Re: Stumper

[Miguel Mata-Cardona]

we used to have that problem here. a big customer from us does 
many gre tunnels. the problem seemed to be that they were blocking 
icmp, thus every mtu variation on the way from any point could not be 
known by the routers making the point unavailable (we actually saw 
the packets just before entering the tunnel). try this, ping with different 
packet size and you will find this problem.
solution to the problem was to allow the icmp dunr type packets.


On 21 Jan 2003 at 17:25, Mark J. Scheller wrote:

 
 
 I have run into a problem that has me completely stumped, so I'm
 tossing it out to NANOG for some help.
 
 Before I lay out the specifics, I'm not trying to point fingers at any
 particular ISP or vendor here, but this problem only exhibits itself
 in very specific configurations.  Unfortunately, the configuration is
 common enough as to get unwanted attention from the higher-ups.
 
 Here's the particulars:
 
 Users that have Verizon DSL and a Linksys cable/DSL router have
 difficulties accessing sites on my network -- whether they are trying
 with http, https, smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem
 to be fine.  Low latency, no loss.  This is true even for access to a
 server brought up in the DMZ, to keep the firewalls out of the
 equation.
 
 Doing some packet sniffing on the ethernet side of my router, I could
 see specific http requests never showed up (and the user saw the
 broken image icon).  This was for an mrtg graph page with +/- 30
 images.  I saw the request for almost all the image files, save for
 one and the user reported the broken image icon for the one.  So this
 looks and smells like a packet loss issue. but who/where/how?
 
 Taking the Linksys out of the pictures (connecting their PC directly
 to the Verizon DSL modem) makes the problem go away.
 
 These same users report no trouble whatsoever accessing many other
 common sites across the internet.
 
 Here's another interesting data point:  when one user runs Morpheus
 (on any machine in his home network) he then has absolutely no
 problems accessing servers/services on my network.
 
 Other users with Linksys routers and, say cable modem, do not have
 this problem!
 
 So I'm looking for some pointers.  What could I have done to my edge
 router (a Cisco 3640 if that helps any) that would make it drop
 packets from Verizon DSL customers with Linksys routers so long as
 they aren't running Morpheus?
 
 Mark J. Scheller ([EMAIL PROTECTED])
 
 
 


-- 
Miguel Mata-Cardona
Intercom El Salvador
[EMAIL PROTECTED]

Re: Stumper

[Dennis Boylan]

Sounds similar to my problem with the Linksys cable/DSL router.
My problem was that it would work perfectly with NAT enabled, but
the minute I turned NAT off, I couldn't get to a lot of sites.
I tried a number of firmwares.  I even tried to get support from
Linksys.  But, after a week without any returned phone calls,
I returned the unit.  I do know that there is a working firmware
for this configuration, but there is no information that I could
find on down-reving the unit.

My solution was to get rid of the POS and use one of my Linux
servers to do the pppoe.

Thanks,
Dennis



msg08190/pgp0.pgp
Description: PGP signature

Stumper

[Mark J. Scheller]

I have run into a problem that has me completely stumped, so I'm tossing it
out to NANOG for some help.

Before I lay out the specifics, I'm not trying to point fingers at any
particular ISP or vendor here, but this problem only exhibits itself in very
specific configurations.  Unfortunately, the configuration is common enough as
to get unwanted attention from the higher-ups.

Here's the particulars:

Users that have Verizon DSL and a Linksys cable/DSL router have difficulties
accessing sites on my network -- whether they are trying with http, https,
smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem to be fine.  Low latency,
no loss.  This is true even for access to a server brought up in the DMZ, to
keep the firewalls out of the equation.

Doing some packet sniffing on the ethernet side of my router, I could see
specific http requests never showed up (and the user saw the broken image
icon).  This was for an mrtg graph page with +/- 30 images.  I saw the request
for almost all the image files, save for one and the user reported the broken
image icon for the one.  So this looks and smells like a packet loss
issue. but who/where/how?

