A few Meraki Switching in my Network has been sending out pings to Google DNS for at least the past 3 to 4 hours.
I have tried to restart the switch, but it doesnt work. The ping size would start to accumulate from 84b to 1.68kb, so on and so fro. This is crippling all my networks as they start to experience slow internet connections.
I have never experienced this before having deployed so many meraki switches.
Is anyone experiencing the same issue?
I have tried to call Meraki support but have been listening to the same tune for almost 2 hours now.
Experts, HELP PLEASE!!
This is 100% completely normal. If 1.68kb is crippling your network you have another serious issue.
Here is some info about what the MX does.
@PhilipDAth 1.68kb isn't going to do much harm.
Take a look at the picture i posted!
70Mb worth of PING will!
Hey Felix, what's the time frame that the 70MB has occurred?
If that's 10 mins or a single minute, prob a concern.
More than likely though, that's over a longer period of time....
The Google DNS is connected for uplink statistics.
Menu Security & SD-WAN -> SD-WAN & Traffic Shaping there you find the following:
Test Connectivity to Description Actions
You can also add your own destination..
The first picture you posted shows one ping about every 2 seconds. That should have no effect on your network. I'm not sure what the second picture is showing because there is no elapsed time.
Taking a closer look at the second picture, it seems like you got 4.21GB of ping traffic over a period of 1 hour (which works out to about 70MB/sec. Yeah, that is an issue. You are essentially seeing a ping flood. I assume that the device at 220.127.116.11 is your switch. I would run a packet trace on the uplink port just to make sure all that traffic is being generated from the switch itself.
Did you ever get a hold of Meraki support?
Nope i still havent got on the phone with Meraki support.
We created a rule to deny that Meraki Switch from ping-ing 18.104.22.168 .
That stopped everything, but the ping action is still continuing.
From the picture below, it shows that in the past hour, 3500+ pings were denied.
And if you allow the ping to build up, it would hit my threshold of 70Mb and boom, the whole network goes down.
Am I experiencing a ping flood attack from Meraki? Any recommendations on what to do next?
Thanks in advance.
I would try emailing support if you can't reach them on the phone.
3600 pings in an hour works out to 1 per second. I just can't see how that is generating 70MB/Sec because a ping is only 64bytes.
Again, I would grab a packet capture off of that uplink port (Network Wide -> Packet Capture) and post the .pcap file here.
I will be emailing them with all the info I have gathered so far.
As for the packet capture file, I'll leave that till tonight when everyone is out of the office before disabling the policy that's currently in place to block the pings from going to Google DNS.
After that i'll post the packet capture here.
Greetings - Did you ever hear from support? I to am seeing vast amounts of pings from my two switches, one 8 port and one 48 port 200 series from my fortigate firewall.
I'm with Philp. This is 100% normal. I have the 1.2k pings to 22.214.171.124 almost constantly and it doesn't even register in the top 20 of things going through my firewall in terms of throughput.
For what it's worth, I have a 100Mbps Internet connection at my site. The connection doesn't start to get saturated until the firewall is transferring over 10GB every 15 minutes as measured on my firewall (not Meraki MX).
If 70MB is causing issues, you either have a really slow Internet connection, or you have other network issues.