Linux Router Problem

Taking care of your Linux box.
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

Dear experts

I have a Linux Router having 4 different subnets.
after 4/5 hours inter subnet traffic starts hanging and getting more delayed and sometimes not accessible even.
when i restart the Linux router it works normal for next 4/5 hrs.

kindly let me know what may be the problem and how to solve it.
secondly can i clear network buffer without restarting the linux based router.

waiting for quick reply
Ahsan
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

do you have anything special configured, other than gateway mode (net.ipv4.ip_forward=1)?

what does "netstat -s" say? are there any messages on the console, or in the logs (dmesg, or /var/log/kern.log)? have you installed tcpdump and looked at the packets to see if they reach your router?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

Netstat -s is as follows

Ip:
23619429 total packets received
4 with invalid headers
23326719 forwarded
0 incoming packets discarded
62363 incoming packets delivered
96502 requests sent out
232 reassemblies required
116 packets reassembled ok
116 fragments received ok
232 fragments created
Icmp:
1444 ICMP messages received
153 input ICMP message failed.
ICMP input histogram:
destination unreachable: 465
echo requests: 979
5481 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 4502
echo replies: 979
Tcp:
0 active connections openings
............
Udp:
53408 packets received
...........
Udp:
53408 packets received
.............


nothing special configured excepting routing and firewall IPTables.
Just 4 subnets and Linux send the traffic to gateway firewall.

RAM is 384472 kB
Do i need Increase RAM
How can i optimize with current RAM
i have studied a method to optimize kernal parameters for RAM by using sysctl....should i go for that ???

tell me if u need some more information...
thanks and waiting.......!!

Me :roll:
Ahsan
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

also please note.......net.ipv4.ip_forward is disabled...!!

#cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0
Ahsan
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

if it's disabled, how is it working as a router?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

it's working as router for inter VLAN Routing through router added through routes in /etc/rc.d/routes.sh

plz just let me know how can i clear the network buffer so that i don't have to restart the linux. I have also increased the RAM of the Box but having same problem......!!! :(
Ahsan
osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Post by osama »

You can restart network services and rerun the scripts but this is not permanent solution
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Post by ahsan9211 »

So what's the main cause and what may be the solution.
i have also increased the system RAM (almost 512) but same problem.
how can i troubleshoot ?
.
.
.
where are the experts ...........??? :shock:
Ahsan
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

what's in the routes.sh file? the amount of system memory you have is more than sufficient for the task.

have you compared the output of netstat -s when the router is okay with the output when the router is not okay?
where are the experts ...........???
when the experts ask you questions that you fail to answer, the experts lower you on their priority list. where are the answers to the other questions i asked?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

sorry for late reply
i have to monitor according to the instructions before reply, so it takes delay.
during problem i have notices following

netstat -s shows that
IP:
"73 dropped because of missing route"
ICMP:2695 ICMP messages received
90 input ICMP message failed.

I am continuously monitoring interfaces also and inter subnet traffic reaches 2-3 GB then i have to restart to resolve the prom, i also tried to restart the network service but problem not resolved.

eth0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX bytes:20861824 (19.8 Mb) TX bytes:3436792575 (3277.5 Mb)
eth1
RX bytes:2326332392 (2218.5 Mb) TX bytes:2472398224 (2357.8 Mb)
eth2
RX bytes:271662698 (259.0 Mb) TX bytes:1069406206 (1019.8 Mb)
eth3
RX bytes:812341671 (774.7 Mb) TX bytes:781762733 (745.5 Mb)



after this status i have to restart

tell me what more information you require ?
Ahsan
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

* are there any messages on the console, or in the logs (dmesg, or /var/log/kern.log) when it stops forwarding the traffic?
* have you installed tcpdump and looked at the packets to see if they reach your router?
* what's in the routes.sh file?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

no file named kern.log at location /var/log
routes.sh has only private IP's routes to my VPN concentrator which is on one interface of the interfaces.

let me know which questions are un answered ?
Ahsan
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

read this carefully:

in the end, you have to solve the problem. no one here can solve your problem for you. the best we can do is help you solve your problem, but that requires you to be willing to solve the problem.

are you willing? if so, start by answering the questions. when i ask (twice) if you've used tcpdump to diagnose the issue, i don't want you to ignore my question. i also don't want you to say "no, i haven't used tcpdump". i want you to use tcpdump to watch your traffic.

what does "sysctl net.ipv4.ip_forward" say? if it's 0, then please explain exactly how you've set the system up to forward traffic between interfaces because that's still unclear. if it's 1, then you're going to have to look at routes.sh or any other scripts you run very carefully, because some script or application is obviously doing something that you haven't described.

when i say
are there any messages on the console, or in the logs (dmesg, or /var/log/kern.log) when it stops forwarding the traffic?
i don't want to hear that you have no /var/log/kern.log, and that's it. i want you to look at and tell me about dmesg's output. i want you to tell me about anything in the log files -- you probably have /var/log/messages, or /var/log/syslog. i'm not logged into your system, so i don't know where your distribution sends its kernel messages to.

think, man, think! be more proactive.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ahsan9211
Cadet
Posts: 8
Joined: Mon Jun 09, 2008 12:43 pm

Linux Router Problem

Post by ahsan9211 »

dear lambda
actually this box was not configured by me, but i am currently managing it. so had little confusions myself also.
currently monitoring through tcpdump and dmesg and will get back to you soon with required details.

thanks for help. :)
Ahsan
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

Hi Ahsan

can you give me access to that server ? 8) 8) 8) 8) 8) 8)
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
Post Reply