Taking the Linksys out of the pictures (connecting their PC directly to the
Verizon DSL modem) makes the problem go away.

These same users report no trouble whatsoever accessing many other common
sites across the internet.

Here's another interesting data point:  when one user runs Morpheus (on
any machine in his home network) he then has absolutely no problems accessing
servers/services on my network.

Other users with Linksys routers and, say cable modem, do not have this
problem!

So I'm looking for some pointers.  What could I have done to my edge router (a
Cisco 3640 if that helps any) that would make it drop packets from Verizon DSL
customers with Linksys routers so long as they aren't running Morpheus?

Mark J. Scheller ([EMAIL PROTECTED])

Re: Stumper

[fkittred]

MTU

Re: Stumper

[Stephen J. Wilcox]

Are there sub-1500 byte MTUs anywhere and is one of the devices
(Linksys?) dropping the relevant icmp fragments?

Morpheus might be working by not having DF bit set..

just a possibility

test by removing any filtering of icmp

Steve


On Tue, 21 Jan 2003, Mark J. Scheller wrote:

 
 
 I have run into a problem that has me completely stumped, so I'm tossing it
 out to NANOG for some help.
 
 Before I lay out the specifics, I'm not trying to point fingers at any
 particular ISP or vendor here, but this problem only exhibits itself in very
 specific configurations.  Unfortunately, the configuration is common enough as
 to get unwanted attention from the higher-ups.
 
 Here's the particulars:
 
 Users that have Verizon DSL and a Linksys cable/DSL router have difficulties
 accessing sites on my network -- whether they are trying with http, https,
 smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem to be fine.  Low latency,
 no loss.  This is true even for access to a server brought up in the DMZ, to
 keep the firewalls out of the equation.
 
 Doing some packet sniffing on the ethernet side of my router, I could see
 specific http requests never showed up (and the user saw the broken image
 icon).  This was for an mrtg graph page with +/- 30 images.  I saw the request
 for almost all the image files, save for one and the user reported the broken
 image icon for the one.  So this looks and smells like a packet loss
 issue. but who/where/how?
 
 Taking the Linksys out of the pictures (connecting their PC directly to the
 Verizon DSL modem) makes the problem go away.
 
 These same users report no trouble whatsoever accessing many other common
 sites across the internet.
 
 Here's another interesting data point:  when one user runs Morpheus (on
 any machine in his home network) he then has absolutely no problems accessing
 servers/services on my network.
 
 Other users with Linksys routers and, say cable modem, do not have this
 problem!
 
 So I'm looking for some pointers.  What could I have done to my edge router (a
 Cisco 3640 if that helps any) that would make it drop packets from Verizon DSL
 customers with Linksys routers so long as they aren't running Morpheus?
 
 Mark J. Scheller ([EMAIL PROTECTED])
 
 
 

RE: Stumper

[Ray Burkholder]

This might be an MTU setting issue.  If pppoe, then on my Cisco stuff,
an MTU of 1492 (I think that is the right value) seemed to clear things
up.

Ray Burkholder


 -Original Message-
 From: Mark J. Scheller [mailto:[EMAIL PROTECTED]] 
 Sent: January 21, 2003 18:26
 To: [EMAIL PROTECTED]
 Subject: Stumper
 
 
 
 
 I have run into a problem that has me completely stumped, so 
 I'm tossing it out to NANOG for some help.
 
 Before I lay out the specifics, I'm not trying to point 
 fingers at any particular ISP or vendor here, but this 
 problem only exhibits itself in very specific configurations. 
  Unfortunately, the configuration is common enough as to get 
 unwanted attention from the higher-ups.
 
 Here's the particulars:
 
 Users that have Verizon DSL and a Linksys cable/DSL router 
 have difficulties accessing sites on my network -- whether 
 they are trying with http, https, smtp, pop3, ssh, ftp, etc., 
 etc.  Oh, but pings seem to be fine.  Low latency, no loss.  
 This is true even for access to a server brought up in the 
 DMZ, to keep the firewalls out of the equation.
 
