Solved

Cannot ping over certain number of bytes

Posted on 2004-08-05
7
300 Views
Last Modified: 2010-04-11
Hi Folks,

We have an office in the UK (main office) and an office in the US. These are connected over a dedicated VPN link. Both sites have managed Cisco 1700 routers. The UK office contains all the servers and domain controllers. One day when i came into the office (UK) the US site could not log onto the domain. Also from the UK we could not map to any of the US Folders. When i pinged the US from the UK everything seemed ok (4 replies) however when i increased the byte size to 3000 bytes it started to time out.

After numerous phone calls to our ISP who manage our routers and VPN they could not work out why this was happening. I ran every test you could imagine on our domain controllers and LAN but to no avail. Left for the weekend, came back Monday morning ready to do battle and the Link was back to normal. I phoned our ISP to see what they had done over the weekend but they claimed they had done nothing. When i pinged the US everything was ok, pinging up to 10000 bytes and over no problem.

Is their any reason why i could not ping the US with a byte size over 3000?

Also a point to note, during the time when the link was not working the US could still dial direct into our RAS (bypassing the router), log on, receive e-mails etc.

This has been really annoying me as their has been no explanation why this happened either from our ISP or from myself and i do not want this to happen again.

Any ideas would most appreciated.

Many thanks,

Baikie

0
Comment
Question by:Baikie
7 Comments
 

Expert Comment

by:tbacavalier
ID: 11724692
Maybe just internet congestion, or a dead router somewhere at either ISP or one of the major links? If your RAS is a phone based system then that is why you would have had no problems with that. Only real solution for that is some sort of secondary link, a satellite or something. But that is a little over-the-top.
0
 

Author Comment

by:Baikie
ID: 11724748
Should have mentioned that this went on for 4 days then suddenly started to work again. I only mentioned the RAS to prove that our system was working and that the US could log onto the domain using this method. Therefore authentication issues must be ok.


0
 
LVL 27

Accepted Solution

by:
pseudocyber earned 25 total points
ID: 11724899
I've been fighting an MTU issue between different versions of code on our VPN.  You're aware, of course, that the maximum size for regular ethernet packets is 1518 bytes?  This includes protocol overhead, so actual data is a little less.  Anything over this size has to be fragmented, which, for VPN is usually bad.

After much gnashing of teeth, sore foreheads from beating them against brick walls, and just general aggravation, I've read and experienced improved results from changing all MTU settings on interfaces, clients, links, etc. to 1430.  This results in no fragmentation and increased performance from our VPN.

This doesn't explain why you couldn't ping with large datagrams - but it might lead you towards a solution.

Hope this helps.
0
 

Assisted Solution

by:kronos540
kronos540 earned 25 total points
ID: 11729958
Good point on testing with Ras.

What is the CIR (a.k.a Garunteed minumum bandwith ) from the Solution provider ?
Although this does sound like a banwith issue that caused some of your problems.I think the Solution provider is not being ohnest about not changing the confuration of the vpn . A 1700 series router is just designed to handle a small home office and not a large corp connection. It all depends on how they setup the tunnel and how much bandwith the ISP/Solution provider has ..

The larger the packet size you send the longer it takes to get back (latency) especially if
the bandwith is over congested.. a vpn adds to the bandwith requirements and the cpu processing on the routers ..

Either the internet pipe was conjested, someone screwed up something on the souter configs, or the routers just got over loaded .. unless you have only 20 people or less accessing information accross the vpn. I would request a better router (2621 or better with at least 32 mb of ram) to handle the traffic and computation for encryption and decryption accross the vpn)

 

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now