# 192.168.1.1 is the modem behind the modem interface - i know it's weird, but it's not the ping -s 2000 192.168.1.1 If the ping was denying the firewall to fragment, then this shouldn't work right? (MTU of modem interface is 1500) As of now, everyday stuff like browsing, VOIP, conferencing or servers dont seem to be affected by this problem, but it seems to me that this is mostly luck and I fear this will bite me when it comes to things like VPN in the future, so I'd be glad if someone can point me in the right direction here. Interestingly, ipv6 ping also seems to get lost if packets are too big. The MTU on WAN interface and on Modem interface are set to default for now. Modem (Draytek Vigor 165)-|įirewall PPPoE on VLAN 7 (WAN interface) Firewall VLAN 0 ("Modem" interface only for accessing modem gui) if I lower the MTU on the WAN interface, I can see that also smaller packets will start to get dropped reliably, so I think the opnsense firewall is the culprit. To my understanding, the packet should have been fragmented, the fragments being sent over the WAN. If the packet is smaller though, ping works reliably. Please let me know if any information is required from devices.The problem: On my box, I noticed that if I ping something that is connected to the physical WAN port (something on the internet or the modem) and the packet is bigger than the MTU, it seems to get dropped (in case of ping: no echo answer). (I'm pinging the 1st NSR's loopbacks way above) GigabitEthernet0/0 unassigned YES manual administratively down down Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/24 ms Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms Received 448 broadcasts, 0 runts, 0 giants, 0 throttlesĠ input errors, 0 CRC, 0 frame, 0 overrun, 0 ignoredĠ input packets with dribble condition detectedģ173300 packets output, 605343966 bytes, 0 underrunsĠ output errors, 0 collisions, 0 interface resetsĠ lost carrier, 0 no carrier, 0 pause outputĠ output buffer failures, 0 output buffers swapped out Input queue: 1/75/0/0 (size/max/drops/flushes) Total output drops: 0ĥ minute input rate 257000 bits/sec, 165 packets/secĥ minute output rate 255000 bits/sec, 163 packets/secģ170656 packets input, 604643921 bytes, 0 no buffer Last clearing of "show interface" counters 04:53:18 Output flow-control is XON, input flow-control is XON Hardware is PQ3_TSEC, address is 982 (bia 982) GigabitEthernet0/2 is up, line protocol is up Loopback3 10.250.230.204 YES manual up upĭescription Router Integrity Enterprise Template rollout for BOA AUDIT Feb 2005 GigabitEthernet0/2 10.251.63.9 YES NVRAM up up GigabitEthernet0/0 unassigned YES NVRAM administratively down down Interface IP-Address OK? Method Status Protocol We have 2 3945/15.0(1)M7 connected via gig interface to upstream routers (4 routers running MPLS BGP in core, dedicated for IP SLA probes) and we can ping physical interface IP just fine no delay but when ping loopback interface ping response time latency varies any where from 1 ms to 22 ms and we are looking for ways to find out if something in control plane of 3900 is causing this delay, any help is much appreciated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |