MX100 dropping HTTP GET requests

SOLVED
carl222
Here to help

MX100 dropping HTTP GET requests

Hello,

 

I've been troubleshooting a weird issue that one of our remote site has been experiencing since a network refresh. The new architecture is the same as this one :

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Recommended_Topologies/MX_and_MS_B...

 

Users have been experiencing slowness while accessing different websites. I ran a packet capture on the LAN and WAN interfaces. On the LAN side, I can see the HTTP GET Request from my client going to the web server followed by 6 TCP Retransmission packets of that Request and a Request Time-out from the server after. Client then sends a RST, ACK to the server, sends another GET Request and now the webpage shows up. This whole process takes around 20 seconds...

 

On the WAN side, I see the 3-way handshake but I do not see the initial GET Request for the client nor the retransmitted packets. I do see the RST, ACK from the client and the second GET Request after. It looks to me that the MX is dropping the initial GET Request.

 

We have a server running HTTP (port 80) in our DC and same thing happens.

 

HTTPS works just fine. No TCP errors in the captures.

 

I also noticed that when the users are accessing our HTTP server with their client VPN on, no issue. Makes sense because traffic is leaving their PC encrypted.

 

I called Meraki support, they noticed the same problems. We tried to failover to MX2, same issue. They suggested upgrading the MXs to 15.42.1. We are on 14.53 now.

 

Any ideas ?

 

Thanks

1 ACCEPTED SOLUTION

@Bruce Problem solved...

 

I had my MX's in a combined network with Client-Tracking set to MAC address. I split the network and swapped Client-Tracking to IP address.

 

I'm not sure if this is a requirement or not when you have a non-Meraki L3 switch downstream but it solved the problem for me.

 

Thanks !

View solution in original post

4 REPLIES 4
Bruce
Kind of a big deal

@carl222, sorry I don't have any ideas, it does sound odd though. I would be following support's advice to start with and upgrade to MX 15.42.1. The MX 15 firmware is now the stable release and so it's unlikely that Meraki will perform any major troubleshooting or patching (if there is a bug) on MX14 code. If you can then reproduce the issue on the MX 15 code they should investigate it further.

 

Just thought of one idea.... What MX model is it? Do you have the web cache enabled (assuming its a model that has the cache)? (If so, I'd start with disabling that).

Hi,

 

That's what they said, upgrade and then they will investigate further if the issue persists.

 

MX100. Could it be the IP spoof protection acting weird with this new L3 Cisco switch downstream? We didn't have that problem before the refresh when the MX100 was doing the L3 routing.. 

@Bruce Problem solved...

 

I had my MX's in a combined network with Client-Tracking set to MAC address. I split the network and swapped Client-Tracking to IP address.

 

I'm not sure if this is a requirement or not when you have a non-Meraki L3 switch downstream but it solved the problem for me.

 

Thanks !

fbnet
Comes here often

Hello,

 

we're experiencing exactly the same issues reported in this thread (both the 20 second loading page delay and the TCP retransmission packets).

 

We tried to set up the network as suggested here, splitting the network and swapping client-tracking to IP mode but nothing has changed. 

 

Do you have further suggestion to apply to fix this issue?

 

Thank you

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels