I had one hell of a networking problem crop up at a client the other day. I was called in to troubleshoot an odd problem where some machines suddenly could not get to the internet... sometimes.

Damn I just LOVE problems that start like this. I poked around and checked their router and rebooted their shittier-than-turds Dell VLAN switches and came up with nothing.

The router has several interfaces and the only ones being affected where those which have VLAN's on them, so I was fairly suspicious of those Dell switches since they've given me trouble with VLAN's before, but the symptoms here were downright bizarre.

I did some packet monitoring and some other experimentation and came up with the following observations:

- Local internetwork traffic is mostly passed just fine (there was one case where we saw some packet loss from one VLAN subnet to another but it could have been a fluke)
- From the affected machines, Internet bound traffic goes in the switch and never comes out-- doesn't even make it to the router.
- Moving devices from one switch port to another would sometimes make them work--or if they were working, fail to work. But the problem was never static across any given ports.

After several hours of troubleshooting and headscratching, I had but one pathetically weak theory. I knew that new device had been connected to the network, and we eventually found that after unplugging this device, the problem seemed to gradually clear up, however plugging the device in did not reintroduce the problem, at least not within a reasonable period of time. The new device was connected across a hallway using a patch cable that was getting walked on. The cable under the hallway rug was stupid yes, but I didn't immediately associate it with this strange network-wide problem, but that became my main hypothesis, because everything else had been eliminated.

So we tested it. We went and started jumping up and down on the cable and sure enough, some of the machines on the network lost Internet connectivity. And unplugging the cable and rebooting the switches restored it.

So there you have it. Bad patch cables can seriously fuck up your network, especially if you're using Dell switches. But wait, how does one broken cable connected from a switch to just one device cause only certain packets with certain destinations to disappear? I HAVE NO FUCKING CLUE!

Posted by ra in computerish at 22:52 | Comment (1) | Trackbacks (0)

Kind of like VOIP, but the voice is mostly replaced by silence.

I put together my awesome Asterisk server last year, bought five SIP phones on ebay, and was ready to rock. I guess I was thinking "if you build it, they will call" but it's been a bit lamer than that.

It's not all bad though. Despite that hardly anyone dials our VOIP number because they already have our cell numbers, it's nice to have for emergencies if teh cell network is doing the suckage, or battery is dead, etc. Most of our calls are internal (call downstairs from the bedroom, etc), which is certainly convenient, even if it seems a bit silly at times.

I have been racking up some minutes on my home-office VOIP line however, which rings only at my desk and the softphone on my laptop, so I don't feel that my PBX is not going to waste, even if it is underutilized.

I still need to finish hacking my PAP2 ATA (ugh., still haven't broken in) and I'm going to play with conference calling when I get a chance, and oops-- I still need to arrange to test 911 dialing; but in the mean time my little Asterisk server is doing everything I need and much, much more.

Posted by ra in computerish at 01:24 | Comments (0) | Trackbacks (0)

OK, I'm back and I'm going to try not to let my blog rot, like almost EVERYONE else's I know...

Recently I've had a awful pain in my side, and it turned out to be a pointy Cisco license restriction.

It started with sporadic trouble at the client as they began to use their VPN's more heavily. They had purchased a Cisco ASA 5505 to use as their VPN router, on my recommendation, and everything had been fine until we added another IPSEC tunnel and had more people accessing the remote sites. After some experimentation, we found the magic number to be 10 users, after which no one else could connect to anything across the VPN's.

Whoa... that sounds just like the "user" limit on this device! I hate user limits. Artificial restrictions on the capability of some hardware tends to piss me off. But I digress... This user limit restriction was a complete surprise because although we purchased a "10 user" ASA, I had talked to two different Cisco reps before the purchase to clarify the meaning of this and had been assured that this "user" limit did not pertain to users/IP's connecting over the IPSEC tunnels, and we didn't care about anything else as this device is strictly a VPN-gateway--they already have a m0n0wall in use as their primary internet gateway router.

