Procedure to validate packet transfer between two VOS devices on a WAN link to determine underlay loss using ip-identifier

In our example we will consider two sites

BranchBM-01

Hub-01-R2

Firstly, we will need to identify the WAN interface which needed to be investigated for loss

On BranchBM-01 the interface under question is vni-0/0 and the address is 10.210.210.42

On Hub-01-R2 the interface is vni-0/2 and address is 10.210.210.44 (ignore the second ip, it’s not relevant)

Now we will enable tcpdump on both these nodes, using filters to filter out the packets as shown below

The idea is to monitor the “ip identifier” field as highlighted below in the direction of the loss, for example if we want to monitor packet transfer from BranchBM-01 towards Hub-01-R2, we should focus on packets sent with “source” ip-address as 10.210.210.42 and destination as 10.210.210.44 (hub wan address) and monitor the ip-identifier field

You should see all the ip-identifiers sent from BranchBM-01 on Hub-01-R2 – if you see some packets (ip-identifier) missing, it would mean that it’s being dropped in the underlay.

In the below screenshots, you can see the packets highlighted are being sent from BranchBM-01 and received on Hub-01-R2 without any loss.

Note: the below tcpdumps should be enabled on both the branches around the same time to co-relate (you can also enable session logging on your putty terminals and capture output on both the terminals to compare)  

On BranchBM-01

tcpdump vni-0/0 filter “’host 10.210.210.44 -vv’”

On Hub-01-R2

tcpudmp vni-0/2 filter “’host 10.210.210.42 -vv’”