cisco 6509 possible mtu issue.

[paublo]

hi I have a new cisco 6509 that is giving me some connectivity issues.

I have a server connected to a routed L3 port running http/110/25 etc.

I can ping/trace to this server off the 6509 without any issues, from anywhere on the internet.

The problem is if i telnet to the server on port 80/110/25 i cant reach the port. this happens on any opened port on that server. I dont have a FW or ACL's in place. If i test from my desktop also connected to the 6509 i can telnet to those ports without any issues.


I have several comcast ip that im testing from, the odd thing is from some of the comcast test ip i can get to the server ports yet from other comcast ips i cant.

To me this looks like it could be a possible MTU issue but im not sure.

using:
cisco WS-C6509 (R7000) processor (revision 3.0)
ios : s72033-advipservicesk9_wan-mz.122-18.SXF14.bin

 

[unclerico]

Do you have any logging turned on? Can you give a brief topology layout?

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[paublo]

unclerico thanks for the reply,

i'm actually in transition from a 7200 to a 6500.

i have the 7200 and 6500 currently connected over gigE and there is a RS switch connected to the 7200.


Both routers are running cef, with that said, i did notice that if i turned off CEF on the 7200 and put “ip cef table adjacency-prefix validate” on the 6500 it seems that the problem goes away, I will need further testing but im able to ping/trace to a giving ip and also telnet to any port on that ip.

I would do more testing tonight but im not sure how cef would come into play if I can ping trace but not telnet to a giving port.

 

[paublo]

today im getting reports of people not able to view their websites, but for some reason clearing the browser cache fixes the issue.

 

[unclerico]

Can you configure a switchport somewhere along the line to be used as a monitoring port? Watch the traffic for a few minutes and see if you can spot anything out of the ordinary. Could you make a visio diagram of your network and place it on box.net or some other file sharing site and send a link here so that we can have a look??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[paublo]

we got mls cef running on the 6509 and we have a

http://www clusters

on the routed gig5/1 interface.

interface GigabitEthernet5/1
description To XXX
mtu 9216
ip address xx.xxx.xx.1 255.255.255.224 secondary
ip address xx.xx.xx.33 255.255.255.224 secondary
ip address xx.xx.xx.2 255.255.255.248 secondary
ip address xx.xx.xx.225 255.255.255.224
ip access-group VI out
no ip redirects
ip route-cache same-interface
ip route-cache flow


This interface handles more than one ip, we have secondary ips from different subnets on the same interface associated with different

http://www servers.

what seems do be happening is that customers can always ping/trace but cant connect to open ports on those servers that are pingable. For example they can't view port 80 or telnet to it sometimes but sometimes they can and everything works.

i looked at the ip cef FIB and adjacency info and all the info looks good as far as i can tell.