Friday, December 10, 2010

Re: clearcase no response

This question is not answered.

Posts: 30
Registered: Dec 01, 2006 04:24:44 AM Re: clearcase no response
Posted: Nov 22, 2010 01:02:15 AM   in response to: cm@heart in response to: cm@heart's post "setting up sniffers and also check MTU settings." Could you give me more detail description about this?
Posts: 30
Registered: Dec 01, 2006 04:24:44 AM Re: clearcase no response
Posted: Nov 22, 2010 01:10:27 AM   in response to: marcdb in response to: marcdb's post Many thanks!
telnet 371
I see an empty screen.
Could you give me more detail further description about "Ping uses ICMP port 8 called "echo" ?
Posts: 207
Registered: Jan 15, 2005 05:15:03 PM Re: clearcase no response
Posted: Nov 22, 2010 03:02:24 AM   in response to: shingirl in response to: shingirl's post Shingirl,

There is a RFCs collection where all those protocols and their usage is explained.

In short when you ping a remore machine, your PC does send a "hello" message to the address you wish to enquire.

In human terms:

hello AAA I am ZZZ do you read me?

hello ZZZ this is AAA and I read you

When you use:

ping address -a

you ask the remote machine to supply you its human readable name known as DNS

Also the ICMP set is used to build a matrix of machines in a LAN

The full RFC list can be found in here: www.rfc-editor.org


Posts: 427
Registered: Mar 15, 2005 04:40:07 AM Re: clearcase no response
Posted: Nov 22, 2010 09:17:10 AM   in response to: shingirl in response to: shingirl's post shingirl wrote:
> I first use albd_list command.
Then you can ignore telnet, ping etc. for now: this is useful knowledge in general, but it won't help you in this case.
Marc
Posts: 426
Registered: Sep 28, 2005 02:20:11 PM Re: clearcase no response
Posted: Nov 23, 2010 09:36:01 AM   in response to: shingirl in response to: shingirl's post This seems to be going around in circles...

Some important tests:
1) Verify that a "loaded" ping (packet size of at least 4096 bytes) works. "ping -l 5120 {registry server name}" is a useful command to test this...
2) Verify whether you can do an lsvob of a known VOB tag. "cleartool lsvob \myvob" If this works, while a full lsvob fails, you most likely have a firewall configuration that is blocking the full communication.

If the single-VOB lsvob fails, then verify that you can actually communicate with the albd port on the server host. The best command for that is the old windows "telnet" program. The syntax is "telnet {registry server name} 371", and if this is successful, you will see NOTHING. If it fails, you will get an error like this:
Connecting To ...Could not open connection to the host, on port 371: Connect failed

If the telnet fails that way, you need to determine why you cannot perform this basic communication and resolve the issue. The possible causes are:
1) Name resolution. The server's host name may resolve to an incorrect address in DNS
2) Client-side firewall issue. The ClearCase commands from this host may be getting blocked by a firewall on the client. You would be able to see this in a network trace started on the client, because you will see no communication going out to port 371.
3) intermediate firewall issue.

Note: If the registry server is also this client's ATRIA license server (check clearcase control panel or cleartool hostinfo -long), then the fact that you are NOT getting a license error indicates that basic communication with the albd works.

=================================================================
Brian Cowan
Advisory Software Engineer
ClearCase SoftWare Advisory Team (SWAT)
Rational Software
IBM Software Group
550 King St
Littleton, MA 01460

Phone: 1.978.899.9471
Web: http://www.ibm.com/software/rational/support/


Posts: 427
Registered: Mar 15, 2005 04:40:07 AM Re: clearcase no response
Posted: Nov 23, 2010 11:08:38 AM   in response to: brcowan in response to: brcowan's post brcowan wrote:
> The best command for that is the old windows "telnet" program.

Why is this better than albd_list???

Marc


Posts: 426
Registered: Sep 28, 2005 02:20:11 PM Re: clearcase no response
Posted: Nov 23, 2010 11:22:38 AM   in response to: shingirl in response to: shingirl's post Well, albd_list is great if you're on the server and looking to see what the child processes of the albd are. If you need to verify ability to get to the port, telnet has the advantage of completely eliminating clearcase from the client-side picture.

