What might cause half-bridging RTA1320 to not work on certain websites, but not others?

Forums › New Zealand Broadband › What might cause half-bridging RTA1320 to not work on certain websites, but not others?

1 | 2

plambrechtsen

892 posts

Ultimate Geek

Trusted

Telecom NZ

Reply # 644041 20-Jun-2012 21:54
Oh that's not good. Seems like Vodafone / ihug have a private network routeable from their public internet. That's what you are pinging something in their core network. So I would make sure you don't try and use those ip addresses. I work for Telecom, but as always my views are my own.

eXDee

2795 posts

Uber Geek

Trusted

Reply # 644097 21-Jun-2012 00:26
That looks ridiculous. Out of interest is this a RTA1320, RTA1320E or RTA1320V6?

seatil

7 posts

Wannabe Geek

Reply # 644185 21-Jun-2012 11:27
Sounds a bit like broken Path MTU Discovery. This is something I encountered when using half-bridge mode, and again now that we're using a PPPoE/PPPoA bridge. From memory it was caused by some sites blocking all ICMP packets, including those needed for Path MTU Discovery to work. The net result is you can establish a TCP connection to the affected sites, but you'll be lucky to get much, if any, data received from them. Akamai-hosted sites were a big problem for us. The good news is that there is a workaround for the problem that doesn't involve jumping up and down and yelling. I use the following iptables rule on my Linux router: /sbin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu You can find lots more information by Googling for broken PMTUD One result: http://lartc.org/howto/lartc.cookbook.mtu-mss.html

Ragnor

6887 posts

Uber Geek

Trusted

Subscriber

Reply # 644223 21-Jun-2012 12:22
PPPoA can't be easily bridged like PPPoE. PPPoA half bridge aka ip extension is a hack not a standard. This old page describes how different modems achieve it: http://wlug.org.nz/Half%20bridge%20with%20PPPoA I would try changing the modem to use the "Class A" private range for LAN and DHCP server, eg: Modem: 10.0.0.x Router: 192.168.0.x Other options: If you are on Vodafone red network you may be able to use PPPoE in the modem instead of PPPoA authentication, PPPoE full bridge is easy and standard is most devices. Get a Draytek Vigor 120 that does PPPoA to PPPoE translation/relay.

sidefx

1054 posts

Uber Geek

Reply # 644240 21-Jun-2012 13:08
Rubicon: This sounds like a routing issue. Have you checked the routing table for your modem? Routing table on the RTA1320 looks like this when connected. Sorry about the formatting. Afraid it doesn't mean much to me: Destination Netmask Gateway Interface Metric 203.109.128.95 255.255.255.255 0.0.0.0 pppoa_0_100_1 1 27.252.127.146 255.255.255.255 0.0.0.0 br0 0 192.168.52.0 255.255.255.0 0.0.0.0 br0 0 0.0.0.0 0.0.0.0 203.109.128.95 pppoa_0_100_1 0 plambrechtsen: Oh that's not good. Seems like Vodafone / ihug have a private network routeable from their public internet. That's what you are pinging something in their core network. So I would make sure you don't try and use those ip addresses. Yes Sadly changing the modem to 192.168.52.1 doesn't fix the issue, but it is odd. I can ping a range of addresses on 192.168.1.x... wonder what they are. eXDee: That looks ridiculous. Out of interest is this a RTA1320, RTA1320E or RTA1320V6? RTA1320 seatil: The good news is that there is a workaround for the problem that doesn't involve jumping up and down and yelling. I use the following iptables rule on my Linux router: /sbin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu YES! Progress! :) This seems to improve it in that I can now access the sites I previously couldn't. But it also completely kills my speed. I usually get ~12Mbps but with this on it drops to 2.6... Not ideal but I will keep experimenting. Any more ideas welcome! Also, since this is possibly(?) looking like an ISP specific issue, maybe a mod could move it to the Vodafone forum?

