Friday, November 8, 2013

Cisco CUCM: Ping/ICMP Drops From A Router To A CUCM (CallManager)


This is interesting, and I didn't know this until the other day.  If you ping a CUCM from a router with the repeat option, you are going to see what looks like drops.  See below my example.

THIS IS FROM MY ROUTER, WHICH IS OFFSITE FROM THE CUCM IM PINGING:
Router-2821#ping  172.5.25.225 so gig0/1 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 172.5.25.225, timeout is 2 seconds:
Packet sent with a source address of 10.25.5.1
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!
Success rate is 86 percent (86/100), round-trip min/avg/max = 20/24/44 ms
Router-2821#


THIS IS FROM MY SWITCH, WHICH IS ONSITE FROM THE CUCM IM PINGING:
Switch-6506#ping 10.50.90.225 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.50.90.225, timeout is 2 seconds:
!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!
!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!
Success rate is 84 percent (84/100), round-trip min/avg/max = 1/1/4 ms
Switch-6506#

So its interesting to me because of the drops.  This had me thinking, in the beginning, that something was wrong somewhere.  But as it turns out, this is normal behavior for the response of a CUCM.  You wont see this if you are trying to ping from your command line on your pc.  You will only see this from your router/switch.  TAC tells me this is normal behavior for the CUCM, and from my testing, I have no reason to not believe this.  Just thought this was interesting.

2 comments:

  1. Its to do with the iptables firewall policy in CUCM. It rate limits pings to prevent against DOS attacks.

    ReplyDelete
    Replies
    1. Good to know. Thank you for your input.

      Delete

Your comment will be reviewed for approval. Thank you for submitting your comments.