On 8/25/23 2:24 AM, Marc wrote:
Hi Grant!
Hi Marc,
Real quickly, not having re-read my previous response and had way too
much water under the bridge between then and now.
I was just 'cleaning up' a bit an ubuntu server from unnecessary
running processes. Now I have some external auth that is sometimes
slow due to the fact that the external auth host has two ip addresses
configured. One of those ip addresses is not reachable from my
ubuntu server.
The first thing that comes to mind is the "auth" a.k.a. "ident" service
that runs on TCP port 113. Though I'd be surprised if you actually had
an ident daemon running.
Is there a chance that you inadvertently changed incoming and / or
outgoing firewall config to filtered ident requests / replies and / or
TCP resets / ICMP unreachable messages therefor?
Lack of response to ident requets can cause a delay in services. This
could happen by blocking any of the following:
- outgoing locally generated requests
- incoming remotely generated replies
- incoming TCP reset
- incoming ICMP unreachable message
- incoming remotely generated requests
- outgoing locally generated replies
- outgoing TCP reset
- outgoing ICMP unreachable message
Do you know if there is currently something client side that actively
addresses this issue of having applications assigned ip addresses on
different networks?
I'm going to need more context. -- Maybe it's in the part of the
thread that I've not read recently enough.
I'm trying to get a reply out to you quickly.
I don't think I noticed this behaviour before my changes, could there
be something smart in neworkmanager/systemd?
Any time that you question a network related change impacting services,
my go to solution is a network sniffer, tcpdump on CLI or Wireshark in
GUI. (Sometimes both, capture on remote CLI and analyze locally in GUI.)
--
Grant. . . .
