Hello Priscilla, Thank you very much for your feedback!
I am yet to try the protocol analyzer... mostly because I don:t have one. But I DO have a sort of packet sniffer, maybe I can find out something with that. Debug command, I think I need somebody on the other side to send me ping packets while I run the debug command to see what:s happening. I am not sure how much time they (the other company) are willing to spend on this. BTW, there is no firewall between the interfaces. However, there is an ATM TA on my side that converts ATM to Ethernet, which then, comes to my core router. The ATM TA also has an IP address, and the interface of this TA is set not to respond to ping packets over ethernet mtu. (it won:t fragment). However, as far as through-traffic is concerned, the TA does not put any limitation. So I think it's hard to conclude that the TA can be contributng to this problem. Sean Priscilla Oppenheimer wrote: > > Someone said "Think MTU," but I would say "Think IP > Fragmentation and Reassembly." :) In other words, different > MTUs isn't supposed to cause a problem for IP. > > However, your partner company could be sending pings with the > Don't Fragment bit set, in which case it would fail, if there > really is an MTU issue. > > See additional comment below. > > Sean Kim wrote: > > > > Hello, > > > > My company has this 3rd party connection through ATM. The ATM > > TA has an ethernet outlet which is and connected to our core > > router. Our parner company is connected with anATM module on > > their router. > > > > Recently, I was told by our partner company that they were > > running ping test and they could not ping my ethernet > interface > > (on the core router) with datagram over 1500 byte. > > > > From both the router itself and my workstation, I pinged my > own > > interface with 1600 byte, and I was able to ping it. But when > > I pinged my partner company's interface with 1600 byte, it > > failed. > > Well, this points to your partner's interface being the > problem. > > Ping should reply with the same payload it received. With a > large payload that needs to be broken up, problems could occur > with either the request or reply. It sounds like the problems > occur with the request when the partner pings and with the > replies when you ping the partner. The "debug ip icmp" command > might help you figure out what is happening. A protocol > analyzer would help too. > > By the way, many firewalls are set to not allow IP fragments, > since there's all sorts of evil things you can do with them. > Check for the existance of firewalls, including any personal > firewalls on the testing machines. > > Good luck with it. Keep us posted! Thanks, > > _______________________________ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > In general it seems that pinging from other nodes, there is no > > problem, but sitting on the routers itself, pinging the other > > routers interface with the datagram size of over 1500 is > failing. > > > > There isn't any problem with connection of performance. But I > > am very curious about why this is happening. > > Does anybody have any idea why this would happen? Or can > > anybody give me a clue as to how to approach this problem? > > > > Thank you in advance. > > > > Sean Kim > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63465&t=63085 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
