i have created a tunnel over a wan , the traffic on source tunnel is not matching traffic on dest tunnel,Can yoy plz help me in finding in this mismatch,
plz also tell me how can i capture live data traffic on wan interface, any utility
HI Prasad, [Pls Rate if Helps]
1. Whether MTU Size has been defined in the Tunnel Configuration using "ip mtu
2. Whether Bandwidth Definition on both the Sides of the Tunnel is same.
If Possible can you post the Tunnel Configuration of both the ends.
Pls Rate if Helps
Guru Prasad R
MTU size and Bandwidht settings are same ..
Plzz find below conf for u r ref
ip address 10.200.200.1 255.255.255.252
ip access-group 2 out
ip accounting output-packets
ip route-cache flow
tunnel source 126.96.36.199
tunnel destination 192.168.21.225
tunnel mode ipip
ip address 10.200.200.2 255.255.255.252
ip access-group 2 in
ip helper-address 10.16.192.255
ip helper-address 10.16.194.255
ip helper-address 10.16.193.255
ip helper-address 188.8.131.52
ip helper-address 192.168.24.244
ip helper-address 184.108.40.206
ip helper-address 220.127.116.11
ip helper-address 18.104.22.168
ip helper-address 22.214.171.124
ip helper-address 10.16.195.255
ip helper-address 10.15.192.255
ip helper-address 126.96.36.199
ip helper-address 10.16.85.255
ip helper-address 10.16.197.255
ip helper-address 188.8.131.52
ip route-cache flow
tunnel source 192.168.21.225
tunnel destination 184.108.40.206
tunnel mode ipip
We might be able to give better answers if we knew a bit more about your environment. Your original post says something general about not matching. Can you give us a bit more specific information to work with? Can you help us understand what is not matching?
I notice that one tunnel has ip access-group 2 out and the other tunnel has ip access-group 2 in. Can you provide the details of access-list 2 from both routers.
Are we sure that the tunnels are working in both directions? If you do a traceroute from one router to the tunnel address of the other router do you get a response that shows that it is 1 hop away? Do you get the same response from the other router?
Is it possible that the routing logic on one router is sending traffic through the tunnel that it not returning through the tunnel from the other router?
I am attaching full config of both routers.
we have one router in LAN to forword market data." local-udp-fwd.txt "
we have one more router at ISP who receives this broadcast on tunnel 20 " isp-udp-fwd.txt "
we kept this router so as to all VPN clients will get the broadcast from ISP and not from my LAN so as we save on wan BW.
This tunnel is onle accepting traffic from one ip 220.127.116.11 who is actual sending broadcast that is why only out traffic on internal router and in traffic on ISP side.
Please help me in understanding why out traffic and othere end in traffic is not matching
BSE-EXCH#show interfaces tunnel 20
Tunnel20 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.200.200.1/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 218/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 18.104.22.168, destination 192.168.21.225
Tunnel protocol/transport IP/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
Last input 4d17h, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d18h
Queueing strategy: fifo
Output queue 0/0, 0 drops; input queue 0/75, 0 drops
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 184000 bits/sec, 16 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
899345 packets output, 846447214 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
I have looked at the configs that you posted and I do not see any obvious problem with the configured tunnels. I still do not understand what the problem is. You say something about traffic not matching but you have not posted anything to help us see or understand what about the traffic is not matching. If you could clarify this perhaps we can find the answer.
I do note one thing that seems a bit strange - though I do not know if it is part of the problem. On the ISP router there is only one physical interface through which the tunnel traffic is carried, and it has a subnet that has room for only one other device on that subnet. So the ISP router will receive packets on the tunnel interface and for every broadcast received it will generate multiple packets based on the helper-address configured which will be forwarded out the physical interface (on which they were received). So the neighbor device at address 192.168.21.226 is forwarding the tunnel traffic to the JMFS-SIFY and is receiving a bunch of directed broadcast traffic to forward to other destinations. Is this the intended environment?
Just a quick question, are sure that the traffic pattern for both sides are symmetrical i.e. there is no multicast or any broadcast that is being sent over this link?
As I guess its quite difficult to see that ONE-WAY traffic on a Router Interface.
If I were you, I would have tried to use a Sniffer and tried to understand whats going on.
Please rate if it helps
we are only forwording udp broadcas that is why it is one way traffic,
How can i use sniffer on the wan interface?
The interface text does help me to understand what you are asking about. I do not believe that you have a real problem. One end is reporting 16 packets per second and the other end is reporting 17 packets per second. I do not believe that at this number of packets per second you are able to get measurements that exactly match up. If there is a difference of even 1/4 of a second in when you do the show interface commands you would not be looking at exactly the same traffic flows. I think that the difference you see (at least in what you posted) is simply the difference of sampling slightly different traffic flows.
agree the packets are matching, then i guess in/out rates bits/sec also should match.
i have the graph for this interface it is always the difference.
how can i capture all the data packets on this interface.?