Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
2
Replies

strange MTU fragmentation issue

kevin.shi
Level 1
Level 1

‎03-06-2009 04:30 AM

On a LES circuit, CPE IP:10.250.40.194/30 Peer PE end IP:10.250.40.193/30

MTU setting on both CPE and PE is 1500, and over 1500 in the switches in the middle.

packet loss only happens on CPE when ping peer IP with packet size b/t approx 1520-3400Bytes. But never got packet loss when pinging the IP address behind PE(like remote side in the VPN)

ping from CPE:

RT2#ping 10.250.40.193 size 1900 re 100

Type escape sequence to abort.

Sending 100, 1900-byte ICMP Echos to 10.250.40.193, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!.!

!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!

Success rate is 96 percent (96/100), round-trip min/avg/max = 8/9/24 ms

RT2#ping 10.250.40.193 size 8000 re 100

Type escape sequence to abort.

Sending 100, 8000-byte ICMP Echos to 10.250.40.193, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 16/19/20 ms

RT2# ping 10.250.37.43 size 1800 re 100

Type escape sequence to abort.

Sending 100, 1800-byte ICMP Echos to 10.250.37.43, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 8/12/20 ms

WYE-Slough-RT2# ping 10.250.37.43 size 1700 re 100

10.250.37.43 is remote side IP behind the PE.

However there is no packet loss at all when ping on PE to CPE whatsoever size of packets size.

Is it CPE IOS problem??

Labels:
0 Helpful
2 Replies 2

autobot130
Level 1
Level 1

‎03-06-2009 09:15 AM

You need to set the DF bit in the ICMP packet so that the packet doesn't get sent to the router CPU for fragmentation.

This is what you should be doing, DF bit set.

Issue "ping 10.250.40.193 size 1500 repeat 100 df" ....

This should work if you say MTU is 1500 with switches in the middle. Anything over 1500+ should always drop.

The packet loss may be caused by excessive ICMP frag thats hitting CPU, depends on the platform you have of course.

0 Helpful

kevin.shi
Level 1
Level 1
In response to autobot130

‎03-17-2009 07:37 AM

I have set DF bit to ping and only 1500 was allowed.

The weird thing is packet loss only happens when the size is between 1520 to 3400, which mean it is ok to ping even packet size is 6000 or 16000.

If ICMP frag hits CPU packet loss should always happen when large packets pass through..

0 Helpful
Customers Also Viewed These Support Documents