m.bufton at spectra-group
Nov 4, 2009, 6:07 AM
Post #6 of 6
(608 views)
Permalink
|
It must still be an MTU thing somewhere.
I have packet sniffed both networks and can see UDP 8500 being sent and
being received, to the network, and they appear to be being fragmented.
Although the DF flag isn't set so I can't see an issue.
Any way I set the MTU on both CCM7 servers to 1300, and packets are
still being fragmented.
I have even set to 1000 and still they get fragmented.
Looking at Wireshark it looks like the packets are 1700 bytes in size.
But why when I have set the MTU to 1000??
I have just done some pings with the don't fragment flag and:
Ping to my Domain controller are successful at a size of 1198
Pings to my Call Manager server on same subnet as DC, are lower at 976
but that is because the MTU on the servers is set to 1000
I know this is looking like a network issue but I need help.
Martin Bufton BSc (Hons), CCNA - Systems Engineer
From: Martin Bufton [mailto:m.bufton [at] spectra-group]
Sent: 03 November 2009 16:30
To: Ryan Ratliff
Cc: cisco-voip [at] puck
Subject: Re: [cisco-voip] Second Node in Cluster[Scanned]
Think I'll try the packet sniffing.
I have both my switches configured with SPAN ports for other uses so
I'll patch in to there.
I'll let you know what I see.
Martin Bufton BSc (Hons), CCNA - Systems Engineer
From: Ryan Ratliff [mailto:rratliff [at] cisco]
Sent: 03 November 2009 16:29
To: Martin Bufton
Cc: cisco-voip [at] puck
Subject: Re: [cisco-voip] Second Node in Cluster[Scanned]
There's a good possibility of that being the case to be honest. The
same certificate exchange that happens during install has to happen when
the servers boot up and if it's breaking during install it'll likely
break then too.
You can try getting a packet capture at both servers during the install
to see what is going on with the UDP 8500 traffic.
-Ryan
On Nov 3, 2009, at 11:04 AM, Martin Bufton wrote:
I have set the Firewalls to allow all traffic to pass between the
Callmanagers.
I have thought about connecting the SUB to the same switch but on a
separate VLAN, means I won't have to change the IP addresses, also
nothing is interfering.
My PUB is 172.16.74.10
My Sub is 172.16.10.10
My worry is if it does work, when connected to the same switch, and then
I try connecting back to where it should be located what if it then
doesn't work
Martin Bufton BSc (Hons), CCNA - Systems Engineer
From: Ryan Ratliff [mailto:rratliff [at] cisco]
Sent: 03 November 2009 15:58
To: Martin Bufton
Cc: cisco-voip [at] puck
Subject: Re: [cisco-voip] Second Node in Cluster[Scanned]
The error you are getting is clustermanager on the new sub trying to
communicate with the same service on the publisher. This is necessary
so that the publisher will open up the iptables firewall to allow the
sub to communicate for the installation. This is done via UDP port 8500
and the certificate exchange is typically large packets that will get
fragmented/segmented.
If you move the server so it's not over the VPN from the pub will the
install proceed?
Are you blocking any traffic over the vpn?
-Ryan
On Nov 3, 2009, at 10:27 AM, Martin Bufton wrote:
I'm tryin to add a second Node to my CCM 7 environment.
I have added the second server via the web interface setting the IP
address and description.
I have even restarted the 1st server
When I try and add the second server I get the following error
"could not contact server using UDP 8500"
Or words to similar effect.
My MTU is set to 1400 on bother servers, so should be allowed across my
VPN, I can ping ok and also got past the stage of confirming security
password so connectivity should be good.
Other forums suggested a possible DNS issue so I have removed all
reference to DNS on both server.
and still it's not working.
Can anyone point me in the best direction to continue troubleshooting?
Thanks in advance
Martin
_______________________________________________
cisco-voip mailing list
cisco-voip [at] puck
https://puck.nether.net/mailman/listinfo/cisco-voip
|
