Vinit, I attach everything, let me know what you think!!

Hello.

On a first glance this looks like MTU issue with broken PMTU (no ip unreachable). You may do ping from LAN1 to LAN2 (and back) with df-bit to figure out actual MTU.

If it's MTU issue, configure "ip tcp adjust-mss" on LAN interfaces with MTU minus 40 bytes. 

Could you provide configuration from LAN (L3) interfaces?

if PMTU is broken (its disabled), then the negotiation may happen with segment size 536 bytes. Though it can be verified what size packet is being sent from Lan1 to Lan2. Secondly, i think its more of traffic loss problem as Solarwinds notices huge packet loss. I doubt this being MTU issue coz the issue was resolved after a second tunnel was created. Makes my head think towards some mis-programming on 6500 platform but could be something else.

Exactly, I created a second tunnel which goes through the same physical link and the problem disappeared.

Vinit, regarding the PMTU I think I dont fully understand what you mean with segment size of 536 bytes

Regarding SolarWinds, I did the capture and the application does not initiate any retransmission, maybe because it would result in many duplicated packets, because if a device does not answer, then it may not exist.

In the options you can tune how many pings you send and how many ms to wait before a reply or between the pings

There is another thing: I can do a capture through monitor session command, but it seems that wireshark does not understand MPLS TE data, as it shows me "raw packet data" with empty field instead of data, do you know how to fix it? (I updated it to the last version and in the payload interpretation tried with different MPLS profiles, but nothing)...

Apart from the SolarWinds it is also a web interface which gives me timeout when autoroute is enables

If you have a particular source and destination that is not reachable, i can help you further troubleshoot it from 6500 perspective. First of all, i would like to know the hardware and software details on 6500. Could you please share the below commands from 6500:

- show module
- show version | in image

Also, please let me know the incoming and outgoing interface on both the 6500's.

I would have to see the commands that i suggest work on that particular hardware / software or not.

The default MSS for TCP is 536 bytes (that is in case the PMTU is not enabled). Please refer to below link.

http://www.tcpipguide.com/free/t_TCPMaximumSegmentSizeMSSandRelationshiptoIPDatagra-2.htm

Regards

Vinit

Vinit, the interfaces are on the graph or you need the output of show interfaces?

R1#show module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    8  DCEF2T 8 port 10GE                     WS-X6908-10G       SAL1547VRJ5
  2    8  DCEF2T 8 port 10GE                     WS-X6908-10G       SAL1547VRFS
  3   24  CEF720 24 port 1000mb SFP              WS-X6824-SFP       SAL1548WDZP
  4   24  CEF720 24 port 1000mb SFP              WS-X6824-SFP       SAL1548WC88
  7    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL1549X5AL
  8    5  Supervisor Engine 2T 10GE w/ CTS (Hot) VS-SUP2T-10G       SAL1549X573

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  30e4.dbd1.1698 to 30e4.dbd1.17df   1.1   12.2(50r)SYL 15.0(1)SY    Ok
  2  30e4.dbd1.12f8 to 30e4.dbd1.143f   1.1   12.2(50r)SYL 15.0(1)SY    Ok
  3  30e4.dbd1.3c28 to 30e4.dbd1.3d7b   1.0   12.2(18r)S1  15.0(1)SY    Ok
  4  30e4.dbd1.3a30 to 30e4.dbd1.3b83   1.0   12.2(18r)S1  15.0(1)SY    Ok
  7  588d.09e6.86c8 to 588d.09e6.8805   1.2   12.2(50r)SYS 15.0(1)SY    Ok
  8  588d.09e6.86be to 588d.09e6.87fb   1.2   12.2(50r)SYS 15.0(1)SY    Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  1  Distributed Forwarding Card WS-F6K-DFC4-E      SAL1546VD6M  1.1    Ok
  2  Distributed Forwarding Card WS-F6K-DFC4-E      SAL1545USX7  1.1    Ok
  3  Distributed Forwarding Card WS-F6K-DFC4-A      SAL1548W97J  1.1    Ok
  4  Distributed Forwarding Card WS-F6K-DFC4-A      SAL1548W997  1.1    Ok
  7  Policy Feature Card 4       VS-F6K-PFC4XL      SAL1542T65V  1.0    Ok
  7  CPU Daughterboard           VS-F6K-MSFC5       SAL1548WFJD  1.3    Ok
  8  Policy Feature Card 4       VS-F6K-PFC4XL      SAL1534N5L7  1.0    Ok
  8  CPU Daughterboard           VS-F6K-MSFC5       SAL1549X0EV  1.3    Ok

