I dunno to what extent Hughes has implemented the RFC to which MBS referred, but I can confirm VPN over their links is rough.
Historically the encrypted stream has broken the IP ack spoofing mechanism many sat providers do, and the performance over the HN sat link feels very much like that is what's happening. -sc From: [email protected] [mailto:[email protected]] On Behalf Of Damien Solodow Sent: Saturday, January 23, 2016 10:54 PM To: [email protected] Subject: RE: [NTSysADM] HughesNet and AWS Plus the satellite provider says that using a VPN drops performance substantially over their link. :( DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE ________________________________ From: [email protected] [[email protected]] on behalf of Richard Stovall [[email protected]] Sent: Friday, January 22, 2016 4:13 PM To: [email protected] Subject: Re: [NTSysADM] HughesNet and AWS I was actually thinking of suggesting a VPN, then I realized that the OP is probably dealing with multiple end users, each on satellite, and would actually add complexity by going this route. On Fri, Jan 22, 2016 at 3:41 PM, James M. Pulver <[email protected]> wrote: Use a VPN maybe? Would that actually be able to hold a connection over the satallite latencies? James Pulver CLASSE Computer Group Cornell University On 01/22/2016 03:21 PM, Charles F Sullivan wrote: DNS Acceleration = Ignore TTL Brilliant concept! *From:*[email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]>] *On Behalf Of *Damien Solodow *Sent:* Friday, January 22, 2016 1:44 PM *To:* [email protected] <mailto:[email protected]> *Subject:* RE: [NTSysADM] HughesNet and AWS Yeah, I'd thought (and hoped) it was their DNS server doing it, but when even 'nslookup saasapp.com <http://saasapp.com> 8.8.8.8' came back wrong (and different from the results on my PC) I knew something was rotten. J DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE *From:*[email protected] <mailto:[email protected]> [mailto:[email protected]] *On Behalf Of *Richard Stovall *Sent:* Friday, January 22, 2016 1:40 PM *To:* [email protected] <mailto:[email protected]> *Subject:* Re: [NTSysADM] HughesNet and AWS That's friggin awesome, but it doesn't hurt. :-) On Fri, Jan 22, 2016 at 1:33 PM, Michael B. Smith <[email protected] <mailto:[email protected]>> wrote: Both Comcast and CenturyLink have similar "features" if you use their DNS servers. But they don't override you if you choose another DNS server... *From:*[email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]>] *On Behalf Of *Richard Stovall *Sent:* Friday, January 22, 2016 12:48 PM *To:* [email protected] <mailto:[email protected]> *Subject:* Re: [NTSysADM] HughesNet and AWS That is so friggin' awesome it hurts. On Fri, Jan 22, 2016 at 12:19 PM, Damien Solodow <[email protected] <mailto:[email protected]>> wrote: Having a fun issue, and figured I'd see if anyone else has run into something like it and has a solution. J One of our SaaS apps is hosted on AWS, and AWS has the lovely habit of using very short DNS TTLs and changing IPs frequently. Normally not that big a deal. However, it looks like a satellite provider used by a number of our users (HughesNet) has a wonderful little "feature" called DNS Acceleration. This looks to be a local DNS caching server (which ignores the provided TTL) that runs on their modem. This means that the user almost always gets outdated information from DNS for this SaaS app, which prevents them from accessing it. There doesn't appear to be a way in the modem UI to turn off this "feature", and it looks to intercept **all** outbound DNS traffic, so even if I set the client or their router to use a different DNS server it still gets intercepted. Anyone run into this or have a useful contact at HughesNet to sort this out? DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 <tel:317.447.6033> (office) 317.447.6014 <tel:317.447.6014> (fax) HARRISON COLLEGE 500 North Meridian St Suite 500 Indianapolis, IN 46204-1213 www.harrison.edu <http://www.harrison.edu/>
