System iNetwork

September 1, 2008

Sharing Internet for Redundancy

Dear Doctor,
A neighboring company with a high-speed Internet connection similar to ours, but from a different provider, has proposed that we pool our resources so that one company's connection can support the other company should it lose Internet access. A Cat-5 cable already interconnects our two data centers. I've found a number of firewalls that support dual-WAN configuration, so we bought a pair and paid for a fiber optic cable between our buildings. Alas, I can't figure out how to interconnect the two firewalls so that they fail over correctly. Each has its own WAN IP address, and connecting the four WAN ports in a common switch (one at each location) results in "IP address spoof" error messages, and failover doesn't work. How can we disable these errors in our firewalls and get them to fail over correctly?

Continue reading "Sharing Internet for Redundancy"

Posted on September 1, 2008 at 4:06 PM | Comments (0)

Missing Incoming Email

Dear Doctor,
We've recently seen a sudden increase in reports of lost email — email our users send that recipients never receive. Last month we moved our System i email server to a collocation facility, which entailed changing the server's IP address. Everything seemed to be working fine, but now this problem has cropped up. The colo facility manager sees no connectivity or traffic problems, and we're receiving no bounce or other error messages. What would cause only certain messages to be dropped?

Continue reading "Missing Incoming Email"

Posted on September 1, 2008 at 4:04 PM | Comments (0)

August 1, 2008

Choosing Between FC and iSCSI SAN

Dear Doctor,
We're moving to server virtualization and are planning for a Storage Area Network (SAN) array to provide disk storage for all our virtual machines. My problem is choosing between the two SAN technologies, Fibre Channel (FC) and iSCSI. I know iSCSI is newer, but FC is 4 Gbps versus iSCSI's 1 Gbps. FC costs more, but I don't want to saddle our virtualization effort with a slow storage solution unnecessarily. We will be running mission-critical database applications on the SAN, and performance must equal what we see with native hardware. Is there any clear right answer to this question?

Continue reading "Choosing Between FC and iSCSI SAN"

Posted on August 1, 2008 at 1:01 AM | Comments (0)

Backscatter Spam

Dear Doctor,
Over the last few weeks, our users have seen an alarming increase in e-mail bounce messages that claim we are sending spam. The messages have subjects such as "Message rejected as spam" and "Message could not be delivered: policy reject." The thing is, they're definitely from legitimate companies, not spoofed. I immediately suspected some kind of spam-spewing virus on our network, but after a careful check of our intrusion detection system (which is great about flagging illegitimate messages originating from within our network), I find no evidence of a problem. Moreover, the only mail server permitted by our firewall to transmit SMTP (port 25) packets has a detailed log of every message sent, and none of the bounce messages' mail addresses are in the log. Meanwhile, the problem continues, and I'm concerned that our mail server will get blacklisted.

Continue reading "Backscatter Spam"

Posted on August 1, 2008 at 1:01 AM | Comments (0)

July 1, 2008

Fiber Optic Transceiver ARP Caching

Dear Doctor,
One interface on our System i box connects to an Ethernet switch that connects through a fiber-optic transceiver (FOT) and cable that runs 3,000 feet to our training center, where another FOT turns the signal back into Cat-5e that plugs in to another Ethernet switch. We sometimes need to unplug PCs from our main building and take them to the training center for special classes. Often when we do this, the PCs won't communicate to our System i server over the fiber, yet they can connect to other Ethernet devices in the training center. I've tried rebooting the switches at either end (and even rebooting i5/OS) with no change. Oddly enough, computers left in the training center overnight always work fine the next day. What gives?

Continue reading "Fiber Optic Transceiver ARP Caching"

Posted on July 1, 2008 at 1:01 AM | Comments (0)

June 1, 2008

Duplicated Incoming Email Messages

Dear Doctor,
We're a total i5/OS shop and run several different kinds of mail servers: Lotus Notes, CommuniGate Pro, and the native i5/OS SMTP server. Each server provides e-mail for a specific suborganization of our enterprise. Recently, we've had a strange problem that affects all three servers: Incoming mail messages occasionally get duplicated, or worse. I've seen up to six copies of the same message. I see no pattern in where the duped messages originate, and with three completely different mail servers, it's hard to believe this is our problem.

Continue reading "Duplicated Incoming Email Messages"

Posted on June 1, 2008 at 4:00 PM | Comments (0)

VoIP echo on POTS lines

Dear Doctor,
Our VoIP system has two kinds of trunk connections to the local exchange carrier (LEC): an ISDN PRI T1 circuit with six channels for long distance and another four plain old telephone service (POTS) analog voice lines used for local calls. We're charged by the minute for both local and long distance on the ISDN PRI, while there are no per-minute charges on the POTS lines for local calls. The problem is that calls through the POTS lines suddenly have a terrible echo on them. The phone company tested and says that it's our gear; the VoIP vendor blames the phone company. Whose fault is it, really? And how do we fix it?

Continue reading "VoIP echo on POTS lines"

Posted on June 1, 2008 at 3:54 PM | Comments (0)

May 1, 2008

Clipped Speech During VoIP Calls

Dear Doctor,
I installed a Voice over IP (VoIP) phone system for our office, initially set up to use Internet VoIP trunks. The reliability and sound quality of Internet phone calls was too poor for our management's taste, so I switched to Plain Old Telephone Service (POTS) analog lines. Alas, to my surprise, we still have significant sound-quality problems. The worst is that the beginning and ending of every spoken sentence seems to be clipped off. But we also hear a distinctive hiss that is both annoying and not audible when I place a call with an analog phone on the same lines. Management is ready to throw out the VoIP system. Help!

Continue reading "Clipped Speech During VoIP Calls"

Posted on May 1, 2008 at 4:28 PM | Comments (0)

Windows Remote File Copy Timeout Errors

Dear Doctor,
Our remote offices' Windows servers nightly perform file copy operations from our central System i server for database synchronization. Recently, however, the file copy operations have begun randomly failing. Some nights they all work, but other nights one or more copies fail, with Windows giving the inexplicable error "timeout occurred." We have plenty of bandwidth, and other non-Windows copies running in parallel prove that network outages aren't occurring. Packet captures at each end reveal TCP RST (reset) packets being received that were not sent by the other end, which correlates with the timeout errors. What could be causing this?

Continue reading "Windows Remote File Copy Timeout Errors"

Posted on May 1, 2008 at 4:27 PM | Comments (0)

April 1, 2008

Slow File Transfers in Windows Vista

Dear Doctor,
Our branch office network recently upgraded many workstations to Windows Vista. We've noticed that file transfers to and from these machines and the Internet is much slower — about 10 times slower — than our XP and Mac machines. Yet the same machines can transfer files fine over our VPN to the home office. We use a Cisco PIX firewall for our Internet connection and a Sonicwall VPN appliance for our corporate VPN. I'm perplexed!

Continue reading "Slow File Transfers in Windows Vista"

Posted on April 1, 2008 at 4:32 PM | Comments (0)

Blog Policy

We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.