Re: UDP clamped on service provider links

2015-07-31 Thread Ted Hardie
On Thu, Jul 30, 2015 at 2:31 PM, Ca By wrote: > > > On Thu, Jul 30, 2015 at 2:04 PM, Ted Hardie wrote: > >> On Thu, Jul 30, 2015 at 1:45 PM, John Kristoff wrote: >> >> > On Mon, 27 Jul 2015 19:42:46 +0530 >> > Glen Kent wrote: >> > >> > >> > > Is there a reason why this is often done so? Is th

Re: UDP clamped on service provider links

2015-07-31 Thread Jon Lewis
On Fri, 31 Jul 2015, Christopher Morrow wrote: On Fri, Jul 31, 2015 at 8:07 AM, John Kristoff wrote: On Thu, 30 Jul 2015 21:18:10 -0500 Jason Baugher wrote: In one case, when we were having an issue with a SIP trunk, we re-numbered our end to another IP in the same subnet. Same path from A

Re: UDP clamped on service provider links

2015-07-31 Thread Brad Fleming
> >> In one case, when we were having an issue with a SIP trunk, we re-numbered >> our end to another IP in the same subnet. Same path from A to Z, but the >> packet loss mysteriously disappeared using the new IP. > > lag hash put you on a congested fiber? Or perhaps a switch fabric module geeke

Re: UDP clamped on service provider links

2015-07-31 Thread Christopher Morrow
On Fri, Jul 31, 2015 at 8:07 AM, John Kristoff wrote: > On Thu, 30 Jul 2015 21:18:10 -0500 > Jason Baugher wrote: > >> In one case, when we were having an issue with a SIP trunk, we >> re-numbered our end to another IP in the same subnet. Same path from >> A to Z, but the packet loss mysteriously

Re: UDP clamped on service provider links

2015-07-31 Thread John Kristoff
On Thu, 30 Jul 2015 21:18:10 -0500 Jason Baugher wrote: > In one case, when we were having an issue with a SIP trunk, we > re-numbered our end to another IP in the same subnet. Same path from > A to Z, but the packet loss mysteriously disappeared using the new > IP. It sure seems like they are th

Re: UDP clamped on service provider links

2015-07-30 Thread Randy Bush
> In one case, when we were having an issue with a SIP trunk, we re-numbered > our end to another IP in the same subnet. Same path from A to Z, but the > packet loss mysteriously disappeared using the new IP. lag hash put you on a congested fiber?

Re: UDP clamped on service provider links

2015-07-30 Thread Jason Baugher
Oh, I'm aware of the function of an NNI. I even accept that a carrier might feel the need to filter bad traffic. I've certainly done so for things like the Moon exploit. What I don't like is arbitrary filtering of traffic and the denial of such filtering by the carrier. On Thu, Jul 30, 2015 at 10:

Re: UDP clamped on service provider links

2015-07-30 Thread Ca By
On Thursday, July 30, 2015, Jason Baugher wrote: > Several months ago we had an issue with a customer whose IPSEC tunnels we > manage. One of the tunnels dropped, and after troubleshooting we were able > to prove that only udp/500 was being blocked in one direction for one > specific source and d

Re: UDP clamped on service provider links

2015-07-30 Thread Jason Baugher
Several months ago we had an issue with a customer whose IPSEC tunnels we manage. One of the tunnels dropped, and after troubleshooting we were able to prove that only udp/500 was being blocked in one direction for one specific source and destination IP. Level3 resolved the issue, but claimed it wa

Re: UDP clamped on service provider links

2015-07-30 Thread Tom Sands
We have similar problems with UDP 500 and being able to keep IPSEC tunnels up over Level3. It happens quite a bit when there are no signs of TCP or ICMP packet loss. Sent from my iPhone > On Jul 30, 2015, at 9:14 PM, Jason Baugher wrote: > > To bring this discussion to specifics, we've been

Re: UDP clamped on service provider links

2015-07-30 Thread Jason Baugher
In one case, when we were having an issue with a SIP trunk, we re-numbered our end to another IP in the same subnet. Same path from A to Z, but the packet loss mysteriously disappeared using the new IP. It sure seems like they are throttling somewhere. On Thu, Jul 30, 2015 at 9:15 PM, Matt Hoppes

Re: UDP clamped on service provider links

2015-07-30 Thread Matt Hoppes
No. But I've seen Level3 just have really bad packet loss. > On Jul 30, 2015, at 22:12, Jason Baugher wrote: > > To bring this discussion to specifics, we've been fighting an issue where > our customers are experiencing poor audio quality on SIP calls. The only > carrier between our customers

Re: UDP clamped on service provider links

2015-07-30 Thread Jason Baugher
To bring this discussion to specifics, we've been fighting an issue where our customers are experiencing poor audio quality on SIP calls. The only carrier between our customers and the hosted VoIP provider is Level3. From multiple wiresharks, it appears that a certain percentage of UDP packets - in

Re: UDP clamped on service provider links

2015-07-30 Thread Ca By
On Thu, Jul 30, 2015 at 2:04 PM, Ted Hardie wrote: > On Thu, Jul 30, 2015 at 1:45 PM, John Kristoff wrote: > > > On Mon, 27 Jul 2015 19:42:46 +0530 > > Glen Kent wrote: > > > > > > > Is there a reason why this is often done so? Is this because UDP > > > is stateless and any script kiddie could

Re: UDP clamped on service provider links

2015-07-30 Thread Ted Hardie
On Thu, Jul 30, 2015 at 1:45 PM, John Kristoff wrote: > On Mon, 27 Jul 2015 19:42:46 +0530 > Glen Kent wrote: > > > > Is there a reason why this is often done so? Is this because UDP > > is stateless and any script kiddie could launch a DOS attack with a > > UDP stream? > > State, some form of s

Re: UDP clamped on service provider links

2015-07-30 Thread Roland Dobbins
On 27 Jul 2015, at 21:12, Glen Kent wrote: Given the state of affairs these days how difficult is it going to be for somebody to launch a DOS attack with some other protocol? --- Roland Dobbins

Re: UDP clamped on service provider links

2015-07-30 Thread John Kristoff
On Mon, 27 Jul 2015 19:42:46 +0530 Glen Kent wrote: > Is it true that UDP is often subjected to stiffer rate limits than > TCP? Yes, although I'm not sure how widespread this is in most, if even many networks. Probably not very widely deployed today, but restrictions and limitations only seem to

Re: UDP clamped on service provider links

2015-07-27 Thread Ray Soucy
"It depends on the network." is really the only answer. It's the kind of thing that happens quietly and often can be transient in nature (e.g. temporary "big stick" filters to deal with an active attack). As far as the reason it happens to UDP: UDP is a challenge because it's easy to leverage fo

Re: UDP clamped on service provider links

2015-07-27 Thread Christopher Morrow
On Mon, Jul 27, 2015 at 10:12 AM, Glen Kent wrote: > Hi, > > Is it true that UDP is often subjected to stiffer rate limits than TCP? Is I hear tell that some folk are engaging in this practice... You might have seen this hear little ditty:

UDP clamped on service provider links

2015-07-27 Thread Glen Kent
Hi, Is it true that UDP is often subjected to stiffer rate limits than TCP? Is there a reason why this is often done so? Is this because UDP is stateless and any script kiddie could launch a DOS attack with a UDP stream? Given the state of affairs these days how difficult is it going to be for so