From owner-freebsd-isp Thu Dec 13 7:50:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from norad.inetu.net (norad.inetu.net [209.235.223.59]) by hub.freebsd.org (Postfix) with ESMTP id CB68637B405 for ; Thu, 13 Dec 2001 07:50:15 -0800 (PST) Received: from localhost (maxiter@localhost) by norad.inetu.net (8.9.3/8.9.3) with ESMTP id KAA20597 for ; Thu, 13 Dec 2001 10:50:14 -0500 (EST) Date: Thu, 13 Dec 2001 10:50:14 -0500 (EST) From: Mark To: freebsd-isp@freebsd.org Subject: network issue Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Although this is not directly a FreeBSD issue, I pose this question here knowing this group has run across lots of unique issues. We have a pair of 7200 routers connected to a Catalyst 6509. To the Cat are connected about a dozen Bay/Nortel switches (303, 310, 350s). The issue we have looks most like an arp-related (poison, or flood?) issue. It has occured without warning twice in one day (about 18 hours apart). None of the devices on our nework showed traffic spikes or other suspicous activity. Best as I can tell, all devices connected to the same switch can still reach each other, but connectivity between switches is not consistant. Some devices may be able to reach all other devices. For example: Server A is on switch 1, server B and C are on switch 2. When the problem occurs, B and C can still talk, but A can only talk to B, NOT C. However, a fourth server D on another switch, can continue to reach all devices (???). Both times the problem has come up, the connectivity issues appearted to be exactly the same (???), but this is based on a smaller sampling of data. Resetting the ethernet module on the cat (which the Bays are connected to) resolves the problem. None of our servers or monitoring boxes have reported suspicious ARP activity (such as moving or changing ARPs). Unfortunately, I don't know to much about what has happened, so I can't be more specific. However, any suggestions to tools (already using snort, just setup argus) I can use to monitor or suggestions as to potential cause would be greatly appreciated. I'll entertain any option. TIA! --------------------------------------------------- Mark Rekai - INetU, Inc.(tm) - http://www.INetU.net Electronic commerce - Web development - Web hosting Mark@INetU.net - Phone: (610) 266-7441 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message