Packet Drops

[Subliminal Aura]

Hate networks and network engineering - it's definitely my weak point but I don't know why I have this problem

I have several VLANs all working fine except for one, when enabled (in this instance enabled on the 5th of November) the interface drops packets and I can't understand why ?
Any idea what could be causing it, also from the charts you can see a cyclic pattern which doesn't match any process I have running.
Bizarre, maybe some networking folk have seen patterns like this before ?

This VLAN is setup up as a port PVID on my switch which is connected my ISP router's switch
MTUs are all set to 1500

The only thing I see from tcpdump is the following STP request what Ai tells me indicates that the ISP router wants to be the primary switch

Any thoughts especially around the packet drop chart

20:46:49.660004 STP 802.1d, Config, Flags [none], bridge-id 0001.0x:cx:xx:xx:xx:xx.8003, length 35

 

[Steveocee]

Have you tried another port to rule out that?
What instance of STP are you running on your switch?
Is it safe to assume your switch is root?

Have seen this before and it was mismatched STP although it wasn’t the WAN suffering.

 

[Zefan]

Have you reversed the configuration to make sure it isn't something else that's causing it before rabbit holing on the network? I've learned this sort of mindset the hard way. Yes, "what's changed", etc, but sometimes the more obvious thing can take you on a wild goose chase so it's worth properly confirming it first.

 

[Turanataro]

STP messages from the ISP router can trigger recalculations and cause periodic drops. Try forcing your switch as root and testing another port.

Good STP refresher: https://pingmynetwork.com/network/ccna-200-301/how-spanning-tree-protocol-works

 

[Subliminal Aura]

Thanks guys

The ISP switch has a STP priority of 0001 which I can't change and seems stupidly high
I've enabled STP on my switch albeit with a very low priority of 32768. STP messages have now stopped, not sure if that is as expected
If this doesn't help, I'll make my switch root by setting the priority to 0

@Zefan Thanks for the suggestion, unfortunately too many moving parts changed for me to rollback

 

[Steveocee]

Thanks guys

The ISP switch has a STP priority of 0001 which I can't change and seems stupidly high
I've enabled STP on my switch albeit with a very low priority of 32768. STP messages have now stopped, not sure if that is as expected
If this doesn't help, I'll make my switch root by setting the priority to 0

I wouldn't bother trying to force your switch to the lowest priority, just chuck yours in at 4096 and be done with it. Yeah it's not root but does that "really" matter? Do you need your switch to be the centre of the universe? If you get a loop downstream your switch will still block the loop.

 

[Subliminal Aura]

I wouldn't bother trying to force your switch to the lowest priority, just chuck yours in at 4096 and be done with it. Yeah it's not root but does that "really" matter? Do you need your switch to be the centre of the universe? If you get a loop downstream your switch will still block the loop.

100% agree
If anything the volume of packet drops is insignificant/can't be STP related and as I say the origin is vlan10 ie the switch side of the ISP router

Having said that, there are just 2 devices connected to the ISP switch and lo and behold when both are isolated, both drop packets so looks like there's nothing much I can do about this other than going straight to the ONT with the ISP router sitting behind my network instead of infront of it would the phone line still work like that ?

 

[Subliminal Aura]

OK, I'm done with this stupid vodafone router, wan port is pppoe only so can't live behind my network - unless I create a dummy pppoe connection for it ? </thinking> not worth it imho - I can live without a phone line

I'm running off the ont directly now and surprisingly latency and speeds are better



Got some tidying up to do best make some notes

 

[Turanataro]

Looks like moving straight to the ONT was the cleanest fix, especially with the better latency you’re seeing.
Vodafone routers tend to behave oddly with STP anyway, so your setup is much healthier now.

 

[Subliminal Aura]

Looks like moving straight to the ONT was the cleanest fix, especially with the better latency you’re seeing.
Vodafone routers tend to behave oddly with STP anyway, so your setup is much healthier now.

True but I'm losing the phone line and active passive failover for routing

Actually I did manage to get the old router into a pppoe link to my network but stopped short of routing it, I'm pretty sure that's all that is needed to get the phone working

As for HA I'll have to stand that up some day but bringing up and down a pppoe connection is a lot slower than a normal network interface so failover will be noticeable

Sigh, this has turned into a mini project that I didn't want

 

[Turanataro]

Yeah, PPPoE failover is always slower, so you’ll definitely feel the hit in an active/passive setup. If the phone line matters, you can usually keep the ISP router alive in a “PPPoE passthrough just for VoIP” mode without letting it touch the rest of your routing, basically WAN-up only, no NAT, no DHCP.

Some Vodafone units accept that as long as they see a PPPoE session. But given your drops came from their switch side, your ONT-first setup is still the cleaner path

 

[Subliminal Aura]

Thank you @Turanataro your comments lead me to this page which has some very useful information and links

Reddit - The heart of the internet

www.reddit.com

 

[Subliminal Aura]

Failover is sorted

10 seconds to failover is not bad I suppose

64 bytes from 8.8.8.8: icmp_seq=184 ttl=119 time=4.48 ms
64 bytes from 8.8.8.8: icmp_seq=185 ttl=119 time=4.70 ms
64 bytes from 8.8.8.8: icmp_seq=186 ttl=119 time=4.69 ms
64 bytes from 8.8.8.8: icmp_seq=187 ttl=119 time=4.47 ms
64 bytes from 8.8.8.8: icmp_seq=188 ttl=119 time=4.48 ms
64 bytes from 8.8.8.8: icmp_seq=189 ttl=119 time=4.48 ms
From 10.0.1.4 icmp_seq=190 Destination Net Unreachable
From 10.0.1.4 icmp_seq=191 Destination Net Unreachable
64 bytes from 8.8.8.8: icmp_seq=200 ttl=119 time=5.01 ms
64 bytes from 8.8.8.8: icmp_seq=201 ttl=119 time=5.14 ms
64 bytes from 8.8.8.8: icmp_seq=202 ttl=119 time=4.91 ms
64 bytes from 8.8.8.8: icmp_seq=203 ttl=119 time=4.85 ms
64 bytes from 8.8.8.8: icmp_seq=204 ttl=119 time=4.95 ms
64 bytes from 8.8.8.8: icmp_seq=205 ttl=119 time=4.75 ms

Plus and Pro all on one but the plus just about outweighs the con as I've noticed the failover router cannot have internet (only 1 pppoe connection is allowed at any one time) when it's dormant so no device will be able to route traffic through it if discovered

 

[Subliminal Aura]

Thought I'd have a tinker and I got the phoneline working too

20:10:41.036332 PPPoE  [ses 0x2c] IP 192.168.20.45.5065 > 148.252.154.217.5060: SIP: REGISTER sip:resvoip.vodafone.co.uk SIP/2.0
20:10:41.047331 PPPoE  [ses 0x2c] IP 148.252.154.217.5060 > 192.168.20.45.5065: SIP: SIP/2.0 100 Trying
20:10:41.047395 PPPoE  [ses 0x2c] IP 148.252.154.217.5060 > 192.168.20.45.5065: SIP: SIP/2.0 407 Proxy Authentication Required
20:10:41.055152 PPPoE  [ses 0x2c] IP 192.168.20.45.5065 > 148.252.154.217.5060: SIP: REGISTER sip:resvoip.vodafone.co.uk SIP/2.0
20:10:41.067218 PPPoE  [ses 0x2c] IP 148.252.154.217.5060 > 192.168.20.45.5065: SIP: SIP/2.0 100 Trying
20:10:41.067253 PPPoE  [ses 0x2c] IP 148.252.154.217.5060 > 192.168.20.45.5065: SIP: SIP/2.0 200 Registration Successful

Phones ----- Vodafone Router WAN (PPPoE) <-----> My Router -----> ONT (Internet)

So all in all the vodafone router is not doing anything special, the fake PPPoE endpoint on my router is accepted and as long as it gains access to internet and is using the Vodafone DNS servers the phones will register