R1#show version | in image
System image file is "bootdisk:s2t54-advipservicesk9-mz.SPA.150-1.SY.bin"

R2#show modul
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1   24  CEF720 24 port 1000mb SFP              WS-X6824-SFP       SAL1548WCAB
  2   24  CEF720 24 port 1000mb SFP              WS-X6824-SFP       SAL1548WC7Z
  3    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1547W02R
  4    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1547W00Q
  5    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL1549X596

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  e8b7.4829.0ff8 to e8b7.4829.114b   1.0   12.2(18r)S1  15.0(1)SY    Ok
  2  30e4.dbd1.4490 to 30e4.dbd1.45e3   1.0   12.2(18r)S1  15.0(1)SY    Ok
  3  70ca.9b1d.39bc to 70ca.9b1d.3a4f   3.2   12.2(14r)S5  15.0(1)SY    Ok
  4  649e.f30a.4064 to 649e.f30a.40f7   3.2   12.2(14r)S5  15.0(1)SY    Ok
  5  44d3.ca7b.eed0 to 44d3.ca7b.f00d   1.2   12.2(50r)SYS 15.0(1)SY    Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  1  Distributed Forwarding Card WS-F6K-DFC4-A      SAL1549XL8F  1.1    Ok
  2  Distributed Forwarding Card WS-F6K-DFC4-A      SAL1549XL87  1.1    Ok
  3  Centralized Forwarding Card WS-F6700-CFC       SAL1549X0Z2  4.1    Ok
  4  Centralized Forwarding Card WS-F6700-CFC       SAL1549X3U6  4.1    Ok
  5  Policy Feature Card 4       VS-F6K-PFC4        SAL1550XNE3  1.1    Ok
  5  CPU Daughterboard           VS-F6K-MSFC5       SAL1549X0D3  1.3    Ok

R2#show version | in image
System image file is "bootdisk:s2t54-advipservicesk9-mz.SPA.150-1.SY.bin"

2900#show version | in image
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M2.bin"

Hello Vadym

the configuration and output file that you uploaded, has the config from R3 and 2900 seperately but i guess the 2900 is R3 itself. is the other config from R2.

Also, could you please share the config with the 2nd tunnel that you created.

Also, please share a particular source and destination that you want to troubleshoot. 

I would further like to know if MPLS is enabled between 4500, R1 and R2 as well.

Thanks

Vinit

Yes, Vinit, I am sorry, 2900 is R3.

The config of the second tunnel is:

R3_2900

interface Tunnel105
  ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 1.1.1.1
 tunnel mpls traffic-eng autoroute announce
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 1000
 tunnel mpls traffic-eng path-option 10 dynamic
 no routing dynamic

R1

interface Tunnel105
 ip unnumbered Loopback0
 no ip redirects
 tunnel mode mpls traffic-eng
 tunnel destination 3.3.3.3
 tunnel mpls traffic-eng autoroute announce
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 1000
 tunnel mpls traffic-eng path-option 10 dynamic
 no routing dynamic

R1

interface TenGigabitEthernet2/7
 ip address 10.200.253.22 255.255.255.252
 (here we have a policy map for WCCP but it does not affect the MPLS)
 ip ospf 100 area 0
 mpls traffic-eng tunnels
 ip rsvp bandwidth

