Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

What in this configuration is causing to different routes for a subnet

We have 2 subnetwork in our building

192.168.134.0 /23 and 192.168.133.0/24

The 134/135 has their "internet" traffice routed through a proxy server at another location...but the 133 network has "direct" access. Yesterday the 133 network lost internet access for a short time. Im trying to figure out what the difference is.

This is an MPLS network

plz see attachment

6 REPLIES
Silver

Re: What in this configuration is causing to different routes fo

Can you post traceroutes to internet from 133 and 134 subnets?

Hall of Fame Super Silver

Re: What in this configuration is causing to different routes fo

Hello Richard,

from the point of view of your router there is no difference

net 192.168.133.0/24

net 192.168.134.0/23

are both advertised on the EBGP session to the PE thanks to the OSPF redistribution into BGP.

Somewhere the net 192.168.133.0/24 is NATTED to access internet and the NAT device needs to have a return route to send back traffic.

This device that is different from the devices that processes net 192.168.134.0/23 could experience some form of failure on reaching the internet and so only net 192.168.133.0/24 was impacted or the return route was missing.

A detailed network diagram would be needed here but something can happened far from you and without any log on your router.

Also net 192.168.133.0/24 reaches the internet by going to where the prefix 0.0.0.0 is originated in the provider network inside your MPLS VPN (some other PE router for example that could be a C6500 with a FWSM module just to say)

Hope to help

Giuseppe

New Member

Re: What in this configuration is causing to different routes fo

from the 134 subnet-for some reason we now cant ping out of that subnet

tracert 4.2.2.2

Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.135.252

2 4 ms 4 ms 5 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

and now 133 subnet

Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.133.252

2 4 ms 4 ms 4 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

5 20 ms 20 ms 20 ms 9-172-1xx-63.act.net [65.xx.xxx.9]

6 22 ms 22 ms 22 ms t3-3-1-0-3.edge7.washington1.level3.net [4.7x.20

2.49]

7 21 ms 22 ms 22 ms ae-13-13.car1.washington1.level3.net [4.68.106.2

33]

8 23 ms 21 ms 31 ms vlan69.csw1.washington1.level3.net [4.68.17.62]

9 23 ms 22 ms 22 ms ge-5-0-51.hsa1.washington2.level3.net [4.68.121.

13]

10 22 ms 22 ms 21 ms vnsc-bak.sys.gtei.net [4.2.2.2]

Trace complete.

Silver

Re: What in this configuration is causing to different routes fo

As you mentioned , traceroute shows that 134 subnet does not has "direct" access to internet whereas 133 subnet is properly NAT'ed/routed to internet .

Do you manage 192.168.119.241? Thats where NAT/PAT is happening.

Hall of Fame Super Silver

Re: What in this configuration is causing to different routes fo

Hello Richard

the first 4 IP hops are the same:

1 <1 ms <1 ms <1 ms 192.168.135.252

2 4 ms 4 ms 5 ms 192.168.255.142

3 23 ms 23 ms 23 ms 192.168.255.133

4 24 ms 24 ms 24 ms 192.168.119.241

So the device that needs to be investigated is 192.168.119.241.

Here the two subnets receive different treatment.

Hope to help

Giuseppe

New Member

Re: What in this configuration is causing to different routes fo

yes...

We manage the 192.168.119.241..

It is a c3850

3800 Software (C3825-ADVSECURITYK9-M)

so..all traffic is routed here

and this device is routing either directly to the intenet or it is not.

I ask cuz we have a proxy server that the .134

network must go through.

However the .133 bypasses the proxy and goes

directly to the internet

168
Views
0
Helpful
6
Replies
CreatePlease to create content