ICMP problem on J4350



  • Hi!

    I have an annoying ICMP problem on a J4350 (running 12.1X44.3 in flow mode).

    The network diagram looks like this:

    –-- Tunnel 1 ----
    Host — J4350 — PPPoE —<
                                                        ---- Tunnel 2 ----

    The J4350 connects via PPPoE to the DSL provider. After this, two tunnels are established (simple GRE tunnels) to two different endpoints.
    Two default routes are pointing to the tunnel interfaces. Everything works fine, Host is able to surf the Internet without any problems.

    BUT one strange thing happens:

    ICMP echo requests from Host are always responded from the J4350 (even if the Host is non-reachable):

    64 bytes from 1.9.2.3: icmp_req=529 ttl=64 time=0.586 ms
    64 bytes from 1.9.2.3: icmp_req=529 ttl=64 time=0.586 ms

    OR:

    64 bytes from 172.19.2.3: icmp_req=529 ttl=64 time=0.586 ms
    64 bytes from 172.19.2.3: icmp_req=529 ttl=64 time=0.586 ms

    As you can see on the rtt, the packet never leaves the Juniper Router via the DSL line (confirmed via packet dumps on the J4350).

    Anyone seen something like this before? I cannot share the configuration at the moment, because I have no access to the router from here.

    Nevertheless, the configuration is really simple, the PPPoE interface, two GRE tunnel interfaces, two default routes via the GRE tunnels,
    all interfaces are in trust-zone (for now), no routing protocols (OSPF, BGP, etc) running (except the static routes).


 

43
Online

38.4k
Users

12.7k
Topics

44.5k
Posts