So, Cisco screwed up. Fortunately I am a digital pack-rat and could produce a year-old email proving that the rep told me that the "user" limit meant 10 IPSEC tunnels with no limit on number of users. The truth is that there were two limits: 10 tunnels AND 10 users/IP's. Unfortunately, it took about two and a half weeks of dealing with assorted Cisco people to finally get a resolution, in the form of a free unlimited user license upgrade.

The outcome is satisfactory, but it really pisses me off that I had to waste so much time troubleshooting and getting it resolved after I tried hard to avoid this very problem by contacting them before buying. Furthermore, based on my conversations with half a dozen Cisco employees I can say that most of them didn't really understand the licensing terms of their own product, which is pretty sad. How am I supposed to understand if they don't? The less clear the license terms, the more likely that someone is going to get surprised by some restriction at the worst possible moment, and then swear off ever buying that brand again.

Posted by ra in computerish at 00:35 | Comments (3) | Trackbacks (0)

I mentioned in a previous post that I had, for a time, both DSL and cable internet; but I didn't go into detail about how had my router hooked up to both lines, routing traffic over them concurrently. It's time to rectify that omission. Although this multihomed configuration did not last long, I'm still using pretty much the same tools/config to take advantage of the multiple IP addresses I've managed to snag from my ISP.

This is how I've setup my Linux 2.6-based router using 'ip route', 'ip rule' and iptables to get WAN-bound traffic coming from the local subnets to exit one of several WAN links depending on different criteria; mostly source IP.

Posted by ra in computerish at 22:49 | Comments (0) | Trackbacks (0)

My router had been begging for a VLAN switch for some time. With seven ethernet interfaces, things were getting a little out of hand.

While designing a wireless network for a big client and spec'ing out the hardware, I found just the thing. The Netgear FS726TP. Like many people, I've been burned by the crappy plastic-encased Netgear consumer grade stuff in the past, however I'm a big fan of their higher quality ProSafe gear, especially the WG302 and WG102 access points which comprise my home wireless network.

I was impressed with the specs of the FS726TP, for the price, and had tentatively planned to buy one for myself once the client's project was complete and I had verified the switch would meet my own needs as well. As soon as the gear for the project came in, I put the switches to the test.

Posted by ra in computerish at 09:29 | Comments (0) | Trackbacks (0)

I recently got my first new keyboard in a long time. In the past there have been very few viable options in keyboards for me, because of a lack of industry interest in ergonomic, corded keyboards (the only kind I like to use). I've seen cordless ergo keyboards around but I'm still a little wary of broadcasting my every keystroke through the air. I've experienced problems with wireless keyboards at client offices where different keyboards and receivers crossed signals and I actually saw one that was receiving input from the wrong keyboard 35 ft away, and through multiple walls. Yikes.

So I finally found a nice corded one. It is the Microsoft Comfort Curve 2000. This one is not actually split-style like my old favorites, the Microsoft Natural series, but instead incorporates some stretched and curved keys to give you similar hand position as the old style. It's also black, and looks awesome. I hate the way beige keyboards look over time. Even if you keep them clean, they start to yellow and look like crap. The Comfort Curve feels very good and it's is a big improvement over my old keyboard, which was quite noisy. It uses very short, low profile keys and they are very quiet even with fast and heavy typing. Oh how I love quiet keyboards!

Posted by ra in computerish at 12:24 | Comments (0) | Trackbacks (0)

I've known about Squid for years, but only recently got an excuse to play around with it. I commented about the stupidity of someone blocking IP addresses on a firewall to prevent people from wasting time on non-work websites, and before I knew it I was setting up a new Squid server. I think my comment was something about "the wrong tool for the job". I didn't know enough about Squid to know if it was the right tool, but after some research I was confident it could meet the needs of this client, and at the right price.

As I got started, I was struck by the depth of the configuration file. I admit I got a little lost in it. I finally managed to configure a basic installation for user access control (I disabled caching due to the age/speed of the server). Now that I've configured a few servers, I'm liking squid more and more. We're planning some new installations, this time more for caching purposes than access control, so I'll get to put that aspect of Squid's features to the test as well. I have to say I'm not a big fan of seafood, but I really do like Squid!

Posted by ra in computerish at 21:39 | Comments (0) | Trackbacks (0)