Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

SCP is slow in 1 out of 3 directions!!! different than most things

 
Highlighted
Regular Advisor

Re: SCP is slow in 1 out of 3 directions!!! different than most things


Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  127.0.0.1.49163        *.*                     LISTEN
tcp        0      0  *.135                  *.*                     LISTEN
tcp        0      0  *.50006                *.*                     LISTEN
tcp        0      0  *.49157                *.*                     LISTEN
tcp        0      0  127.0.0.1.49154        *.*                     LISTEN
tcp        0      0  *.515                  *.*                     LISTEN
tcp        0      0  *.4045                 *.*                     LISTEN
tcp        0      0  *.49159                *.*                     LISTEN
tcp        0      0  127.0.0.1.49163        127.0.0.1.706           ESTABLISHED
tcp        0     48  172.27.104.37.22       172.27.104.54.61319     ESTABLISHED
tcp        0      0  127.0.0.1.706          127.0.0.1.49163         ESTABLISHED
tcp        0      0  127.0.0.1.7161         *.*                     LISTEN
tcp        0      0  *.49166                *.*                     LISTEN
tcp        0      0  172.27.104.37.10443    172.27.104.52.50896     FIN_WAIT_2
tcp        0      0  *.49160                *.*                     LISTEN
tcp        0      0  172.27.104.37.10443    172.27.104.247.55537    ESTABLISHED
tcp        0      0  *.22                   *.*                     LISTEN
tcp        0      0  172.27.103.207.52972   172.27.103.214.22       ESTABLISHED
tcp        0      0  172.27.104.37.22       172.25.114.131.54409    ESTABLISHED
tcp        0      0  *.901                  *.*                     LISTEN
tcp        0      0  *.7815                 *.*                     LISTEN
tcp        0      0  *.587                  *.*                     LISTEN
tcp        0      0  *.6112                 *.*                     LISTEN
tcp        0      0  *.5303                 *.*                     LISTEN
tcp        0      0  *.25                   *.*                     LISTEN
tcp        0      0  *.49158                *.*                     LISTEN
tcp        0      0  172.27.104.37.10443    172.26.104.52.60958     ESTABLISHED
tcp        0      0  *.111                  *.*                     LISTEN
tcp        0      0  172.27.104.37.49156    172.27.16.122.389       ESTABLISHED
tcp        0      0  *.2121                 *.*                     LISTEN
tcp        0      0  *.6389                 *.*                     LISTEN
tcp        0      0  *.2049                 *.*                     LISTEN
tcp        0      0  172.27.104.37.52979    172.27.104.37.1712      TIME_WAIT
tcp        0      0  *.5989                 *.*                     LISTEN
t\

Highlighted
Respected Contributor

Re: SCP is slow in 1 out of 3 directions!!! different than most things

What catches my attention is the scp from khepx019 appears to create the following connection:

tcp        0      0  172.27.103.207.52972   172.27.103.214.22       ESTABLISHED

 

While khepx019 has:

172.27.103.207        172.27.103.207     UH    0    lan901    32808
172.27.103.0          172.27.103.207     U     2    lan901     1500

 

khupepc001 has:

172.27.103.214        172.27.103.214     UH    0    lan901    32808
172.27.103.192        172.27.103.214     U     3    lan901     1500

 

That would seem to indicate that your APA pseudo interface 901 on khupepc001 is trying to route traffic to a specific host, unless 172.27.103.192 is a different router.

 

I notice that on both non-khepx019 hosts your 900 based interfaces use a standard self and subnet route but the pseudo 901 and 902 interfaces appear to route to specific hosts.  These may be proper configurations, but since they are different from default configurations, and different from khepx019, this is where I would focus for now. I see nothing else out of the ordinary.

 

APA configurations can be rather complex, and I would hesitate to tell you to change something here without a lot of testing.  I would suggest going over the  /etc/rc.config.d/netconf,  /etc/rc.config.d/hp_apaconf, /etc/rc.config.d/hp_apaportconf, and if used /etc/lanmon/lanconfig.ascii file with APA experts at HP support.

 

 

Highlighted

Re: SCP is slow in 1 out of 4 directions! different than most things

>if logged into khupepc001 and issues a scp /tmp/aectst khepx019:/tmp/aectst it takes 5 seconds

 

To be complete, can you reverse this and get the 4th direction and time?

