If it does, then your problem is in the router (or, just barely possible, in the ZyXEL or the RR line); follow the advice in Lynn's reply for what to do next.
If it does not, then the problem almost surely is on a LAN host, so you want to connect the router to the LAN, then disconnect the LAN hosts from the LAN one by one until the problem disappears. You've now found the perp. Find and fix the problem on that host (or, just barely possible, something on the router that is very specific to what that particular host does).
Beyond that, a few specifics about your expanded report:
You are more easily satisfied than I. You will recall that my question asked: "Did you really test EVERY host you have (and how many is that?), each in its normal configuration?" The answer to that question is NO. In particular, you do not mention trying any of your "group of Linux servers", and specifically not your mail and Web server or servers.We could plug the other NT workstation and the other half dozen Linux boxes into it, but it seems like that would be a total waste of time and effort. The point is proven to my satisfaction.
How absolute is "absolutely"? Adding and deleting users, changing /etc/aliases, letting individual users change their .forward files, modifying system and user crontab files, and changing the contents of a Web site are all normal, day-to-day changes that get made on servers, changes that could easily slip below a radar screen set to "I don't screw with 'em" level. Please think about my question at that level of change.> From this, I believe that you did nothing to the *router* that caused it. > But what about the rest of the LAN? Did you make any changes on the mail > server or the Web server?Absolutely no changes of *any* kind were made to *any* machine, not the router, not any of the workstations, not any of the servers. When I have working systems, I don't screw with 'em beyond installing security updates.
I never suggested a hardware problem; other tests you reported pretty much ruled that out. But remember that your Ethernet connection between the router and the ZyXEL is almost surely fast, either 10 Mbps or 100 Mpbs, while your connection from the ZyXEL to the Internet is slow (on the order of 1 Mbps, probably, though you haven't actually told us). A LAN or router problem could easily saturate the Internet connection but leave plenty of room on the router-ZyXEL link to permit it to handle ping traffic quickly. The symptoms you report are quite consistent with this interpretation.Note: pings from the router box to the ZyXEL modem itself, i.e. "first hop" pings, are in the 2-4 ms range. That certainly doesn't sound like a hardware problem with the ethernet cards to me. It seems to happen only when you go out beyond the modem into the external network at large.
Finally ...
I have seen nothing in your reports that is evidence against the possible source that *I* thought of, namely that you have a problem. similar to the one I had, (and described in my prior message, quoted below), with one of your port-forwarded servers. The paragraph that you end with the above comment doesn't mention this hypothesis, and it is at least worth a look. The tests you already plan, as well as the additional suggestions I offered above and in my earlier reply, will help you investigate this possibility tonight.For every possible source of the problem that I can think of, there seems to be available evidence or test results to discredit that possibility.
At 07:43 AM 11/21/02 -0800, James K. Wiggs wrote:
On Wed, 20 Nov 2002, Ray Olszewski wrote:
> If I had to guess where to start from this description, it would be to look
> for a LAN client that is generating a lot of traffic for some reason. To
> give a concrete example, we once had similar symptoms here, and we traced
> them (after we too wasted a lot of time with line tests, NIC tests, and
> reviews of iptables rulesets) to a mail-forwarding loop between a DMZ
> server here and an off-site server that chewed up our DSL bandwidth ... not
> quite all the time, but whenever *both* the local and the remote host were
> connected to the Internet (most but not all of the time, giving just enough
> unpredictabililty to make it *look* like it wasn't a configuration error).
>
> That's only a guess, though. To me more certain, I'd want to know a bit
> more about the tests, such as ...
[details deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
