SSH - slowly (or not at all) connects [a little long]

Hi,

I have a small network with 4 Linux machines. Every machine has 2 NIC's.
The first NIC's are configured for an internal network (192.168.1.0), the
second - for an external (say, 1.2.3.0).
Every machine is running an sshd. Sometimes, when I want to connect from
one machine to another by ssh, I get "Connection timed out". But then,
If I just send, say 3 pings to the machine and try to ssh to it again,
it succeeds! - the login process takes just 1s or less (I use DSA keys
for verification).
What could be the problem then?

All the 8 NIC's are connected to one 10 port switch AT 9410 (1Gb switch),
although 4 of them are 100Mb/s and 4 are 1Gb/s.
Is it possible the switch is the source of problems, or rather, I don't
know,
name resolving?

Every linux was installed on one machine, and then the HDD was put into
appriopriate
other machine, so after the installation, when the network services were
going down,
there was a message about problems with MAC address.
But I think I repaired that, using MAC address got from the arp command to
put them
into /etc/sysconfig/network-scripts/ifcfg-ethX. Maybe it was not the good
solution?

Here are the /etc/hosts files:

127.0.0.1 klaster2 localhost.localdomain localhost
1.2.3.1 klaster1
1.2.3.2 klaster2
1.2.3.3 klaster3
1.2.3.4 klaster4

192.168.1.1 fast1
192.168.1.2 fast2
192.168.1.3 fast3
192.168.1.4 fast4

--
Regards,
Robert B.
rpbyc@op.pl

Robert B. <rpbyc@nospam.op.pl> wrote:
> Hi,
>
> I have a small network with 4 Linux machines. Every machine has 2 NIC's.
> The first NIC's are configured for an internal network (192.168.1.0), the
> second - for an external (say, 1.2.3.0).

What is the reason for all this dual-homing? Is is some kind of research
network, or cluster?

> Every machine is running an sshd. Sometimes, when I want to connect from
> one machine to another by ssh, I get "Connection timed out".

Are you specify a hostname or IP address when you try to connect?

It seems to me that this happens when there are two (or more) machines
responding to the same IP address, and therefore you have a MAC
resolution race condition.

> But then, If I just send, say 3 pings to the machine and try to ssh to
> it again, it succeeds!

Have a look on each machine (locally!) at the output of "arp -n" (will
be in /usr/sbin or /sbin).

> Every linux was installed on one machine, and then the HDD was put
> into appriopriate other machine, so after the installation, when the
> network services were going down, there was a message about problems
> with MAC address.

Are you saying that you cloned each machine?

What process did you use to achieve that?

Are the IP addresses of the machines unique?

> But I think I repaired that, using MAC address got from the arp
> command to put them into /etc/sysconfig/network-scripts/ifcfg-ethX.
> Maybe it was not the good solution?

You should not (ever, generally) specify a different MAC address (they
are supposed to be unique).

> Here are the /etc/hosts files:

Is there a DNS server it might also be querying?

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!

On 30 Jan 2004 22:22:51 +1300, Cameron Kerr <cameron.kerr@paradise.net.nz>
wrote:

> Robert B. <rpbyc@nospam.op.pl> wrote:
>> Hi,
>>
>> I have a small network with 4 Linux machines. Every machine has 2 NIC's.
>> The first NIC's are configured for an internal network (192.168.1.0),
>> the
>> second - for an external (say, 1.2.3.0).
>
> What is the reason for all this dual-homing? Is is some kind of research
> network, or cluster?

Yes, exactly, the external IP's are bind to 100Mb/s NICs and the internal
network is to be the fast one and the internal IPs are bind to the 1Gb/s
NICs.
The internal network is going to be used for clustering.

>
>> Every machine is running an sshd. Sometimes, when I want to connect from
>> one machine to another by ssh, I get "Connection timed out".
>
> Are you specify a hostname or IP address when you try to connect?

I've noticed that whether I specify a hostname or IP address, it behaves
without any changes.

>
> It seems to me that this happens when there are two (or more) machines
> responding to the same IP address, and therefore you have a MAC
> resolution race condition.
>
>> But then, If I just send, say 3 pings to the machine and try to ssh to
>> it again, it succeeds!
>
> Have a look on each machine (locally!) at the output of "arp -n" (will
> be in /usr/sbin or /sbin).

