11-15-2007 05:36 PM - edited 03-05-2019 07:27 PM
Strange situation. Have a company with two physical sites connected via a point-to-point T1. On each end of the T1 are old Cisco 1602R routers. The problem is actually with Exchange servers failing to talk to each other properly. Site A is main office and Site B is branch office. Each site contains 1 Exchange server and the sites are supposed to talk over this p-t-p connection. I cannot use telnet to connect from site A to site B over port 25. I can however, connect from site B to site A over port 25.
Essentially, the communication between these Exchange servers is failing because messages cannot go from site A to site B, but can go from site B to site A.
The interesting thing is that I can use telnet from site A to site B using a different port, say 691 which is also used with Exchange and it works fine.
I can telnet into site B router and establish a telnet session to the Exchange server in site B.
The problem is router A. For some reason, it will not allow requests over port 25 to go through.
Any clue???
11-24-2007 09:48 AM
Hi There
As Rick pointed out in an earlier mail, as you have two possible paths for traffic to get from NY to GA (or vice versa), the primary route, the P2P route and the backup route, the VPN, so you have 2 default gateways. When your P2P link is functioning correctly, traffic will choose the default gateway associated with this link as the Administrative Distance of this default gateway is 1.
When the P2P link goes down this default route will no longer be considered valid and as there is a second default route with the Administrative Distance of 2 configured for this traffic over the VPN, traffic will be passed via this route across the VPN to the other office.
This configuration is called "Foating static route" and is a means of configuring redundancy into your routing table. This would be considered "Best Practice" IMHO as it is far better to have an alternative route for your traffic then for the traffic just to be dropped and your offices productivity come to a halt.
I think your main problem stems from the fact that your P2P link does not appear to be stable at present and if it is flapping, then every time this link is up your traffic will route across it (Higher AD on Def Route)and every time it fails your traffic then switches and goes across the VPN.
Best Regards,
Michael
11-24-2007 10:30 AM
I understand all of that about floating static routes. Makes perfect sense. What I meant was that the subnet has two physical gateways. Picture a typical network diagram with a horizontal subnet drawn across the paper. On one end is the p-t-p link with the 110.1 address and the other end is the 110.6 address which is the vpn and Internet gateway. Shouldn't there be one physical gateway that is attached to a router and have that router attached to the Internet, subnet, and p-t-p linkV? Or doesn't it matter? What can I do to test the routers for lousy connectivity?
11-24-2007 12:11 PM
NY_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is v1.10,
Image checksum is 0x461796D6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is internal,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 2d23h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
4573 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins
4573 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (217 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
12 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
12 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
GA_router>en
Password:
GA_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is 1.07,
Image checksum is 0x8510A6B6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is internal,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 2d23h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
4391 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
4391 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (129 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
7 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
7 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
11-24-2007 01:42 PM
James
While it may be a bit more common to have a single gateway router for the subnet, it is not a problem to have 2 gateway routers. Some people I know choose to do it this way to provide greater redundancy - in the router with the point to point were to fail the subnet still has a way to get out. If there were a single gateway router then there is a single point of failure.
I will note that if there are going to be 2 gateway routers that it is common to run HSRP between the gateway routers so that the end station default gateway works to either gateway. In the way that it is configured now, if there is a failure of the point to point router in GA (failure of the router rather than failure of the ptp link) then I believe that the GA subnet would have no effective gateway.
Relative to your other post: the show service-module shows that things are not as bad as they were. But there are still significant problems. In particular both routers have a significant number of slip seconds and of Error seconds (which would be the slip seconds). I note that the ISP now has both routers set to clock internal. In my experience usually only one router is set to clock source internal and the other is left with clock source line. I am not sure that is the cause of the problem, but I would suggest to the ISP that they try it with only one router set to clock source internal.
HTH
Rick
11-24-2007 01:59 PM
I looked back on my previous posts and discovered that prior to any change by the ISP, both routers were set to clock source line. Now they are both set to clock source internal. So, by doing that, they have allowed the connection to work intermittently? Maybe these guys don't know what they are doing...
What is the real difference between internal and line?
11-24-2007 02:10 PM
James
In my experience the most common situation is for both routers on a leased line point to point circuit to be configured for clock source line in which the routers look for timing signals generated by the provider on the circuit. They use this to control and to synchronize their signaling. In some cases the provider does not provide clock on the circuit and one of the routers is configured for clock source internal in which case the router uses an internal oscillator to generate the clocking signal.
While I can not say for sure that having both set for clock source internal is causing the problem at this point, I would surely suggest to the ISP that you would like to see what happens if only one is set for clock source internal.
HTH
Rick
11-24-2007 02:14 PM
Can I issue the commands on the router myself? What would they be?
I can log on to both routers.
11-24-2007 02:25 PM
James
As long as you have access to enable mode then you certainly can enter the command yourself. The command is quite simple:
interface Serial1
service-module t1 clock source line
note that this sets the clock source to its default value and probably it will not show up when you do show run. You can verify the setting in the output of the show service-module. Also note that I do not have much experience with 1602 routers and assume the syntax is similar to other routers. If you get a syntax error you should be able to use the question mark help to figure out the particular syntax.
HTH
Rick
11-24-2007 02:36 PM
I don't think that changes much:
GA_router>en
Password:
GA_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is 1.07,
Image checksum is 0x8510A6B6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is internal,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 3d02h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
4381 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
4381 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (714 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
28 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
28 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
NY_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is v1.10,
Image checksum is 0x461796D6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is line,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 3d02h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
4560 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins
4560 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (36 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
What would you suggest?
