Analysis for user can not get internet,but it can be pinging

Created Oct 27, 2018 16:11:05Latest reply Oct 30, 2018 11:15:39 685 15 13 1

【Problem Description】

Customer feedback that pc can’t get some web page,But it can be pinging.

 

The topology like bellow:

 

PC---Switch 5700----- ISP L2 network ------NE40E------AR------Internet

【Problem Analysis】

 

                        Step 1    Do ping test to PC in NE40E, 1442 length packet is ok, but 1443 length is fail. Ping to switch also has this problem.

Between switch and NE40E, there exist a L2 network, it means packet length exceed 1443 will drop in the L2 network.

                        Step 2    Capture packets in NE40E and Switch when visit website baidu.

In NE40E there exist packets 1514 from server send to PC, and it will be drop in the L2 network, cause many retransmission.

160932ef41ujveczoop077.png

                        Step 3    Modify MTU in NE40E and Switch.

When change MTU to 1400 in the sub-interface which connect to switch. Ping 1500 length packet to switch is success, but ping to PC remain fail.

Ping 1500 length to PC, and capture packets in Switch, find switch send the packets to PC with two fragments, but PC return with 1518 length packet.

                        Step 4    So we confirm that if the packets sizes more than 1443 length, isp l2 link will drop it, and switch will not fragmentation or reorganization when the packets was through the switch.

 

【Root Cause】 

ISP l2 link drop the packets which is more than 1443 length

 

【Solution Description】

Change the MTU from the PC:

netsh interface ipv4 show subinterfaces

netsh interface ipv4 set subinterface "local connect" mtu=1400 store=persistent

 161024w7gmkc43azb7zzm8.png

161030gqp3qkgq1i30atei.png

  • x
  • convention:

No.9527  Mentor   Created Oct 27, 2018 16:12:00 Helpful(0) Helpful(0)

According to the destination address, routes are classified into one of the following types:
  • Network segment route

    The destination is a network segment. In this case, if the destination is an IPv4 address, the subnet mask is less than 32 bits, and if the destination is an IPv6 address, the prefix length is less than 128 bits.

  • Host route

    The destination is a host. In this case, if the destination is an IPv4 address, the subnet mask is 32 bits, and if the destination is an IPv6 address, the prefix length is 128 bits.

This post was last edited by No.9527 at 2018-10-31 11:26.
  • x
  • convention:

Torrent     Created Oct 27, 2018 16:12:30 Helpful(0) Helpful(0)

lol~  It is really a strange issue, users can ping but cannot go to internet.  your steps to troubleshooting is a good example to us,  maybe it will help us a lot when we meet this issue next time. do capture and do statistic on the device, finally, thanks for sharing us a good example. This post was last edited by Torrent at 2018-10-31 14:12.
  • x
  • convention:

yangyong  Adept   Created Oct 27, 2018 16:13:45 Helpful(0) Helpful(0)

The application scenarios of the ping operation are as follows (the ping command is executed in any view):
Scenario 1: Check the local protocol stack. Run the ping command to check whether the local TCP/IP stack is normal.
For example: ping 127.0.0.1
Scenario 2: On an IP network, check whether the destination host is reachable.Run the ping command on the AR and configure the AR to send ICMP Echo Request packets to the remote device. If the AR can receive ICMP Echo Reply packets from the remote device, the route to the remote device is reachable.
For example: ping 10.1.1.2 //Check whether the host at 10.1.1.2 is reachable.
This post was last edited by yangyong at 2018-10-31 15:01.
  • x
  • convention:

yjhd     Created Oct 27, 2018 16:14:16 Helpful(0) Helpful(0)

good example to all of us. we meet this issue in daily work but I do not know how to deal with.But can you share the whole configuration to us?
I am very interested for this post, which is very helpful to our daily troubleshooting. I always have similar problems in my daily work, but I do not know how to deal with them. Now I have a clear idea. Thank you very much for your sharing. Hope you can update continue like this
  • x
  • convention:

Mark.hu  Adept   Created Oct 27, 2018 16:19:09 Helpful(0) Helpful(0)

Analysis for user can not get internet, but it can be pinging this problem, the first step: Do ping test to PC in NE40E, 1442 length packet is ok, but 1443 length is fail. Ping to switch also has this problem.

Between switch and NE40E, there exist a L2 network, it means packet length exceed 1443 will drop in the L2 network. I don't understand very well, can you help me analyze it again?
This post was last edited by Mark.hu at 2018-10-30 15:07.
  • x
  • convention:

littlestone     Created Oct 27, 2018 16:19:46 Helpful(0) Helpful(0)

route-policy filters routes and defines attributes for matching routes. A route-policy consists of multiple nodes. Each node contains multiple filter attributes and configurable attributes. Filter attributes define conditions against which packets are matched. Configurable attributes define attributes for matching routes. you can change the path through which network traffic passes. You can configure a route-policy to import or advertise routes of a specified protocol.

This post was last edited by littlestone at 2018-10-30 09:33.
  • x
  • convention:

faysalji  Novice   Created Oct 28, 2018 01:35:08 Helpful(0) Helpful(0)

Thanks you, for sharing
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
faysalji  Novice   Created Oct 28, 2018 01:35:54 Helpful(0) Helpful(0)

Such cases are very helpful
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
Mysterious.color  Novice   Created Oct 28, 2018 12:56:02 Helpful(0) Helpful(0)

the first screenshot quality is bad and can't be read
  • x
  • convention:

find what you love and let it kill you.
12
Back to list

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top