1st of all, the normal ping

firestormnet · ‎03-23-2016

Hi All.

I'm having a strange problem on GRE tunnel between two routers, no ipsec or protection applied.

when i ping the interfaces of routers and DG, there is no packet drops:
#ping 10.1.2.1 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms

But when i ping end users which are the ip phones from the routers there are drops:
#ping 10.1.2.11 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.2.11, timeout is 2 seconds:
!!!!!.!!!!!.!!!!!.!!!!!!!!.!!!!!.!!!!!.!!!!!!!!!.!!!!!.!!!!!.!!!!!.!!!
!!!!!!.!!!!!.!!!!!.!!!!!.!!!!!
Success rate is 86 percent (86/100), round-trip min/avg/max = 1/1/4 ms

I've tried to manipulate bandwidth, MTU and MSS values but the result is always the same

ip mtu 1400
ip tcp adjust-mss 1360

ip mtu 1400
ip tcp adjust-mss 1300

ip mtu 1476
ip tcp adjust-mss 1436

Then applied tunnel path-mtu-discovery, but still drops:

#interface Tunnel1
bandwidth 1000
ip address 172.16.2.1 255.255.255.0
tunnel source 3.3.3.3
tunnel destination 2.2.2.2
tunnel path-mtu-discovery

In interface statistics i don't see any drops:

#sh int tunn1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.16.2.1/24
MTU 17916 bytes, BW 1000 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Path MTU Discovery, ager 10 mins, min MTU 92
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:04, output 00:00:04, output hang never
Last clearing of "show interface" counters 01:13:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
     14575 packets input, 1674848 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     16226 packets output, 2140381 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

Any idea how to resolve this?

Thanks

Mark Malone · ‎03-23-2016

Hi just to be aware some phones software will drop every 5th 6th ping by default to stop attacks its an internal firewall policy does this but if your getting same issue on pcs theres a problem ?

Ich Nafi · ‎03-23-2016

1st of all, the normal ping is way to small in packet size to be fragmented. So your MTU/TCP adjust/path-mtu setting has no effect on this.

Don't tamper with bandwidth, as long a you definitely need to manipulate it.

To see the actual MTU of your Tunnel, you need to use "show ip interface Tu1".

Try to use the advanced ping. Just type "ping" and then answer the questions (Extended commands: packet size, DF-bit, source address).

Do you have any routing-protocols running? Is there only this one tunnel? Are there several ways to the target?

Packet drops on GRE tunnel