Blog: Networking

Be aware that DHCP option 43 breaks a lot of stuff. In the past, I noted that using APCs necessary binary value in DHCP option 43 will break DHCP configuration on HP JetDirect boxes. Now, I have also found that it breaks PXE boot on HP DL360 G3 and G4 servers. With the option enabled on scopes serving machines that need to boot PXE to talk to an HP SIM (Systems Insight Manager) or RDP (Altiris Remote Deployment Pack for SIM), the PXE boot fails and displays a PXE boot menu error and automatically reboots. This option is normally deployed globally on the DHCP server. I suggest removing it and only adding it back at the scope level in situations when you must have it. Then remove it when you are done with it.

When working with ISA 2004, be very careful when disabling unneeded functionality. I had an issue arise after disabling VPN access to a customer's ISA proxy server. After the configuration was changed, ISA promptly uninstalled RRAS which disabled all routing capabilities of the box. Unfortunately, from what I have been able to gather, ISA is NOT able to dynamically build the routing table based on network ranges specified in the "Internal Network" area. I think this partly because you must specify addresses ranges not subnets and not all address ranges can be converted to a proper classless networks. In http://www.microsoft.com/technet/isa/2004/plan/bp_networks.mspx, it explains that the ISA server must be able to reach each network that is specified in the "Internal Network" area via its routing table. So, from what I have been able to gather you must either use RRAS to create the static routes or put persistent routes into the routing table using "route add <network> mask <subnet mask> <gateway> -p"

Occasionally, when I am in a hotel, the IP address (or subsequent routing) conflicts with our own internal IP addresses or routing.  For example, I was in a hotel in Dallas recently and I got a 10.1.0.x address from their DHCP server.  Since the hotel was using the same IP addressing scheme as our office network, I was unable to VPN into our office. [more]

This is when it comes in handy to have a portable router.  [more] I personnaly carry with me a Linksys WTR54GS:

This is a wireless router but can be used as a wired router.  If I plug the router into the hotel's network then plug into the other side of the router, I get a 192.168.x.x address from the router and then I can VPN through the router to our internal network.

 The router I use also is handy since it's a wireless router with one Internet and one Ethernet RJ45 connection.  If the hotel is wireless only, I could configure the router to connect to the hotel’s wireless and then I could plug into the internal port to get behind the router.

1. From the Start menu, select Programs, Administrative Tools, then Computer Management to start the Computer Management snap-in.
2. Right-click the root of the tree (Computer Management), and select Properties from the context menu.
3. Select the Advanced tab.
4. Click the Startup and Recovery button.
5. Click the Shut Down button. (Don't worry. You won’t shut anything down at this point.)
6. From the dialog box, you can select to shut down, reboot, log off, or power down (if supported). You can also choose how to handle hung applications.
7. Make your selections, and click OK.

If you select Log off Current User from a terminal services session, the application logs off the user at the console, not your session, so choose this option with care.

We have had recently had a problem with a Cisco 3560 PoE switch and a Toshiba IP phone. The issue is that when a call is made from a Toshiba IP phone (problem spanned phone and phone/firmware versions), the conversion was one way. The party on the remote end could not hear the party in private banking. We have this switch deployed several other places with the same version of IOS and don’t see the issue. Finally the mystery has been solved. After running capture on the links and doing troubleshooting, I was able to determine that the "switchport voice vlan 1" command on each interface that was used for a phone was the magic bullet. For some reason, in its given setup, this switch needs this command to make everything work whereas it isn’t needed in other places. Cisco is current still looking into the issue and last I heard it is at TAC level 4.

Opendns.com is a free DNS resolution service that provides some useful added features:

• Corrects common typos and misspellings (i.e. yahoo.cmo)
• Allows you to create custom short cuts (i.e. you can make "mail" resolve to "mail.<yourdomain>.com")
• Offers filtering of web sites with a few different predefined categories such as pornography, tasteless, and anonymizing
• Manage custom whitelists and blacklists

This is a good solution for someone who wants to do basic web filtering at home or a small business. [more]

To use Opendns, create an account and define the IP address or subnet you’re using.  For home use with a dynamic IP, you’ll have to manually update your IP or install a dynamic DNS update client.  Security is in place to prevent specifying the same subnet or IP twice, or entering a subnet when you’re not currently using an IP from that network.

We use the ip tcp adjust-mss command on Cisco routers to set the maximum segment size for TCP connections going over VPN connections.

To find the optimum maximum segment size, be sure to use the do-not-fragment option when pinging across the link.  Sending a regular ping will show you the largest packet size that will make it across the link; using the df flag will tell you the largest packet that can traverse the link without being broken into multiple parts.  To set the do-not-fragment flag using the Windows ping utility, add "-f" to the command line.

Also, be sure to perform the same test over the regular, non-tunneled connection to the destination router.  Make sure your adjust-mss value is lower than the maximum non-fragmented packet.

When you have a duplex mismatch between a server and  a switch or a workstation and a switch you will only see problems in either the upload or the download, but not both. This table shows where you will see the extreme network latency when there is a duplex mismatch.

PC	Switch-PC	Switch-Server	Server		Upload	Download
Full	Full	Full	Full		Fast	Fast
Full	Full	Half	Full		Slow	Fast
Full	Full	Full	Half		Fast	Slow
Full	Half	Full	Full		Fast	Slow
Half	Full	Full	Full		Slow	Fast
Full	Full	Half	Half		Fast	Fast

 

I was trying to copy a VMware folder to the server's VMware share and I went offline.  After I finally rebooted to get things straightened out, I couldn't determine why my synchronization was taking a long time - well over 30 minutes.  I finally paid enough attention to see that it was trying to sync an offline copy of the main VMware disk image (about 4GB in size).  The problem is offline files was trying to keep a temporary copy of the file synched up until I deleted the temporary offline files.  When I deleted temporary offline files, it told me it deleted one file of 167MB but it freed up about 4GB on my C drive.