After testing the connexion for a few days, we noticed that the problem was the mtu for some custumers but one of them can not access some web sites using his provider's Independant address range. When using NAT with the provider's assigned address bloc the connectivity is OK for all the web sites.
However, i don't know how to check wheter the addresses are blacklisted in some web sites or not. Don't know how to fix that issue. Can you help, please ? Luc Valere BIKANDA Cameroon Telecommunications IP Network Sub Director Phone : (O) 237 22 22 17 33 (M) 237 22 00 39 35 ________________________________ From: "Matlock, Kenneth L" <[email protected]> To: VALERE BIKANDA <[email protected]>; Marko Milivojevic <[email protected]> Cc: [email protected]; "Matlock, Kenneth L" <[email protected]> Sent: Wed, March 24, 2010 6:50:05 PM Subject: RE: [OSL | CCIE_RS] MTU on Ethernet interface Ok, let’s start from the beginning J MTU = Maximum Transmission Unit. That’s the biggest packet allowed to traverse the link without being fragmented. DF bit = Don’t Fragment bit. That bit tells the router/switch whether or not the packet is allowed to be fragmented into smaller packets in order to conform to the MTU. Let’s say all the routers in between the client and the server have an MTU of 1500, but one (for one reason or another) only has an MTU of 1200. That means end-to-end the MTU is actually 1200, not 1500. (This is only an example) If the DF bit IS NOT set (meaning the packet is allowed to be fragmented), the packet will traverse unmolested until it hits the 1200 link. It will then get fragmented into a 1200 byte packet, and a 300 byte packet. Both packets independently traverse the rest of the link to the client, and life is good. If the DF bit IS set (meaning fragmentation is prohibited), the packet will traverse unmolested until it hits the 1200 link. Since the router is told not to fragment the packet, but it’s bigger than the MTU, the router will drop the packet. A packet capture will show the TCP handshake happen, a request from the client to the server, an ACK for the request packet, but no return data will come back. Now, you’re probably asking why the MSS comes into play? What does the MSS do, and why does adjusting that allow the traffic to work? J(Hint, MSS and MTU are inter-related) Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 [email protected] ________________________________ From:[email protected] [mailto:[email protected]] On Behalf Of VALERE BIKANDA Sent: Wednesday, March 24, 2010 11:32 AM To: Marko Milivojevic Cc: [email protected]; Matlock, Kenneth L Subject: Re: [OSL | CCIE_RS] MTU on Ethernet interface Thanks Marko and Matlock ! It's done and still waiting for the customer to confirm that it's OK. If it's working now, how would you explain that some web sites are reachable but some others are not thinking it's the MTU misconfiguration ? By the way, some of the customer have pppoe on the acces links and the traceroutes shows that packets are lost beyond our network. How do i make sur that the problem is not a bgp configuration with my Internet provider ? .Thanks ! Luc Valere BIKANDA ________________________________ From:Marko Milivojevic <[email protected]> To: VALERE BIKANDA <[email protected]> Cc: "Matlock, Kenneth L" <[email protected]>; [email protected] Sent: Wed, March 24, 2010 5:13:08 PM Subject: Re: [OSL | CCIE_RS] MTU on Ethernet interface On Wed, Mar 24, 2010 at 16:09, VALERE BIKANDA <[email protected]> wrote: Do i need to configure a PPPoE connexion to make it work ? No. It's usually used in those deployments because with PPPoE you lose those 8 bytes, but you don't have to. It is also used in conjunction with MPLS if you can't ensure that you carry full payload + labels around. Then again, I would rather use that as a quick fix and try to figure out where the problem actually is. -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert YES! We include 400 hours of REAL rack time with our Blended Learning Solution! Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Web: http://www.ipexpert.com/
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
