- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Problems with internet traffic on procurve
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2009 01:35 PM
тАО02-18-2009 01:35 PM
Problems with internet traffic on procurve
2009.02.18 22:19:04 FIREWALL id=firewall time="2009-02-18 22:19:04" fw=router pri=1 proto=http src=192.168.0.101 dst=63.245.209.93 msg="TCP connection request received is invalid (expected SYN, got ACK), dropping packet Src 1829 Dst 80 from Private policy-class on interface eth 0/1" agent=AdFirewall
or
2009.02.18 22:19:12 FIREWALL id=firewall time="2009-02-18 22:19:12" fw=router pri=1 rule=5 proto=1773/tcp src=66.77.15.231 dst=yy.yy.yy.yy msg="Invalid sequence number received with Reset, dropping packet Src 443 Dst 1773 from Public policy-class" agent=AdFirewall
192.168.0.0/24 is local subnet on eth0/1
yy.yy.yy.yy is asigned IP of pp1 ADSL interface
Firewall is configured using procurv web interface firewall wizard and web interface VPN wizard.
Any idea where is the problem? Users are quite upset because of "poor" internet connection and I cannot switch firewall off.
Thank you for any idea.
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 03:58 AM
тАО02-19-2009 03:58 AM
Re: Problems with internet traffic on procurve
looks like the firewall declares the session down, while the client thinks it's still active!
is the 7102dl the only network component involved?
also take into account
- how many users are connecting to the internet
- what's the speed (up/down) of the adsl-connection?
- how much vpn-connections are active
- how much cpu is used on the switch/firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:59 AM
тАО02-19-2009 07:59 AM
Re: Problems with internet traffic on procurve
regarding other involved components see attached "scheme". There is backup line shown on it but problems are same with or without it.
Almost every time user tries to load some web page using IE or FF it generates couple of above mentioned errors. Same when user is using web based software updater - it fails after a while.
From the user side it seems like some web pages are sometimes impossible to load, or some page components (styles, scripts, pictures) are unable to load.
I mentioned VPN wizard because it adds some policies to firewall configuration. I didn't used it to configure firewall. It was used only to configure VPN access. Nothing more.
There are approx. 8 users connecting to internet at the same time plus some irregular server processes (1 or 2) - very small company.
There are max 2 clients connecting through VPN at the same time.
ADSL line speed is 8Mbps/512kbps
Line is ADSL2+ with MTU set to 1454
Max CPU load on router is about 30% average 10% to 15%. It is almost sleeping...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 11:47 PM
тАО02-19-2009 11:47 PM
Re: Problems with internet traffic on procurve
ftp://ftp.hp.com/pub/networking/software/SR7000dl-Basic-C07-ADSL-Nov2006.pdf
page 7-9 up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 12:02 AM
тАО02-20-2009 12:02 AM
Re: Problems with internet traffic on procurve
it may be an idea to change the "training-mode from the default "Multi-Mode" to "ADSL2+".
also you may experiment with the "signal-to-noise ratio (SNR) margin" page 7-15 up (this seems to need manual tuning).
please post "show running-config interface adsl 1/1"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 07:10 AM
тАО02-20-2009 07:10 AM
Re: Problems with internet traffic on procurve
splitter is connected (also I tried two other splitters from different manufacturers). It seems to work properly - "connectivity errors" are occuring regardless of voice traffic on phone line.
Training mode is set to ADSL2+ at the moment. There was problem with ADSL module 4 months ago when migrating from ADSL line TO ADSL2+ as original module firmware was not able to manage ADSL2+ line. This problem was fixed by new module firmware (J8759A_11_01_04.biz) I am not sure how much this FW is supported, but I find no other version on procurve support site and reply from procurve support took more than 3 months :-/. I will try changing training mode from ADSL2+ to multi-mode, but I have information from my provider that line is already ADSL2+ and line speed is currently slightly below reccomended physical line capability. So they do not expect errors on line. I will try setting training mode when I arrive on site (19:00 CET). I will post result immediately after trying.
Here is running config of ADSL interface, more info about ppp/adsl/atm interfaces in attached file.
You can see current SNR from there - ADSL module firmware need some tuning it shows some strange numbers in place of downstream SNR and attenuation.
show running-config interface adsl 1/1
Building configuration...
!
!
interface adsl 1/1
description "CRA ADSL"
snr-margin showtime-monitor
training-mode ADSL2+
no shutdown
!
end
Btw. there is also one type of error message in log which occurs rarely, but I am not sure, maybe it can provide some keys or maybe it is useless.
2009.02.20 15:37:27 FIREWALL id=firewall time="2009-02-20 15:37:27" fw=router pri=1 rule=5 proto=http src=192.168.0.33 dst=193.226.140.51 msg="Zero bytes transferred for connection Src 33884 Dst 80 from Private policy-class" agent=AdFirewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 11:00 AM
тАО02-20-2009 11:00 AM
Re: Problems with internet traffic on procurve
after 3 hours of trying various ADSl settings...
The problem has nothing to do with ADSL. Problem is the same with ADSL interface disabled using only backup WiFi interface.
I have tried to disable rpf-check on all firewall interfaces but problem still persists.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 11:29 AM
тАО02-20-2009 11:29 AM
Re: Problems with internet traffic on procurve
All above means to me that problem is in router unit and its firmware or configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2009 10:02 AM
тАО02-21-2009 10:02 AM
Re: Problems with internet traffic on procurve
Turning syn-flood check on firewall off.
Turning rst-seq check on firewall off. Strange - according to CLI guide it does not require any parameter but my CLI insists on port number parameter when switching off.
Setting policy-timeout for tcp protocol to 12 hours.
Turning load-sharing on and off.