 Doing some packet sniffing on the ethernet side of my router, 
 I could see specific http requests never showed up (and the 
 user saw the broken image icon).  This was for an mrtg graph 
 page with +/- 30 images.  I saw the request for almost all 
 the image files, save for one and the user reported the 
 broken image icon for the one.  So this looks and smells like 
 a packet loss issue. but who/where/how?
 
 Taking the Linksys out of the pictures (connecting their PC 
 directly to the Verizon DSL modem) makes the problem go away.
 
 These same users report no trouble whatsoever accessing many 
 other common sites across the internet.
 
 Here's another interesting data point:  when one user runs 
 Morpheus (on any machine in his home network) he then has 
 absolutely no problems accessing servers/services on my network.
 
 Other users with Linksys routers and, say cable modem, do not 
 have this problem!
 
 So I'm looking for some pointers.  What could I have done to 
 my edge router (a Cisco 3640 if that helps any) that would 
 make it drop packets from Verizon DSL customers with Linksys 
 routers so long as they aren't running Morpheus?
 
 Mark J. Scheller ([EMAIL PROTECTED])
 
 
 

Re: Stumper

[Marshall Eubanks]

Could this be a packet size issue ?
You might try

ping -s

and see if, say, 1500 byte and 4500 byte packets get through.m


On Tuesday, January 21, 2003, at 05:25 PM, Mark J. Scheller wrote:




I have run into a problem that has me completely stumped, so I'm 
tossing it
out to NANOG for some help.

Before I lay out the specifics, I'm not trying to point fingers at any
particular ISP or vendor here, but this problem only exhibits itself in 
very
specific configurations.  Unfortunately, the configuration is common 
enough as
to get unwanted attention from the higher-ups.

Here's the particulars:

Users that have Verizon DSL and a Linksys cable/DSL router have 
difficulties
accessing sites on my network -- whether they are trying with http, 
https,
smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem to be fine.  Low 
latency,
no loss.  This is true even for access to a server brought up in the 
DMZ, to
keep the firewalls out of the equation.

Doing some packet sniffing on the ethernet side of my router, I could 
see
specific http requests never showed up (and the user saw the broken 
image
icon).  This was for an mrtg graph page with +/- 30 images.  I saw the 
request
for almost all the image files, save for one and the user reported the 
broken
image icon for the one.  So this looks and smells like a packet loss
issue. but who/where/how?

Taking the Linksys out of the pictures (connecting their PC directly to 
the
Verizon DSL modem) makes the problem go away.

These same users report no trouble whatsoever accessing many other 
common
sites across the internet.

Here's another interesting data point:  when one user runs Morpheus (on
any machine in his home network) he then has absolutely no problems 
accessing
servers/services on my network.

Other users with Linksys routers and, say cable modem, do not have this
problem!

So I'm looking for some pointers.  What could I have done to my edge 
router (a
Cisco 3640 if that helps any) that would make it drop packets from 
Verizon DSL
customers with Linksys routers so long as they aren't running Morpheus?

Mark J. Scheller ([EMAIL PROTECTED])



 Regards
 Marshall Eubanks


T.M. Eubanks
Multicast Technologies, Inc
10301 Democracy Lane, Suite 410
Fairfax, Virginia 22030
Phone : 703-293-9624   Fax : 703-293-9609
e-mail : [EMAIL PROTECTED]
http://www.multicasttech.com

Test your network for multicast :
http://www.multicasttech.com/mt/
 Status of Multicast on the Web  :
 http://www.multicasttech.com/status/index.html

Re: Stumper

[Mark J. Scheller]

The Linksys does have an MTU setting, and I've had my users try some lower
settings to see if it made any differences.  One user set the MTU on the
Linksys as low as 1200 with no noticeable improvement.

