10-09-2008 06:40 AM - edited 03-03-2019 11:51 PM
We have 2 subnetwork in our building
192.168.134.0 /23 and 192.168.133.0/24
The 134/135 has their "internet" traffice routed through a proxy server at another location...but the 133 network has "direct" access. Yesterday the 133 network lost internet access for a short time. Im trying to figure out what the difference is.
This is an MPLS network
plz see attachment
10-09-2008 08:01 AM
Can you post traceroutes to internet from 133 and 134 subnets?
10-09-2008 08:35 AM
Hello Richard,
from the point of view of your router there is no difference
net 192.168.133.0/24
net 192.168.134.0/23
are both advertised on the EBGP session to the PE thanks to the OSPF redistribution into BGP.
Somewhere the net 192.168.133.0/24 is NATTED to access internet and the NAT device needs to have a return route to send back traffic.
This device that is different from the devices that processes net 192.168.134.0/23 could experience some form of failure on reaching the internet and so only net 192.168.133.0/24 was impacted or the return route was missing.
A detailed network diagram would be needed here but something can happened far from you and without any log on your router.
Also net 192.168.133.0/24 reaches the internet by going to where the prefix 0.0.0.0 is originated in the provider network inside your MPLS VPN (some other PE router for example that could be a C6500 with a FWSM module just to say)
Hope to help
Giuseppe
10-09-2008 10:52 AM
from the 134 subnet-for some reason we now cant ping out of that subnet
tracert 4.2.2.2
Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.135.252
2 4 ms 4 ms 5 ms 192.168.255.142
3 23 ms 23 ms 23 ms 192.168.255.133
4 24 ms 24 ms 24 ms 192.168.119.241
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
and now 133 subnet
Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.133.252
2 4 ms 4 ms 4 ms 192.168.255.142
3 23 ms 23 ms 23 ms 192.168.255.133
4 24 ms 24 ms 24 ms 192.168.119.241
5 20 ms 20 ms 20 ms 9-172-1xx-63.act.net [65.xx.xxx.9]
6 22 ms 22 ms 22 ms t3-3-1-0-3.edge7.washington1.level3.net [4.7x.20
2.49]
7 21 ms 22 ms 22 ms ae-13-13.car1.washington1.level3.net [4.68.106.2
33]
8 23 ms 21 ms 31 ms vlan69.csw1.washington1.level3.net [4.68.17.62]
9 23 ms 22 ms 22 ms ge-5-0-51.hsa1.washington2.level3.net [4.68.121.
13]
10 22 ms 22 ms 21 ms vnsc-bak.sys.gtei.net [4.2.2.2]
Trace complete.
10-09-2008 11:30 AM
As you mentioned , traceroute shows that 134 subnet does not has "direct" access to internet whereas 133 subnet is properly NAT'ed/routed to internet .
Do you manage 192.168.119.241? Thats where NAT/PAT is happening.
10-09-2008 11:43 AM
Hello Richard
the first 4 IP hops are the same:
1 <1 ms <1 ms <1 ms 192.168.135.252
2 4 ms 4 ms 5 ms 192.168.255.142
3 23 ms 23 ms 23 ms 192.168.255.133
4 24 ms 24 ms 24 ms 192.168.119.241
So the device that needs to be investigated is 192.168.119.241.
Here the two subnets receive different treatment.
Hope to help
Giuseppe
10-10-2008 05:48 AM
yes...
We manage the 192.168.119.241..
It is a c3850
3800 Software (C3825-ADVSECURITYK9-M)
so..all traffic is routed here
and this device is routing either directly to the intenet or it is not.
I ask cuz we have a proxy server that the .134
network must go through.
However the .133 bypasses the proxy and goes
directly to the internet
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: