08-20-2013 08:23 AM - edited 03-04-2019 08:49 PM
I recently had to make some changes to my network with the physical IPs of an interface. I completely changed the subnet of 2 directly connecting interfaces and all of the corresponding routes along with the a new MTU size of 1400 for VPN overhead (this was higer before which was causing issues). I have done some traceroutes and data seems to flow as desired yet I am having an issue with some websites and another service on my network.
All this seemed to occur after I made the changes to the physical interface that are used for the tunnel. The tunnel IPs have stayed the same and I can successfully ping multiple areas of my network so I don't understand how some websites will load like yahoo.com and then when clicking on an article they just time out. I have used 3 different DNS servers, tried different browsers and around 5 different computers are experiencing the issue. Since the VPN change the router has not been rebooted for over a year. Do you think a reboot would solve this type of issue? Thanks a lot for any help! -Mark
08-20-2013 08:33 AM
The description still sounds like an MTU-problem. Have you tried to find out the right maximum MTU? You could use a tool like MTUPath for that: http://www.iea-software.com/products/mtupath.cfm
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-20-2013 08:39 AM
So this issue sounds like a result of MTU size issue to you? I just thought if the MTU size was too small the router would break up the packets.
08-20-2013 08:41 AM
That depends on the config. The IP-Packets often have the dont-fragment bit set. And by default that is honored by the router unless overwritten in the config.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-20-2013 08:45 AM
I am getting this error with the command, mtupath 10.10.1.1 Any idea what might be the issue? Thanks
[WARNING] Could not confirm contact with peer; path may be incomplete
[WARNING] Route to peer may not be locally reachable
08-20-2013 08:48 AM
Never had that error, are there any filters on the way to that IP?
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-20-2013 09:11 AM
No, no filters or ACLs. I made the change back to our old MTU size of 1524 and received this message from the router:
%Warning: IP MTU value set 1524 is greater than the current transport value 1476
, fragmentation may occur.
Someone else also made a change to the DNS server and now the issue seems to have been resolved, so I cannot determine if my MTU change fixed it for his DNS server change. Part of me doesn't believe his DNS change effected anything since I used 3 different public DNS servers with the same time out problem. I might try changing the MTU size back to 1400 or 1476 to view the results. Do you think 1476 is the maximum value I should make the MTU size? Thanks again for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide