How to detect dropped UDP packets?

So far the Cisco forum could not tell me or find interest in how to detect dropped UDP packets specifically routing between two Domain Controllers DNS over a VPN Tunnel.

Supposedly some CISCO devices will drop UDP packets if they are too large.

If anybody knows please spill the beans.

Thanks
snyderkvAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dusan_BajicCommented:
Do you want to know if they are sometimes being dropped or you need exactly to detect it in real time?
0
moorhouselondonCommented:
I thought that UDP was designed to be a lossy method of sending packets.  See for example this link:-

http://www.devhood.com/messages/message_view-2.aspx?thread_id=94790

With UDP there is no sequence number associated with each packet, as there is with TCP, so the only way to get close to lossless transmission is to make sure the rate of transmission is pegged to the capacity of the transmission "pipe"

http://www.javvin.com/protocol/rfc768.pdf
0
snyderkvAuthor Commented:
I will read Moorhouse link but to answer the first posters question, our issue is with UDP packets over a VPN. Some folks think enough UDP packets are being dropped to cause DNS/* replication issues by some of the CISCO devices through the VPN Tunnel howevr, I have my doubts.. I need to know how to test it out before saying no to the UDP to TCP change over.

Any thoughts?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

moorhouselondonCommented:
Using Wireshark at both ends will tell you the quantity of packets at both ends - configure Wireshark to count only the packets you are interested in - you however need to have a "marker" to indicate the start and stop points for measuring purposes - you could use a ping to start and stop the test, everyting in between is to be counted.

www.wireshark.org
0
Dusan_BajicCommented:
I believe that only DNS client queries are UDP traffic; DNS zone transfers and AD replication are over TCP.
0
snyderkvAuthor Commented:
Moorhouse, thanks

Dusan, do you have a link to prove this? I'm going to search tonight when I have free time. That would be good for me to know :)
0
larsgaCommented:
I would agree with Moorehouse, do a network traffic sniff on both ends of the connection and compare would be the best way to determine whether packets (and which packets) are being dropped.

You could also look at the interface statistics on the Ciscos and see if they show dropped packets on the vpn interface.

Still, UDP packets shouldn't be dropped unless path mtu discovery is broken for some reason. That is, the end-stations should automatically detect the maximum packet size and not send packets that are too large. If the network sniff shows that UDP packets above a certain size is dropped, you either need to manually lower the mtu on the domain controllers or fix whatever is breaking pmtu discovery (probably on the Cisco VPNs).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dusan_BajicCommented:
snyderk,

1.
"Zone transfer operates on top of the Transmission Control Protocol (TCP), and takes the form of a client-server transaction" from http://en.wikipedia.org/wiki/DNS_zone_transfer , but I am sure you can find five million links supporting this in less then five minutes of googling...

2.
"Network Ports Used by Active Directory Replication:
RPC replication uses dynamic port mapping as per the default setting. When you need to connect to an RPC endpoint during Active Directory replication, RPC uses TCP port 135"
http://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html
http://technet.microsoft.com/en-us/library/bb727063.aspx

Unless you have connectivity problems, there is no reason to suspect that (only) UDP packets are being dropped. You can run simple ping test (with -t option) and even that will give you pretty good picture about network reliability.
I think your problem lies somewhere else....


0
snyderkvAuthor Commented:
Lars, Dusan, Moor

Thanks you guys thats all good info. Now I have enough info for my report back to the folks telling me that UDP packets are being dropped causing DNS replication issues and that Cisco devices are dropping large UDP packets without proof.

Thanks again
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.