SAP outages over Cisco MPLS VPN:ng, not with IPsec

Unanswered Question
May 11th, 2009


We had a network running SAP over it with IPsec. There was

no troubles with it until we migrated it to MPLS.

Now, while we have not changed SAP configuration, it is

disconnecting from the server randomly on all sites.

We have tried implementing rate-limit to see if there was

some bandwidth issues, but we have confirmed that all links

are running solid and smooth.

However, we can not figured out if a MPLS with Cisco Systems

may have some Issues with SAP traffic. SAP server has not

any timeout configured on it. Also we have reduced the MTU

on all devices to discard package loses ( we saw that some

sites were producing fragmented traffic, and now it's


It just happens with SAP connections, all the lines have not

got any cut on this past days.

Has anyone seen an issue with SAP and MPLS VPN:ng networks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
shivlu jain Mon, 05/11/2009 - 00:12

Could you tell me whats the MTU size used by the sp server. This can be the issue only with mtu.


shivlu jain

ricardo.frias Mon, 05/11/2009 - 01:11

The SAP server was working with 1500 MTU. Now, we have changed the MTU, and is working at 1430.

ricardo.frias Mon, 05/11/2009 - 01:34

Hi Shivlu,

Yes, we are having the same problems but now we don't see fragmented packages.



shivlu jain Mon, 05/11/2009 - 01:40

actually what happens if the core is supporting MTU of 1500 bytes then customer cannot send the data more than 1478 or 1774(if dot1q is using) data. 20 bytes of ip header + 4 bytes of vpnv4 label + 4 bytes of igp label + 4 bytes of dot1q if used.

In MPLS env. fragmentation is not possible.


shivlu jain

ricardo.frias Mon, 05/11/2009 - 02:51

Fragmetantion was doing for IP protocol.

Now, we have configured 1430 MTU ( Under 1474).


Ricardo Frías

shivlu jain Mon, 05/11/2009 - 05:02

yes, fragmentation always occurs in ip protocol, thats why if you l2tpv3 fragmentation works but in case of encapsulation mpls it doesn't.


shivlu jain

ricardo.frias Wed, 05/13/2009 - 01:23


The problem is not only with SAP service, it happens with all services ( Email). It's more frequently when the user don't use the service for few minutes 3 or 4 ( Timeout). SAP error is "Connection reset by peer".


Ricardo Frías

ricardo.frias Tue, 05/19/2009 - 02:57

I have changed the firewall ( Netscreen 25) before the SAP server. This firewall is on the central site. I have installed Zywall 5.

The connection with SAP is working perfectly. I will investigate because SAP connection does not work properly with Netscreen.


This Discussion