Solved: Re: Issues with packets being sent over Cellular Connection

JamesPipe · ‎02-07-2023

Hello,

We have field routers that have a land MPLS circuit and a backup cellular connection. Out of nowhere since around Sept of 2022 there has been a consistent bandwidth of cellular traffic on the cell interface when before there was none (aside from outages on the circuit) and we had no config change.... I captured the traffic on the cellular interface and it is normal business traffic that has a preferred BGP route via the MPLS, primary circuit.

When I run

SHOW IP ROUTE x.x.x.x

for the traffic I am seeing captured on the cell interface it shows a BGP route as the selected route and only route... Why is this traffic still going over the cell interface? Are there any other commands I can run to verify or figure out the issue?

Here is the output of the command showing the route ALL of it should be taking, yet packets are still hitting the backup cellular interface:

(I have starred out personal IP INFO)

show ip route 10.10.**.**
Routing entry for 10.10.**.0/24
Known via "bgp 10**", distance 2, metric 0
Tag **000, type external
Last update from ***.***.165.109 03:03:12 ago
Routing Descriptor Blocks:
* ***.***.165.109, from ***.***.165.109, 03:03:12 ago
Route metric is 0, traffic share count is 1
AS Hops 7
Route tag **000
MPLS label: none

Thanks!

JamesPipe · ‎02-08-2023

This was unrelated to the router config. The issues was other routers and they were sending packets to the cellular IP

View solution in original post

Richard Burts · ‎02-07-2023

The posted information does not tell us anything about the interfaces being used. As a starting point would you post the current running config. If you need to disguise addresses I would ask that instead of using *** that if the address is class A make the first octet 10, if the address is class B than make the first octet 172, and if the address is class C then make the first octet 192. That way your address is hidden and we get some useful information about how much of the address is significant. (and what is the rationale for using *** in a 10.10 address which is private already).

HTH

Rick

JamesPipe · ‎02-07-2023

de

JamesPipe · ‎02-08-2023

bump

Dan Frey · ‎02-08-2023

What is the output of "show ip route"? Did NEMO tunnel put a default route into the table?

JamesPipe · ‎02-08-2023

de

Richard Burts · ‎02-08-2023

I am wondering about the traffic that you captured on the cellular interface. Was it pretty much continuous? Or was it perhaps periodic? Was there any pattern to the source address(es) or destination address(es)?

If you check the logs of the router are there any messages about activity (interface up or down) or anything else that might shed light on this?

HTH

Rick

JamesPipe · ‎02-08-2023

x

JamesPipe · ‎02-08-2023

x

Richard Burts · ‎02-08-2023

This router is using technologies that I am not familiar with. Perhaps what I am wondering about is normal behavior and I just do not recognize it, or perhaps it might relate to the problem. So about:

controller Cellular 0/2

track timer ip route 1

and dialer-list and dialer watch-list are they perhaps bringing the cellular active more than they should.

I am also wondering about the mobile router aspects of the cellular interface and wondering if that might be related/causing the use of cellular?

You mention that this has been happening since September. Is it possible that there was some config change in September or a new version of the software that might relate to this behavior?

HTH

Rick

JamesPipe · ‎02-08-2023

There was no config change... That is the odd part. I have about 30 of these routers in field with SAME config. About half of them are seeing this nonstop cellular usage of RECEIVED ONLY packets while the other half are operating normal as they should....

JamesPipe · ‎02-08-2023

I updated title but a large mistype on my part. These packets are not being routed OUT on the cellular interface, they are being RECEIVED on the cellular interface.... Still seems like a routing issue?

JamesPipe · ‎02-08-2023

This was unrelated to the router config. The issues was other routers and they were sending packets to the cellular IP

Richard Burts · ‎02-09-2023

Thanks for the clarification. You ask "Still seems like a routing issue?" I would agree that there is some routing issue on some remote router (or perhaps multiple remote routers) that are forwarding traffic to an interface that should not be right.. If you look in the traffic capture and look at source addresses it might lead you to the devices that have problems.

HTH

Rick

Issues with packets being RECEIVED over Cellular Connection