global-gateway.net.nz and possible MTU problems
We've got a client in Thailand who is having having trouble with traffic from a number of sites - all of which go through global-gateway.net.nz. Based on the symptoms I'm guessing it may be an MTU issue (along with the other end blocking ICMP) - anyone seen this with global-gateway.net.nz before? If anyone here is responsible for that network I'd appreciate it if you could contact me off-list. Thanks, Scott.
On 2-Aug-2007, at 18:20, Scott Howard wrote:
We've got a client in Thailand who is having having trouble with traffic from a number of sites - all of which go through global- gateway.net.nz.
Based on the symptoms I'm guessing it may be an MTU issue (along with the other end blocking ICMP) - anyone seen this with global-gateway.net.nz before?
If anyone here is responsible for that network I'd appreciate it if you could contact me off-list.
Have you tried sending a series of packets between hosts over a network that traverses the bit of ggi that you think has the problem, setting the DF bit and increasing the payload size until they don't get through any more? Joe
Hi Folks, We've found in a couple of cases that ICMP packets coming from some address ranges (such as the WIX range 202.7.0.0/25) don't make it through GG. If those packets happen to be type 3 code 4 and the end user isn't capable of 1500 byte packets, you're certainly going to have MTU issues. Of course to diagnose the issue just do what Joe said. Cheers, Jon -----Original Message----- From: Joe Abley [mailto:jabley(a)ca.afilias.info] Sent: Friday, 3 August 2007 10:51 a.m. To: Scott Howard Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] global-gateway.net.nz and possible MTU problems On 2-Aug-2007, at 18:20, Scott Howard wrote:
We've got a client in Thailand who is having having trouble with traffic from a number of sites - all of which go through global- gateway.net.nz.
Based on the symptoms I'm guessing it may be an MTU issue (along with the other end blocking ICMP) - anyone seen this with global-gateway.net.nz before?
If anyone here is responsible for that network I'd appreciate it if you could contact me off-list.
Have you tried sending a series of packets between hosts over a network that traverses the bit of ggi that you think has the problem, setting the DF bit and increasing the payload size until they don't get through any more? Joe _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Hi all On Fri, Aug 03, 2007 at 11:15:52AM +1200, Jonathan Brewer said:
Hi Folks,
We've found in a couple of cases that ICMP packets coming from some address ranges (such as the WIX range 202.7.0.0/25) don't make it through GG.
The WIX block (202.7.0.0/23 - note, it's a 23, not a 25), and all the other NZ exchange blocks, are not advertised internationally unless an ISP is doing so - there have been examples of ISP's accidentally doing that in the past. It's a fairly foolhardy thing to do, and most stop pretty smartly once they realise. Equally, how far ISP's carry the NZIX blocks into their networks is a choice each provider makes - you can't assume domestic reachability from/to that /23. So, really, you shouldn't be asking "why don't GG carry packets originating from 202.7.0.0/23", rather, you should be asking, "why am I originating packets from a range that is intentionally poorly routed". It was relatively common a few years ago for ISP's providing transit services to customers to include a hop within the WIX range. I believe everybody has given up doing that for new connections, but there are still a few ISP's (at least ICONZ, TCL) who have some historical customers connected that way. I certainly wouldn't encourage anybody to do this just to save a few IP numbers - it makes traceroutes look scody, and almost certainly breaks path MTU discovery. Cheers Si
On Thu, Aug 02, 2007 at 06:51:26PM -0400, Joe Abley wrote:
Have you tried sending a series of packets between hosts over a network that traverses the bit of ggi that you think has the problem, setting the DF bit and increasing the payload size until they don't get through any more?
Unfortunately we didn't have direct access to either end so I wasn't able to do that. However thanks to Andrew from Global Gateway we've managed to confirm that this problem is occuring a few hops along from them in a provider in Thailand, and not at GG itself. Thanks, Scott.
Scott Howard wrote:
We've got a client in Thailand who is having having trouble with traffic from a number of sites - all of which go through global-gateway.net.nz.
Based on the symptoms I'm guessing it may be an MTU issue (along with the other end blocking ICMP) - anyone seen this with global-gateway.net.nz before?
If anyone here is responsible for that network I'd appreciate it if you could contact me off-list.
[not responsible for the network; and I see that you found someone to assist you] Bear in mind that GGI do not advertise their infrastructure networks, and if you find yourself in the unfortunate situation of requiring PMTU-D to work *and* your upstream ISP/NSP is running RPF strict, you may be in a world of hurt.
participants (6)
-
Alastair Johnson -
jamie baddeley -
Joe Abley -
Jonathan Brewer -
Scott Howard -
Simon Blake