MX100 dropping HTTP GET requests

carl222
Comes here often

MX100 dropping HTTP GET requests

Hello,

 

I've been troubleshooting a weird issue that one of our remote site has been experiencing since a network refresh. The new architecture is the same as this one :

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Recommended_Topologies/MX_and_MS_B...

 

Users have been experiencing slowness while accessing different websites. I ran a packet capture on the LAN and WAN interfaces. On the LAN side, I can see the HTTP GET Request from my client going to the web server followed by 6 TCP Retransmission packets of that Request and a Request Time-out from the server after. Client then sends a RST, ACK to the server, sends another GET Request and now the webpage shows up. This whole process takes around 20 seconds...

 

On the WAN side, I see the 3-way handshake but I do not see the initial GET Request for the client nor the retransmitted packets. I do see the RST, ACK from the client and the second GET Request after. It looks to me that the MX is dropping the initial GET Request.

 

We have a server running HTTP (port 80) in our DC and same thing happens.

 

HTTPS works just fine. No TCP errors in the captures.

 

I also noticed that when the users are accessing our HTTP server with their client VPN on, no issue. Makes sense because traffic is leaving their PC encrypted.

 

I called Meraki support, they noticed the same problems. We tried to failover to MX2, same issue. They suggested upgrading the MXs to 15.42.1. We are on 14.53 now.

 

Any ideas ?

 

Thanks

2 REPLIES 2
Bruce
Kind of a big deal

Re: MX100 dropping HTTP GET requests

@carl222, sorry I don't have any ideas, it does sound odd though. I would be following support's advice to start with and upgrade to MX 15.42.1. The MX 15 firmware is now the stable release and so it's unlikely that Meraki will perform any major troubleshooting or patching (if there is a bug) on MX14 code. If you can then reproduce the issue on the MX 15 code they should investigate it further.

 

Just thought of one idea.... What MX model is it? Do you have the web cache enabled (assuming its a model that has the cache)? (If so, I'd start with disabling that).

carl222
Comes here often

Re: MX100 dropping HTTP GET requests

Hi,

 

That's what they said, upgrade and then they will investigate further if the issue persists.

 

MX100. Could it be the IP spoof protection acting weird with this new L3 Cisco switch downstream? We didn't have that problem before the refresh when the MX100 was doing the L3 routing.. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.