[outages] VPN issues over Spectrum L3 boundaries

Marty Adkins marty at martyadkins.com
Mon Oct 21 14:19:10 EDT 2019


No change for them because the one head-end is fed by L3, so there's no 
way it can vanish from the path.  :)

On 10/21/2019 1:39 PM, Biddle, Josh wrote:
>
> Our issues have recently magically resolved (last Thursday 10/17) due 
> to L3 vanishing from the hop list. Our traffic now disappears into 
> ntt.net and we are seeing two way IPsec traffic without any issues.
>
> Marty, did your issues resolve?
>
>
> *From:* Marty Adkins <marty at martyadkins.com>
> *Sent:* Friday, October 18, 2019 4:01 PM
> *To:* Biddle, Josh <JBiddle at ntst.com>; outages at outages.org
> *Subject:* Re: [outages] VPN issues over Spectrum L3 boundaries
>
> A customer of mine has had the same issue with a TW-connected site in 
> Ohio and another in PA.  One VPN tunnel works fine, the other has 
> one-way ISAKMP traffic to the other head-end, which connects to 
> Level3.  A traceroute shows the failing path includes 66.109.7.162.  
> The failing direction is from the PA/OH sites toward the L3 head end. 
> Full-size pings work fine.  It's the UDP/500 that vanishes. I.E., it 
> has nothing to do with MTU.
>
> Both started having the issue around Aug 26.  Mysteriously, every week 
> to 10 days, the broken path will start working for a while.  This is 
> usually shortly after midnight EDT; they go back down 1-3 hours later 
> and stay down.  The log entries for the two sites match within seconds.
>
> The customer's contract is with Comcast Business so it's been 
> difficult to get to someone clueful about this symptom in TW.
>
> -Marty
>
> On 10/15/2019 8:04 AM, Biddle, Josh via Outages wrote:
>
>     Found a thread in the Spectrum forums talking about the issue
>     finally – it was marked as resolved so I started a new one.
>
>     https://forums.timewarnercable.com/t5/Connectivity/Traffic-issues-at-66-109-7-162/m-p/164091#M53497
>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__forums.timewarnercable.com_t5_Connectivity_Traffic-2Dissues-2Dat-2D66-2D109-2D7-2D162_m-2Dp_164091-23M53497&d=DwMD-g&c=-7HNwxqfpkdcRXCW8HB54Q&r=svX1Si7sopSBMitBL3bFwQ&m=pXHvd5iI_J5DVYGMDKBSdUZl1iyilZUvR3oyvE3BJ0E&s=_90gCNY2Ln1XdqWtMNguWIRejhsdUxoLyvgTpo-R5jM&e=>
>
>     *From:* Outages <outages-bounces at outages.org>
>     <mailto:outages-bounces at outages.org> *On Behalf Of *Biddle, Josh
>     via Outages
>     *Sent:* Sunday, October 13, 2019 12:00 PM
>     *To:* outages at outages.org <mailto:outages at outages.org>
>     *Subject:* [outages] VPN issues over Spectrum L3 boundaries
>
>     We have several offices over the Ohio and Pennsylvania area that
>     are experiencing issues passing traffic over VPN tunnels
>     (specifically, there is always a Spectrum >< Level 3
>     interconnect). It is a very strange issue. The VPN tunnel will
>     actually establish, and if you source your ping from inside the
>     internal network across the VPN tunnel to the destination, the
>     traffic gets there and replies, but the replies never make it back
>     to the original sending point.
>
>     Anyone else experiencing any similar issues like this?
>
>     Best Regards,
>
>     *Josh*
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20191021/2a45e86a/attachment.htm>


More information about the Outages mailing list