RE: Can "no ip unreachables" commmand break Citrix traffic?

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Mon Mar 31 2008 - 04:19:51 ART

• Next message: Joseph Brunner: "RE: Strange VTP issue with vtp transparent"
• Previous message: Reza Toghraee: "Strange VTP issue with vtp transparent"
• Maybe in reply to: Matemane, Walter: "Can "no ip unreachables" commmand break Citrix traffic?"
• Next in thread: Dale Shaw: "Re: Can "no ip unreachables" commmand break Citrix traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I suspect your issue was MTU. The unreachables were reporting fragmentation
needed...

A better approach is to disable unreachables, as they are considered a
security risk... and to enable "ip tcp mss-adjust 1380" on the client facing
ce
Interfaces, and limit the "ip mtu 1412"

You want to force the clients to use smaller mtu earlier on, to avoid
"dumbbell" mtu issues as they route through the cloud.

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Matemane, Walter
Sent: Monday, March 31, 2008 1:05 AM
To: ccielab@groupstudy.com
Subject: Can "no ip unreachables" commmand break Citrix traffic?

Hi Group

I had the following commands on PE to CE WAN interface and as a result
users from that site had difficulties accessing Citrix applications.
Citrix application will connect but when launching apps it will hang
freeze eventually.

CE rtr

interface Serial0/0/0

no ip unreachables

ip route-cache flow

no ip redirects

no ip proxy-arp

no mop enabled

!

PE rtr

interface Serial0/0/1

ip vrf forwarding branch

no ip unreachables

ip route-cache flow

no ip redirects

no ip proxy-arp

no mop enabled

!

As part of troubleshooting I removed commands from the interface one by
one and as soon as I removed "no ip unreachables" command the user
started working without any issues. As it can be noticed I used SMD to
generate this commands

Any ideas why this command break citrix? Or is it something else?

Tlatlaru W Matemane

Liberty Life

Look for the Team that Loves to Win, If you can find it look for People
who Hate to Lose.

****************************************************************************
*
*******
The e-mail and attachments are confidential and intended only for selected
recipients. If you have received it in error, you may not in any way
disclose
or rely on the contents. You may not keep, copy or distribute the e-mail.
Should you receive it, immediately notify the sender of the error and delete
the e-mail.Also note that this form of communication is not secure, it can
be
intercepted, and may not necessarily be free of errors and viruses in spite
of
reasonable efforts to secure this medium.

****************************************************************************
*
*******

• Next message: Joseph Brunner: "RE: Strange VTP issue with vtp transparent"
• Previous message: Reza Toghraee: "Strange VTP issue with vtp transparent"
• Maybe in reply to: Matemane, Walter: "Can "no ip unreachables" commmand break Citrix traffic?"
• Next in thread: Dale Shaw: "Re: Can "no ip unreachables" commmand break Citrix traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART