issue is with the
firewall, the server, the switch, or my workstation.
the admin wants to blame my workstation/configuration
(since no-one else has the problem), but I want much
more conclusive evidence.
( the admin has said he'll keep me on the
whitelist as a work-around if we cannot
find a “better” solution. )
the admin suggested trying IMAPS instead of IMAP,
but we ran out of time and had to leave before we
could conclude that test ..... ;-\
( we also tried to replicate the problem by copying
large files across the firewall, but everything
worked fine. this remains an e-mail–only issue?
there's quite a number of other things we could
try, such as using a different workstation, yadda
yadda yadda, but we simply didn't have the time. )
> For some reason, in the above, it appears you are seeing tonnes of Rapid
> STP (Spanning Tree) frames. This looks like the switch checking for
> redundant paths in the network. It looks to me like your network switch
> has cut your link to the network. The fact that no packets are coming to
> you backs that up. Why it went down I'm not sure, it might even be a
> faulty network cable which dropped the link for a split second. If they
> have STP turned on on your switch and your port is not configured with
> "portfast", the link could take a while to come back up (e.g. 1-2 minutes).
according to the admin, the firewall stops allowing
that specific connection. this seems to be broadly
correct, since *nothing*else* is obviously effected:
I can, e.g., ‘ping’ machines in the local intranet
(both connected to the same switch as my workstation
and also those connected elsewhere), and also outside
machines on the Wild Wild Web.
however, it is true the IMAP-server stops responding
to my MUA for multiple minutes. this is true even if
I restart the MUA (or switch to a different MUA).
both the admin and I presume that's the firewall, but
we don't know for sure.
>[ ... ] The above trace is not functioning at all, apparently
> not even a network link. I'd guess you couldn't even ping
> nearby machines during that period.
NO. *nothing* else behaved strangely during that
interval (or before, or after).
“How many surrealists does it take to | Brian Foster
change a lightbulb? Three. One calms | somewhere in south of France
the warthog, and two fill the bathtub | Stop E$$o (ExxonMobil)!
with brightly-coloured machine tools.” | http://www.stopesso.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!