[Info-vax] TCP/IP Services SSH and new router difficulties

MG marcogbNO at SPAMxs4all.nl
Sun Oct 2 09:12:59 EDT 2011 

On 1-10-2011 19:30, John Wallace wrote:
> This might be the time to make sure you understand the basics of IP
> (TCP vs UDP, role of routers, significance of MTU, etc). Then learn a
> bit about how to use TCPDUMP or wireshark, and then come back with a
> bit more info.

Thank you for the input, I guess.  However, your presumption is wrong.
I *do* understand IP and a lot more than simply the basics.  I have
already said, or indicated, that I strongly presume it's something
specific to TCP/IP Services (hence the subject title).  I'm sorry if I
somehow gave you the impression that I was looking for someone to give
me a breakdown of IP to me.


> Based more on intuition+experience than anything else, I'd guess you
> may have a packet loss problem somewhere, and the intrinsic behaviour
> of TCP (guaranteed delivery via timeout+retry) means that eventually
> the lost packet and what followed it is retransmitted.

Yes, I figured out that much.


> In the absence of supporting evidence other than what's posted here,
> I'd start by looking to see whether you have a Path MTU Discovery
> problem somewhere along the way between the two end systems of
> interest, a problem which is allowing smaller packets through but
> fragmenting big ones, but one end isn't aware of the size limit along
> the way. The consequence is that if one end occasionally sends
> unusually large packets which somebody along the way drops (because
> they're too big).

That's all nice and well, but (as I said before), it are only the VMS
nodes that are causing problems with the forwarded SSH TCP ports (22)
at the moment.

So, again, as I said before: I'm wondering if there's perhaps an
OpenVMS TCP/IP Services "ifconfig" variable that could be the culprit.
In other words, if my problems sound familiar (to not have to reinvent
the wheel, in terms of solving certain problems).


> Circumstances like this can occur when a network administrator
> foolishly blocks all flavours of "ping" (aka ICMP) packet; when that
> happens it is impossible for Path MTU Discovery to work right, which
> will lead to problems when perfectly valid (but big) TCP packets need
> fragmenting (and re-assembling when received); a router's reply
> message to the sender after dropping such a packet is an important
> part of Path MTU discovery. The router is an ICMP packet which silly
> network admins (including those in commercial ISPs) may sometimes
> block.

How do you explain that all other forwarded SSH ports (like for iLO
SSH and some other systems in my network) work fine, but just the
VMS TCP/IP SSH ports budge?


> Don't forget all the usual "systematic troubleshooting" stuff, e.g.
> Has this ever worked?

Yes, as I said several times before.


> Grossly oversimplified, and from distant non-error-correcting memory,
> apologies for any errors or significant omissions. I had great fun
> doing this kind of thing when mass market broadband first arrived in
> the UK ten years ago, and various consumer ISPs (and more importantly
> their wholesaler connectivity provider) didn't really have much of a
> clue.

Sorry, but did you just say I don't have much of a clue...?  (I hope I
am interpreting this incorrectly.)

  - MG

More information about the Info-vax mailing list