=================================================================
Brian Cowan
Advisory Software Engineer
ClearCase SoftWare Advisory Team (SWAT)
Rational Software
IBM Software Group
550 King St
Littleton, MA 01460

Phone: 1.978.899.9471
Web: http://www.ibm.com/software/rational/support/


Posts: 427
Registered: Mar 15, 2005 04:40:07 AM Re: clearcase no response
Posted: Nov 23, 2010 12:34:15 PM   in response to: brcowan in response to: brcowan's post brcowan wrote:
> telnet has the advantage of completely eliminating clearcase from the client-side picture.

This may be an advantage if the test fails, but not, as here, if it succeeds.

Marc


Posts: 30
Registered: Dec 01, 2006 04:24:44 AM Re: clearcase no response
Posted: Dec 08, 2010 01:35:08 AM   in response to: brcowan in response to: brcowan's post 1) run ping -l 5120 {registry server name} is Request timed out.
run ping -l 4096 is ok.
2) run "cleartool lsvob \myvob" ,it is works, but "run cleartool lsvob " fails, so, i disable the firewall. but the same issue.
3)telnet {registry server name} 371", this is successful.
Posts: 427
Registered: Mar 15, 2005 04:40:07 AM Re: clearcase no response
Posted: Dec 08, 2010 03:50:21 AM   in response to: shingirl in response to: shingirl's post shingirl wrote:
> 2) run "cleartool lsvob \myvob" ,it is works, but "run cleartool lsvob " fails, so, i disable the firewall. but the same issue.
There is probably an other firewall between your client and the registry server, and this one blocks the port for a short period of time as soon as one request results in too many replies, as a way to avoid 'denial of service' attacks.

You need to identify this firewall, and to reconfigure it.

Start with 'tracert '
Assuming it is not blocked...

In good old times, one recommended to place all the ClearCase hosts in a 0-hop LAN...

Marc


Posts: 30
Registered: Dec 01, 2006 04:24:44 AM Re: clearcase no response
Posted: Dec 08, 2010 03:54:49 AM   in response to: shingirl in response to: shingirl's post Does need to uninstall the antivirus software or firewall, not disable?

Is there other clues to solve the issue or to find the cause of the issue?


Posts: 207
Registered: Jan 15, 2005 05:15:03 PM Re: clearcase no response
Posted: Dec 08, 2010 12:59:26 PM   in response to: shingirl in response to: shingirl's post Shingirl,

That was our initial assestment.

Nowadays most popular Antivirus act also as firewall, more complicated than default Windows one, where common ports are the only open.

The suggestion, as already made to you, is to kill or temporary disable the Antivirus or any similar programme that might interact with network traffic.

To make and additional suggestion you want to use a programme that will tell you which port are open or close. Google for one, there are several freeware ones.

Cheers


Posts: 426
Registered: Sep 28, 2005 02:20:11 PM Re: clearcase no response
Posted: Dec 08, 2010 04:23:57 PM   in response to: shingirl in response to: shingirl's post Since "cleartool lsvob \vob1" works while plain "cleartool lsvob" fails, the issue is almost guaranteed to be in the switch/router/firewall between the client and the registry server. Why did I put the 3 together? Because in some cases the same box performs all 3 jobs. (High end Cisco gear is known for doing this, for example...)

Take a network trace of the transaction at both the client and the server end of things. Odds are that you will see the full "list vobs" output in the server-end trace, and only the FIRST packet of that response in the client-side trace. If so, please take a CLOSE look at the raw packets in the server side trace. What you will probably see is that the packets are leaving the server with the "do not fragment" bit set, and 2 out of 3 packets with that bit set also have non-zero fragment offset values. This combination of options is blocked by some intrusion detection systems to prevent denial-of-service attacks caused by spraying the target with bogus fragmented packets (which then will "sit around" for a while in memory waiting for the first fragment...).

How do you fix this, you tweak the firewall / Intrusion detection settings to allow these packets to go through.

Actual steps are (unfortunately) vendor specific.

=================================================================
Brian Cowan
Advisory Software Engineer
ClearCase SoftWare Advisory Team (SWAT)
Rational Software
IBM Software Group
550 King St
Littleton, MA 01460

Phone: 1.978.899.9471
Web: http://www.ibm.com/software/rational/support/

Help

Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular type of content or application that you're viewing.

My tags shows your tags for this particular type of content or application that you're viewing.

Use the search field to find all types of content in My developerWorks with that tag. Use the slider bar to see more or fewer tags. Popular tags shows the top tags for this particular type of content or application that you're viewing. My tags shows your tags for this particular type of content or application that you're viewing.MoreLess 
Point your RSS reader here for a feed of the latest messages in all forums

View the original article here

No comments:

Post a Comment