11-24-2007 05:48 PM
James
Without knowing when you made the change and how much of the error statistics was before the change and how much after the change (given that the statistics accumulate over a 24 hour interval), it is hard to asses the impact of the change. The error count in GA (clock source still internal) for the current interval is showing about the same frequency of error. The count for NY (now is clock source line) for the current interval is hard to interpret since it only measures 36 seconds. If you give it a little while longer and the error statistics stay about the same then we can conclude that clock source is not the major factor in the problem. At that point I would go back to the ISP and say that you continue to get these many errors and that performance is suffering, and ask what they can do.
HTH
Rick
11-25-2007 05:11 AM
This is the latest output from this morning:
NY_router>en
Password:
NY_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is v1.10,
Image checksum is 0x461796D6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is line,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 3d17h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
1831 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 31 Degraded Mins
1831 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (67 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
GA_router#show service-module serial 1
Module type is T1/fractional
Hardware revision is 0.88, Software revision is 1.07,
Image checksum is 0x8510A6B6, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is internal,
Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.
Last module self-test (done at startup): Passed
Last clearing of alarm counters 3d16h
loss of signal : 0,
loss of frame : 0,
AIS alarm : 0,
Remote alarm : 0,
Module access errors : 0,
Total Data (last 96 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations
1784 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
1784 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in current interval (898 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
11-25-2007 02:52 PM
James
At this point you have a better configuration for clock source and it does not seem to make much difference. I would go back to the ISP and say that you continue to get these many errors and that performance is suffering, and ask what they can do.
HTH
Rick
12-17-2007 07:33 AM
Rick,
Since you were so helpful before, I would like to get your input on a few things. I finally convinced the powers-that-be here that we need to reconfigure the network. So, we will be implementing a different, but simpler, network topology. When I do a sh ip route command on the NY router, I get this:
User Access Verification
Password:
NY_router>en
Password:
NY_router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.110.6 to network 0.0.0.0
S 192.168.120.0/24 [1/0] via 10.1.2.2
C 192.168.110.0/24 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.2.0 is directly connected, Serial1
S* 0.0.0.0/0 [1/0] via 192.168.110.6
NY_router#
Doesn't the S* at the bottom mean that every request goes back to 110.6 because it is the candidate default?
I assume the GA router has the same statement except it would be 0.0.0.0/0 [1/0] via 192.168.120.2
What we are planning on doing is to eliminate the two physical gateways on the subnet. We will have the Internet coming into the WAN port on the Sonicwall firewall. Then have the LAN port on the Sonicwall directly connected to the E/0 port on a 2611. E/1 will be the actual LAN subnets and the DSU/CSU WIC will be the point-to-point connection between the two offices. This will give us the 1 gateway per subnet and allow us to use the p-t-p as it should be set up.
Everything correct so far?
The subnets will use 110.0 for NY and 120.0 for GA. My question is this. Since we only have a simple network, I guess putting in Static routes is the way to go, instead of configuring OSPF or any other form of dynamic routing because it will never change once implemented.
What ip address scheme should I give the E/0 port which is connected to the Sonicwall? I was thinking something like 192.168.0.1/24. Is this correct?
12-17-2007 08:27 AM
James
In the statement S* 0.0.0.0/0 [1/0] via 192.168.110.6, the S* indicates that this is a static configured route (default route). What it means is that any packet for which there is not a more specific route will be sent through the default route. (this is subtly different from saying that every request goes back to 110.6 - especially anything for the GA office in 192.168.120.0 will go over the serial rather than going through 110.6)
I can certainly understand the desire to redesign the network and to simplify it. There are some trade-offs and I think you should be clear about them as you redesign the network. In the previous design with two routers at each site, if there was a problem with the Internet facing router there was an alternative that gave you connectivity to the other office and at least possibly an alternate route to the Internet through the second router. With a single router at each site you give up some of this redundancy.
Certainly static routes have less overhead than a dynamic routing protocol. Static routes are especially appropriate for networks that are very stable and most especially for networks in which there is only a single way to get to most destinations. If GA is going to use the serial primarily as a way to get to the NY network but also to use the serial as a backup way to get to the Internet if the primary path through the firewall should have a problem you might think whether a dynamic routing protocol could react to failures better than a static route will.
In issues like this I believe that frequently there is not a clear answer about what is best. You need to consider the advantages of several approaches and decide which fits best in that particular situation.
As for the subnet addressing to use between the router and the firewall I believe that 192.168.0.0 is a fine network to use. If it really has only 2 devices on it (router and firewall) you could use a mask much smaller than /24. But since you are using a /24 on the point to point serial I guess for consistency go ahead with a /24 between router and firewall.
HTH
Rick
12-17-2007 08:47 AM
Thanks. I understand the redundancy issue, but in this case I am willing to give that up. It's a very strange situation in which the two gateways are not functioning correctly, and we are forced to use the gateways that reach the Sonicwalls first.
Also, am I correct in saying that we can simply copy and past the current configuration into the new routers and then just manually add the route and ip info for the new interface? Or will we need to do some other reconfigurations?
If I write in for the E/0 interface: ip address 192.168.0.1 255.255.255.0, no shut
and then add in a static route for that interface.
Change the ip address in the LAN interface of the sonicwall to 192.168.0.2
This should work?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide