IP SLA packet length
Can anybody clarify for me the total size of an IP SLA packet? We are going to be using UDP Jitter probes, and the way I see it it should be like this -
Setup -
52 byte control packet exchange to set up measurement phase, then
Measurement-
20 byte IP Header + 8 byte UDP Header + 12 byte RTP Header + 32 byte payload (default) = 78 bytes
Is there a teardown packet exchange as well?
thanks,
Alex
ok, the math is wrong (72 byte total), but the question is still the same.
Similar Messages
-
Packet length mismatch 14336,56 on x2100 after patch 118855-19
I'm new to solaris, and I don't currently have a solaris support contract.
After installing solaris 10 6/06 onto my shiny new x2100 (base model) and installing the latest available patches (as of this posting), I started seeing the following message repeated every few seconds in the system log:
ip: [ID 498608 kern.notice] Packet length mismatch: 14336, 56
Backing out 118855-19 causes the message to stop appearing.
Other than this message, I don't believe I have encountered any actual problems (yet).
Any suggestions on whether I should:
- continue to ignore this message;
- back out the patch;
- post this in another forum;
- try to investigate?
Update:
The following messages have also appeared in the system log during shutdown:
ip: [ID 646971 kern.notice] ip_create_dl: hw addr length = 0
ip: [ID 200596 kern.error] bge0: <unknown primitive> failed: DL_UNSUPPORTED
Message was edited by:
Mike_WattersHi!
I have this patch installed, but I haven't this problem (I use IPv4).
$ uname -srvmpi
SunOS 5.10 Generic_118855-19 i86pc i386 i86pc
1) Check that all recommended patches was applied.
2) It seems to me, that one of your application uses raw socket interface
(IP_HDRINCL, see /usr/include/netinet/in.h, ip(7p), ip6(7p), icmp6(7p)), and
length field (ip_len, see /usr/include/netinet/ip.h) in raw packet from
application supplied in wrong byte sequence (application was design for big
endian computer).
Usually kernel drops that kind of packets silently. May be new ip driver
(/kernel/drv/ip.conf), which includes in this patch starts to work in verbose
mode...
Try to find this application by stopping applications one by one. -
We are getting frequent partition crashes in various service objects with
this type of exception:
FATAL ERROR: Packet length extracted from data is illegal (0x6d70).
Class: qqsp_ImplementationException
Error #: [501, 93]
Detected at: qqcm_FortePacket::ReadHeader at 1
Error Time: Tue May 22 17:43:54
Exception occurred (locally) on partition "a_service_server_cl0_Part9",
(partitionId = C83527E0-0DB4-11D5-B381-ED2750E6AA77:0x69ba, taskId =
[C83527E0-0DB4-11D5-B381-ED2750E6AA77:0x69ba.5]) in application
"a_service_server_cl0", pid 4091 on node tronsha4 in environment
mdlprime.
We are running Forte 3.0.M.6, compiled, on Solaris 2.6 with the most recent
patches. I haven't found anything on this in the tech notes or the
forte-users archive. I would suspect some port scanner activity, but this
system is not attached to the public network, so I don't think that is
possible.
Any information would be greatly appreciated.
Thanks,
Mike Lapeyre
EDS bluesphereDo you have any docs or infos with "mib" oder something i should check is the ap is a good condition. i have the problem that sometimes some aps "die" -> i have to reboot them, the problem is that i have to drive to them, they are not in my office.
hope you can help me
bernhard -
Hi,
We have a SessionBean that is being called very often. Whenever
the SB method is called, we do a select from dual to access a
sequence.
After a while, we start getting a SQLException (see below for
stacktrace) with "Invalid Packet Length" message.
The first exception is on the PreparedStatement.close() and the
following exception are in the Connection.prepareStatement()
method.
Does anybody have an idea of the cause of the problem?
java.sql.SQLException: Io exception: Invalid Packet Lenght
at oracle.jdbc.dbaccess.DBError.throwSqlException
(DBError.java:168)
at oracle.jdbc.dbaccess.DBError.throwSqlException
(DBError.java:210)
at oracle.jdbc.dbaccess.DBError.throwSqlException
(DBError.java:323)
at oracle.jdbc.driver.OracleStatement.close
(OracleStatement.java:604)
at oracle.jdbc.driver.OraclePreparedStatement.privateClose
(OraclePreparedStatement.java:290)
at oracle.jdbc.driver.OraclePreparedStatement.close
(OraclePreparedStatement.java:235)
at
itc.epc.components.docManager.SBDocManagerBean.getUniqueKey
(SBDocManagerBean.java:2048)
at
itc.epc.components.docManager.SBDocManagerBean.createDocument
(SBDocManagerBean.java:156)
at
itc.epc.components.docManager.SBDocManagerBean.createDocument
(SBDocManagerBean.java:101)
at
itc.epc.components.docManager.SBDocManagerBean.createDocument
(SBDocManagerBean.java:251)
at
com.sssw.gen.ejb.EJB_DocManagerDeployed.itc.epc.components.docMan
ager.SBDocManagerObject.createDocument
(SBDocManagerObject.java:487)
at
com.sssw.gen.ejb.EJB_DocManagerDeployed.itc.epc.components.docMan
ager.SBDocManagerObjectPOATie.createDocument
(SBDocManagerObjectPOATie.java:1038)
at
itc.epc.components.docManager._SBDocManager_Stub.createDocument
(_SBDocManager_Stub.java:2660)
at itc.fs_model.parser.ModelBuilder.storeReferenceFileInfo
(ModelBuilder.java:827)
at
itc.fs_model.parser.ModelBuilderCreateMode.createReferenceFile
(ModelBuilderCreateMode.java:295)
at itc.common.xmlparser.XMLParser.exportReferenceFile
(XMLParser.java:467)
at itc.common.xmlparser.XMLParser.exportOneScenario
(XMLParser.java:319)
at itc.common.xmlparser.XMLParser.exportScenarios
(XMLParser.java:242)
at itc.common.xmlparser.XMLParser.traverseTree
(XMLParser.java:210)
at itc.common.xmlparser.XMLParser.parseFile
(XMLParser.java:135)
at itc.fs_model.parser.ModelBuilder.start
(ModelBuilder.java:628)
at itc.fs_model.parser.ModelBuilderCreateMode.start
(ModelBuilderCreateMode.java:351)
at
itc.epc.components.docManager.SBDocManagerBean.createScenario
(SBDocManagerBean.java:1547)
at
com.sssw.gen.ejb.EJB_DocManagerDeployed.itc.epc.components.docMan
ager.SBDocManagerObject.createScenario
(SBDocManagerObject.java:718)
at
com.sssw.gen.ejb.EJB_DocManagerDeployed.itc.epc.components.docMan
ager.SBDocManagerObjectPOATie.createScenario
(SBDocManagerObjectPOATie.java:968)
at
itc.epc.components.docManager._SBDocManager_Stub.createScenario
(_SBDocManager_Stub.java:1845)
at com.interfacing.epc.ui.admin.UploadModelAction.perform
(UploadModelAction.java:167)
at
org.apache.struts.action.ActionServlet.processActionPerform
(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process
(ActionServlet.java:1586)
at org.apache.struts.action.ActionServlet.doPost
(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at com.sssw.srv.resources.AgWarResource.doServletDispatch
(AgWarResource.java:796)
at com.sssw.srv.resources.AgWarResource.service
(AgWarResource.java:572)
at com.sssw.srv.resources.AgWarURLResource.perform
(AgWarURLResource.java:114)
at com.sssw.srv.http.httpd.perform(httpd.java:4560)
at com.sssw.srv.http.Client.processRequest(Client.java:883)
at com.sssw.srv.http.Client.loop(Client.java:1217)
at com.sssw.srv.http.Client.runConnection(Client.java:1421)
at com.sssw.srv.http.Client.run(Client.java:1381)
at java.lang.Thread.run(Thread.java:484)Hi,
your router will drop the over sized packet if the DF flag is set. However, it will return a message to the originating device showing packet oversize.
You can try setting the router logging to debug and verbose. This should return the originating IP. One other thing that you can do is take a close look at any devices that you have setup.
Additionally, you can try changing the MTU on the router but this could result in performance
degradation. Alternatively, if you can identify the originating device, you can try changing
the MTU there as well.
HTH
Houtan -
SSH Disconnecting: Bad packet length
If I log into my new Xserves (running 10.4.4) using an invalid username, after I submit a password, ssh will hang for a long time then report:
Disconnecting: Bad packet length xxxxxx
My older Xserves (running 10.2 and 10.3) don't have this problem, they will just say "Permission denied, please try again" and prompt for the password again. eventually they'll disconnect you, but not with an error.
Has Apple supplied a new version of SSH in 10.4 that is broken in some way?
I have noticed this on both OS X server, and the desktop version (All at 10.4.4)
This doesn't seem to be a problem if you use a valid login, only when you use an invalid userid.
Any one else run into this? Any idea how to make ssh behave?
thanks
-jasonIn this case I was attempting to connect via my laptop (a powerbook) that was connected to the servers via a gigabit switch (the only intervening piece of equipment). Needless to say, these are about the most reliable connections you could expect to have.
However, I've seen this behavior, when connecting to:
2 different Xserves running 10.4.4 Server
1 DualG5 powermac running 10.4.4 and
1 Powerbook also running 10.4.4
However when connecting to 10.2.x or 10.3.x servers, I receive the Permission denied response as one would expect.
I just had an epiphany ....
While attempting to disable password authentication on the 2 xserves altogether, I had to set not only "PasswordAuthentication no", but also "UsePAM no".
So, perhaps the problem is that UsePAM is set to yes by default....
I just attempted to log in to my workstation (10.4.4 with an unmodified sshd_config file) using a bogus username and I received:
"Disconnecting: Bad packet length 4185019582" after an extended delay
Then I changed the config file to set "UsePAM no" and tried the login again. this time I received:
"Permission denied, please try again." almost immediately
So, It appears that the default configuration that has PAM enabled for sshd is the problem here.
Thanks for having me revisit this after sitting on it for a couple of days. It led me to the solution.
-jason -
Invalid packet length error in logs
For over a week now I’ve been getting the following error in my log once a minute:
Invalid packet (too large) length=17247
I’ve seen it stop for maybe an few hours a couple times but otherwise it’s constant. Anyone know how to track down who or what is sending this invalid packet?
ThanksHi,
your router will drop the over sized packet if the DF flag is set. However, it will return a message to the originating device showing packet oversize.
You can try setting the router logging to debug and verbose. This should return the originating IP. One other thing that you can do is take a close look at any devices that you have setup.
Additionally, you can try changing the MTU on the router but this could result in performance
degradation. Alternatively, if you can identify the originating device, you can try changing
the MTU there as well.
HTH
Houtan -
Java.sql.SQLException: invalid packet length
can i get more info on this , the application has been running for some time , we are now getting the above message
What version is the DBMS? Off hand, if you get this type of error by backing the Java version in or out,
I'd file an official bug and let the driver and JVM folks figure it out... -
EEM- Email alert with IP SLA Based on Packet Loss
hi joseph,
i need your advise, i want to get alert email based on IP SLA Packet loss
the scenarion as below :
1. If the traffic hit threshold packet loss greater than 20% as long 15 minutes --> send email
2. If reset condition packet loss eq 0% as long 15 minutes --> send email again
I don't know how to configure it condition. could you help me to verify my configuration below?
ip sla logging traps
ip sla 1
icmp-jitter 10.216.0.105 source-ip 10.216.0.107 num-packets 100 interval 40
frequency 50
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react Packetloss threshold-value 3 1 threshold-type immediate action-type trapOnly
ip sla enable reaction-alerts
event manager applet TEST
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 2.0 mail server "10.240.0.10" to "[email protected]" from "[email protected]" subject "Alert for Intermittent Link" body "link intermittent in x %"
thank youWhat's you have could work with a few modifications. First, increase that threshold-value of 3 to 20. You can leave the falling threshold value of 1. You'll need to add another applet to match the falling threshold syslog message. Not sure exactly what that one will look like.
