On Mon, 7 Oct 2002 12:47:57 -0400 "Mark Stewart" <[EMAIL PROTECTED]> wrote:
> Hi Pierre, > > > > > Ping first generates an ARP (broadcast) packet... long story > > > > short, sounds like the VLAN is expiring the "this MAC address is > > > > on that port" entry in its table, then failing to "flood" packets > > > > for which there is no such entry (bug in VLAN)... your network > > > > _guru_ should be able to take it from here... > > > > > > This seems plausible but it seems like it should give the same > > > results in Win2K. Or maybe there's something else that MS is doing > > > to preserve the ARP cache entry that Linux isn't? > > > > Actually, I was refering to the network itself... think of a VLAN as > > a bridge/switch... each port keeps tabs on which computer(s) (MAC > > address(es)) is/are attached -- for a period of time. If the network > > expires the cache identifying which ports the W2K and server are > > connected to, then any subsequent packet in one/both directions can't > > be delivered to a specific port since the destination port is no > > longer known... in this case, the network device should flood any > > unicast packets (as though they were broadcast) to all ports in the > > hope that the target host gets the packet and responds -- the initial > > [flooded] packet should refresh the network device's cache for one end > > and if the target responds, refresh the cache for the other > > end/direction... > > > > If either end host expires its ARP cache, it should re-ARP for the > > destination... If the network device does not flood unicast packets > > after expiring a cache entry; I'd consider that a bug... since VLANs > > are the equivalent of a single subnet, no routers/gateways are > > involved-- except to create a VLAN over a routed network -- smoke and > > mirrors...:^) > > > > > By the way, I had originally claimed that I wasn't running any > > > firewalls or packet filtering software. I should clarify that by > > > saying that I don't have either of the iptables or ipchains rpm's > > > installed and don't see anything else firewall-ish running in any of > > > my services config files. There is still, of course, msec which is > > > currently set to it's lowest level of security. My impression was > > > that it didn't handle firewall duty, at least not at its lowest > > > level. True? > > > > msec may control security; but it does not control/limit any packet > > flows... if iptables/ipchains are not running, then packets should > > just flow... > > > > While the connection is OK, try "arp -a" (don't know the W2K equiv.) > > and make sure the other host is in the table; when it fails, > > recheck... if the other host's MAC is still there (both ends), then > > the network is likely at fault. Could be a VLAN misconfiguration... > > Okay, so from my dhcp laptop I ran "arp -a" (yep, it's the same under > Win2K) while I had an active happy connection to mybox and it lists > mybox by its IP and MAC. Likewise mybox lists my laptop in its arp > output. Five or six minutes the ssh connection has died and arp no > longer lists mybox. mybox, on the other hand, still has the entry in its > listing which is consistent at least since it never has any trouble > ping'ing the laptop. > > Seems like this doesn't quite fit the pattern but is it still a sign of > a misconfigured VLAN or something else? If every piece of s/w stuck to the rules, everything would just work... :^) >From what you say, it appears that the ARP entry in the laptop is expiring... when the OS gets a packet for delivery, if an IP-to-ARP entry is available, it uses that entry... if no entry, it should broadcast an ARP-request in an attempt to re-populate the entry... failure to re-ARP is a bug IMO... Once the end-systems have their ARP entries, they can communicate -- if there are routers, switches, VLANs, etc in between, these should "do the right thing" to not interfere with the packets; that's why switches without MAC-to-port mappings flood unicast packets... HTH, Pierre > cheers, > ::mark > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com