North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Stumper
Definitely sounds like an MTU problem. I have seen IPSEC break across Verizon DSL with a Linksys router until the MTU on the ?PCs?" where dropped to just under 1500 bytes to allow for the IPSEC header. DJ > -----Original Message----- > From: [email protected] [mailto:[email protected]]On Behalf Of > Mark J. Scheller > Sent: Tuesday, January 21, 2003 5:26 PM > To: [email protected] > Subject: Stumper > > > > > I have run into a problem that has me completely stumped, so I'm > tossing it > out to NANOG for some help. > > Before I lay out the specifics, I'm not trying to point fingers at any > particular ISP or vendor here, but this problem only exhibits > itself in very > specific configurations. Unfortunately, the configuration is > common enough as > to get unwanted attention from the higher-ups. > > Here's the particulars: > > Users that have Verizon DSL and a Linksys cable/DSL router have > difficulties > accessing sites on my network -- whether they are trying with http, https, > smtp, pop3, ssh, ftp, etc., etc. Oh, but pings seem to be fine. > Low latency, > no loss. This is true even for access to a server brought up in > the DMZ, to > keep the firewalls out of the equation. > > Doing some packet sniffing on the ethernet side of my router, I could see > specific http requests never showed up (and the user saw the broken image > icon). This was for an mrtg graph page with +/- 30 images. I > saw the request > for almost all the image files, save for one and the user > reported the broken > image icon for the one. So this looks and smells like a packet loss > issue..... but who/where/how? > > Taking the Linksys out of the pictures (connecting their PC > directly to the > Verizon DSL modem) makes the problem go away. > > These same users report no trouble whatsoever accessing many other common > sites across the internet. > > Here's another interesting data point: when one user runs Morpheus (on > any machine in his home network) he then has absolutely no > problems accessing > servers/services on my network. > > Other users with Linksys routers and, say cable modem, do not have this > problem! > > So I'm looking for some pointers. What could I have done to my > edge router (a > Cisco 3640 if that helps any) that would make it drop packets > from Verizon DSL > customers with Linksys routers so long as they aren't running Morpheus? > > Mark J. Scheller ([email protected]) > > > >
|