Can ping,cannot ftp on MPLS 2547 network

sam-lee · ‎06-02-2006

Hi,

I have setup an MPLS 2547,ldp is up,bgp peer established,Vrf routing all ok.(i.e IP layer is working fine btw the P and PE and CE) However there is one starnge problem which is ping application can go through,but ftp cannot.I didn't setup any policy/security settings.Any idea?

Help is greatly appreciated!

olorunloba · ‎06-02-2006

Since pings are going, then you have IP connectivity. My guess is that you have MTU issues. From your config, I noticed that you are running MPLS on fast ethernet interfaces, and you have not changed the default MPLS MTU size which will be 1500.

You can confirm if you have MTU issues by pinging with packet sizes up to 1500. I will expect that anything larger than 1492 will not go.

If this is so, change the MPLS MTU size on the network, to cater for the 2 additional label stack. The command is mpls mtu in the interface mode.

If the ethernet interfaces are connecting to switches, ensure that the switches support jumbo frames.

sean · ‎06-02-2006

You should be able to set the mtu to 1524, and that should help things out. For the switches, it should be listed as system mtu.

sam-lee · ‎06-05-2006

Hi,

I change the setting tag-switching mtu 1600 but this has no effect.

However I found something strange,when I change the CE router serial interface mtu to 2100(since they are running FR),it works!

But why is this?

Any idea?

ghalman · ‎06-05-2006

Hi,

I have seen and resolved this problem before.

This is not MPLS problem rather any of the device between PE & CE i.e. the last mile (local loop).

Kindly run an extended ping with various data patterns (i.e. 0x0000 0xffff 0x???? hex) with larger packet size (try from 1000 to 1600 bytes packet size) and you will be able to simulate the problem at last mile.

In my case, the E1 convertor device was having issue. Replacing it immediatly resolve the problem.

Logic: the device was unable to convert certain pattern match while doing ftp e.g. a series of 1's etc. I had run test many times to ensure it was last mile. I do have that case in my archive somewhere... You try first, otherwise, I will send you over my notes!

Cheers

Abdullah H Sheikh

chips1999 · ‎12-09-2010

Hi,

We have been problems conneting to the application over MPLS. We configured L2 ethernet point to point for a client,and we are able to ping with different sizes of packets(trying to eliminate MTU issues). Other traffic such as mail is going through without a problem,except for http. I have attached what I captured from wireshark between the host (10.208.21.18) and the sever (172.31.192.7)... this is a banking application and unfortunately it's an inhouse coded software.

Luc De Ghein · ‎01-09-2011

Hi,

Changing the mpls mtu is not advised any longer.

This is explaned on this page:

http://www.cisco.com/en/US/partner/docs/ios/12_2sb/feature/guide/newmtu.html

First verify that the issue is indeed an MTU one by pinging with various sizes and the DF-bit set.

Note the size at which the ping starts failing.

It is advisable to lower the MTU, not the mpls mtu. Also, it should be done at the edge, not in the

core, in order to push possible fragementation to the access layer, and prevent fragmentation in the

core of the network.

The best is to make sure that path mtu discovery is working. Look at this page to see details on it and

possible issues that make it fail:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Regards,

Luc