Very Computer

Topology:  Gateway -- switch -- switch -- WRT54g -- 2 switches

Problem: Intermittantly, the entire network fails. Specifically, none
of the hosts on the wired LAN (and on WLAN) can see each other and
cannot see the outside world. The failure is over the whole LAN, not
just the portion below one switch. Outside users can see the gateway
router, but not the hosts on the LAN.

I've only had three instances of this and I don't know what's going on,
but each time I can isolate the problem (by unpluging CAT5 cables) to
one of the switches. Cycling the power on that switch restores the
network. The first time, I replaced the suspicious switch. Now I think
it's not a failed unit but something more general.

I did see the problem after a power failure. When the building power
came back on, the network was in the failed state described above.
Solved it by cycling the power on the Linksys switches. The WRT54g
seems to recover from power outage just fine.

Anyone else seeing this? Know how to set up to avoid the problem?

  -- Sally

--
Sally Shears (a.k.a. "Molly")

http://theWorld.com/~sshears

Not sure there is any "more specific" info you could provide that would
tie this down -- not for me anyway.

Could it be that the switches and hosts are coming back up after a
power outage in such a manner/sequence that the problem converges on
the suspect location and craps the spanning tree -- if you're running
spanning tree, that is.

Also could the learning mode be corrupted or the MAC/IP tables be
getting boinked by way of a "sneaky" hidden pathway in the physical
connections that causes one (or more) of the MACs to appear as
originating on different ports or on different sides of the switch.
Perhaps you need spanning tree running?

Can you monitor or at least dump the switch MAC tables?  Nearby host
arp cache might help also.  Any possibility that someone has manually
changed/set the MAC address of a host nic that duplicates MAC elswhere?
Does anyone move from one switch to another, thus causing their MAC to
appear in different parts of the switch fabric?

I've had times when MACs began appearing on different sides of a switch
for no apparent reason.  This can bring the switch(es) to their knees.
Hard to "see" it without sniffing the wire and the problem source can
be difficult to track down.

Resetting the switches clears the tables and you start clean again.
After some interval X, the problem accumulates/reappears and brings the
switches down again.

Double check, then double check again, that there are no loops in the
physical pathways.  That must be confirmed (as well as you can) before
getting to the ugly stuff.

Confirm that each switch is properly configured for the role it plays.
Think.  Should I really be using a router here instead of a switch?
Think again.  Confirm to your own satisfaction that a switch is the
correct appliance.

You've already played with cable replacement.  Tried different ports?
Tried swapping out the "bad" switch with one upstream/downstream or
sibbling to see if you can make the problem "follow" the switch.

If it does not follow the switch, begin to suspect a loop or
malfunction that originates elsewhere but converges at this point.
What about your setup/usage would cause the problem to converge here
and not elsewhere?

If you cannot narrow it down at this point, you'll have to get out the
sniffer and monitor packet flows.  If you have several Linux boxes
spread around you can use them to monitor traffic with something like
MTRG or something, anything, that will reveal a spike as switches start
bouncing packets around.

If you're real lucky, a sniffer will reveal that a MAC is showing up on
two sides of one or more switches but does not cause serious problems
till after interval X.  This situation sometimes shows up as eratic
behavior with one or two particular hosts before it shows elsewhere.
Keep an eye out for sporadic host behavior or complaints about
clunkiness.  Don't rule out a misbehaving nic.
good luck -- you likely need it ;)
prg
email above disabled

Quote:> Could it be that the switches and hosts are coming back up after a
> power outage in such a manner/sequence that the problem converges on
> the suspect location ...

Quote:> ...and craps the spanning tree -- if you're running
> spanning tree, that is.

Quote:> I've had times when MACs began appearing on different sides of a switch
> for no apparent reason.  This can bring the switch(es) to their knees.
> Hard to "see" it without sniffing the wire and the problem source can
> be difficult to track down.

But... what if a host (and its MAC address) are moved from one part of
the LAN to another?

I move a laptop (Apple OS X) all the time from wireless (with a NAT'd
non-routable IP) to wired (with fixed IP) at the same OR different part
of the network to outside the building (i.e. yet another IP somewhere
else on the internet). Could moving this Mac's MACs be causing the
problem?

