Cipe 1.6.0 VPN stalled if big file are transferred
|
View:
New views
11 Messages
—
Rating Filter:
Alert me
|
 |
Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
I have some trouble by transferringa a 80MB file with scp between the 2
endpoint of cipe VPN on adsl link. When I try to transfer this file, after about 1 minute the connection become very slow and the scp transfer status after few seconds is stalled. It stays in this status for about 30 seconds and then it return to transfer the file for about 1 minute and then again return stalled. Obviously, I tried also to transfer some file from the adsl directly but i not found any trouble. End points are: Celeron 566 Mhz RAM 256 (swap is never used) kernel 2.4.29 Pentium 4 2.6Ghz RAM 768 (swap is never used) kernel 2.4.29 When this happened "top" command tell me that cpu usage of ciped-cb is never over 7% and scp 3%. Also max Cpu usage is never over 10-12% What happened ? -Giacomo- LiNUX User: 371384 -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Peter van den Heuvel
::
Rate this Message:
> What happened ?
Make sure your firewall allows ICMP in and out. -- Regards, Peter -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
> > What happened ?
> Make sure your firewall allows ICMP in and out. > > -- > Regards, Peter In which device my firewall must allows ICMP in and out ? in the "adsl" interface or in the cipcb one ? Tnx -Giacomo- -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
> I have some trouble by transferringa a 80MB file with scp between the 2
> endpoint of cipe VPN on adsl link. > > When I try to transfer this file, after about 1 minute the connection become > very slow and the scp transfer status after few seconds is stalled. > > It stays in this status for about 30 seconds and then it return to transfer > the file for about 1 minute and then again return stalled. > > Obviously, I tried also to transfer some file from the adsl directly but i > not found any trouble. > > End points are: > > Celeron 566 Mhz > RAM 256 (swap is never used) > kernel 2.4.29 > > Pentium 4 2.6Ghz > RAM 768 (swap is never used) > kernel 2.4.29 > > When this happened "top" command tell me that cpu usage of ciped-cb is > over 7% and scp 3%. > Also max Cpu usage is never over 10-12% > > What happened ? > > -Giacomo- > LiNUX User: 371384 > > > > Doing some tcpdumps I found that when scp goes stalled there isn't any tcp/22 traffic but also there isn't any udp/6061 (which is my cipe port) on the adsl interface... ... what may be meaning ? I can't find any explanation of this... :-( -Giacomo- -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Peter van den Heuvel
::
Rate this Message:
>>Make sure your firewall allows ICMP in and out.
> In which device my firewall must allows ICMP in and out ? in the "adsl" > interface or in the cipcb one ? Dsl is essential here. If you want you can be selective (search the archives or firewalling articles). It would be best to allow those on the tunnel too. PS. I read the list, no need to CC me. -- Regards, Peter -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
|
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
> >>Make sure your firewall allows ICMP in and out.
> > > In which device my firewall must allows ICMP in and out ? in the "adsl" > > interface or in the cipcb one ? > > Dsl is essential here. If you want you can be selective (search the > archives or firewalling articles). It would be best to allow those on > the tunnel too. > > PS. I read the list, no need to CC me. > > -- > Regards, Peter > > I've enabled ICMP on the two endpoints but the problem still remain. I think I have to make other test... I found that when scp goes in stall, also other connection on the VPN go down (i've tried with icmp ping and telnet sessions) and after some seconds every connection return up and running. May be some kernel configuration like the default and max recive window size ? I have all defaults configuration but not for those: /proc/sys/net/ipv4/ip_conntrack_max 65536 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses 1 /proc/sys/net/ipv4/conf/all/secure_redirects 1 /proc/sys/net/ipv4/conf/all/send_redirects 1 /proc/sys/net/ipv4/tcp_syncookies 1 /proc/sys/net/ipv4/conf/all/accept_source_route 1 /proc/sys/net/ipv4/conf/all/forwarding 1 /proc/sys/net/ipv4/conf/all/log_martians 0 /proc/sys/net/ipv4/conf/all/rp_filter 0 PS: sorry for the CC, this is my first list -Giacomo- -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
|
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
By doing other test I found that only when a file is transferred by the cipe
server with a faster connection (1Mbit) to a cipe server with a slower connection (adsl 640Kbit) trough scp over cipe the tunnel goes in stall. May be that is some kind of UDP-flood ? About this I found only CA-1996-01, may cipbe be vulnerable ? -Giacomo- -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Les Mikesell
::
Rate this Message:
On Tue, 2006-03-07 at 07:52, Giacomo Gorgellino wrote:
> By doing other test I found that only when a file is transferred by the cipe > server with a faster connection (1Mbit) to a cipe server with a slower > connection (adsl 640Kbit) trough scp over cipe the tunnel goes in stall. > > May be that is some kind of UDP-flood ? > About this I found only CA-1996-01, may cipbe be vulnerable ? If you are only doing one transfer the speed should be throttled by the tcp window set on the underlying connection. If other things are happening on the same tunnel you could easily drop udp packets carrying the tunnel but the underlying tcp retries should eventually get things through. You might be able to use rsync with the --bwlimit option to control the sending rate better. -- Les Mikesell les@... -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
|
|
Re: Cipe 1.6.0 VPN stalled if big file are transferred
by Giacomo Gorgellino
::
Rate this Message:
> On Tue, 2006-03-07 at 07:52, Giacomo Gorgellino wrote: > > By doing other test I found that only when a file is transferred by the cipe > > server with a faster connection (1Mbit) to a cipe server with a slower > > connection (adsl 640Kbit) trough scp over cipe the tunnel goes in stall. > > > > May be that is some kind of UDP-flood ? > > About this I found only CA-1996-01, may cipbe be vulnerable ? > > If you are only doing one transfer the speed should be > throttled by the tcp window set on the underlying connection. > If other things are happening on the same tunnel you could > easily drop udp packets carrying the tunnel but the underlying > tcp retries should eventually get things through. > > You might be able to use rsync with the --bwlimit option to > control the sending rate better. > I tried again to transfer a file with scp not over the CIPE and now it goes also in "stall", so i think i made some mistake in the first test, but now I can say that: _it's not a CIPE problem._ May be my router or my linux server .. but this is not the right place to discuss on it i think. -Giacomo- -- Message sent by the cipe-l@... mailing list. Unsubscribe: mail majordomo@..., "unsubscribe cipe-l" in body Other commands available with "help" in body to the same address. CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html> |
| Free embeddable forum powered by Nabble | Forum Help |