sidefx

1054 posts

Uber Geek

Reply # 644242 21-Jun-2012 13:12
Ragnor: PPPoA can't be easily bridged like PPPoE. PPPoA half bridge aka ip extension is a hack not a standard. This old page describes how different modems achieve it: http://wlug.org.nz/Half%20bridge%20with%20PPPoA I would try changing the modem to use the "Class A" private range for LAN and DHCP server, eg: Modem: 10.0.0.x Router: 192.168.0.x Other options: If you are on Vodafone red network you may be able to use PPPoE in the modem instead of PPPoA authentication, PPPoE full bridge is easy and standard is most devices. Get a Draytek Vigor 120 that does PPPoA to PPPoE translation/relay. Thanks Ragnor. No I'm not on red network anymore (I think) as I'm quite far from exchange so got swapped to wholesale. Yeah, Vigor is certainly one I would like to try. Not cheap though (RTA1320 can be had for ~$1.50 on trademe, lol) I'll try those ranges for modem\router though.

dannyres

192 posts

Master Geek

Reply # 644243 21-Jun-2012 13:14
I'm on Vodafone (not on the red network) using the RTA1320E (192.168.1.x) half bridged to a WRT54GL (192.168.2.x) with no issues. When I get home I'll take a look at the routing tables on the RTA1320E and see how they compare to yours.

sidefx

1054 posts

Uber Geek

Reply # 644337 21-Jun-2012 16:02
dannyres: I'm on Vodafone (not on the red network) using the RTA1320E (192.168.1.x) half bridged to a WRT54GL (192.168.2.x) with no issues. When I get home I'll take a look at the routing tables on the RTA1320E and see how they compare to yours. Thanks, that would be helpful! :)

sidefx

1054 posts

Uber Geek

Reply # 644346 21-Jun-2012 16:13
Hrm. Just retested and this is now working... Haven't changed anything and I'm pretty sure I'm not going crazy ;-) I need to go out for a while but will test more when I get back.

Linuxluver

2486 posts

Uber Geek

Trusted

Subscriber

Reply # 644347 21-Jun-2012 16:14
sbiddle: sidefx: Hmm, ok I will check what it's set to on the modem\router that works. I think it defaults to 1500 on the RTA1320. Are there any others I should try? I can't see any definitive instructions on the vodafone site. Your DSL MTU will be lower than this. I don't know what Vodafone use but if you're on EUBA you could try 1492. I think you're wrong. 192,168.. is all reserved as private .....but 192.0 to 192.167 and 192.169 to 192.255 are all valid public addresses. If you're not curious, your brain is already dying...if not dead. My blogs: Eyes Wide Open /Android Luver / 3D Luver / Truth Seeker Handhelds: LG Optimus 3D Max / LG Optimus 3D / HTC Sensation / VFNZ 845 / Samsung Galaxy Tab / Lenovo IdeaPad K1 32GB / iPod Touch PCs: Home made Linux boxen from parts mainly from PB Tech.

Rubicon

27 posts

Geek

Reply # 644459 21-Jun-2012 21:16
sidefx: Routing table on the RTA1320 looks like this when connected. Sorry about the formatting. Afraid it doesn't mean much to me: Destination Netmask Gateway Interface Metric 203.109.128.95 255.255.255.255 0.0.0.0 pppoa_0_100_1 1 27.252.127.146 255.255.255.255 0.0.0.0 br0 0 192.168.52.0 255.255.255.0 0.0.0.0 br0 0 0.0.0.0 0.0.0.0 203.109.128.95 pppoa_0_100_1 0 I don't see anything wrong with this, so your problem must be caused by something else. In case you want a brief explanation: 1) Traffic to Vodafone's gateway (203.109.128.95/32) is sent via the modem's ADSL port (pppoa_0_100_1). 2) Traffic directed to your public IP address is directed via the modem's LAN port (br0). 3) Traffic to addresses on your LAN (192.168.52.0/24) is sent via the modem's LAN port. 4) All other traffic is sent to Vodafone's gateway via the ADSL port. As such, traffic to adobe.com, or other addresses in 192.0.0.0/8, is being sent via the ADSL line.

sidefx

1054 posts

Uber Geek

Reply # 644596 22-Jun-2012 10:34
@Rubicon: Thanks, yeah, that makes perfect sense. As I say above, this all now seems to be working without any real issue. I still have no idea what fixed it, but I'm not going to complain. The only minor niggle remaining now is that pinging the modem is taking a bit longer than 1ms to complete (less than 2ms though lol), but I was under the impression that anything on your local network should be well under 1ms?

1 | 2