[c-nsp] 220s cyclic events?

[Andre Beck]

Hi,

we observe a certain pattern of packet loss within a V3PN based on:

- A central PIX515
- Remote PIX506s
- A central 3745
- Remote 1760Vs

The 1760Vs establish GRE tunnels to the 3745 on top of the IPsec VPN
provided by the PIXen. The GRE tunnel system is dynamically routed
using OSPF and carries traffic shaped and LLQed/bandwidth managed
using hierarchical MQC.

What we see is a short surge of lost packets, lasting approximately
0.5 seconds (a 100ms interval ping will lose 5 to 6 packets), every
220s or so (something in the range 215s to 220s, hard to measure
exactly). The whole remaining time is completely free of packet loss,
it's just the short hit every 220 seconds. It hoses IPT of course.

The most interesting observation about it is probably that it occurs
at the same time for *all* remote locations, so it likely is caused
by something in the central network, PIX or 3745.

What completely baffles me, though, is that unfamiliar cycle time of
220s. Would it be 60s, 120s or especially 300s I'd be able to name
a number of potential candidates for the phenomenon. ARP retries and
switch MAC timeouts would be prominent candidates. OSPF has way lower
timers, BGP is not involved, the GRE keepalive is 10s...

Anyone know of an approx. 220s cyclic event on either an IOS router
or a PIX that could result in short events of packet loss? There are
no significant CPU spikes on the 3745. And for that matter, pinging
from a host in the central PIX515's DMZ (which is different from the
network that connects to the 3745) towards a remote PIX506 doesn't
result in *any* loss - so the problem must be within the VPN itself,
not in the infrastructure it's built on.

TIA,
Andre.
-- 
                  The _S_anta _C_laus _O_peration
  or "how to turn a complete illusion into a neverending money source"

-> Andre Beck    +++ ABP-RIPE +++    IBH Prof. Dr. Horn GmbH, Dresden <-