FWIW, the Mac laptop has two nics, one wired and one wireless.
Different MAC addresses. OS X in most configurations automatically
changes from one nic to the other as needed. Recently someone opined in
alt.os.linux.suse "a host with two nics on the same LAN is trouble." I
wonder if I should start being extremely careful that no laptop ever
has ethernet plugged in which it's wireless card is operating. Anyone
have comments on two-nics-same-LAN?

I've seen the problem three times
 - Twice with the moving laptop outside the building
 - Once after a power failure with the laptop in it's usual place on
the LAN.

Quote:> Resetting the switches clears the tables and you start clean again.
> After some interval X, the problem accumulates/reappears and brings the
> switches down again.

Quote:> Double check, then double check again, that there are no loops in the
> physical pathways.  

Quote:> Tried swapping out the "bad" switch with one upstream/downstream or
> sibbling to see if you can make the problem "follow" the switch.

Quote:> good luck -- you likely need it ;)
> prg
> email above disabled

  -- Sally

Quote:> > ...and craps the spanning tree -- if you're running
> > spanning tree, that is.

> If "spanning tree" is running, I don't know it. I have SuSE 8.1 and
> 9.1, pretty standard setup. Linksys consumer switches (the $50 at
Best
> Buy type) and a WRT54g. These don't provide the spanning tree
protocol,
> do they?  (Googling, I can see that Linksys WET54GS5 does do spanning
> tree.)

Quote:> > I've had times when MACs began appearing on different sides of a
switch
> > for no apparent reason.  This can bring the switch(es) to their
knees.
> > Hard to "see" it without sniffing the wire and the problem source
can
> > be difficult to track down.

> No loops in the physical wiring. I'm absolutely sure of this.

> But... what if a host (and its MAC address) are moved from one part
of
> the LAN to another?

> I move a laptop (Apple OS X) all the time from wireless (with a NAT'd
> non-routable IP) to wired (with fixed IP) at the same OR different
part
> of the network to outside the building (i.e. yet another IP somewhere
> else on the internet). Could moving this Mac's MACs be causing the
> problem?

Quote:> FWIW, the Mac laptop has two nics, one wired and one wireless.
> Different MAC addresses. OS X in most configurations automatically
> changes from one nic to the other as needed. Recently someone opined
in
> alt.os.linux.suse "a host with two nics on the same LAN is trouble."

If only one nic is active at a time, no problem.  Both at the same time
on a Linux box is usually trouble because Linux stack is designed to
respond for any host IP out any nic (a sort of failover "feature").
Don't think Mac stack behaves this way -- it's BSD based, afaik.

Quote:> I
> wonder if I should start being extremely careful that no laptop ever
> has ethernet plugged in which it's wireless card is operating. Anyone
> have comments on two-nics-same-LAN?

Quote:> I've seen the problem three times
>  - Twice with the moving laptop outside the building
>  - Once after a power failure with the laptop in it's usual place on
> the LAN.

> > Resetting the switches clears the tables and you start clean again.
> > After some interval X, the problem accumulates/reappears and brings
the
> > switches down again.

> Yup, that sounds like what I've seen.

> > Double check, then double check again, that there are no loops in
the
> > physical pathways.

> No loops in physical wiring. Is it conceivable that I created a loop
> involving wireless via the Apple OS X auto-network-config when I
> plugged into ethernet with wireless still running? I'll watch out for
> that.

> > Tried swapping out the "bad" switch with one upstream/downstream or
> > sibbling to see if you can make the problem "follow" the switch.

> A little hard to tell, but I do have one suspect switch which I'll
> watch.

I would keep an eye on the moving laptop.  Switches should have a
timeout for table entries with no response for XXX seconds (Ciscos are
300) so you might want to check what the timers are set at and change
them or wait before plugging in at a different switch.  We've had
trouble with students at school when moving about the right classes --
like several rooms away but the same switch or sibling.