R2

interface TenGigabitEthernet3/1
 ip address 10.200.253.21 255.255.255.252
  ip ospf 100 area 0
 mpls traffic-eng tunnels
 ip rsvp bandwidth

interface GigabitEthernet2/2
 ip address 10.200.253.114 255.255.255.252
 ip ospf 100 area 0
 mpls traffic-eng tunnels
 ip rsvp bandwidth

R3

interface GigabitEthernet0/1
 ip address 10.200.253.113 255.255.255.252
 ip ospf 100 area 0
 mpls traffic-eng tunnels
 ip rsvp bandwidth

The particular source and destionations is:

source: 10.200.7.138

dst: 10.24.4.251 (printer)

MPLS is enabled between R1 and R2 and between R2 and R3_2900, but not between 4500 and R1

it seem you just have mpls traffic-eng command configured but not LDP enabled (mpls ip). so after the tunnel tail-end, it will be just ip lookup nothing else.

One other difference i see is the tunnel 104 had signaled b/w of 100000 where as Tunnel 105 has signaled b/w configured to 1000. Any reason for this difference.

You can perform an ELAM capture on 6500 (R1 router to see if the packet is being received from Lan 2 side) and you can perform EPC capture on 2900 or 1900 router for the packet coming from Lan1 side.

EPC capture:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/command/epc-cr-book.pdf

ELAM Capture

- Enable service internal in global config mode

- show platform capture elam asic superman slot 7

- show plat cap el trigger dbus ipv4 if ip_sa=10.24.4.251 ip_da=10.200.7.138

- show platform cap el start

- show plat cap el stat

If the status is completed, then execute the below command:

- sh plat cap el data

If its still showing in progress status, run the above commands from the incoming linecard which is module 2. In order to attach to linecard, run below commands:

#attach 2

>enable

After this you can run the elam commands showed above. Note that when you are on linecard, the first command will become "show platform capture elam asic superman slot 2" (for enabling capture on module 2)

Once you are able to capture the packet, you can come out of the module by pressing Ctrl+C 3 times.

Hope this helps.

Regards

Vinit

Hello Vinit, I have read that I can use only RSVP to signal the labels instead of using 2, RSVP to reserve resources and LDP to interchange labels, so I have decided to use RSVP to do both functions.

Plus, in this type of topology I cannot have suboptimar routing, because I have only 1 path, the traffic returns from R3 to R2, it gets desencapsulated and from R2 it goes to R1 by IP, everything should work just fine?

Regarding the bandwidth reservation, I do not want to reserve anything, because since it is only in control plane, it does not affect how much traffic is traversing one particular tunnel or it does?

I was thinking about establishing automatic bandwidth for each tunnel and let it tune it depending on how much traffic is traversing the interface in one particular moment.Tell me, do I really need to reserve bandwidth? I want it to behave in FIFO style for now. Later when I implement QOS in MPLS TE, do I need to get back to bandwidth reservation topic or I can do the bw reservation through the QOS techniques?

Thanks for the capture, I will check it, this is just a diagnosis tool that contributes to troubleshooting, so I know what happens to traffic when it enters a particular router.

I dont really think you need to worry about the b/w signaling using RSVP. but that was the difference i noticed in the configs so thought of asking. 

Wondering if you just have one path, why do you really need to implement MPLS TE. 

I will try to simulate ur config over this weekend to see if i run into similar issue though i will run it in a virtual environment but still can check whats happening.

Vinit, we are adding many fiber optic redundantpaths in our network and some parts of our network already have some, this particular site that I have chosen is a small site I use to do the tests.

Between the R1 and 2900 I have a secondary ISP link, but I have tuned the routing so the traffic goes and returns only through the R1-R2-R3 link to discard any issues while I was troubleshooting this one.

I tried to GNS3 it, but you know, everything works there, besides it has another type of platform, different IOS, only ICMP, you cannot generate much traffic, so I was not able to reproduce it.

Thanks a lot!!