Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
803
Views
0
Helpful
10
Replies

Intermittent ping with equal intervel !.!.!.!.!.!

manickavasagam.s
Level 1
Level 1

‎07-04-2006 09:16 PM - edited ‎03-03-2019 01:14 PM

I am using one VRF for two tunnels which is configured on the same router.

Both the tunnels are using same interface as source address. While i do vrf ping for wan ip,getting !.!.!.! type of results.Can anyone confirm that,as i am using same source and same VRF.. if i try to ping other end wan whether my packet is going on both tunnel and getting reply only from one.. this wot i guess. In genral,if we config two static routes with equal cost, we use to get this type of results. As i am running BGP between CE & PE i can't isolate this issue. Please give your suggestions.. Thanks , Manick

Labels:
0 Helpful
10 Replies 10

rob_lay
Level 1
Level 1

‎07-04-2006 10:41 PM

Hi, regualar interval drops in ping attempts are often due to anti DOS configurations on devices, I see this quite often, it varies in the drops sometime the pattern will be !....!....!....!, other times it will be as you are seeing. Do you manage the CE and PE routers or are they being managed by your service provider?? Also, is the device that you are trying to ping a router or is it a server??

I would investigate what security configurations are on the device you are trying to ping.

Cheers

Rob

0 Helpful

manickavasagam.s
Level 1
Level 1
In response to rob_lay

‎07-04-2006 11:06 PM

Hi Rob, Thanks for your reply

We are managing the both PE & CE. We are trying to ping CE end WAN ip from PE end. We have configured only access list under tunnel interfaces. So no need to check the security part.We are using Tunnels for WAN.

Regards,

Manick

0 Helpful

ariela
Level 4
Level 4
In response to manickavasagam.s

‎07-05-2006 01:36 AM

Hi Manick,

just a stupid question: ping vrf, isn't it?

Regards

Andrea

0 Helpful

manickavasagam.s
Level 1
Level 1
In response to ariela

‎07-05-2006 01:55 AM

Hi Ariela

The command is : " ping vrf ip xxxx

Regards,

Manick

0 Helpful

ariela
Level 4
Level 4
In response to manickavasagam.s

‎07-05-2006 02:37 AM

Ok, Manick, sorry for useless question.

In my opinion, this is a routing issue, and not a security issue (even if the Rob post could be helpful).

Reassuming:

you have 2 GRE tunnels with same source IP (but different exit, is it?), same metric, same mtu ... and 2 static routes with equal cost, or 2 eBGP sessions?

Could you send us more infos, and a conf if you please?

Thanks

Andrea

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ariela

‎07-05-2006 05:04 AM

I agree with Andrea that the symptoms described so far sound more like a routing issue than a security anti-DOS issue. Seeing details from the router config would be very helpful.

I have seen a number of time where a router had two routes for the same destination over two tunnels, but only one tunnel was actually working and transporting responses. So it might be worth while verifying whether both tunnels are actually carrying data successfully.

HTH

Rick

HTH

Rick
0 Helpful

romccallum
Level 4
Level 4
In response to Richard Burts

‎07-05-2006 05:29 AM

there is load balancing going on - there must be for a 50% swing each time absolutely defintootly load balancing. If its not then Rob can eat his hat ;-)

0 Helpful

manickavasagam.s
Level 1
Level 1
In response to Richard Burts

‎07-05-2006 07:03 PM

Hello all,

Thanks for your feedback

In my case the GRE destination are diffrent not same destination. The connectivity is 7507-6500-4700. I have configured GRE between 7507-4700,and one more bet same 7500 and diffrent 4700.I am running ISL in 6506. Whether this ISL will add more header when the traffic flow between GRE's as source and destination are fastethernet/ethernet which connected to 6500.

switch.The protocol used between 7507(PE) and 4700 ( Boundary router)is BGP.

Regards,

Manick

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to manickavasagam.s

‎07-06-2006 02:56 AM

Manick

I have frequently configured two (and sometimes more) GRE tunnels using the same source address for the tunnel with different destination address (though I have not so much experience with vrf) and they work just fine.

I still believe that the symptoms suggest that it is an issue with routing logic - probably with two paths appearing for the destination but only one of them really works. It would be helpful if you would post some additional information. Would you post the output of show ip route . It would also be helpful if you would post the output of traceroute to the destination.

HTH

Rick

HTH

Rick
0 Helpful

roadhouse1387
Level 1
Level 1
In response to Richard Burts

‎07-06-2006 08:46 AM

Hi,

I thought "!.!.!.!" was telling you that the echos were being blocked by an access list at the far end ?

i.e. ICMP unreachables

Cheers

Shaun

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card