Solved: BGP over MPLS, Outgoing FTP/Mail Issues with NT, XP Works

fortino.brandon · ‎10-05-2009

This is going to be a weird one. Just a warning.

We are a service provider and we've deployed a Cisco 2621 XM as a CPE router terminating a

T1 we are providing to the customer site, this is part of a BGP over MPLS cloud spanning

10 customer sites in total. This is part of a Metro Ethernet MPLS operating on a 1 Gig

switched ring with Cisco 7500 routers serving as the CO routers.

The Cisco 7500 CO routers run BGP over MPLS and 9 of the 10 customer sites are operating

correctly, each site is fed by a single T1, which is provided through a Channelized DS3

card in the 7500 through a Adtran MX2820 and then terminated by a T1 Version 1 WiC card in

the Cisco 26XX of each site.

The site experiencing the issues is unable to send FTP and outgoing email on ports 20,21

and 25. The information that really makes this odd is as follows:

The site experiencing the issues works fine with Windows XP, going FTP and Email, but

various Windows NT and 2000 customers are unable to use FTP and Email at the site.

Elsewhere at the other 9 sites the customer has Windows NT and 2000 computers that work

fine.

What would be the difference between Windows XP and Windows NT traffic crossing a BGP over

MPLS cloud? The IP addresses, ports and router configurations remain the same.

jbankstonga · ‎10-05-2009

I've seen this problem before, and it was a fragmentation issue. I had to create a route map and apply it to the client site so that the DF flag was cleared. This then enabled fragmentation on the client side prior to entering the MPLS CE WAN ckt facing the PE.

-Jeff

View solution in original post

libanm · ‎10-05-2009

I don't think the issue is the 75xx or the MPLS, i would focus more on the CPE equipment and Telco what is the exact issue with NT, and 2k? can they send any type of packet? or just port 21?

jbankstonga · ‎10-05-2009

I've seen this problem before, and it was a fragmentation issue. I had to create a route map and apply it to the client site so that the DF flag was cleared. This then enabled fragmentation on the client side prior to entering the MPLS CE WAN ckt facing the PE.

-Jeff

fortino.brandon · ‎10-06-2009

Jeff,

This did correct the issues with file transfer the customer was experiencing. They are still experiencing issues with outgoing mail but I believe that is a separate issue.

I really can't explain in words just how much I appreciate your help. This was an issue we'd sunk quite a few hours into troubleshooting. I have my BSCI test scheduled for next week and I was losing my confidence the longer this problem dragged on.

For the purposes of documentation I am including the commands I used on the CPE router at the location having the issues:

interface FastEthernet0/0

description TO INTERNAL NETWORK

bandwidth inherit

ip address 10.12.5.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip policy route-map clear-df

speed 100

full-duplex

access-list 101 permit ip any any

route-map clear-df permit 101

set ip df 0

I'd also like to thank libanm for his help.

Sincerely,

Brandon

libanm · ‎10-06-2009

Jeff,

Good advise, Brandon i m glad the issue is fixed (partial). Can you and Jeff tell us the code the CE box is running, is this a bug?

fortino.brandon · ‎10-06-2009

The mail issue was proven to be customer error. I don't believe this is a bug, I believe the customer equipment was originating packets with the DF bit set and the Cisco equipment was acting appropriately by dropping the packets it was not allowed to fragment.

jbankstonga · ‎10-06-2009

Excellent to hear, glad all is working fine now.

-Jeff