From: David Newall <davidn@davidnewall.com>
To: Netdev <netdev@vger.kernel.org>
Subject: No return for ping -R; not sure if this is the right list
Date: Thu, 10 Apr 2014 16:29:52 +0930 [thread overview]
Message-ID: <53464168.90508@davidnewall.com> (raw)
Hello All,
I apologise if this is the wrong list. It's a user question, not a
development question, which I wanted to send to the linux-net list, but
that list no longer exists (according to vger.kernel.org.) I couldn't
find where it went, and I'm hoping, if this is not the right place, that
someone will kindly point me in the proper direction.
My problem is a large number of duplicate ACKs, retransmitted packets,
and packets out of order.
I'm running Ubuntu 13.10 on a Dell 1920, with Ubuntu's twist of Linux
3.11.0-18-generic kernel. I have two ethernet ports bonded in
active-backup mode, and bridged with STP on. I've got a number of
virtual hosts running on it, using kvm (QEMU 1.5.0, QEMU API 1.1.1) and
libvirt (1.1.1).
Some type of Cisco router sits in front of the machine, which is managed
by the DC who hosts my server. They also advertise my public IP range
with BGP. Apparently there are two independent routes.
I wanted to confirm that the problem is not routing, and thought a
number of pings with record-route might help, but get no packets
returned other than when I ping one of the server's own IP addresses.
Even when I ping a virtual host with -R, no pings are returned, at least
according to ping, although I do see them using tcpdump.
They appear to be discarded somewhere on the server, but I cannot find
where.
It's possible the DC is dropping packets with RR option set, and have
sent them email asking this to be confirmed and changed, but that does
not explain why a ping -R to a virtual host doesn't work.
Inserting --proto icmp -j ACCEPT rules in the INPUT, FORWARD & OUTPUT
chains of the server's iptables' filter table does not help. According
to /proc/net/ip_tables_names, the only other table is mangle, for which
all chains are ACCEPT policy and empty, other than POSTROUTING which is
ACCEPT policy and has CHECKSUM fill rules covering UDP port 68 to two of
my virtual sub-nets.
There are no iptables rules at all on the target virtual-host.
Even though I'm sure you all already picked up this, just to clear, I am
not using the iptables ipv4options module, nor, that I can see, any
other iptables-based rule that would do this.
So, any suggestions to explain what is dropping these pings, or what is
causing the duplicate acks, retransmits and out-of-order packets, would
be very gratefully received. Or, even just a pointer to a better place
to ask.
David
next reply other threads:[~2014-04-10 7:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-10 6:59 David Newall [this message]
2014-04-10 11:35 ` No return for ping -R; not sure if this is the right list Rami Rosen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53464168.90508@davidnewall.com \
--to=davidn@davidnewall.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).