MX84 Tunnel Traffic Routing Issue

Niraj
Here to help

MX84 Tunnel Traffic Routing Issue

There is Spoke-Hub topology where MX84 installed in Spoke & MX400 in Hub. Traffic is routing through Tunnel towards one Hub but its not routing to other. MPLS Link LM and Spoke-Hub traffic routing is absolutely without MX84 through Router.

 

Logs through direct Sify MPLS connection:

 

C:\Users\Administrator>ping 192.170.1.1

 

Pinging 192.170.1.1 with 32 bytes of data:

Reply from 192.170.1.1: bytes=32 time=36ms TTL=251

Reply from 192.170.1.1: bytes=32 time=36ms TTL=251

Reply from 192.170.1.1: bytes=32 time=35ms TTL=251

 

Ping statistics for 192.170.1.1:

    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

Reply from 192.170.1.1: Approximate round trip times in milli-seconds:

    Minimum = 35ms, Maximum = 36ms, Average = 35ms

bytes=32 Control-C

^C

C:\Users\Administrator>ping 172.16.10.1

 

Pinging 172.16.10.1 with 32 bytes of data:

Reply from 172.16.10.1: bytes=32 time=3ms TTL=252

Reply from 172.16.10.1: bytes=32 time=8ms TTL=252

Reply from 172.16.10.1: bytes=32 time=11ms TTL=252

Reply from 172.16.10.1: bytes=32 time=5ms TTL=252

 

Ping statistics for 172.16.10.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 3ms, Maximum = 11ms, Average = 6ms

 

C:\Users\Administrator>tracert -d 192.170.1.1

 

Tracing route to 192.170.1.1 over a maximum of 30 hops

 

  1     1 ms     3 ms     2 ms  192.169.120.1

  2     4 ms     4 ms     5 ms  172.11.5.21

  3    35 ms    36 ms    37 ms  172.11.7.197

  4    36 ms    35 ms    36 ms  172.11.7.198

  5    35 ms    36 ms    36 ms  192.170.1.1

 

Trace complete.

 

C:\Users\Administrator>tracert 172.16.10.1

 

Tracing route to 172.16.10.1 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  192.169.120.1

  2    12 ms     4 ms     6 ms  172-11-5-21.lightspeed.jcvlfl.sbcglobal.net [172.11.5.21]

  3     7 ms     6 ms     6 ms  172-11-5-254.lightspeed.jcvlfl.sbcglobal.net [172.11.5.254]

  4     4 ms     3 ms     2 ms  172.16.10.1

 

Trace complete.

 

Logs through MX connection:

 

C:\Users\Administrator>tracert 192.170.1.1

 

Tracing route to 192.170.1.1 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  10.246.5.1

  2     *        *        *     Request timed out.

  3     *        *        *     Request timed out.

  4  ^C

C:\Users\Administrator>tracert 172.16.10.1

 

Tracing route to 172.16.10.1 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  10.246.5.1

  2     4 ms     4 ms     3 ms  172.16.10.1

 

Trace complete.

 

C:\Users\Administrator>ping 192.170.1.1

 

Pinging 192.170.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 192.170.1.1:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

C:\Users\Administrator>tracert 192.170.1.1

 

Tracing route to 192.170.1.1 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  10.246.5.1

  2     *        *        *     Request timed out.

  3     *        *        *     Request timed out.

  4     *        *        *     Request timed out.

C:\Users\Administrator>ping 172.16.10.1

 

Pinging 172.16.10.1 with 32 bytes of data:

Reply from 172.16.10.1: bytes=32 time=4ms TTL=254

Reply from 172.16.10.1: bytes=32 time=4ms TTL=254

Reply from 172.16.10.1: bytes=32 time=4ms TTL=254

Reply from 172.16.10.1: bytes=32 time=6ms TTL=254

 

Ping statistics for 172.16.10.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 4ms, Maximum = 6ms, Average = 4ms

 

C:\Users\Administrator>tracert 172.16.10.1

 

Tracing route to 172.16.10.1 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  10.246.5.1

  2     6 ms     7 ms     4 ms  172.16.10.1

 

Trace complete.

 

 

10 REPLIES 10
Niraj
Here to help

VPN Tunnel not getting established through MX84 and MX400. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Can you draw a diagram (even sketch it on paper and take a photo)?  I don't understand the placement of your hubs and how it corresponds to the IP addresses mentioned.

Sure Philip.

 

Please find attached basic topology diagram.Topology.jpg

Topology.jpg

List of observation:

 

1. MPLS Spoke-Hub and Hub- Spoke response is absolutely fine (Eliminating MX84 from Mumbai)

 

2. From Mumbai Hub (Spoke)- Mumbai DC application is accessible, Tunnel set-up absolutely fine through same MPLS.

 

3. From Mumbai Hub (Spoke) - Nxtra DC Loss Tunnel set-up through same MPLS.

 

Incident raised since 27 September 2018 11:02 with Meraki TAC despite resolution yet awaited. 

 

Thankful, if get a appropriate solution as in 72 hrs no concrete from Meraki TAC and its impacting our entire business.

Facing intermittent issue in multiple site where MX84 is installed.
PhilipDAth
Kind of a big deal
Kind of a big deal

Does the 192.170.1.1 MX400 show as being online in the dashboard?

 

When you are in the 192.170.1.1 network and you go Security Appliance/VPN Status does it have a green bar for the VPN to the MX84?

Are their any VPN registry errors?

 

Is the link between the 192.170.1.1 MX400 and the MX84 via the Internet or some other medium?

 

If you go to the MX84 network and go Security Appliance/Route table, does it show the 192.170.0/24 (guessing prefix) in the route table?  Does the route show as up (green circle)?

I just spotted this:

 

>3. From Mumbai Hub (Spoke) - Nxtra DC Loss Tunnel set-up through same MPLS.

 

This is an MPLS WAN circuit - not an Internet circuit, correct?

 

If so, from the Dashboard, does the MX84 and the Nxtra MX400 shows as having the same WAN IP address (this should be a public IP address)?

Meraki MX400 & MX80 register on cloud through same gateway as all traffic routing via MPLS.  

PhilipDAth
Kind of a big deal
Kind of a big deal

>If so, from the Dashboard, does the MX84 and the Nxtra MX400 shows as having the same WAN IP address (this should be a public IP address)?

 

The above answer is important.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.