Well, it looks you are right... For instance, at the klaster2 node arp -n
gives:

192.168.1.1 ether 00:04:23:46:FC:BF C
eth0
1.2.3.4 ether 00:04:23:46:FC:BF C eth1

So, both interfaces have the same MAC configured! (What was with me for I
didn't
see that earlier?!)
:::::::
But: how do I fix it now? My ifcfg-eth0 and ifcfg-eth1 looks allright (I
hope):
:::::::
cat /etc/sysconfig/network-scripts/ifcfg-eth0:
# Intel Corp.|82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:04:23:46:FC:AC
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no

cat /etc/sysconfig/network-scripts/ifcfg-eth1:
# Intel Corp.|82557/8/9 [Ethernet Pro 100]
DEVICE=eth1
BOOTPROTO=none
BROADCAST=1.2.3.255
HWADDR=00:04:23:46:FC:BF
IPADDR=1.2.3.4
NETMASK=255.255.255.0
NETWORK=1.2.3.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
GATEWAY=1.2.3.100

Also, on the other machines, no MAC is repeated in the above 2 config
files,
so for now I don't know the cause of this situation.

>> Every linux was installed on one machine, and then the HDD was put
>> into appriopriate other machine, so after the installation, when the
>> network services were going down, there was a message about problems
>> with MAC address.
>
> Are you saying that you cloned each machine?
>
> What process did you use to achieve that?

No, I didn't clone the machines. It's just the only machine equipped with
the CDROM,
so I put the HDD into this machine, install Linux, and remount the HDD in
its own
machine.
>
> Are the IP addresses of the machines unique?
>

Yes.
>> But I think I repaired that, using MAC address got from the arp
>> command to put them into /etc/sysconfig/network-scripts/ifcfg-ethX.
>> Maybe it was not the good solution?
>
> You should not (ever, generally) specify a different MAC address (they
> are supposed to be unique).
>

I did not change the MAC address in the hardware, but I'm not sure how to
determine
the real, hardware MAC address. Then it should be inserted into ifcfg-eth0
and 1, shouldn't
it?

> Is there a DNS server it might also be querying?

Yes, there is.

Sorry for such a long message, but the problem isn't so simple as well
(for me...)


--
Regards,
Robert B.
rpbyc@op.pl

"Robert B." <rpbyc@NOSPAM.op.pl> skrev i en meddelelse
news:opr2larzlrc63k49@news.onet.pl...
> On 30 Jan 2004 22:22:51 +1300, Cameron Kerr <cameron.kerr@paradise.net.nz>
> wrote:
>
> > Robert B. <rpbyc@nospam.op.pl> wrote:
> >> Hi,
> >>
[snip]
>
> 192.168.1.1 ether 00:04:23:46:FC:BF C
> eth0
> 1.2.3.4 ether 00:04:23:46:FC:BF C eth1
>
> So, both interfaces have the same MAC configured! (What was with me for I
> didn't
> see that earlier?!)
> :::::::
> But: how do I fix it now? My ifcfg-eth0 and ifcfg-eth1 looks allright (I
> hope):
> :::::::
> cat /etc/sysconfig/network-scripts/ifcfg-eth0:
> # Intel Corp.|82540EM Gigabit Ethernet Controller
> DEVICE=eth0
> BOOTPROTO=none
> BROADCAST=192.168.1.255
> HWADDR=00:04:23:46:FC:AC
> IPADDR=192.168.1.1
> NETMASK=255.255.255.0
> NETWORK=192.168.1.0
> ONBOOT=yes
> TYPE=Ethernet
> USERCTL=no
> PEERDNS=no
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth1:
> # Intel Corp.|82557/8/9 [Ethernet Pro 100]
> DEVICE=eth1
> BOOTPROTO=none
> BROADCAST=1.2.3.255
> HWADDR=00:04:23:46:FC:BF
> IPADDR=1.2.3.4
> NETMASK=255.255.255.0
> NETWORK=1.2.3.0
> ONBOOT=yes
> TYPE=Ethernet
> USERCTL=no
> PEERDNS=no
> GATEWAY=1.2.3.100
>
try this at the other machines as well
not one MAC address must be the same in the entire network
so make sure that all the net adapter have their own Unique MAC address
as well.
>
[snip]
> Sorry for such a long message, but the problem isn't so simple as well
> (for me...)
>
>
> --
> Regards,
> Robert B.
> rpbyc@op.pl

R. Kj.

On Fri, 30 Jan 2004 14:53:37 +0100, Ren� Kjellerup <webmaster@keenan.dk>
wrote:

>> So, both interfaces have the same MAC configured! (What was with me for
> try this at the other machines as well
> not one MAC address must be the same in the entire network
> so make sure that all the net adapter have their own Unique MAC address
> as well.

