[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 613
  • Last Modified:

Losing Packets over WAN

I have 3 sites, connected by point to point fiber links running ethernet.  The sites are as follows,
Site 1 - CoLo rack at a Data Center
Site 2 - Main Office
Site 3 - Remote office
The physical topology is a star with the Data Center at the hub.  The routers at each site are all Cisco switches (3750, or 3560).

I haven't noticed any problems with communication between my Main office and the Data Center, and there aren't really any services that the remote office accesses at the Data Center.  

The problem is with communication between my remote office and the main office.  After changing routes to start pushing traffic across the fiber link rather than across the VPN the Remote Office had been using, I tested with ping and traceroute, and all seemed to be happy.  I almost immediately started getting complaints from the remote office saying that they couldn't access certain services.  Once I dug into it more, I found that it wasn't universal.  Some people could access certain services, that others couldn't.I ended up putting them back on to the VPN tunnel so they could keep working.

This morning, I had an opportunity to swing them back onto the fiber link, and at first glance it appeared to be working.  The major things that were failing before seemed to be working universally, but then as they used it, they started uncovering little bits and pieces here and there that weren't working, but again it wasn't universal.  

One of the services that they were unable to access was our Intranet site (hosted at the main office)  so I got on the Intranet server and did a tcpdump filtered to a specific host.  Then I tried accessing the intranet, and the TCP dump revealed that for the most part it was working but it looked like the client never received the message from the web server that the page was done loading.  I even verified that the HTML had been received by the browser by doing "show source" and the entire HTML file was there.

I'm at a complete loss, and don't know where to go from here.  Any help would be appreciated.

Thanks,

Christian
0
ruffalocody
Asked:
ruffalocody
1 Solution
 
Kerem ERSOYPresidentCommented:
Hi,

It seems to me that there's an issue with packet fragmentation that occurs with you fiber link. What are your packet sizes there? Did you enable jumbo frames etc?

You can still use ping with the switch -s. Try bigger sizes which are close to your packet size.
 
I hope this helps.

Cheers,
K.
0
 
v46nCommented:
have you tried lowering the mtu packet size on the outside interface? try something really low like 1432 and see if you have any problems, or ping with packet size as kerem suggested.
to change mtu on the interface

conf t
interface fx/x
ip tcp adjust-mss 1432
0
 
nrpanchalCommented:
I think you can verify the MTU issue by using packets of different sizes and DF bit value. Please use extended ping to verify the same.

HTH
nayan
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
ruffalocodyAuthor Commented:
I did some ping tests.  The largest packet I could get to go across to my remote office was 1476 bytes (1468 + 8 bytes of ICMP header)  I also tried pinging a device at the data center and was able to send packets as large as 1608.  I haven't pushed it to find the threshold yet.  I'm thinking the issue may lie on my provider's equipment, and that they may not have their MTU set high enough somewhere between the data center and the remote office.  I'm waiting to hear back from them now.  I'll update when I have news.

Thanks for the help so far.

-Christian
0
 
MongolianNoseFluteCommented:
Did you resolve this issue?
If so what was the culprit, as I have an issue so similar it is uncanny.

Thanks
0
 
ruffalocodyAuthor Commented:
Wow, I fogot I hadn't closed this question out.  It turns out it was an MTU problem on the carrier's equipment.  Once they bumped that up, the link started working flawlessly.  The reason is that the provider is "tunneling" my traffic across their network on a VLAN so when they added their VLAN tag onto my packets that were at or near the 1500 MTU, my packets had to be fragmented.  
0
 
ruffalocodyAuthor Commented:
Hmmm I was hoping to split the points between the first three responders as you all were helpful in finding the solution, but I can't find how to do that.  I'll get points assigned once i do.

-Christian
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now