cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
0
Helpful
6
Replies

What in this configuration is causing to different routes for a subnet

nygenxny123
Level 1
Level 1

We have 2 subnetwork in our building

192.168.134.0 /23 and 192.168.133.0/24

The 134/135 has their "internet" traffice routed through a proxy server at another location...but the 133 network has "direct" access. Yesterday the 133 network lost internet access for a short time. Im trying to figure out what the difference is.

This is an MPLS network

plz see attachment

6 Replies 6

singhsaju
Level 4
Level 4

Can you post traceroutes to internet from 133 and 134 subnets?

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Richard,

from the point of view of your router there is no difference

net 192.168.133.0/24

net 192.168.134.0/23

are both advertised on the EBGP session to the PE thanks to the OSPF redistribution into BGP.

Somewhere the net 192.168.133.0/24 is NATTED to access internet and the NAT device needs to have a return route to send back traffic.

This device that is different from the devices that processes net 192.168.134.0/23 could experience some form of failure on reaching the internet and so only net 192.168.133.0/24 was impacted or the return route was missing.

A detailed network diagram would be needed here but something can happened far from you and without any log on your router.

Also net 192.168.133.0/24 reaches the internet by going to where the prefix 0.0.0.0 is originated in the provider network inside your MPLS VPN (some other PE router for example that could be a C6500 with a FWSM module just to say)

Hope to help

Giuseppe

from the 134 subnet-for some reason we now cant ping out of that subnet

tracert 4.2.2.2

Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.135.252

2 4 ms 4 ms 5 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

and now 133 subnet

Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.133.252

2 4 ms 4 ms 4 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

5 20 ms 20 ms 20 ms 9-172-1xx-63.act.net [65.xx.xxx.9]

6 22 ms 22 ms 22 ms t3-3-1-0-3.edge7.washington1.level3.net [4.7x.20

2.49]

7 21 ms 22 ms 22 ms ae-13-13.car1.washington1.level3.net [4.68.106.2

33]

8 23 ms 21 ms 31 ms vlan69.csw1.washington1.level3.net [4.68.17.62]

9 23 ms 22 ms 22 ms ge-5-0-51.hsa1.washington2.level3.net [4.68.121.

13]

10 22 ms 22 ms 21 ms vnsc-bak.sys.gtei.net [4.2.2.2]

Trace complete.

As you mentioned , traceroute shows that 134 subnet does not has "direct" access to internet whereas 133 subnet is properly NAT'ed/routed to internet .

Do you manage 192.168.119.241? Thats where NAT/PAT is happening.

Hello Richard

the first 4 IP hops are the same:

1 <1 ms <1 ms <1 ms 192.168.135.252

2 4 ms 4 ms 5 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

So the device that needs to be investigated is 192.168.119.241.

Here the two subnets receive different treatment.

Hope to help

Giuseppe

yes...

We manage the 192.168.119.241..

It is a c3850

3800 Software (C3825-ADVSECURITYK9-M)

so..all traffic is routed here

and this device is routing either directly to the intenet or it is not.

I ask cuz we have a proxy server that the .134

network must go through.

However the .133 bypasses the proxy and goes

directly to the internet

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco