?
Solved

Cannot ping over certain number of bytes

Posted on 2004-08-05
7
Medium Priority
?
315 Views
Last Modified: 2010-04-11
Hi Folks,

We have an office in the UK (main office) and an office in the US. These are connected over a dedicated VPN link. Both sites have managed Cisco 1700 routers. The UK office contains all the servers and domain controllers. One day when i came into the office (UK) the US site could not log onto the domain. Also from the UK we could not map to any of the US Folders. When i pinged the US from the UK everything seemed ok (4 replies) however when i increased the byte size to 3000 bytes it started to time out.

After numerous phone calls to our ISP who manage our routers and VPN they could not work out why this was happening. I ran every test you could imagine on our domain controllers and LAN but to no avail. Left for the weekend, came back Monday morning ready to do battle and the Link was back to normal. I phoned our ISP to see what they had done over the weekend but they claimed they had done nothing. When i pinged the US everything was ok, pinging up to 10000 bytes and over no problem.

Is their any reason why i could not ping the US with a byte size over 3000?

Also a point to note, during the time when the link was not working the US could still dial direct into our RAS (bypassing the router), log on, receive e-mails etc.

This has been really annoying me as their has been no explanation why this happened either from our ISP or from myself and i do not want this to happen again.

Any ideas would most appreciated.

Many thanks,

Baikie

0
Comment
Question by:Baikie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Expert Comment

by:tbacavalier
ID: 11724692
Maybe just internet congestion, or a dead router somewhere at either ISP or one of the major links? If your RAS is a phone based system then that is why you would have had no problems with that. Only real solution for that is some sort of secondary link, a satellite or something. But that is a little over-the-top.
0
 

Author Comment

by:Baikie
ID: 11724748
Should have mentioned that this went on for 4 days then suddenly started to work again. I only mentioned the RAS to prove that our system was working and that the US could log onto the domain using this method. Therefore authentication issues must be ok.


0
 
LVL 27

Accepted Solution

by:
pseudocyber earned 100 total points
ID: 11724899
I've been fighting an MTU issue between different versions of code on our VPN.  You're aware, of course, that the maximum size for regular ethernet packets is 1518 bytes?  This includes protocol overhead, so actual data is a little less.  Anything over this size has to be fragmented, which, for VPN is usually bad.

After much gnashing of teeth, sore foreheads from beating them against brick walls, and just general aggravation, I've read and experienced improved results from changing all MTU settings on interfaces, clients, links, etc. to 1430.  This results in no fragmentation and increased performance from our VPN.

This doesn't explain why you couldn't ping with large datagrams - but it might lead you towards a solution.

Hope this helps.
0
 

Assisted Solution

by:kronos540
kronos540 earned 100 total points
ID: 11729958
Good point on testing with Ras.

What is the CIR (a.k.a Garunteed minumum bandwith ) from the Solution provider ?
Although this does sound like a banwith issue that caused some of your problems.I think the Solution provider is not being ohnest about not changing the confuration of the vpn . A 1700 series router is just designed to handle a small home office and not a large corp connection. It all depends on how they setup the tunnel and how much bandwith the ISP/Solution provider has ..

The larger the packet size you send the longer it takes to get back (latency) especially if
the bandwith is over congested.. a vpn adds to the bandwith requirements and the cpu processing on the routers ..

Either the internet pipe was conjested, someone screwed up something on the souter configs, or the routers just got over loaded .. unless you have only 20 people or less accessing information accross the vpn. I would request a better router (2621 or better with at least 32 mb of ram) to handle the traffic and computation for encryption and decryption accross the vpn)

 

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question