From: Richard Dumoulin (Richard.Dumoulin@vanco.fr)
Date: Fri Sep 10 2004 - 17:16:13 GMT-3
Thanks for your suggestion. The isdn backup which calls to another ISP do
not have this problem. It happens that two ISPs are the common point. All
the faulty sites go through them. My ISP has opened a ticket to them but
just to please me (his own words) ?!?!!?? Does anyone have had any similar
issue with Claranet in Europe ? I am having this problem in two different
countries,
Regards
--Richard
note: the transit ISP is Telia.
-----Message d'origine-----
De : hcb@gettcomm.com [mailto:hcb@gettcomm.com]
Envoyi : Friday, September 10, 2004 3:55 PM
@ : ccielab@groupstudy.com
Objet : Re: FIB issue ?
Quoting Richard Dumoulin <Richard.Dumoulin@vanco.fr>:
> I have just had a look at the looking glass and since the /19 network is
> there and all the sites are in the same range I really can't think of what
> can be the issue. There are even two remote sites, one working (.17) and
the
> other not working (.18) only separated by the ISP POP !
> Also I have noticed that the isakmp packet answers from the main site are
> not reaching my remote.
> Those sites have been working for several months now and I can't really
> think of what could be wrong.
> The ISP on the remote sites side thinks it's an issue with the other end
ISP
> but he can't explain why so ...
>
> Something to note is that the traceroute (in the direction Remote --> Hub)
> fails in the router immediately connected to the main hub router,
>
That makes it sound either like an access control list problem (more
likely), or
that router can't find a return path to you. If you can ping it but not
traceroute to it, that becomes even more likely.
> -----Message d'origine-----
> De : Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> Envoyi : Friday, September 10, 2004 2:12 AM
> @ : ccielab@groupstudy.com
> Objet : Re: FIB issue ?
>
> At 12:42 AM +0100 9/10/04, Richard Dumoulin wrote:
> >For those who work in an ISP, is it common to have issues with a
forwarding
> >table of an Internet router ?
> >I am asking because I am having issues with 7 sites out of 30 that are
not
> >properly negociating their IPSec tunnel. All they have in common is the
> >trace route not working in the direction to the Main hub. Trace route
works
> >fine for the remaining sites. Ping works for all the working/non-working
> >sites.
> >So I am starting to think that maybe one of the transit Internet router
> >might need a refresh in their cache.
>
> If ping works but traceroute doesn't, I'd suspect an outbound (from
> you) UDP filter, or an ICMP filter somewhere in the reverse path.
> Does traceroute get you partially there? If so, suspect the next hop
> after the last router you can reach.
>
> Since an ISP of any appreciable size using Cisco routers, at least,
> should be using CEF, there's really no concept of a cache miss. The
> main BGP RIB could, for some reason, be missing the route.
>
> Does your service provider have a looking glass, or will their
> support people give you the results of show route for the routes in
> question?
>
>
>
> >I would appreciate any opinion,
> >
> >Thanks
> >
> >--Richard
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it are
> confidential and solely for the use of the intended recipient. If you are
> not
> the intended recipient or the person responsible for delivering it to the
> intended recipient, be advised that you have received this email in error
and
> that any dissemination, distribution, copying or use is strictly
prohibited.
>
> If you have received this email in error, or if you are concerned with the
> content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software viruses
> which could damage your own computer system. While the sender has taken
every
> reasonable precaution to minimise this risk, we cannot accept liability
for
> any damage which you sustain as a result of software viruses. You should
> carry
> out your own virus checks before opening any attachments to this e-mail.
> **********************************************************************
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:41 GMT-3