Anything else I should look at?

mS ([EMAIL PROTECTED])

Re: Stumper

[jeffrey.arnold]

On Tue, 21 Jan 2003, Mark J. Scheller wrote:

:: Here's the particulars:
:: 
:: Users that have Verizon DSL and a Linksys cable/DSL router have
:: difficulties accessing sites on my network -- whether they are trying
:: with http, https, smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings
:: seem to be fine.  Low latency, no loss.  This is true even for access
:: to a server brought up in the DMZ, to keep the firewalls out of the
:: equation.
:: 

Have the user update their linksys firmware. I see this problem all the 
time. Linksys soho gateways are notorious for their early firmware not 
sending fragments with proper headers. Any acl that does not allow *all 
frags* by default will deny their packets. There may be other issues as 
well, but the firmware update tends to fix all of the problems. 

-jba


__
 [[EMAIL PROTECTED]] :: analogue.networks.nyc :: http://analogue.net

Re: Stumper

[William Warren]

If the MTU is not helping then go get the latest firmware.  Also you 
cannot use port forwarding in most linksys routers with DHCP enabled. 
For those routers you have to set everyone statically and turn of DHCP 
for port forwarding to work.

Mark J. Scheller wrote:

The Linksys does have an MTU setting, and I've had my users try some lower
settings to see if it made any differences.  One user set the MTU on the
Linksys as low as 1200 with no noticeable improvement.

Anything else I should look at?

mS ([EMAIL PROTECTED])






--
May God Bless you and everything you touch.

My foundation verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

Re: Stumper

[hc]

MTU on user-end shouldn't really be an issue here.. B/c if so, then (I 
am only assuming this) how could they access other sites like yahoo.com, 
etc? I am sure your web site is no different than other common ones.

Linksys routers have various issues. The best bet is to go after the 
firmware and make sure its up-to-date. -- but yet they have no problems 
accessing other sites?? hmm.

This is probably not the cause of the issue but just in case --- You may 
wanna check to make sure that your server does not have ECN enabled. 
I've experienced some firewalls/internet sharing devices misbehaving 
whenever trying to connect to an ECN-enabled server. Again, this is 
probably not it, but just one of the things to try out, if you run out 
of other clues...

-hc



Mark J. Scheller wrote:

I have run into a problem that has me completely stumped, so I'm tossing it
out to NANOG for some help.

Before I lay out the specifics, I'm not trying to point fingers at any
particular ISP or vendor here, but this problem only exhibits itself in very
specific configurations.  Unfortunately, the configuration is common enough as
to get unwanted attention from the higher-ups.

Here's the particulars:

Users that have Verizon DSL and a Linksys cable/DSL router have difficulties
accessing sites on my network -- whether they are trying with http, https,
smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem to be fine.  Low latency,
no loss.  This is true even for access to a server brought up in the DMZ, to
keep the firewalls out of the equation.

Doing some packet sniffing on the ethernet side of my router, I could see
specific http requests never showed up (and the user saw the broken image
icon).  This was for an mrtg graph page with +/- 30 images.  I saw the request
for almost all the image files, save for one and the user reported the broken
image icon for the one.  So this looks and smells like a packet loss
issue. but who/where/how?

Taking the Linksys out of the pictures (connecting their PC directly to the
Verizon DSL modem) makes the problem go away.

These same users report no trouble whatsoever accessing many other common
sites across the internet.

Here's another interesting data point:  when one user runs Morpheus (on
any machine in his home network) he then has absolutely no problems accessing
servers/services on my network.

Other users with Linksys routers and, say cable modem, do not have this
problem!

So I'm looking for some pointers.  What could I have done to my edge router (a
Cisco 3640 if that helps any) that would make it drop packets from Verizon DSL
customers with Linksys routers so long as they aren't running Morpheus?

Mark J. Scheller ([EMAIL PROTECTED])