Operating System - Linux
1748080 Members
5131 Online
108758 Solutions
New Discussion юеВ

Re: Can't ping the gateway...

 
SOLVED
Go to solution
Qcheck
Super Advisor

Can't ping the gateway...

I can't ping the gateway, however I can ping other servers. This is 5.1 redhar linux node. I had a gateway entry in the /etc/sysconfig/network file, but still can't ping the gateway. This server is really slow because of this.

What could be wrong? I have the same settings on other two nodes and they are fine.

Thanks in advance!
23 REPLIES 23
Matti_Kurkela
Honored Contributor
Solution

Re: Can't ping the gateway...

Adding the gateway entry to /etc/sysconfig/network has no immediate effect by itself: that file is only read when the system is booting, or when you're running ifdown/ifup commands.

If you want to add a default gateway route without bringing down any network interfaces and want it to take effect immediately, you should use the "route" command (or "ip route" if you need some special advanced routing functionality).

Run "route -n" on the problematic node and the other two nodes, and compare the results. If you see differences, read "man route" for the correct syntax for fixing them.

If your routing table is OK, there might be various other possible causes:

* hardware failure
- broken network card
- broken cable
- broken network switch

* firewall/iptables configuration (run "iptables -L -v -n" to check locally: talk with the gateway admin to have the gateway side checked)

- your node does not allow outgoing ping requests and discards them silently (a DROP rule in iptables)

- your node rejects incoming ping replies

- your node's iptables filter does not allow communication with the gateway (all traffic to the gateway DROPped)

- the gateway has a firewall feature that is currently configured to discard any traffic from your node

- if you use VLANs at your site, the switch port where your node is plugged in may be configured to a wrong VLAN

- the gateway is in fact functioning normally, but has been configured to not answer to pings unless they come from "trusted sources"... and your node is not on the list.

MK
MK
Qcheck
Super Advisor

Re: Can't ping the gateway...

MK,

Thank you for the response. route -n shows the gateway is up. But can't ping it. I wonder the same thing something is wrong somewhere else, probably on switch end. Since the servers are at our data center, it is very hard to diagnose. They are away in the city at the clients place and we manage them so far.

So is there any other way from O/S side to determine that particular hardware or switch settings are not correct?

Thank you for your time.
Steven Schweda
Honored Contributor

Re: Can't ping the gateway...

> I can't ping the gateway,

I assume that that really means that you
don't get a "ping" response from that system.

What is "the gateway"? Does it respond to
"ping" requests from other systems?

> however I can ping other servers.

What are the network IP addresses and
netmasks involved here? Routes?

> What could be wrong?

Almost anything? Based on practically no
information ("I can't"), how exact an answer
were you expecting?

> I have the same settings on other two nodes
> and they are fine.

The "same settings" of _what_? _All_ the
network parameters? _Some_ of them? What?


> [...] route -n shows the gateway is up.

It shows me nothing, because my psychic
powers are too weak to show me the results of
your "route -n" command. Perhaps you could
help.

> [...] it is very hard to diagnose.

Imagine how hard it must be for anyone with
no evidence to work with other than your
vague reports.

As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions and interpretations.
ManojK_1
Valued Contributor

Re: Can't ping the gateway...

Hi,

>> I can't ping the gateway,?

Are you able to ping the gateway from other servers which is in the same segment of problematic server and having the same gateway.

>>This server is really slow because of this

How can you say that the server is slow because it is not able to ping the gateway.
Which application is running on this server and what is slow?

In our environment ping to the gateway is disabled due to security reason and i think it is a best practise as per secuirty and audit comncern.

We never faced any performance issues with RHEL 5 because gateway is not able to ping.

Manoj K
Thanks and Regards,
Manoj K
Qcheck
Super Advisor

Re: Can't ping the gateway...

Thank you for the response.

Yes, I am able to ping the gateway from other two nodes. The cluster has 4 nodes and two of the nodes are able to ping the default gateway and the other two can't. Yes, all the configurations(network scripts) are same on all 4 nodes and the same gateway I can't ping from two nodes and the other two can ping the gateway. It was all working until Friday. I can tell the server is slow because I noticed that if I ssh from working node, then the management port(bond2=eth1+eth3) is working normally, means, I get the login prompt very quickly as it is supposed to and whereas the data port(bond1=eth0+eth2) is very slow. But neither one is working from the putty session.

