[c-nsp] Low activity systems lose net connectivity

Tauren Mills tauren at groovee.com
Wed Jun 6 17:28:45 EDT 2007 

Thanks everyone for your help with this problem:

> > I have a very simple network with about 5 linux servers, a cisco
> > 3500XL switch and a 2600 router.
> >
> > There is a problem with servers that have very little or no traffic.
> > The network interfaces on the low traffic servers seems to become
> > non-response after a very short period of time (as low at 15 seconds
> > of inactivity), and then existing connections timeout (such as SSH
> > sessions).

Several helpful people on this list requested my switch config, but I
was unable to get into my switch to get the current config.  I ended
up doing a password recovery on it.  Then I configured it from
scratch.  And now my problems have gone away.

I've attached my old config and my new config in case anyone wants to
compare them.  If you see anything blatantly missing in the new
config, please let me know.

I'm suspicious that it was the mac-address-table setting or the
keepalive or the spanning-tree settings that were causing the problem.

I'm posting this in case it helps anyone with a similar problem in the future.

Thanks again for the help,
Tauren





On 6/5/07, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> Tauren Mills wrote:
> > Phil,
> >
> > Thanks for the suggestion.  However, changing the arp timeout to 300
> > doesn't seem to have helped.
>
> Hmm. Re-reading your email, it doesn't sound like that was the problem
> anyway.
>
> Can you supply more detail on the physical topo? Does the router hang
> off the switch on only one physical port? Are you using subinterfaces on
> the router (and corresponding vlans on the switch)?
>
> If it takes as little as 15 seconds for quiet servers to fall off the
> network, then logically something rapid is happening that's breaking
> their connectivity.
>
> Is is possible you've got an inter-vlan loop or similar and the mac
> addresses in the FDB are flip-flopping between the real ports and the
> port with the loop? Or maybe a device with proxy arp enabled which is
> stealing the IP addresses of the valid servers?
>
> Get a server into the failed state then do a:
>
> sh ip arp <macaddress>
>
> ...on the router for the clients MAC address and a:
>
> sh mac-address-table address <macaddress>
>
> ...on the switch.
>

More information about the cisco-nsp mailing list