ICMP packets more then 400 bytes dont work

Unanswered Question

Topology

2 6500 core switches with 720 bxl supervisors with ACE blades

2 6500 access switches

Server farms with servers behind the ACE

routing protocol ospf

I can ping from outside to the servers till the ICMP byte size of 375 beyond that the ICMP dosent work. All the interfaces have the default size of 1500 mtu from the source to destination. Please advice if any one has seen this kind of behaviour.

I have a similar setup in the othe region & that works

Regards

Prasanna

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Fri, 04/02/2010 - 06:02

Topology

2 6500 core switches with 720 bxl supervisors with ACE blades

2 6500 access switches

Server farms with servers behind the ACE

routing protocol ospf

I can ping from outside to the servers till the ICMP byte size of 375 beyond that the ICMP dosent work. All the interfaces have the default size of 1500 mtu from the source to destination. Please advice if any one has seen this kind of behaviour.

I have a similar setup in the othe region & that works

Regards

Prasanna

Hi Prasanna,

It can be possible that server or any other device is denying the icmp packet size request from the requester.Just take capture of log when you try to ping with size 375 and above and what type of icmp error message is coming that can give you the reason for failure.

Like ICMP/3 Type 4, "Fragmentation Needed but Don't Fragment Bit Set" is used to determine the maximum size per IP packet that a path between source and destination can support. This so-called "PMTU Discovery" helps to ensure that packets are sent at the maximum size that can squeeze through.

Hope to Help !!

Ganesh.H

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

ganesh,

Thanks for your mail but i get respone of 100% packet losss. The servers are physically connected to the access switches but the VLANS are moved to the ACE blades. The devault gateway of the servers ia the VLAN int on the ACE. I get 100% loss when i send a ping from the ACE to the server which is more then 350 Bytes.

If i move this server to the vlan on the 6500 switch this ping works with the size more then 350. Have you come accross this when using a ACE blade in the 6500 chassie

Prasanna

Ganesh Hariharan Fri, 04/02/2010 - 22:00

ganesh,

Thanks for your mail but i get respone of 100% packet losss. The servers are physically connected to the access switches but the VLANS are moved to the ACE blades. The devault gateway of the servers ia the VLAN int on the ACE. I get 100% loss when i send a ping from the ACE to the server which is more then 350 Bytes.

If i move this server to the vlan on the 6500 switch this ping works with the size more then 350. Have you come accross this when using a ACE blade in the 6500 chassie

Prasanna

Hi Prasanna,

Genrally there is command to set the max and mon mss value but in ACE the default value are fro min value is 536 bytes and maximum values 1380 bytes,check out the below link for more information.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/security/guide/Sec_CfGd.pdf

If once ACE is coming in to picture then ping drops then you need to capture the packet when ping via ace as default gateway,the captured packet can tell us some clue.

Hope to Help !!

Ganesh.H

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Actions

This Discussion

Related Content