I noticed these two things:
1) Can't ssh or taking forever to get the login prompt from ssh putty session. If I ssh from the working node then it takes so long to get the login prompt.

2) Can't ping the gateway from two nodes.

Oracle ASM cluster is running on all 4 nodes.

Thanks in advance!
Patrick Wallek
Honored Contributor

Re: Can't ping the gateway...

How are you trying to ping the gateway? Are you using the IP address or the hostname? If you are using the hostname, is the /etc/resolv.conf file set up the same way on all servers? What about /etc/nsswitch.conf?
Qcheck
Super Advisor

Re: Can't ping the gateway...

Partick, Thank you for the response. I am trying to ping with the ip address of the gateway and not the hostname.
ManojK_1
Valued Contributor

Re: Can't ping the gateway...

Hi,

From your explanation what i understood is, The node is having a public ip (bond1) and private ip (bond2).bond1 is using for communication to external and bond2 is for cluster internal communication.
Through private segment (bond2 ip) you are able to ssh very fast and throufh public segment (bond1 ip) the ssh login is slow.

Can you please paste the out put of "ip addr" & "netstat -rn" from both the problematic and good server. Also paste /etc/resolv.conf.

From your expalanation I didn't understand "But neither one is working from the putty session" what is it?

When these cluster nodes are rebooted last?

What about the communication (ssh login) in between these cluster nodes through bond 1 & bond2)

Manoj K
Thanks and Regards,
Manoj K
Qcheck
Super Advisor

Re: Can't ping the gateway...

Manoj,

Thank you for the response. Here is the information:

I can't login neither the bond1(10.157.63.101) nor bond2(10.157.120.196) from the putty session. I saved the putty sessions with both the ips saving as mtstalpd-rac4-data(bond1) and mtstalpd-rac4-mgt(bond2).
However, when I was logged into the rac3 node, then I am able to ssh to 10.157.120.196 but not 10.157.63.101

On Friday, cluster nodes have been rebooted.

************Not WORKING NODE ****************
[root@mtstalpd-rac4 standby]# ip addr
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:78:aa:50 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fe78:aa50/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast master bond2 qlen 1000
link/ether 00:1e:68:78:aa:51 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fe78:aa51/64 scope link
valid_lft forever preferred_lft forever
4: eth2: mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:78:aa:50 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fe78:aa50/64 scope link
valid_lft forever preferred_lft forever
5: eth3: mtu 1500 qdisc pfifo_fast master bond2 qlen 1000
link/ether 00:1e:68:78:aa:51 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fe78:aa51/64 scope link
valid_lft forever preferred_lft forever
6: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
7: ib0: mtu 65520 qdisc pfifo_fast master bond0 qlen 256
link/infiniband 80:00:04:04:fe:80:00:00:00:00:00:00:00:06:6a:00:a0:00:fc:9f brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet6 fe80::206:6a00:a000:fc9f/64 scope link
valid_lft forever preferred_lft forever
8: ib1: mtu 65520 qdisc pfifo_fast master bond0 qlen 256
link/infiniband 80:00:04:05:fe:80:00:00:00:00:00:00:00:06:6a:01:a0:00:fc:9f brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet6 fe80::206:6a01:a000:fc9f/64 scope link
valid_lft forever preferred_lft forever
9: bond0: mtu 65520 qdisc noqueue
link/infiniband 80:00:04:04:fe:80:00:00:00:00:00:00:00:06:6a:00:a0:00:fc:9f brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet 10.218.22.197/27 brd 10.218.22.223 scope global bond0
inet6 fe80::206:6a00:a000:fc9f/64 scope link
valid_lft forever preferred_lft forever
10: bond1: mtu 1500 qdisc noqueue
link/ether 00:1e:68:78:aa:50 brd ff:ff:ff:ff:ff:ff
inet 10.157.63.101/24 brd 10.157.63.255 scope global bond1
inet 10.157.63.97/24 brd 10.157.63.255 scope global secondary bond1:5
inet 10.157.63.96/24 brd 10.157.63.255 scope global secondary bond1:1
inet6 fe80::21e:68ff:fe78:aa50/64 scope link
valid_lft forever preferred_lft forever
11: bond2: mtu 1500 qdisc noqueue
link/ether 00:1e:68:78:aa:51 brd ff:ff:ff:ff:ff:ff
inet 10.157.120.196/25 brd 10.157.120.255 scope global bond2
inet6 fe80::21e:68ff:fe78:aa51/64 scope link
valid_lft forever preferred_lft forever
[root@mtstalpd-rac4 standby]#

