Solved

Intermittent connectivity to Single Server on MPLS

Posted on 2013-05-22
14
456 Views
Last Modified: 2013-07-22
We recently switched from IPSEC VPN between two Sonicwalls to MPLS via our provider.  At each site the MPLS cisco router is connected to our LAN switch.  That LAN switch plugs into an interface on our Sonicwalls. We have three sites: A, B, and C. Site B is the datacenter and houses the server with the issue.  The server is a Win 2008 DC with DHCP/DNS, IP 10.22.22.208. At Site A I have a laptop on IP 10.23.23.100.  

The issue is that since we have switched to the MPLS if I do a continuous ping from my laptop in Site A to the server in Site B.  The pings drop regularly. Likewise, if I do from server to laptop. I see the same issue if I ping from server in site B to site C, which is another site with MPLS. Basically, I can reach the LAN interface of the MPLS router but not beyond it.

What's cooking my noodle is I can successfully reach all other servers in that subnet. I can reach 10.22.22.x where x isn't 208.

I've worked with Sonicwall and our MPLS provider and both are clueless.
Sonicwall confirmed my routes in the sonicwalls were correct, and this is easily proven considering I can hit every other server without incident. MPLS says it's LAN problem since they can get to/from their interfaces on the ciscos without loss.

I keep thinking it's got to be the server but what on the server would cause the pings to time out more than half the time. I powered this server off to check for dupe IP but didn't find one. I also rebuilt NIC as this is virtual machine. Yes, I can reach all other VM's on this host without timeouts.

Any experts care to swing at this? Lost cause right?
0
Comment
Question by:ecosys
  • 7
  • 6
14 Comments
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Nah... it's never a lost cause...

What caught my attention is when you said that the MPLS vendor can get to your server's IP from their cisco's LAN interface...

If you're sitting at that office on the local network can you replicate this packet loss?

Have you considered adding another IP address to the server's NIC config just to rule out some odd issue between the two offices when routing to that address?
0
 

Author Comment

by:ecosys
Comment Utility
In my office if I ping that server I see continuous drops. The MPLS vendor said he could get to/from his cisco interfaces.

I'll give the additional IP address a shot.
0
 

Author Comment

by:ecosys
Comment Utility
Same thing. Gave it another IP and pings to that IP timeout.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Ok... let's figure out of it is on the server side or the network side.

Do you have a cross over cable available?  We need to have you connect a laptop or something directly to the port on the server with a cross over.  Make sure to set your IP config on both ends and then run a test to see if the packets drop.

Let me know...
0
 

Author Comment

by:ecosys
Comment Utility
No sorry. I am in what I referred to as Site A.  The server is in a datacenter in Site B.  There are miles between us. Not only that but the server is virtual so I would need to plug in to host and configure a single NIC for this VM.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Ok... plan b for now... do you have management access to the switch that the server connects to?
0
 

Author Comment

by:ecosys
Comment Utility
Yes.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Awesome.  I'm assuming its a managed switch with a management console?  Do you have the ports labeled so that you know what port each device is connected to?  I don't know what kind of switch you have but if the ports aren't labeled we should be able to find the port based on the MAC address of the NIC in question.

Can we check for any errors the switch may have logged?  Can you run some connectivity tests between the switch and the server?  Can you reply back with how the port is configured?

I'm guessing if you run the ping tests to the switch instead of to the server's IP you don't have the same trouble, right?
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
What virtualization platform is this?  VMware?  Hyper-V?  

Do you have more than one virtual network / virtual switch configured?  Have you tried switching which virtual switch this NIC connects to?

Sorry I know it's alot of questions... just trying to narrow down the root of the problem...
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Any chance that you by mistake have configured two different default gateways. On the server?
0
 

Author Comment

by:ecosys
Comment Utility
Hey guys,

It was single gateway. The platform is VMware. One virtual NIC/Switch.

Unfortunately, I had to abandon my efforts as I had to revert back to the Sonicwall IPSEC VPN last night.  The issue was resolved as soon as I removed routes in Sonicwalls and re-enabled VPNs.  I have to assume it was something with MPLS. Very frustrating.  This most likely will be re-opened as we will have to switch back over to the MPLS at some point.

Thanks for your help.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Understood.  When you're ready to start again we'll be here!

Good luck!
0
 

Accepted Solution

by:
ecosys earned 0 total points
Comment Utility
I discovered the intermittent connectivity was caused by our backups running on those specific servers during this time which crushed our connection to datacenter.

Thanks for the help.
0
 

Author Closing Comment

by:ecosys
Comment Utility
My comment was the solution.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now