From owner-freebsd-current@FreeBSD.ORG  Mon Nov  9 23:45:50 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 42DC4106566B
	for <freebsd-current@FreeBSD.org>; Mon,  9 Nov 2009 23:45:50 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from asmtpout016.mac.com (asmtpout016.mac.com [17.148.16.91])
	by mx1.freebsd.org (Postfix) with ESMTP id 2B54B8FC14
	for <freebsd-current@FreeBSD.org>; Mon,  9 Nov 2009 23:45:49 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Received: from cswiger1.apple.com ([17.227.140.124])
	by asmtp016.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01
	(built Dec
	16 2008; 32bit)) with ESMTPSA id <0KSV001PE8ODEV10@asmtp016.mac.com> for
	freebsd-current@FreeBSD.org; Mon, 09 Nov 2009 15:45:49 -0800 (PST)
Message-id: <AE8BBF63-0B58-4AF9-8731-EA5F83583B7B@mac.com>
From: Chuck Swiger <cswiger@mac.com>
To: Rick Macklem <rmacklem@uoguelph.ca>
In-reply-to: <Pine.GSO.4.63.0911091744570.18527@muncher.cs.uoguelph.ca>
Date: Mon, 09 Nov 2009 15:45:49 -0800
References: <Pine.GSO.4.63.0911011644410.19276@muncher.cs.uoguelph.ca>
	<4AF0B7DF.9030405@freebsd.org>
	<Pine.GSO.4.63.0911051121340.5409@muncher.cs.uoguelph.ca>
	<030A8229-9707-4F70-B4BE-584F1BF9ECEC@FreeBSD.org>
	<Pine.GSO.4.63.0911091744570.18527@muncher.cs.uoguelph.ca>
X-Mailer: Apple Mail (2.936)
Cc: freebsd-current Current <freebsd-current@FreeBSD.org>
Subject: Re: Help needed: TCP Wizards (was 8.0-RC1 NFS client timeout issue)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 23:45:50 -0000

On Nov 9, 2009, at 3:04 PM, Rick Macklem wrote:
[ ... ]
> It was usually triggered by a server reboot. After the server reboot,
> the server does send an RST to the client. This seems legit, but might
> be what makes Cisco think that "bad things" are happening? (I have no
> access to info about the switches or their configuration, although the
> campus standard is for these ports to be used by a single desktop  
> machine
> only and not a switch or hub.)

The description you've provided suggests your network admins are  
configuring end-user ports with "Port Fast" to avoid the time required  
to do spanning tree learning & detection; they want you to not use a  
switch or hub on such ports to avoid the risk of creating a loop.   
Cisco routers have some options which cause them to drop packets and  
disable the port in such a mode if it sees more than the allowed # of  
ether MAC addresses coming from that port, or if it receives BPDU  
packets indicating that a switch was connected to the port; however,  
this wouldn't cause RST packets to be generated, you'd just lose your  
uplink.

Seeing forged RST packets suggests that something like the Sandvine  
PTS equipment is also around on that network.

Regards,
-- 
-Chuck