I’ve installed Sles11 SP2 for VMWare on my vmware 5.0U1 farm enterprise plus and I’m having problems with external clients (VPN) that connects to informix database via ODBC.
The behaviour its very extrange because at first, users can connect and work without problems but at not determinated moment drops connection and its impossible connect again (no ping, etc…). SuseFirewall2 its stopped and no rules are added but I noticed that If I start and stop susefirewall services starts to work again but in minutes drops again.
I have no idea that whats its happens, with Sles10 on physical machines works perfectly.
I’m very worried with that because its our database production server.
So… SLES works, but VMware environments have a problem? What is
VMware doing with your connections?
The easiest way to see the firewall settings is to get the output of the
following… it should be pretty short if you have the firewall “stopped”:
sudo /usr/sbin/iptables -nvL
Also, even a default firewall configuration doesn’t cut of connections
intermittently, and any blocking it does shows up in /var/log/firewall
so as a result I’m pretty sure this isn’t SLES.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
This “could” be relevant… but the guest side offloading often times conflicts
with the server/hypervisor side NIC offloading driver… so disable offloading
on the client side.
SUSE 11+ Linux Variants (disabling on boot)
To disable the options as a part of the boot up process. Edit
/etc/sysconfig/network/ifcfg-eth (where is the identified for the
virtual NIC you are targeting). Inside of that file add/edit the variable
ETHTOOL_OPTIONS. For example, if the target virtual NIC is eth0, edit
/etc/sysconfig/network/ifcfg-eth0 and make sure it has the following variable set:
ETHTOOL_OPTIONS=‘-K eth0 gso off tso off’
To do this live you can just issue the options above directly to ethtool for you
interface (above assumed eth0).
We have 10Gbit NICs in our hosts and without disabling the offloading our
performance degrades to Kbits (yes… that bad)
Again… not saying this is the source of your headache… but what I listed here
is relevant for Gbit NICs as well as 10Gbit.
I am also running ESX 5.0U1
On 11/08/2012 10:14 AM, jesussanmol wrote:[color=blue]
Hi all,
Sorry for my english.
I’ve installed Sles11 SP2 for VMWare on my vmware 5.0U1 farm enterprise
plus and I’m having problems with external clients (VPN) that connects
to informix database via ODBC.
The behaviour its very extrange because at first, users can connect and
work without problems but at not determinated moment drops connection
and its impossible connect again (no ping, etc…). SuseFirewall2 its
stopped and no rules are added but I noticed that If I start and stop
susefirewall services starts to work again but in minutes drops again.
I have no idea that whats its happens, with Sles10 on physical machines
works perfectly.
I’m very worried with that because its our database production server.
the symptoms sound like a case I had debugged a few days ago - does your setup include a separate VPN router that does run parallel to the default router, from SLES11SP2’s point of view?
Yes I have a separate VPN Router from default router, its that the problem? I’m trying to understand but I dont know what to do for fix that situation. I’m thinking to install sles 10 sp2 but i’m not sure to do that and everything works fine.
Yes I have a separate VPN Router from default router, its that the problem?
my suspicion is towards trouble with ICMP redirect handling in the Linux kernel that is shipped with SLES11SP2 - if your VPN router is in the same network as your SLES11SP2 server and you have no explicit route set for the VPN network, you’re likely to run into the problems I’m thinking of. (see this recent thread: https://forums.suse.com/showthread.php?1903-SLES-11-SP2-for-VMware-lose-connectivity)
If I’m right, the cure is simple: At the SLES11SP2 server, add an explicit route for the VPN network, pointing at the VPN router.
Of course, as I had just debugged such a case, this may be a case of selective recognition… like when you have a new car, you seem to notice that the same model is everywhere around you
Yes I have a separate VPN Router from default router, its that the problem?
my suspicion is towards trouble with ICMP redirect handling in the Linux kernel that is shipped with SLES11SP2 - if your VPN router is in the same network as your SLES11SP2 server and you have no explicit route set for the VPN network, you’re likely to run into the problems I’m thinking of. (see this recent thread: https://forums.suse.com/showthread.php?1903-SLES-11-SP2-for-VMware-lose-connectivity)
If I’m right, the cure is simple: At the SLES11SP2 server, add an explicit route for the VPN network, pointing at the VPN router.
Of course, as I had just debugged such a case, this may be a case of selective recognition… like when you have a new car, you seem to notice that the same model is everywhere around you
Regards,
Jens[/QUOTE]
I think we are having similar issues since upgrading to OES 11 SP1/SLES11SP2 19 days ago. The problem really didn’t start seeing itself until earlier this week. I was getting reports of computers not able to reach the server. I had them ping the server and get no response, but the computer right next to it would get a response. Changing the IP address of the computer worked though! A tcpdump of the server showed the computer that was not working requesting a ping, but no response was sent. I’ll look into the explicit route and see if that’s an issue. Could we expect a fix for this in the future?
Hi, Yes I set explicit routes and the did not work. I cant understand why drop connections; for example clients in the same subnet are working normal but in some time a few client works and others doesn’t, the I restart SuseFirewall service and the stop again (because Susefirewall is stopped) and everything works again for all clients. I can’t find a solution.
[QUOTE]The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}. (Which means it can be set
on each individual interface, or globally. The global setting will override the
individual interface settings).[/QUOTE]
“max value from conf/{all,interface}/rp_filter” is something totally different from “The global setting will override the
individual interface settings” as setting “2” at the interface level will not be overridden by “1” at the global level?!?
