Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
684
Views
0
Helpful
8
Replies

MPLS VRF AND LAN ISSUE

ldomingues
Level 1
Level 1

‎12-11-2006 03:00 PM

Hello everybody

I have a funny inssue using MPLS VPN (VRF) with Lan (ethernet) in both side of my VRF. look the scene:

CustomerMachines--->Fa0/0.1(Pe1)---MPLS CORE---(Pe2)Fa0/0.2---> CustomerServer

Just one machine each time of lan in Pe1 can ping the server in Pe2, I dont get simultaneous traffic, for example:

If machine 1 in Pe1 is pinging Server in Pe2, just this machine send traffic, if machine2 try to ping I get time out, if I stop machine 1 pinging server, so machine 2 start ping.

Very starnge.. Any idea

Labels:
0 Helpful
8 Replies 8

jarvar832004
Level 1
Level 1

‎12-11-2006 08:43 PM

Kinda looks like a LAN issue. But does the same happen when u try to ping the wan (default gateway) ip too ?

0 Helpful

ldomingues
Level 1
Level 1
In response to jarvar832004

‎12-12-2006 08:04 AM

All the machines ping the GW in Pe1

0 Helpful

ktd
Level 1
Level 1

‎12-11-2006 09:49 PM

Hi,

I have a few questions:

1) is the routing OK on each PE/CE

2) Do you have same using Serial Interfaces?

3) Are you using Ethernet connection in the core? If yes, have you increased the MTU size to 1526 bytes on the core links?

4) Do you have CE router or are the servers connected direclty?

regards,

swen

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to ktd

‎12-12-2006 03:40 AM

Similar behavior is observed when DDOS mitigation solutions have been deployed for Datacenters with strict thresholds.

Also verify with your other end is there any type of DDOS mitigation or ICMP ratelimiting implemented on towards the CE which connects to the server.

Definately nothing related to MPLS as such.

HTH-Cheers,

Swaroop

0 Helpful

ldomingues
Level 1
Level 1
In response to swaroop.potdar

‎12-12-2006 08:11 AM

swaroop.potdar

I have no rate limiting to ICMP and no DDOS protection.

0 Helpful

ldomingues
Level 1
Level 1
In response to ktd

‎12-12-2006 06:17 AM

1 - yes, in fact I dont have CE, all the machines is direct connected in PE1 in sub interface Fast, and in the another side of VRF I have the server which is diretced connnected to the Pe2 in fast too. but the routing is OK.

2 - If I use Serial ou even I put a CE with 2 Fast Interface link this : MAchines-->Fa(CE)Fa-->Pe1---MPLS CORE-->Pe2-->server

It works fine, seems link Fast Issue (arp, something like that).

3 - I already use mtu 1530

4 - the server is direct connected to the PE2

0 Helpful

ldomingues
Level 1
Level 1

‎12-13-2006 03:59 AM

Does Anybody still have some idea?

0 Helpful

attrgautam
Level 5
Level 5
In response to ldomingues

‎12-13-2006 05:26 AM

Iam sure some kind of logs of the ICMP packets would help to see if the server is receiving the echo request and what is the return ICMP error messages on both of the PEs ? It is not an issue with MPLS as pointed earlier.

A wild idea will be there is some kind of NAT based restriction (D-NAT) and you have run out of IP pools :).

0 Helpful
Customers Also Viewed These Support Documents