Unanswered Question
Dec 11th, 2006
User Badges:

Hello everybody

I have a funny inssue using MPLS VPN (VRF) with Lan (ethernet) in both side of my VRF. look the scene:

CustomerMachines--->Fa0/0.1(Pe1)---MPLS CORE---(Pe2)Fa0/0.2---> CustomerServer

Just one machine each time of lan in Pe1 can ping the server in Pe2, I dont get simultaneous traffic, for example:

If machine 1 in Pe1 is pinging Server in Pe2, just this machine send traffic, if machine2 try to ping I get time out, if I stop machine 1 pinging server, so machine 2 start ping.

Very starnge.. Any idea

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jarvar832004 Mon, 12/11/2006 - 20:43
User Badges:

Kinda looks like a LAN issue. But does the same happen when u try to ping the wan (default gateway) ip too ?

ktd Mon, 12/11/2006 - 21:49
User Badges:


I have a few questions:

1) is the routing OK on each PE/CE

2) Do you have same using Serial Interfaces?

3) Are you using Ethernet connection in the core? If yes, have you increased the MTU size to 1526 bytes on the core links?

4) Do you have CE router or are the servers connected direclty?



swaroop.potdar Tue, 12/12/2006 - 03:40
User Badges:
  • Blue, 1500 points or more

Similar behavior is observed when DDOS mitigation solutions have been deployed for Datacenters with strict thresholds.

Also verify with your other end is there any type of DDOS mitigation or ICMP ratelimiting implemented on towards the CE which connects to the server.

Definately nothing related to MPLS as such.



ldomingues Tue, 12/12/2006 - 08:11
User Badges:


I have no rate limiting to ICMP and no DDOS protection.

ldomingues Tue, 12/12/2006 - 06:17
User Badges:

1 - yes, in fact I dont have CE, all the machines is direct connected in PE1 in sub interface Fast, and in the another side of VRF I have the server which is diretced connnected to the Pe2 in fast too. but the routing is OK.

2 - If I use Serial ou even I put a CE with 2 Fast Interface link this : MAchines-->Fa(CE)Fa-->Pe1---MPLS CORE-->Pe2-->server

It works fine, seems link Fast Issue (arp, something like that).

3 - I already use mtu 1530

4 - the server is direct connected to the PE2

attrgautam Wed, 12/13/2006 - 05:26
User Badges:
  • Silver, 250 points or more

Iam sure some kind of logs of the ICMP packets would help to see if the server is receiving the echo request and what is the return ICMP error messages on both of the PEs ? It is not an issue with MPLS as pointed earlier.

A wild idea will be there is some kind of NAT based restriction (D-NAT) and you have run out of IP pools :).


This Discussion