Meraki Switch sending out pings to Google DNS, CONTINUOUSLY

FelixWong
Getting noticed

Meraki Switch sending out pings to Google DNS, CONTINUOUSLY

Hi,

 

A few Meraki Switching in my Network has been sending out pings to Google DNS for at least the past 3 to 4 hours. 

 

I have tried to restart the switch, but it doesnt work.  The ping size would start to accumulate from 84b to 1.68kb, so on and so fro.  This is crippling all my networks as they start to experience slow internet connections.

 

I have never experienced this before having deployed so many meraki switches.

 

Is anyone experiencing the same issue?  

 

I have tried to call Meraki support but have been listening to the same tune for almost 2 hours now.

 

Experts, HELP PLEASE!!

 

ping results.jpegPing.jpeg

13 REPLIES 13
PhilipDAth
Kind of a big deal

This is 100% completely normal.  If 1.68kb is crippling your network you have another serious issue.

@PhilipDAth 1.68kb isn't going to do much harm.  

Take a look at the picture i posted!  

 

70Mb worth of PING will!

ww
Kind of a big deal
Kind of a big deal

maybe try antoher firmware and see what happens

Hey Felix, what's the time frame that the 70MB has occurred?

 

If that's 10 mins or a single minute, prob a concern.

 

More than likely though, that's over a longer period of time....

 

 

CMNO/CISSP/ITILv3Found/CEH/CHFI/MCSEx3/CCNA

The Google DNS is connected for uplink statistics.

Menu Security & SD-WAN -> SD-WAN & Traffic Shaping there you find the following:

 

Uplink statistics
Test Connectivity to Description Actions
8.8.8.8Default

 

You can also add your own destination..

Brons2
Building a reputation

I'm with Philp.  This is 100% normal.  I have the 1.2k pings to 8.8.8.8 almost constantly and it doesn't even register in the top 20 of things going through my firewall in terms of throughput.

 

For what it's worth, I have a 100Mbps Internet connection at my site.  The connection doesn't start to get saturated until the firewall is transferring over 10GB every 15 minutes as measured on my firewall (not Meraki MX).

 

If 70MB is causing issues, you either have a really slow Internet connection, or you have other network issues.

PhilipDAth
Kind of a big deal
ph0t0g
Getting noticed

Hi Felix,

 

The first picture you posted shows one ping about every 2 seconds. That should have no effect on your network. I'm not sure what the second picture is showing because there is no elapsed time.

 

-P

 

 

ph0t0g
Getting noticed

Felix,

 

Taking a closer look at the second picture, it seems like you got 4.21GB of ping traffic over a period of 1 hour (which works out to about 70MB/sec.  Yeah, that is an issue. You are essentially seeing a ping flood. I assume that the device at 198.162.1.250 is your switch.  I would run a packet trace on the uplink port just to make sure all that traffic is being generated from the switch itself.

 

Did you ever get a hold of Meraki support?

 

-P

Hi @ph0t0g,

 

Nope i still havent got on the phone with Meraki support.

 

We created a rule to deny that Meraki Switch from ping-ing 8.8.8.8 .

 

That stopped everything, but the ping action is still continuing.

 

From the picture below, it shows that in the past hour, 3500+ pings were denied.

 

And if you allow the ping to build up, it would hit my threshold of 70Mb and boom, the whole network goes down. 

 

Am I experiencing a ping flood attack from Meraki?  Any recommendations on what to do next?

 

Picture1.png

 

 

 

 

 

 

 

 

 

 

 

Thanks in advance.

Felix

Hi Felix,

 

I would try emailing support if you can't reach them on the phone. 

 

3600 pings in an hour works out to 1 per second. I just can't see how that is generating 70MB/Sec because a ping is only 64bytes.

 

Again, I would grab a packet capture off of that uplink port (Network Wide -> Packet Capture) and post the .pcap file here.

 

-P

Hi @ph0t0g,

 

I will be emailing them with all the info I have gathered so far.

 

As for the packet capture file, I'll leave that till tonight when everyone is out of the office before disabling the policy that's currently in place to block the pings from going to Google DNS.

 

After that i'll post the packet capture here.

 

 

Greetings - Did you ever hear from support? I to am seeing vast amounts of pings from my two switches, one 8 port and one 48 port 200 series from my fortigate firewall.

JLand, CMNO
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels