nanog mailing list archives

RE: Stumper

From: "Deepak Jain" <deepak () ai net>
Date: Tue, 21 Jan 2003 17:42:25 -0500



Definitely sounds like an MTU problem. I have seen IPSEC break across
Verizon DSL with a Linksys router until the MTU on the ?PCs?" where dropped
to just under 1500 bytes to allow for the IPSEC header.

DJ

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Mark J. Scheller
Sent: Tuesday, January 21, 2003 5:26 PM
To: nanog () merit edu
Subject: Stumper

I have run into a problem that has me completely stumped, so I'm
tossing it
out to NANOG for some help.

Before I lay out the specifics, I'm not trying to point fingers at any
particular ISP or vendor here, but this problem only exhibits
itself in very
specific configurations.  Unfortunately, the configuration is
common enough as
to get unwanted attention from the higher-ups.

Here's the particulars:

Users that have Verizon DSL and a Linksys cable/DSL router have
difficulties
accessing sites on my network -- whether they are trying with http, https,
smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem to be fine.
Low latency,
no loss.  This is true even for access to a server brought up in
the DMZ, to
keep the firewalls out of the equation.

Doing some packet sniffing on the ethernet side of my router, I could see
specific http requests never showed up (and the user saw the broken image
icon).  This was for an mrtg graph page with +/- 30 images.  I
saw the request
for almost all the image files, save for one and the user
reported the broken
image icon for the one.  So this looks and smells like a packet loss
issue..... but who/where/how?

Taking the Linksys out of the pictures (connecting their PC
directly to the
Verizon DSL modem) makes the problem go away.

These same users report no trouble whatsoever accessing many other common
sites across the internet.

Here's another interesting data point:  when one user runs Morpheus (on
any machine in his home network) he then has absolutely no
problems accessing
servers/services on my network.

Other users with Linksys routers and, say cable modem, do not have this
problem!

So I'm looking for some pointers.  What could I have done to my
edge router (a
Cisco 3640 if that helps any) that would make it drop packets
from Verizon DSL
customers with Linksys routers so long as they aren't running Morpheus?

Mark J. Scheller (scheller () u1 net)

Current thread:

Stumper Mark J. Scheller (Jan 21)
- Re: Stumper fkittred (Jan 21)
- Re: Stumper Stephen J. Wilcox (Jan 21)
- Re: Stumper Marshall Eubanks (Jan 21)
- RE: Stumper Deepak Jain (Jan 21)
- Re: Stumper Mark J. Scheller (Jan 21)
  - Re: Stumper William Warren (Jan 21)
  - Re: Stumper Stephen J. Wilcox (Jan 21)
  - Re: Stumper Steve Gibbard (Jan 21)
- Re: Stumper jeffrey.arnold (Jan 21)
- Re: Stumper hc (Jan 21)
  - Re: Stumper Wayne E. Bouchard (Jan 21)
- Re: Stumper Miguel Mata-Cardona (Jan 22)
- Re: Stumper Dennis Boylan (Jan 22)
- <Possible follow-ups>
- RE: Stumper Ray Burkholder (Jan 21)

(Thread continues...)