My organization uses ICMP echo from 8.8.8.8 as a general test to determine whether or not a device is able to access the internet or not. Yeah yeah, "use something we control," I know, I know... not my decision I'm just a lowly tech.
Anyway, I have a Cisco 819 router that uses VRF routing. One route we use is through a commodity internet connection through a modem that's in bridge mode/IP passthrough. Whenever I try to do a ping to 8.8.8.8 using that route, I get a 10% packet loss. However, when I try to ping anything else, 4.2.2.1, root DNS servers, I get no loss whatsoever.
I've checked my config and double checked it, and the only thing I can thing of is there's something in that modem from the ISP that's causing packets destined for 8.8.8.8 to drop. Does that reasoning sound right in thinking it's that modem that's causing this issue? I'll include some config just to be triple checked.
vrf definition INET ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family interface GigabitEthernet0 vrf forwarding INET ip address PUBLIC IP 255.255.255.0 ip access-group 115 in no ip redirects ip nat outside ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 3 no cdp enable ip route vrf INET 0.0.0.0 0.0.0.0 MODEM IP access-list 115 deny tcp any any eq 9001 access-list 115 deny tcp any any eq 9002 access-list 115 deny tcp any any eq 6001 access-list 115 deny tcp any any eq 6002 access-list 115 deny tcp any any eq 4001 access-list 115 deny tcp any any eq 4002 access-list 115 deny tcp any any eq 2001 access-list 115 deny tcp any any eq 2002 access-list 115 deny tcp any any eq 801 access-list 115 deny tcp any any eq 802 access-list 115 deny tcp any any eq 23400 access-list 115 deny tcp any any eq 23401 access-list 115 deny tcp any any eq telnet access-list 115 permit ip any any
No comments:
Post a Comment