Routing Issues after Static IP assignment

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Routing Issues after Static IP assignment

PEPCK

4 posts

Wannabe Geek

#237770 17-Jun-2018 19:17

Recently switched to 2degrees UFB (from Bigpipe) and ordered a static IP. After the static IP was assigned about a week ago, I've encountered some weird routing issues affecting certain sites. Pretty much excluded every possible local cause I can think of.

Symptoms:

Affected sites fail to load (timeout)
App updates/downloads from Google Play store on multiple Android devices fail (timeout)
In the packet captures of the above, no response is seen from the affected IP (just SYNs from the client until timeout)
Some affected sites have been unavailable intermittently

Affected sites/servers:

trademe.co.nz (intermittent, working at time of writing) ---> 202.162.72.2
radionz.co.nz (intermittent, working at time of writing) ---> 103.14.3.1
wn016-fm2.clnz.net (nz.archive.ubuntu.com, ftp.nz.debian.org) ---> 202.8.44.105 NOTE: only consistently broken IP
Unknown Google IP(s) -- haven't been able to pin down exact IP
Unknown 2D IP: 202.124.127.14

Setup:

2Degrees UFB connection (900/400 PPPoE)
pfSense FW (minimal FW rules, no other modules)
Juniper/HP Gigabit switches to devices, UniFi AP for Wifi

Excluded problems:

DNS? Resolution working fine, correct records, match external tests, can reproduce issue using IPs directly.
Firewall? Nothing being blocked, adding allow rules had no effect. Packets leave WAN interface without issue, no reply traffic received.
Local network/hardware/software? Multiple devices/OS/hardware/connection combos affected. Resetting FW to defaults had no effect
Issue with remote server? No issues with any of the above when testing from external locations (work, 2D LTE, AU VPS etc.)
MTU? Problems persist regardless of link MTU of PPPoE connection (1492/1500/1508 makes no difference)
General issue? Haven't noticed any issues with sites other than the above. No speed issues, etc.

Why I think its a routing/ISP issue, not local:

All of the affected sites have worked fine from anywhere outside my home UFB connection (even my 2D LTE connection)
Issue seemed to have started after switching to a static IP (which happens to be a 202.124.x.x address)
Total absence of any errors/return traffic from affected IPs suggests routing blackhole or FW block.

Has anyone else had similar issues in the last week or so?

Please let me know if you have any ideas!

Cheers!

michaelmurfy

meow
13243 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2039213 17-Jun-2018 19:22

This does seem like a MTU problem. These sites work fine on my 2degrees UFB connection.

TCP MSS Clamping perhaps?

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

PEPCK

4 posts

Wannabe Geek

#2039255 17-Jun-2018 20:32

That was my first thought too, but changing MTU/MSS didn't make a difference (even to a much lower 1480/1440 MTU/MSS combo).

Connection was PPPoE UFB previously, no MTU issues.

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2039264 17-Jun-2018 20:48

have you tried with the standard fritzbox to count out a configuration issue?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

fe31nz

1229 posts

Uber Geek

#2039280 17-Jun-2018 21:36

2Degrees connections via Chorus fibre allow you to set up your PPPoE connection to use the overprovisioning that Chorus allows for. So set your WAN Ethernet port to MTU 1508, the VLAN 10 over that port to MTU 1508 and the PPPoE MTU to 1500. That is what is needed if you are ever to enable IPv6 and have it work properly, but it also helps with IPv4 as it prevents fragmentation of longer packets and allows the full Ethernet standard MTU of 1500 to be used. pfSense should be up to date enough to have a PPPoE client that supports the larger MTU.

It probably works the same now with other fibre providers, but I have never verified that.

NickMack

962 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2039303 17-Jun-2018 22:46

PEPCK:

Recently switched to 2degrees UFB (from Bigpipe) and ordered a static IP. After the static IP was assigned about a week ago, I've encountered some weird routing issues affecting certain sites. Pretty much excluded every possible local cause I can think of.

Symptoms:

Affected sites fail to load (timeout)
App updates/downloads from Google Play store on multiple Android devices fail (timeout)
In the packet captures of the above, no response is seen from the affected IP (just SYNs from the client until timeout)
Some affected sites have been unavailable intermittently
Affected sites/servers:

trademe.co.nz (intermittent, working at time of writing) ---> 202.162.72.2
radionz.co.nz (intermittent, working at time of writing) ---> 103.14.3.1
wn016-fm2.clnz.net (nz.archive.ubuntu.com, ftp.nz.debian.org) ---> 202.8.44.105 NOTE: only consistently broken IP
Unknown Google IP(s) -- haven't been able to pin down exact IP
Unknown 2D IP: 202.124.127.14
Setup:

2Degrees UFB connection (900/400 PPPoE)
pfSense FW (minimal FW rules, no other modules)
Juniper/HP Gigabit switches to devices, UniFi AP for Wifi
Excluded problems:

DNS? Resolution working fine, correct records, match external tests, can reproduce issue using IPs directly.
Firewall? Nothing being blocked, adding allow rules had no effect. Packets leave WAN interface without issue, no reply traffic received.
Local network/hardware/software? Multiple devices/OS/hardware/connection combos affected. Resetting FW to defaults had no effect
Issue with remote server? No issues with any of the above when testing from external locations (work, 2D LTE, AU VPS etc.)
MTU? Problems persist regardless of link MTU of PPPoE connection (1492/1500/1508 makes no difference)
General issue? Haven't noticed any issues with sites other than the above. No speed issues, etc.
Why I think its a routing/ISP issue, not local:

All of the affected sites have worked fine from anywhere outside my home UFB connection (even my 2D LTE connection)
Issue seemed to have started after switching to a static IP (which happens to be a 202.124.x.x address)
Total absence of any errors/return traffic from affected IPs suggests routing blackhole or FW block.
Has anyone else had similar issues in the last week or so?

Please let me know if you have any ideas!

Cheers!

Hiya - MTU should be set to 1492. Have you called customer care - Are you able to PM me the ticket number?

To change your IP to a dynamic, you should be able to change connection login to details to Something@bogus.nz instead of xyz@snap.net.nz to test. (I'd be surprised, but happy to be surprised :-))

Nick

Nick.

https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz

vulcannz

436 posts

Ultimate Geek
Inactive user

#2039542 18-Jun-2018 11:28

Drop your MTU to 1420.

PEPCK

4 posts

Wannabe Geek

#2039574 18-Jun-2018 12:07

Nick-

Yup, reference number is 180618-000215

I tried switching back to a dynamic IP this morning, but the PPPoE link failed to connect afterwards. Seemed to just be a pfSense issue though (the interface assignment linking the VLAN to the PPPoE int disappeared). Will try again later this evening.