The first applet will look like this:
event manager environment q "
event manager applet ipsla-threshold-exceeded
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 001 cli command "enable"
action 002 cli command "config t"
action 003 cli command "no event manager applet ipsla-healthy"
action 004 cli command "event manager applet ipsla-unhealthy"
action 005 cli command "event timer countdown time 900"
action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Alert for Intermittent Link$q body $q link intermittent in 20 %$q"
action 007 cli command "action 2.0 cli command enable"
action 008 cli command "action 3.0 cli command $q config t$q"
action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-unhealthy$q"
action 010 cli command "action 5.0 cli command end"
action 011 cli command "end"
And the second applet (the one where you'll need to fill in the appropriate syslog pattern) will look like:
event manager applet ipsla-threshold-normal
event syslog pattern "FALLING THRESHOLD PATTERN HERE"
action 001 cli command "enable"
action 002 cli command "config t"
action 003 cli command "no event manager applet ipsla-unhealthy"
action 004 cli command "event manager applet ipsla-healthy"
action 005 cli command "event timer countdown time 900"
action 006 cli command "action 1.0 mail server $q 10.240.0.10$q to $q [email protected]$q from $q [email protected]$q subject $q Link is stable$q body $q Link has been stable for 15 minutes$q"
action 007 cli command "action 2.0 cli command enable"
action 008 cli command "action 3.0 cli command $q config t$q"
action 009 cli command "action 4.0 cli command $q no event manager applet ipsla-healthy$q"
action 010 cli command "action 5.0 cli command end"
action 011 cli command "end" -
CRS IOS XR 4.2.3 ABF IP SLA
Dear all,
I got a problem when running Access-List Based Forwarding (ABF / PBR) with IP SLA.
The Cisco document its says Object Tracking IP SLA with ABF is supported on IOS XR 4.2.1, even with the sample.
http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.1/addr_serv/configuration/guide/ipaddr_cg41a9k_chapter1.html#concept_4CBDF391A97345A084853EE73C280FCE
If i looked at Feature Navigator, IP SLA is already supported on IOS XR 4.1.1, with MPLS package software.
But when i configured on CRS, IP SLA cannot be attached on ABF.
Log :
RP/0/RP0/CPU0:CG-P-03(admin)#show install activ sum
Mon Feb 18 17:28:28.023 WIB
Default Profile:
Admin Resources
SDRs:
Owner
Active Packages:
disk0:hfr-mini-px-4.2.3
disk0:hfr-doc-px-4.2.3
disk0:hfr-services-px-4.2.3
disk0:hfr-mpls-px-4.2.3
disk0:hfr-mgbl-px-4.2.3
disk0:hfr-mcast-px-4.2.3
disk0:hfr-px-4.2.3.CSCuc41902-1.0.0
disk0:hfr-px-4.2.3.CSCuc11390-1.0.0
disk0:hfr-fpd-px-4.2.3
disk0:hfr-diags-px-4.2.3
RP/0/RP0/CPU0:CG-P-03(config)#track track?
WORD
RP/0/RP0/CPU0:CG-P-03(config)#track track1
RP/0/RP0/CPU0:CG-P-03(config-track)#type rtr 1 rea
RP/0/RP0/CPU0:CG-P-03(config-track)#delay up 5
RP/0/RP0/CPU0:CG-P-03(config-track)#delay down 10
RP/0/RP0/CPU0:CG-P-03(config-track)#comm
Mon Feb 18 17:29:21.213 WIB
RP/0/RP0/CPU0:CG-P-03(config-track)#ipv4 access-list testtrack
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit any nexthop1 ?
ipv4 Enter nexthop1 ipv4 address
vrf Enter specific VRF Name for this nexthop
<cr>
RP/0/RP0/CPU0:CG-P-03(config)#ipsla
RP/0/RP0/CPU0:CG-P-03(config-ipsla)#operation 1
RP/0/RP0/CPU0:CG-P-03(config-ipsla-op)#type icmp echo
RP/0/RP0/CPU0:CG-P-03(config-ipsla-icmp-echo)#destination add 1.1.1.1
RP/0/RP0/CPU0:CG-P-03(config-ipsla-icmp-echo)#frequency 60
RP/0/RP0/CPU0:CG-P-03(config-ipsla-icmp-echo)#exi
RP/0/RP0/CPU0:CG-P-03(config-ipsla-op)#exi
RP/0/RP0/CPU0:CG-P-03(config-ipsla)#schedule operation 1
RP/0/RP0/CPU0:CG-P-03(config-ipsla-sched)#start-time now
RP/0/RP0/CPU0:CG-P-03(config-ipsla-sched)#life forever
RP/0/RP0/CPU0:CG-P-03(config-ipsla-sched)#commit
Mon Feb 18 17:31:42.496 WIB
RP/0/RP0/CPU0:CG-P-03(config)#ipv4 access-list testtrack
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 ?
A.B.C.D Enter nexthop1 IPv4 address
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 1.1.1.1 ?
nexthop2 Enter another nexthop
<cr>
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 1.1.1.1 track track1
^
Theres no option track on CLI, even if i specified track, CLI said error / invalid input.
Is there anything to make the ABF IP SLA run on CRS ?
Thanks,
Budi LHi Parthiv,
i have already test the configuration, but it cannot work:
RP/0/RP0/CPU0:CG-P-03#sh run | in track
Thu Feb 21 15:22:15.039 WIB
Building configuration...
track track1
RP/0/RP0/CPU0:CG-P-03#sh run track
Thu Feb 21 15:22:18.739 WIB
track track1
type rtr 1 reachability
delay up 5
delay down 10
RP/0/RP0/CPU0:CG-P-03#sh run ip sla
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03#sh run sla
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03#sh run ipsla
Thu Feb 21 15:22:32.501 WIB
ipsla
operation 1
type icmp echo
destination address 1.1.1.1
frequency 60
schedule operation 1
start-time now
life forever
RP/0/RP0/CPU0:CG-P-03#sh run access-l
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03#sh run ipv4 access-list
Thu Feb 21 15:22:54.753 WIB
ipv4 access-list ospf_traffic
10 permit ospf any any
RP/0/RP0/CPU0:CG-P-03#conf t
Thu Feb 21 15:22:59.523 WIB
RP/0/RP0/CPU0:CG-P-03(config)#ipv4 access-list testtrack
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any ?
default Use specified default nexthop on match against this entry
dscp Match packets with given DSCP value
fragments Check non-initial fragments
log Log matches against this entry
log-input Log matches against this entry, including input interface
nexthop1 Forward to specified nexthop on match against this entry
packet-length Check packet length
precedence Match packets with given precedence
ttl match against ttl
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ?
ipv4 Enter nexthop1 ipv4 address
vrf Enter specific VRF Name for this nexthop
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 track track1 ipv4 1.1.1.1
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ?
ipv4 Enter nexthop1 ipv4 address
vrf Enter specific VRF Name for this nexthop
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ?
ipv4 Enter nexthop1 ipv4 address
vrf Enter specific VRF Name for this nexthop
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 ?
A.B.C.D Enter nexthop1 IPv4 address
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 track ?
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 1.1.1.1 ?
nexthop2 Enter another nexthop
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 1.1.1.1 track track1
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 track1 1.1.1.1
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#10 permit ipv4 any any nexthop1 ipv4 track track1 1.1.1.1
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:CG-P-03(config-ipv4-acl)#exit
RP/0/RP0/CPU0:CG-P-03(config)#exi
RP/0/RP0/CPU0:CG-P-03# -
Show IP SLA statistics output definitions
Does anyone have a link or documentation that defines ALL the fields in a show ip sla statistics command? Some are clearly obvious, but in Packet Loss Values for instance what are the measurement values for Source to Destination Loss Periods Number: or Source to Destination Loss Periods Number: ?
IPSLA operation id: 8502
Start Time Index: 13:56:14 UTC Tue Mar 25 2014
Type of operation: udp-jitter
Voice Scores:
MinOfICPIF: 0 MaxOfICPIF: 0 MinOfMOS: 0 MaxOfMOS: 0
RTT Values:
Number Of RTT: 48157 RTT Min/Avg/Max: 54/56/503 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
Number of SD Jitter Samples: 43824
Number of DS Jitter Samples: 43824
Source to Destination Jitter Min/Avg/Max: 0/1/142 milliseconds
Destination to Source Jitter Min/Avg/Max: 0/1/81 milliseconds
Packet Loss Values:
Loss Source to Destination: 96
Source to Destination Loss Periods Number: 796
Source to Destination Loss Period Length Min/Max: 1/17
Source to Destination Inter Loss Period Length Min/Max: 1/2828
Loss Destination to Source: 5746
Destination to Source Loss Periods Number: 4319
Destination to Source Loss Period Length Min/Max: 1/17
Destination to Source Inter Loss Period Length Min/Max: 1/321
Out Of Sequence: 0 Tail Drop: 1
Packet Late Arrival: 0 Packet Skipped: 0
Number of successes: 18
Number of failures: 30this is a great document as well, but doesn't dive down deep enough. The best example would be Packet Loss, where is says -
Packet Loss
Five types of packet loss or assimilated events can be measured with IP SLA:
Packet loss in the source to destination (packetLossSD)
Packet loss in the destination source (packetLossDS)
Tail Drop: we know it has been dropped, but we do not know in which direction. This is when the last packet(s) of the test streams were dropped, because in this case, we do not receive the sequence numbers. In older releases, this is called Packet MIA for missing in action. In the MIB, the notation PacketMIA is still in use.
Packet Late Arrival: the packet did arrive, but so late that the underlying application probably considered it as dropped, or at least not useful. Think about a VoIP application. If one packet arrives much later than expected, it is too late because the conversation keeps going. This packet is assimilated to a drop.
Packet Misordering: the packet arrived but not in the right order. This may or may not be considered as a packet drop. (packetOutOfOrder)
The cool thing is the power that lies behind those numbers. Differenct values can be calculated the way you want it. For instance the total amount of packet dropped is:
packetDropped = RTTMonPacketLossSD + RTTMonPacketLossDS + RTTMonPacketMIA
The total percentage of packets that have dropped during the instance is:
drop_rate_%age = 100 * packetDropped / (RTTMonNumOfRTT + packetDropped)
Many other values can be calculated, and that is entirely up to you to decide what parameters are important.
But does not address the fields that I am looking for -
Source to Destination Loss Period Length Min/Max: 1/17
Source to Destination Inter Loss Period Length Min/Max: 1/2828
Destination to Source Loss Periods Number: 4319
Destination to Source Loss Period Length Min/Max: 1/17
Destination to Source Inter Loss Period Length Min/Max: 1/321
appreciate all the input though Vinod! -
802.1x port authentication failing after getting a access-accept packet
Hi all,
Im not 100% sure what the hell is going on here.
Any idea's or help will be appreciated.
Heres the topology.
1 x windows 2012 NPS
1x 3750X
1x Windows 7 x64
data flow
<laptop> - - [gi 1/0/13]<3750X>[gi 1/0/48]- -[gi 5/39]<6513>[po 1] - - [po 4]<6509><5/1> - - <VMWARE>[NPS Server]
The switch that is doing the authentication is the 3750X. Here is the IOS version.
