<div dir="auto"><div>Fairly standard for the world of vpns.</div><div dir="auto"><br></div><div dir="auto">Given you have no echo or reply at the azure gateway I'm guessing icmp codes for negotiating mtu probably don't exist either.<br></div><div dir="auto"><br></div><div dir="auto"><span style="font-family:sans-serif">Lower the mtu om the vpn add see if the problem changes.</span><br><br><div data-smartmail="gmail_signature" dir="auto">Regards,<br><br>Peter Tiggerdine<br><br> </div><br><div class="gmail_quote" dir="auto"><div dir="ltr">On Fri, Aug 3, 2018, 12:18 Daniel Bartlett <<a href="mailto:dan@thecloudmode.com">dan@thecloudmode.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="m_1172833258947712133WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi All,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We have a customer that is experiencing packet loss on a VPN connection.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The connection is between their on-prem (colo datacentre) and Azure.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Their firewall is managed by Vendor A (customer owned device).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The ISP is Vendor B.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We have been getting bounced around between Microsoft support, Vendor A (FW Support), Fortinet (FW Vendor support) and Vendor B (ISP) – all claiming no fault.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Our monitoring (from on-prem servers to Azure servers) shows consistent packet loss of 2-3% - peaking at 8-9% between Azure and on-prem.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Packet captures run end-to-end show the loss to be occurring between the on-prem FW and the Azure VPN GW.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We are having a hard time convincing the ISP of the issue – they have been unable to find any fault in their network.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The ISP support is finding it hard to troubleshoot being that the Azure VPN GW does not respond to ping (by design – and we cannot change this).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Monitoring in place on the same link to internet site (<a href="http://google.com" target="_blank" rel="noreferrer">google.com</a>) shows 0% packet loss. We are only loosing packets on the VPN.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Just putting this out there for any suggestions on how we can assist the ISP to determine the root cause? Or for any other suggestions?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Dan<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
</div>
<p style="FONT-SIZE:10pt;FONT-FAMILY:Calibri"><font style="FONT-FAMILY:Calibri"><strong style="FONT-FAMILY:Calibri">
</strong></font></p><table style="WIDTH:500px">
<tbody>
<tr>
<td style="FONT-SIZE:10pt;HEIGHT:25px;FONT-FAMILY:Calibri;WIDTH:123px" valign="top">
<p style="FONT-SIZE:10pt;FONT-FAMILY:Calibri" align="center"><img style="HEIGHT:54px;WIDTH:101px" border="0" src="cid:thecloudmodelow_260dae53-3167-46bf-b3b8-a7e12aa1ae71.jpg" height="75"></p></td>
<td style="FONT-SIZE:10pt;HEIGHT:25px;FONT-FAMILY:Calibri;WIDTH:377px;PADDING-TOP:0px;PADDING-LEFT:10px" valign="top">
<p style="FONT-SIZE:10pt;FONT-FAMILY:Calibri" align="left"><strong>Daniel Bartlett</strong> / Technology Architect<br><a href="mailto:dan@thecloudmode.com" target="_blank" rel="noreferrer">dan@thecloudmode.com</a> /
0407 176 755<br><br>Lvl 17 / 31 Queen St<br>Melbourne Victoria Australia 3000 <br><a title="web" href="http://www.thecloudmode.com/" target="_blank" rel="noreferrer">www.thecloudmode.com</a></p></td></tr></tbody></table><p></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:Calibri"> </p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p>
<p style="FONT-SIZE:10pt;FONT-FAMILY:ARIAL"></p></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank" rel="noreferrer">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div></div></div>