Highlighted
Honored Contributor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

Modern blade servers should all have gigabit or better NICs. But are all the network links between khupepc001 and khepx019 gigabit, or are there any 100 Mbps hops? If there are, check for duplex mismatches on those hops. On 100 Mbps ethernet, disabling autonegotiation typically meant the NIC would completely stop sending autonegotiation messages and reacting to them. This led to duplex mismatches if one end of a link was forced to Full-Duplex and the other was on autonegotiation, since in the absence of autonegotiation messages from the other end, the autonegotiation logic must assume Half-Duplex. But on gigabit ethernet, "disabling autonegotiation" works a little differently: the NIC will still send autonegotiation messages, but will only offer a single option so there is nothing to choose. Some gigabit NIC chips will use the new disabling method on slower speeds too, others won't. The autonegotiation is a mandatory part of the gigabit Ethernet specification on copper cables, so it cannot be completely disabled in gigabit mode. To check the speed and duplex settings on a physical lanN interface on HP-UX, run "lanadmin -x N" where N is the number of the lanN interface (the number only: leave out the "lan" prefix).
MK
Highlighted
Regular Advisor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

Well just an update for everyone, to keep you in the loop. We have talked to Cisco and apparently they had us open up some buffers to max, and this cut the time in half down to 2 1/2 to 3 minutes....but apparently going from HP to Cisco equipment there is a problem with it handling burst copy. No one is sure what we should do now, but Cisco is looking into it......

 

Side not we did check all of the Duplex issues the first night this happened, and MTU settings , and setups on the OA's....WE, meaning HP, Epic didnt see any missmatches.

 

Highlighted
Regular Advisor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

 

>if logged into khupepc001 and issues a scp /tmp/aectst khepx019:/tmp/aectst it takes 5 seconds

 

>To be complete, can you reverse this and get the 4th direction and time?

 

Sorry missed this before, being logged into khepx019 and doing scp /tmp/aectst khupepc001:/tmp/aectst takes about 4 seconds.

 

Highlighted
Honored Contributor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

Have you tried ftp in the slow direction? ftp has the lowest overhead and will generally send larger packet sizes than scp.



Bill Hassell, sysadmin
Highlighted
Regular Advisor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

yes we have tried FTP and secure FTP  and we have slowness, cisco is saying we either have to slow down stuff, or upgrade stuff .....they cant talk to each other using the new speeds.

 

Highlighted
Regular Advisor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

can anyone tell me what this means? i dont know how they are getting this or what it means

protocol : SSH-1.99-openSSH_5.8p1+

 

i am trying to figure out how to check this on ever hp-ux machine but i dont know what to look for

This is from an scp and they are saying the two machines dont have the same software..cuz one is 1.99 and the other is 2.00

I can see the SSH version when i do a swlist -l product | grep -i Secure, but i dont know what to look for to see the SSH 1.99

 

Highlighted
Honored Contributor

Re: SCP is slow in 1 out of 3 directions!!! Different than most things

> protocol : SSH-1.99-openSSH_5.8p1+

 

When a SSH connection is initiated, one of the first things that happens is that the server side announces its SSH protocol version level, since there are two main versions of the SSH protocol standard. The protocol version "1.99" means this server will accept both protocol versions: a client supporting the protocol version 1.x only will see that the major version is still "1.x" and will proceed with the connection attempt instead of stopping with an "incompatible SSH protocol versions" error message.

 

All the SSH clients supporting protocol version 2 will know that server-side protocol version "1.99" means the server actually supports protocol 2, but is willing to downgrade to the older protocol version if necessary.

 

The "openSSH_5.8p1+" part is the software version. It is announced so that if the client is newer than the server and knows about bugs in that particular server version, it can automatically apply any required workarounds.

 

As the SSH protocol version 1.x is known to have some weaknesses at its fundamental design, you should not be using it unless you have clients that only support protocol version 1.x and cannot be upgraded. Check the "Protocol" statements in your sshd_config file (typically /opt/ssh/etc/sshd_config in HP-UX): if it says "Protocol 2,1" it means the server supports both protocol versions but will prefer version 2 if the client can also use both versions. 

 

Change it to "Protocol 2", restart sshd, and then the "1.99" will be gone. Then the protocol will be identified as 2.00 instead, as the support for the obsolete protocol version 1.x will be disabled.

MK