Switch Ports Model SW Version SW Image
* 1 54 WS-C3750X-48 15.2(1)E C3750E-UNIVERSALK9-M
A wireshark trace on the NPS server shows that the packets are arriving and being sent back
Wireshark on a mirror of the trunk port connecting the 6513. It also shows packets being sent and arriving. access-accept packets are being recieved.
As you can see in the debug output, the switch is getting a access-accept, then it is stating a AAA failure.
here is a debug output as you plug in the laptop.
Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
Oct 24 10:53:45.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:46.641: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:47.538: dot1x-ev:[Gi1/0/13] Interface state changed to UP
Oct 24 10:53:47.564: dot1x-packet:[6431.500e.9b00, Gi1/0/13] queuing an EAPOL pkt on Auth Q
Oct 24 10:53:47.572: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/13
Oct 24 10:53:47.572: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Oct 24 10:53:47.572: dot1x-packet: length: 0x0000
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 0,TYPE= 0,LEN= 0
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Couldn't find the supplicant in the list
Oct 24 10:53:47.572: dot1x-ev:[6431.500e.9b00, Gi1/0/13] New client detected, sending session start event for 6431.500e.9b00
Oct 24 10:53:47.572: AAA/BIND(00000047): Bind i/f
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Sending create new context event to EAP for 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.580: EAP-EVENT: Received context create from LL (Dot1x-Authenticator) (0x15000045)
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received AAA ID 0x00000047 from LL
Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: Assigning AAA ID 0x00000047
Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: CTS not enabled on interface Gi1/0/13
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received Session ID "C0A846660000004700DF6030" from LL
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Setting authentication mode: Passthrough
Oct 24 10:53:47.580: eap_authen : initial state eap_auth_initialize has enter
Oct 24 10:53:47.580: EAP-EVENT: Allocated new EAP context (handle = 0xE8000047)
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Created a client entry (0x15000045)
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Dot1x authentication started for 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.580: %AUTHMGR-5-START: Starting 'dot1x' for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.580: EAP-EVENT: Received EAP event 'EAP_AUTHENTICATOR_START' on handle 0xE8000047
Oct 24 10:53:47.580: eap_authen : during state eap_auth_initialize, got event 25(eapStartTmo)
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_initialize -> eap_auth_select_action
Oct 24 10:53:47.580: eap_authen : during state eap_auth_select_action, got event 20(eapDecisionPropose)
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_select_action -> eap_auth_propose_method
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_propose_method
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_propose_method -> eap_auth_method_request
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_method_request
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_method_request -> eap_auth_tx_packet
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Current method = Identity
Oct 24 10:53:47.580: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_ID_REQUEST' on handle 0xE8000047
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_tx_packet
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_tx_packet -> eap_auth_idle
Oct 24 10:53:47.589: EAP-AUTH-TX-PAK: Code:REQUEST ID:0x1 Length:0x0005 Type:IDENTITY
Oct 24 10:53:47.589: EAP-EVENT: Started 'Authenticator ReqId Retransmit' timer (30s) for EAP sesion handle 0xE8000047
Oct 24 10:53:47.589: EAP-EVENT: Started EAP tick timer
Oct 24 10:53:47.589: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_TX_PACKET' on handle 0xE8000047
Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
Oct 24 10:53:47.597: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Oct 24 10:53:47.597: dot1x-packet: length: 0x0005
Oct 24 10:53:47.597: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Oct 24 10:53:47.597: dot1x-packet: type: 0x1
Oct 24 10:53:47.597: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL packet sent to client 0x15000045
Oct 24 10:53:47.606: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Queuing an EAPOL pkt on Authenticator Q
Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 2,TYPE= 1,LEN= 31
Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.001f
Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
Oct 24 10:53:47.606: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Response sent to the server from 0x15000045
Oct 24 10:53:47.606: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_RX_PACKET' on handle 0xE8000047
Oct 24 10:53:47.606: EAP-AUTH-RX-PAK: Code:RESPONSE ID:0x1 Length:0x001F Type:IDENTITY
Oct 24 10:53:47.606: Payload: 47454E4552414C5C72616E64792E636F ...
Oct 24 10:53:47.606: eap_authen : during state eap_auth_idle, got event 1(eapRxPacket)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_idle -> eap_auth_received
Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response received by context 0xE8000047
Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response type = Identity
Oct 24 10:53:47.606: EAP-EVENT: Stopping 'Authenticator ReqId Retransmit' timer for EAP sesion handle 0xE8000047
Oct 24 10:53:47.606: eap_authen : during state eap_auth_received, got event 10(eapMethodData)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_received -> eap_auth_method_response
Oct 24 10:53:47.606: EAP-AUTH-EVENT: Received peer identity: GENERAL\randy.coburn.admin
Oct 24 10:53:47.606: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_IDENTITY' on handle 0xE8000047
Oct 24 10:53:47.606: eap_authen : during state eap_auth_method_response, got event 13(eapMethodEnd)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_method_response -> eap_auth_select_action
Oct 24 10:53:47.606: eap_authen : during state eap_auth_select_action, got event 19(eapDecisionPass)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_select_action -> eap_auth_passthru_init
Oct 24 10:53:47.606: eap_authen : during state eap_auth_passthru_init, got event 22(eapPthruIdentity)
Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_passthru_init -> eap_auth_aaa_req
Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_GET_PEER_MAC_ADDRESS' on handle 0xE8000047
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding Audit-Session-ID "C0A846660000004700DF6030" to RADIUS Req
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added Audit-Session-ID
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding IDB "0x070B90F8" to RADIUS Req
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added IDB
Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_AAA_REQUEST' on handle 0xE8000047
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: eap_auth_aaa_authen_request_shim aaa_service 19, eap aaa_list handle 0, mlist handle 0
Oct 24 10:53:47.614: AAA/AUTHEN/8021X (00000000): Pick method list 'default'
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Request sent successfully
Oct 24 10:53:47.614: eap_authen : during state eap_auth_aaa_req, got event 24(eapAAAReqOk)
Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_aaa_req -> eap_auth_aaa_idle
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute hwidb
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-type
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-service
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute clid-mac-addr
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute target-scope
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-unique-id
Oct 24 10:53:47.614: RADIUS(00000000): Config NAS IP: 0.0.0.0
Oct 24 10:53:47.614: RADIUS(00000000): sending
Oct 24 10:53:47.614: RADIUS/ENCODE: Best Local IP-Address 192.168.70.102 for Radius-Server 192.168.19.121
Oct 24 10:53:47.614: RADIUS(00000000): Send Access-Request to 192.168.19.121:1645 id 1645/21, len 288
Oct 24 10:53:47.614: RADIUS: authenticator F1 BA E5 31 71 54 BF 1A - A2 B1 5E 1A 63 72 1E 72
Oct 24 10:53:47.614: RADIUS: User-Name [1] 28 "GENERAL\randy.coburn.admin"
Oct 24 10:53:47.614: RADIUS: Service-Type [6] 6 Framed [2]
Oct 24 10:53:47.614: RADIUS: Vendor, Cisco [26] 27
Oct 24 10:53:47.614: RADIUS: Cisco AVpair [1] 21 "service-type=Framed"
Oct 24 10:53:47.614: RADIUS: Framed-MTU [12] 6 1500
Oct 24 10:53:47.614: RADIUS: Called-Station-Id [30] 19 "AC-F2-C5-75-7D-0D"
Oct 24 10:53:47.614: RADIUS: Calling-Station-Id [31] 19 "64-31-50-0E-9B-00"
Oct 24 10:53:47.614: RADIUS: EAP-Message [79] 33
Oct 24 10:53:47.614: RADIUS: 02 01 00 1F 01 47 45 4E 45 52 41 4C 5C 72 61 6E 64 79 2E 63 6F [GENERAL\randy.co]
Oct 24 10:53:47.622: RADIUS: 62 75 72 6E 2E 61 64 6D 69 6E [ burn.admin]
Oct 24 10:53:47.622: RADIUS: Message-Authenticato[80] 18
Oct 24 10:53:47.622: RADIUS: EE 52 4D ED B9 06 F3 CE 63 AC 9D 73 24 1B A7 ED [ RMcs$]
Oct 24 10:53:47.622: RADIUS: EAP-Key-Name [102] 2 *
Oct 24 10:53:47.622: RADIUS: Vendor, Cisco [26] 49
Oct 24 10:53:47.622: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A846660000004700DF6030"
Oct 24 10:53:47.622: RADIUS: Vendor, Cisco [26] 20
Oct 24 10:53:47.622: RADIUS: Cisco AVpair [1] 14 "method=dot1x"
Oct 24 10:53:47.622: RADIUS: NAS-IP-Address [4] 6 192.168.70.102
Oct 24 10:53:47.622: RADIUS: NAS-Port [5] 6 60000
Oct 24 10:53:47.622: RADIUS: NAS-Port-Id [87] 23 "GigabitEthernet1/0/13"
Oct 24 10:53:47.622: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Oct 24 10:53:47.622: RADIUS(00000000): Sending a IPv4 Radius Packet
Oct 24 10:53:47.622: RADIUS(00000000): Started 10 sec timeout
Oct 24 10:53:47.622: RADIUS: Received from id 1645/21 192.168.19.121:1645, Access-Accept, len 66
Oct 24 10:53:47.622: RADIUS: authenticator 92 F6 07 AF C1 AB 0B 4C - 1D 9E A0 D1 01 36 27 26
Oct 24 10:53:47.622: RADIUS: Class [25] 46
Oct 24 10:53:47.622: RADIUS: 76 E3 06 66 00 00 01 37 00 01 02 00 C0 A8 13 79 00 00 00 00 00 00 00 00 00 00 00 00 01 CE CF F8 1F 7B 75 41 00 00 00 00 00 00 00 50 [ vf7y{uAP]
Oct 24 10:53:47.622: RADIUS(00000000): Received from id 1645/21
Oct 24 10:53:47.622: EAP-EVENT: eap_aaa_reply
Oct 24 10:53:47.622: EAP-AUTH-AAA-EVENT: Reply received session_label 72000033
Oct 24 10:53:47.622: EAP-EVENT: Received AAA event 'EAP_AAA_FAIL' on handle 0xE8000047
Oct 24 10:53:47.622: eap_authen : during state eap_auth_aaa_idle, got event 8(eapAAAFail)
Oct 24 10:53:47.622: @@@ eap_authen : eap_auth_aaa_idle -> eap_auth_failure
Oct 24 10:53:47.631: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
Oct 24 10:53:47.631: EAP-AUTH-TX-PAK: Code:FAILURE ID:0x1 Length:0x0004
Oct 24 10:53:47.631: EAP-AUTH-EVENT: FAIL for EAP method ID: 1, name: , on handle 0xE8000047
Oct 24 10:53:47.631: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_FAIL' on handle 0xE8000047
Oct 24 10:53:47.631: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Received an EAP Fail
Oct 24 10:53:47.639: %DOT1X-5-FAIL: Authentication failed for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Added username in dot1x
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Dot1x did not receive any key data
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Processing client delete for hdl 0x15000045 sent by Auth Mgr
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] 6431.500e.9b00: sending canned failure due to method termination
Oct 24 10:53:47.639: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
Oct 24 10:53:47.639: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Oct 24 10:53:47.639: dot1x-packet: length: 0x0004
Oct 24 10:53:47.639: dot1x-packet:EAP code: 0x4 id: 0x1 length: 0x0004
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL canned status packet sent to client 0x15000045
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Deleting client 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.639: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 6431.500e.9b00 on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.639: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.648: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Delete auth client (0x15000045) message
Oct 24 10:53:47.648: EAP-EVENT: Received free context (0xE8000047) from LL (Dot1x-Authenticator)
Oct 24 10:53:47.648: dot1x-ev:Auth client ctx destroyed
Oct 24 10:53:47.648: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_DELETE' on handle 0xE8000047
Oct 24 10:53:47.648: EAP-AUTH-EVENT: Freed EAP auth context
Oct 24 10:53:47.648: EAP-EVENT: Freed EAP context
Oct 24 10:53:48.621: EAP-EVENT: Stopped EAP tick timer
Oct 24 10:53:49.485: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
Oct 24 10:53:50.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to up
Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
Oct 24 10:53:54.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:55.524: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to downHi Jatin,
See below the data that you have requested.
show run bits.
aaa new-model
aaa authentication dot1x default group radius
aaa session-id common
clock timezone BST 0 0
clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00
dot1x system-auth-control
interface GigabitEthernet1/0/13
switchport access vlan 80
switchport mode access
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 70
switchport mode trunk
radius server NPS1
address ipv4 192.168.19.121 auth-port 1645 acct-port 1646
timeout 10
key thesecret
ip default-gateway 192.168.70.1
SW1-randy#show auth sessions interface gig 1/0/13
Interface MAC Address Method Domain Status Fg Session ID
Gi1/0/13 803f.5d09.189e N/A UNKNOWN Unauth C0A846660000002F00251DBC
SW1-randy#Show mac address-table Interface GigabitEthernet1/0/13
Mac Address Table
Vlan Mac Address Type Ports
80 803f.5d09.189e DYNAMIC Drop
SW1-randy#ping 192.168.19.121
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.19.121, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Here is a wireshark of the accept packet.
Message was edited by: randy coburn
Added wireshark trace -
Invalid Packet Lenght, JDBC, Java6 update 85
All,
I applied the CPU patchset for October 2014. The java update produced the following:
(Java.sql.SQLException: Invalid packet length)
org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:261)
--No errors are produced when backing out to Java 6 update 81.
Driver Information:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.6.5
Created-By: 1.5.0_51-b10 (Sun Microsystems Inc.)
Implementation-Vendor: Oracle Corporation
Implementation-Title: JDBC
Implementation-Version: 11.2.0.3.0
Repository-Id: JAVAVM_11.2.0.4.0_LINUX.X64_130711
Specification-Vendor: Sun Microsystems Inc.
Specification-Title: JDBC
Specification-Version: 4.0
--Should I update the driver or is this an issue with the new update? Any help is appreciated.What version is the DBMS? Off hand, if you get this type of error by backing the Java version in or out,
I'd file an official bug and let the driver and JVM folks figure it out... -
Unable to connect to ACE30 from 3845/2811 -ssh - Invalid modulus length
Hi,
I`ve seen quite a lot of posts regarding SSH issues and the above SSH error. However the fix mainly involves upgrading clients but in this instance the client is are Cisco routers 3845 / 2811 - which we use for out and inband management.
Connectivity / routing etc is proven. Using SSH v2 the actual 6500 chassis where the ACE is physically located works fine. Configuring SSH v1 on the ACE module allows connections via the 3845/2811`s but we cannot use this.
Both have the following IOS Version 12.4(24)T4. I have tried various key sizes on the ACE module.
The SSH debug is :
Aug 8 09:44:00.755: SSH2 CLIENT 2: SSH2_MSG_KEXINIT sent
Aug 8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 536 bytes received
Aug 8 09:44:00.767: SSH2 CLIENT 2: input: total packet length of 776 bytes
Aug 8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 768 bytes,
maclen 0
Aug 8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 240 bytes received
Aug 8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 768 bytes,
maclen 0
Aug 8 09:44:00.767: SSH2 CLIENT 2: input: padlength 10 bytes
Aug 8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEXINIT received
Aug 8 09:44:00.767: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
Aug 8 09:44:00.767: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
Aug 8 09:44:00.767: SSH2 CLIENT 2: send:packet of length 24 (length also inclu des padlen of 6)
Aug 8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_REQUEST sent
Aug 8 09:44:00.767: SSH2 CLIENT 2: Range sent- 1024 < 2048 < 4096
Aug 8 09:44:00.859: SSH2 CLIENT 2: ssh_receive: 424 bytes received
Aug 8 09:44:00.863: SSH2 CLIENT 2: input: total packet length of 424 bytes
Aug 8 09:44:00.863: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 416 bytes,
maclen 0
Aug 8 09:44:00.863: SSH2 CLIENT 2: input: padlength 10 bytes
Aug 8 09:44:00.863: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_GROUP received
Aug 8 09:44:00.863: SSH2 CLIENT 2:
Invalid modulus length
Is there a fix for this issue ?
Many thanks for any tips/advise.I`ve now tried a new version of the code incase it was a bug. ( 12.4 (24) T6 ) and various key sizes ( 768, 1024,2048, 4096) but no avail.
Oct 12 13:16:26.435: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.2
Oct 12 13:16:26.435: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
Oct 12 13:16:26.435: SSH CLIENT0: protocol version exchange successful
Oct 12 13:16:26.435: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
Oct 12 13:16:26.447: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
Oct 12 13:16:26.447: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_REQUEST sent
Oct 12 13:16:26.447: SSH2 CLIENT 0: Range sent- 1024 < 2048 < 4096
Oct 12 13:16:26.535: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_GROUP received
Oct 12 13:16:26.535: SSH2 CLIENT 0:
Invalid modulus length
Oct 12 13:16:26.535: SSH CLIENT0: key exchange failure (code = 0)
Oct 12 13:16:26.535: SSH CLIENT0: Session disconnected - error 0x00 -
Double TNS datagrams in one TCP packet
I have the following Problem:
During a database Connection over an IPSec - tunnel between a Fortigate and a Juniper firewall the connection stalls.
