TCP Application cannot connect to internet on S7700

Publication Date:  2013-06-27 Views:  128 Downloads:  0
Issue Description
1. Topology
PC ----- AR208(NAT) ----- MPLS Cloud ---- S7700 --- Internet
2. On AR, there is nat configuration. On S7700, it connects AR router with L2 network. And establish EBGP with internet device.
3. When customer tested, they found that they cannot browse website but ping is ok.
Alarm Information
Handling Process
1. We check configuration on AR208 and it is ok.
2. Let customer capture packets on S77. We found that TCP syn pakcets has been received on S77 but it was not forwarded. That is why browsing website failed. We can confirm that issue happened on S7700
3. We check device status on S7700 and found that it establish EBGP peer with internet device. And there are so many routes in routing-table. But the board type customer use is EA. It only supports 16K routes. So we found the reason. There are huge routes on S7700 and some routes cannot be downloaded to fib table.We can check fib and route statistics using below commands:
display ip routing-table statistics
display fib statistics
4. after geting permirt from customer, we configured bgp filter policy to limit routes from bgp peer and add default route on S7700. Test the service is ok.
Root Cause