I have uninstalled all the NICs and then installed and configured them
again.
So, I should think that now the MACs are properly configured.
But the problem remains :-(
But the MACs in the appropriate /etc/sysconfig/network-scripts/ifcfg's are
differrent!
There are no 2 identical MACs.
In some hosts the arp table looks OK, while in others is bad.
How do I determine for sure the real hardware MAC of a NIC in linux?
How to solve this problem?

--
Regards,
Robert B.
rpbyc@op.pl

Robert B. <rpbyc@nospam.op.pl> wrote:

> HWADDR=00:04:23:46:FC:AC

You shouldn't be specifying MAC addresses at all.

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!

Robert B. wrote:
> Hi,
>
> I have a small network with 4 Linux machines. Every machine has 2 NIC's.
> The first NIC's are configured for an internal network (192.168.1.0), the
> second - for an external (say, 1.2.3.0).
> Every machine is running an sshd. Sometimes, when I want to connect from
> one machine to another by ssh, I get "Connection timed out". But then,
> If I just send, say 3 pings to the machine and try to ssh to it again,
> it succeeds! - the login process takes just 1s or less (I use DSA keys
> for verification).
> What could be the problem then?
>

I experienced this exact problem due to NVIDIA's hosed drivers for the
nforce platform. Network was slow, and also bogged the rest of the
machine down. Other issues, but sending ping sort of woke it up.

I would suggest you check your NIC drivers as a possible culprit.


> All the 8 NIC's are connected to one 10 port switch AT 9410 (1Gb switch),
> although 4 of them are 100Mb/s and 4 are 1Gb/s.
> Is it possible the switch is the source of problems, or rather, I don't
> know,
> name resolving?
>
> Every linux was installed on one machine, and then the HDD was put into
> appriopriate
> other machine, so after the installation, when the network services were
> going down,
> there was a message about problems with MAC address.
> But I think I repaired that, using MAC address got from the arp command
> to put them
> into /etc/sysconfig/network-scripts/ifcfg-ethX. Maybe it was not the
> good solution?
>
> Here are the /etc/hosts files:
>
> 127.0.0.1 klaster2 localhost.localdomain localhost
> 1.2.3.1 klaster1
> 1.2.3.2 klaster2
> 1.2.3.3 klaster3
> 1.2.3.4 klaster4
>

i think the first name should be localhost.localdomain for the 127.0.0.1
address. put the klaster2 in the other slots. Doubt if this is the
issue, but it does affect a few things. Namely, you are assigning the
klaster2 name twice, which is improper.


> 192.168.1.1 fast1
> 192.168.1.2 fast2
> 192.168.1.3 fast3
> 192.168.1.4 fast4
>


--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

On Sun, 01 Feb 2004 20:50:47 -0500, CL (dnoyeB) Gilbert
<CheckMyGPGKey@ThisOneIsFake.com> wrote:

> i think the first name should be localhost.localdomain for the 127.0.0.1
> address. put the klaster2 in the other slots. Doubt if this is the
> issue, but it does affect a few things. Namely, you are assigning the
> klaster2 name twice, which is improper.

I'll try it. I I'll also try to install the original drivers. For now,
the NICs work on the Fedora's drivers.


--
Pozdrowienia,
Robert B.
rpbyc@op.pl

On 31 Jan 2004 12:25:13 +1300, Cameron Kerr <cameron.kerr@paradise.net.nz>
wrote:

> Robert B. <rpbyc@nospam.op.pl> wrote:
>
>> HWADDR=00:04:23:46:FC:AC
>
> You shouldn't be specifying MAC addresses at all.

The Fedora did it for me, but it is some idea to comment it out.
I'll see if it helps.



--
Pozdrowienia,
Robert B.
rpbyc@op.pl

On Mon, 02 Feb 2004 11:27:26 +0100, Robert B. <rpbyc@NOSPAM.op.pl> wrote:

> On 31 Jan 2004 12:25:13 +1300, Cameron Kerr
> <cameron.kerr@paradise.net.nz> wrote:
>
>> Robert B. <rpbyc@nospam.op.pl> wrote:
>>
>>> HWADDR=00:04:23:46:FC:AC
>>
>> You shouldn't be specifying MAC addresses at all.
>
> The Fedora did it for me, but it is some idea to comment it out.
> I'll see if it helps.

It didn't help :-(


--
Regards,
Robert B.
rpbyc@op.pl