RE: OT- MTU issues.

From: Jung, Jin (jin.jung@lmco.com)
Date: Sun Nov 09 2003 - 01:30:33 GMT-3

• Next message: Carter, Lee: "RE: EIGRP on NBMA - RIP V1 unicast instead of broadcast."
• Previous message: Pun, Alec CL: "Using backup interface to backup multipoint serial interface"
• Maybe in reply to: Messina, John V: "OT- MTU issues."
• Next in thread: Howard C. Berkowitz: "Re: OT- MTU issues."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Take a look at your trace and see if ICMP packet type 3 and 4 are block by
your firewall.

If so, allow ICMP type 3 and 4 in your firewall.
 Or set de-fragments bit to 0 in your router.

I think its something like,

route-map clear-df permit 10
 match ip address 100
 set ip df 0

Jin Jung...
CCIE#12368
               

-----Original Message-----
From: Messina, John V [mailto:john@crimsoncti.com]
Sent: Saturday, November 08, 2003 10:55 PM
To: ccielab@groupstudy.com
Subject: OT- MTU issues.

We have a situation with an ISP that's a little strange. We are multihomed
with 2 T1's to 2 ISP's for a long time. We are trying to add a third ISP via
an Ethernet handoff and are running into fragmentation issues. The layout
for the new ISP is this

MYFirewall>>my3550>dot1Q>isp3550>>ISPfiberRing>>ISP3550>ISP2948>>ISP1200
0>>internet

So whenever we plug the firewall into the 3550 and eliminate the other 2
ISP's from the equation and use only this Ethernet ISP most users and
servers cannot browse the internet

And traffic inbound does not work. You can telnet to my web servers on port
80 but you cannot view it in IE. Similarly you can telnet to the MS terminal
servers on 3389 but cannot connect via an RDP client.

We have gone outside the firewall to eliminate it as a source. We have
plugged in a 3640 to do all routing instead of the 3550 and enabled path mtu
discovery since the 3550 does not support it ( if it does let me
know) We have enableb jumbo packet support with the sys mtu 1546 command on
the 3550. We are using a dot1Q trunk between our 3550 and the ISP for the
purposes of video conferencing on their ring. We have clients on the ring so
this ISP just allows certain vlans over certain trunks. To me at least this
points to an MTU issue along the way somewhere because fragmentation is
definitely occurring.

We have asked the ISP to enable jumbo packet support on the switches in the
path but they have not done this yet. We have tried all different
combinations of MTU changes on servers and pmtud disabling.

I am curious if anyone has any theories on how to resolve this.

Thanks for any suggestions

• Next message: Carter, Lee: "RE: EIGRP on NBMA - RIP V1 unicast instead of broadcast."
• Previous message: Pun, Alec CL: "Using backup interface to backup multipoint serial interface"
• Maybe in reply to: Messina, John V: "OT- MTU issues."
• Next in thread: Howard C. Berkowitz: "Re: OT- MTU issues."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:09 GMT-3