[root@mtstalpd-rac4 standby]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.218.22.192 0.0.0.0 255.255.255.224 U 0 0 0 bond0
10.157.120.128 0.0.0.0 255.255.255.128 U 0 0 0 bond2
10.157.63.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond2
0.0.0.0 10.157.63.1 0.0.0.0 UG 0 0 0 bond1
[root@mtstalpd-rac4 standby]#
[root@mtstalpd-rac4 standby]# cat /etc/resolv.conf
domain nycnet
nameserver 10.217.255.161
nameserver 10.136.8.21
nameserver 10.152.8.5
search nycnet doitt.nycnet nyc.gov
[root@mtstalpd-rac4 standby]#

**********WORKING NODE****************

[root@mtstalpd-rac3 oracle]# ip addr
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:c6:03:46 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fec6:346/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast master bond2 qlen 1000
link/ether 00:1e:68:c6:03:47 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fec6:347/64 scope link
valid_lft forever preferred_lft forever
4: eth2: mtu 1500 qdisc pfifo_fast master bond1 qlen 1000
link/ether 00:1e:68:c6:03:46 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fec6:346/64 scope link
valid_lft forever preferred_lft forever
5: eth3: mtu 1500 qdisc pfifo_fast master bond2 qlen 1000
link/ether 00:1e:68:c6:03:47 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:68ff:fec6:347/64 scope link
valid_lft forever preferred_lft forever
6: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
7: ib0: mtu 65520 qdisc pfifo_fast master bond0 qlen 256
link/infiniband 80:00:04:04:fe:80:00:00:00:00:00:00:00:06:6a:00:a0:00:84:75 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet6 fe80::206:6a00:a000:8475/64 scope link
valid_lft forever preferred_lft forever
8: ib1: mtu 65520 qdisc pfifo_fast master bond0 qlen 256
link/infiniband 80:00:04:05:fe:80:00:00:00:00:00:00:00:06:6a:01:a0:00:84:75 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet6 fe80::206:6a01:a000:8475/64 scope link
valid_lft forever preferred_lft forever
9: bond0: mtu 65520 qdisc noqueue
link/infiniband 80:00:04:04:fe:80:00:00:00:00:00:00:00:06:6a:00:a0:00:84:75 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
inet 10.218.22.196/27 brd 10.218.22.223 scope global bond0
inet6 fe80::206:6a00:a000:8475/64 scope link
valid_lft forever preferred_lft forever
10: bond1: mtu 1500 qdisc noqueue
link/ether 00:1e:68:c6:03:46 brd ff:ff:ff:ff:ff:ff
inet 10.157.63.100/24 brd 10.157.63.255 scope global bond1
inet6 fe80::21e:68ff:fec6:346/64 scope link
valid_lft forever preferred_lft forever
11: bond2: mtu 1500 qdisc noqueue
link/ether 00:1e:68:c6:03:47 brd ff:ff:ff:ff:ff:ff
inet 10.157.120.195/25 brd 10.157.120.255 scope global bond2
inet6 fe80::21e:68ff:fec6:347/64 scope link tentative
valid_lft forever preferred_lft forever
[root@mtstalpd-rac3 oracle]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.218.22.192 0.0.0.0 255.255.255.224 U 0 0 0 bond0
10.157.120.128 0.0.0.0 255.255.255.128 U 0 0 0 bond2
10.157.63.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond2
0.0.0.0 10.157.63.1 0.0.0.0 UG 0 0 0 bond1
[root@mtstalpd-rac3 oracle]#
[root@mtstalpd-rac3 oracle]# cat /etc/resolv.conf
domain nycnet
nameserver 10.217.255.161
nameserver 10.136.8.21
nameserver 10.152.8.5
search nycnet doitt.nycnet nyc.gov
[root@mtstalpd-rac3 oracle]#

*********************************************

Thank you.