Hello all,
Our scenario is as below:
DMZ switch ----- PC
| |
| |
| |
FW FW (Checkpoint with VRRP connecting to N7k using VLAN 16)
| |
L2 Switch -------- Laptop
| | | |
N7k-1 ---- N7k-2 (Peer Link Between N7k)
| | | |
| | | |
Inside switch ---- Server (VLAN16)
When user ping from DMZ switch PC to Server in the Inside switch, the packet loss and long response time happen intermittently.
But when we ping from Inside switch with another VLAN (VLAN12) to the server, it's okay. VLAN12 and VLAN16's gateway are on N7k with HSRP.
So N7k's inter-vlan routing seems to be okay, but through FW has problem.
L2 switch and Inside switch connect to N7k with vPC. ALL the PC/Server are in VLAN 16 and their default gateway is to N7k.
If I connect a laptop which default gw is FW's VRRP ip, and PC at DMZ ping the laptop is okay.
When user ping from inside to DMZ we can see a icmp redirect message, and I don't know whether it could be the problem to cause the intermittent packet loss?
Thanks.
Peter