Checking switch configs and stats can help but is usually time
consuming and tedious.  You might want to try a sniffer -- I like
ethereal -- and watch for "unusual" ethernet frames, especially what
appear to be multiple, identical frames.  Also keep an eye out for a
high volume of broadcasts or anything that looks like an errant "keep
alive" packet.

good luck,
prg
email above disabled

Quote:> > > ...and craps the spanning tree -- if you're running
> > > spanning tree, that is.

> > If "spanning tree" is running, I don't know it. I have SuSE 8.1 and
> > 9.1, pretty standard setup. Linksys consumer switches (the $50 at Best
> > Buy type) and a WRT54g. These don't provide the spanning tree protocol,
> > do they?  (Googling, I can see that Linksys WET54GS5 does do spanning
> > tree.)

> This was more just a check -- have noted in the past year that a number
> of commodity switches are offering spanning tree.  Doubt that it will
> even engage without another spanning tree switch in the fabric.  Guides
> don't speack much about configuring it -- just on or off.

(Aside... This is so much just an appliance that the model number,
although printed on the label, is SO SMALL you need a magnifying glass
to find it.)

Quote:> > > I've had times when MACs began appearing on different sides of a switch
> > > for no apparent reason.  This can bring the switch(es) to their knees.
> > > Hard to "see" it without sniffing the wire and the problem source can
> > > be difficult to track down.

> > No loops in the physical wiring. I'm absolutely sure of this.

> > But... what if a host (and its MAC address) are moved from one part of
> > the LAN to another?

> > I move a laptop (Apple OS X) all the time from wireless (with a NAT'd
> > non-routable IP) to wired (with fixed IP) at the same OR different part
> > of the network to outside the building (i.e. yet another IP somewhere
> > else on the internet). Could moving this Mac's MACs be causing the
> > problem?

> Well, at the switch level, only MACs and ports are used in the lookup
> tables.  This is strictly level 2.  If you are moving within the same
> switch group/lan and the ageing timers are long enough, your old
> MAC/port will still be present when you hook up elsewhere -- you
> "announce" your presence to the switch with the very first frame you
> send out.

By the way, when the failure occurs, it stays failed. Does not recover
after a timeout. Stayed broken for 24 hours once.

Quote:> > FWIW, the Mac laptop has two nics, one wired and one wireless.
> > Different MAC addresses. OS X in most configurations automatically
> > changes from one nic to the other as needed. Recently someone opined in
> > alt.os.linux.suse "a host with two nics on the same LAN is trouble."

> This is true at the IP level, especially re: arp cache/table of
> MACs/IPs as gateways can get confused when they have MAC/IP pairs
> moving around.  It's similar to MACs moving about in a switched LAN.
> Any host/nic setup that produces "gratuitous" arp (announcing arp) can
> exacerbate this.  But these will (or at least should if not turned
> off/filtered) return ICMP errors.

> If only one nic is active at a time, no problem.  Both at the same time
> on a Linux box is usually trouble because Linux stack is designed to
> respond for any host IP out any nic (a sort of failover "feature").
> Don't think Mac stack behaves this way -- it's BSD based, afaik.

Quote:> > I
> > wonder if I should start being extremely careful that no laptop ever
> > has ethernet plugged in which it's wireless card is operating. Anyone
> > have comments on two-nics-same-LAN?

> Do you gain anything with both nics up simultaneously?  Failover and
> bonding are the usual reasons for wanting both up.  

Quote:> ... The route path to
> the nics is likely different -- true in your case?  

...snip...

Quote:> I was sorta hoping that you would find someone complaining about eratic
> networking, suspect misbehaving nic, and locate your problem source.
> Alas, it's never that easy.

...snip...

Quote:> good luck,
> prg
> email above disabled

My conclusions:
 1. Keep the network simple. I think I'll move some hosts so I can
eliminate some of the switches.
 2. Never let wireless laptops connect two-ways to the LAN.
 3. Cycle the power from time to time on the switches.

  -- Sally

--
Sally Shears (a.k.a. "Molly")

http://theWorld.com/~sshears

greetz,
haaner

Thanks for the suggestion, but no. That's not happening here.

  -- Sally

--
Sally Shears (a.k.a. "Molly")

http://theWorld.com/~sshears