[lug] Dropped packet issue revisited

Chip Atkinson chip at pupman.com
Tue Oct 1 08:24:14 MDT 2013


I dumped the traffic this morning since I was still seeing some dropped
packets.  Looking at them, I saw almost entirely udp traffic, most of
which were fragments and then assembled into huge dns queries.  Googling,
I found this link:
http://forums.whirlpool.net.au/archive/2162334
which was the exact description of what is going on.
Further investigation revealed that my name server was allowing recursive
lookups.  
Adding 
recursion no;
to the external view and restarting the nameserver stopped the recursive
lookups.  
Now to see if things change a bit.

On Mon, 30 Sep 2013, Chip Atkinson wrote:

> Hi everyone,
> 
> Thanks for your help last week.  I spent a few hours working on the
> problem yesterday and believe that it's now fixed.  The most likely cause
> was a cable.  After replacing that particular one, the problems started
> drying up.  Granted it could have been something else and part of me wants
> to put the suspect cable back in, but I'm torn between moving on with my
> life and validating my suspicion.
> 
> One red herring worth mentioning was that I was using ping as a diagnostic
> tool against the comcast name servers.  Turns out that DNS queries went
> quite quickly whereas pings were sometimes getting dropped.  It makes
> sense that DNS queries would get the best QoS ratings(?).  I ended up
> using dig which reports query times and they were all in the few
> millisecond ranges.
> 
> Thanks again.
> 
> Chip
> 
> On Fri, 27 Sep 2013, Chip Atkinson wrote:
> 
> > Hmmmm... yeah, this would fit the behavior of some packets getting
> > through, others not.  Right now I'm not in front of the machine and only
> > one interface is plugged in (and the management interface is unplugged
> > too), so if I make a mistake I'll cut myself off entirely.  
> > 
> > On Fri, 27 Sep 2013, Orion Poplawski wrote:
> > 
> > > On 09/27/2013 11:14 AM, David Frye wrote:
> > > > Looks like your packet reassembly is a really hight number, and I'm not sure what is causing the packets to arrive broken. The number of reassembled packets is about 2.5 times the total number of incoming packets, so that's a lot of extra overhead for the device.
> > > 
> > > MTU settings?
> > > 
> > > 
> > > -- 
> > > Orion Poplawski
> > > Technical Manager                     303-415-9701 x222
> > > NWRA, Boulder/CoRA Office             FAX: 303-415-9702
> > > 3380 Mitchell Lane                       orion at nwra.com
> > > Boulder, CO 80301                   http://www.nwra.com
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> > > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> > 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> 



More information about the LUG mailing list