This is exactly reproducible with on select or bulk insert statement. Neither OCI or thin changes the behavior. Without the tunnel(f.e. LAN or ISDN connect)
there no problem an no duplicate TNS.
I have logged the TCP traffic with wireshark on both sides and noticed that I have two tns datagrams in one TCP packet.
I use different IPSec tunnels and haven only problems with this one. Do you have a hint whats going on?
BTW: I change sdu and tdu sizes. This changes the point in time of the stall (double tns).
Here is the Wireshark Log:
519 1128.135566 192.168.197.33 10.4.100.73 TNS Request, Data (6), Data
520 1128.135912 192.168.197.33 10.4.100.73 TNS Request, Data (6), Data
521 1128.179202 10.4.100.73 192.168.197.33 TCP [TCP Window Update] ncube-lm > 64542 [ACK] Seq=7203 Ack=2341 Win=65535 Len=0
522 1128.202975 10.4.100.73 192.168.197.33 TCP ncube-lm > 64542 [ACK] Seq=7203 Ack=3691 Win=64185 Len=0
523 1128.213284 10.4.100.73 192.168.197.33 TNS Response, Marker (12), Attention
524 1128.213516 10.4.100.73 192.168.197.33 TNS Response, Marker (12), Attention
525 1128.213557 192.168.197.33 10.4.100.73 TCP 64542 > ncube-lm [ACK] Seq=4265 Ack=7225 Win=64201 Len=0
526 1128.217649 192.168.197.33 10.4.100.73 TNS Request, Marker (12), Attention
527 1128.255460 10.4.100.73 192.168.197.33 TCP [TCP Dup ACK 524#1] ncube-lm > 64542 [ACK] Seq=7225 Ack=3691 Win=65535 Len=0
* 528 1128.501575 192.168.197.33 10.4.100.73 TNS [TCP Retransmission] Request, Marker (12), Attention
529 1128.588704 10.4.100.73 192.168.197.33 TCP ncube-lm > 64542 [ACK] Seq=7225 Ack=4276 Win=64950 Len=0
Here the connection stalls, but does not terminate. The data transmission is not finished.
The * packet has the following header information:
Frame 528: 639 bytes on wire (5112 bits), 639 bytes captured (5112 bits)
Ethernet II, Src: FujitsuT_92:f0:b5 (00:19:99:92:f0:b5), Dst: Fortinet_25:ea:de (00:09:0f:25:ea:de)
Internet Protocol, Src: 192.168.197.33 (192.168.197.33), Dst: 10.4.100.73 (10.4.100.73)
Transmission Control Protocol, Src Port: 64542 (64542), Dst Port: ncube-lm (1521), Seq: 3691, Ack: 7225, Len: 585
Transparent Network Substrate Protocol
Packet Length: 574
Packet Checksum: 0x0000
Packet Type: Data (6)
Reserved Byte: 00
Header Checksum: 0x0000
Data
Transparent Network Substrate Protocol
Packet Length: 11
Packet Checksum: 0x0000
Packet Type: Marker (12)
Reserved Byte: 00
Header Checksum: 0x0000
Attention
Marker Type: Data Marker - 1 Data Bytes (0x01)
Marker Data Byte: 0x00
Marker Data Byte: 0x02
Any idea?Ben wrote:
Convert dbl to U64 then use swap words. Swap Words is polymorphic and will adapt the the data type you prest to it.
Ben
Convert is a bad idea here.you want to typecast instead.
Rolf Kalbermatter
Rolf Kalbermatter
CIT Engineering Netherlands
a division of Test & Measurement Solutions -
Where is the data from packet captures saved to on the ASA firewall? It seems as though there is plenty of documentation out there on how to set up packet captures but none on where that data is stored. Is it stored to memory? Thanks!
Hi,
Did a quick test on my home ASA5505
It seems to me that when you configure the "capture" and set the "buffer" the ASA immediately reserves that amount from the RAM
capture TEST-CAP type raw-data access-list TEST-CAP buffer 20000000 packet-length 1522 interface WAN circular-buffer [Capturing - 7090435 bytes]
ASA# show memory
Free memory: 20269800 bytes ( 8%)
Used memory: 248165656 bytes (92%)
Total memory: 268435456 bytes (100%)
ASA# no capture TEST-CAP
ASA# show memory
Free memory: 40275512 bytes (15%)
Used memory: 228159944 bytes (85%)
Total memory: 268435456 bytes (100%)
As you can see, after removing the capture which is set for around 20MB that amount of RAM is freed up on the ASA.
Hope this helps :)
- Jouni
Maybe you are looking for
-
Graphic card problem - blue screen error
Hi When I turn my computer on after it has been off for a long time, it comes up with a blue screen which says: "Your graphics card has got stuck in an infinite loop and your computer had to be shut down to prevent damage" When I restart my computer
-
Acrobat save pdf as jpeg wrong colours
acrobat 5, win xp open a pdf save as a jpeg the colours are mad, skin becomes blue and so on. (I am not viewing this in 3D <g>) there are some option settings but i dont think they make the difference) compression (whatever, medium for instanc
-
WAN TO ADD SOME FIELDS IN EAN CATEGORY TAB" in Service Master.
Dear Experts, There is clients requirment regarding EAN Category in Sevice Master. My actual requirement is " I WAN TO ADD SOME VALUES IN EAN CATEGORY FIELD " in Service Master. Can some one guide me how can this possible. What are config is requi
-
How to cancel the app purchase on iTunes store?
I am purchase one App in the iTune store, order No. MGFW988BMK on 2/21/15, after I purchase I find out the app is only a music can't use for sent to somebody, now I like to cancel or return, will you please cancel this amount $1.04 on purchase histor
-
Removal of messages from persisted store
Hi, If I'm using a JDBC store for my JMS server, are the messages removed from the DB when they are acknowledged? Are there config settings which play into this? Thanks, Bob