nanog mailing list archives

Re: Stumper

From: "Miguel Mata-Cardona" <mmata () sv intercomnet net>
Date: Wed, 22 Jan 2003 08:46:31 -0600


we used to have that problem here. a big customer from us does 
many gre tunnels. the problem seemed to be that they were blocking 
icmp, thus every mtu variation on the way from any point could not be 
known by the routers making the point unavailable (we actually saw 
the packets just before entering the tunnel). try this, ping with different 
packet size and you will find this problem.
solution to the problem was to allow the icmp dunr type packets.


On 21 Jan 2003 at 17:25, Mark J. Scheller wrote:



I have run into a problem that has me completely stumped, so I'm
tossing it out to NANOG for some help.

Before I lay out the specifics, I'm not trying to point fingers at any
particular ISP or vendor here, but this problem only exhibits itself
in very specific configurations.  Unfortunately, the configuration is
common enough as to get unwanted attention from the higher-ups.

Here's the particulars:

Users that have Verizon DSL and a Linksys cable/DSL router have
difficulties accessing sites on my network -- whether they are trying
with http, https, smtp, pop3, ssh, ftp, etc., etc.  Oh, but pings seem
to be fine.  Low latency, no loss.  This is true even for access to a
server brought up in the DMZ, to keep the firewalls out of the
equation.

Doing some packet sniffing on the ethernet side of my router, I could
see specific http requests never showed up (and the user saw the
broken image icon).  This was for an mrtg graph page with +/- 30
images.  I saw the request for almost all the image files, save for
one and the user reported the broken image icon for the one.  So this
looks and smells like a packet loss issue..... but who/where/how?

Taking the Linksys out of the pictures (connecting their PC directly
to the Verizon DSL modem) makes the problem go away.

These same users report no trouble whatsoever accessing many other
common sites across the internet.

Here's another interesting data point:  when one user runs Morpheus
(on any machine in his home network) he then has absolutely no
problems accessing servers/services on my network.

Other users with Linksys routers and, say cable modem, do not have
this problem!

So I'm looking for some pointers.  What could I have done to my edge
router (a Cisco 3640 if that helps any) that would make it drop
packets from Verizon DSL customers with Linksys routers so long as
they aren't running Morpheus?

Mark J. Scheller (scheller () u1 net)



-- 
Miguel Mata-Cardona
Intercom El Salvador
mmata () sv intercomnet net

Current thread:

Re: Stumper, (continued)
- Re: Stumper Stephen J. Wilcox (Jan 21)
- Re: Stumper Marshall Eubanks (Jan 21)
- RE: Stumper Deepak Jain (Jan 21)
- Re: Stumper Mark J. Scheller (Jan 21)
  - Re: Stumper William Warren (Jan 21)
  - Re: Stumper Stephen J. Wilcox (Jan 21)
  - Re: Stumper Steve Gibbard (Jan 21)
- Re: Stumper jeffrey.arnold (Jan 21)
- Re: Stumper hc (Jan 21)
  - Re: Stumper Wayne E. Bouchard (Jan 21)
- Re: Stumper Miguel Mata-Cardona (Jan 22)
- Re: Stumper Dennis Boylan (Jan 22)
- RE: Stumper Ray Burkholder (Jan 21)
  - Re: Stumper William Warren (Jan 21)
- RE: Stumper Cutler, James R (Jan 21)
- RE: Stumper Martin Renschler (EWU) (Jan 21)