Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)Routing Issues after Static IP assignment
PEPCK

4 posts

Wannabe Geek
+1 received by user: 1


#237770 17-Jun-2018 19:17
Send private message

Recently switched to 2degrees UFB (from Bigpipe) and ordered a static IP. After the static IP was assigned about a week ago, I've encountered some weird routing issues affecting certain sites. Pretty much excluded every possible local cause I can think of.

 

Symptoms:

 

  • Affected sites fail to load (timeout)
  • App updates/downloads from Google Play store on multiple Android devices fail (timeout)
  • In the packet captures of the above, no response is seen from the affected IP (just SYNs from the client until timeout)
  • Some affected sites have been unavailable intermittently

Affected sites/servers:

 

  • trademe.co.nz (intermittent, working at time of writing) ---> 202.162.72.2 
  • radionz.co.nz (intermittent, working at time of writing) ---> 103.14.3.1
  • wn016-fm2.clnz.net (nz.archive.ubuntu.com, ftp.nz.debian.org) ---> 202.8.44.105 NOTE: only consistently broken IP
  • Unknown Google IP(s) -- haven't been able to pin down exact IP
  • Unknown 2D IP: 202.124.127.14

Setup:

 

  • 2Degrees UFB connection (900/400 PPPoE)
  • pfSense FW (minimal FW rules, no other modules)
  • Juniper/HP Gigabit switches to devices, UniFi AP for Wifi

Excluded problems:

 

  • DNS? Resolution working fine, correct records, match external tests, can reproduce issue using IPs directly.
  • Firewall? Nothing being blocked, adding allow rules had no effect. Packets leave WAN interface without issue, no reply traffic received.
  • Local network/hardware/software? Multiple devices/OS/hardware/connection combos affected. Resetting FW to defaults had no effect
  • Issue with remote server? No issues with any of the above when testing from external locations (work, 2D LTE, AU VPS etc.)
  • MTU? Problems persist regardless of link MTU of PPPoE connection (1492/1500/1508 makes no difference)
  • General issue? Haven't noticed any issues with sites other than the above. No speed issues, etc.

Why I think its a routing/ISP issue, not local:

 

  • All of the affected sites have worked fine from anywhere outside my home UFB connection (even my 2D LTE connection)
  • Issue seemed to have started after switching to a static IP (which happens to be a 202.124.x.x address)
  • Total absence of any errors/return traffic from affected IPs suggests routing blackhole or FW block.

Has anyone else had similar issues in the last week or so? 

 

Please let me know if you have any ideas!

 

Cheers!

Filter this topic showing only the reply marked as answer Create new topic
michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2039213 17-Jun-2018 19:22
Send private message

This does seem like a MTU problem. These sites work fine on my 2degrees UFB connection.

TCP MSS Clamping perhaps?




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



PEPCK

4 posts

Wannabe Geek
+1 received by user: 1


  #2039255 17-Jun-2018 20:32
Send private message

That was my first thought too, but changing MTU/MSS didn't make a difference (even to a much lower 1480/1440 MTU/MSS combo).

 

Connection was PPPoE UFB previously, no MTU issues.

hio77
'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified
Trusted
Lizard Networks
Subscriber

  #2039264 17-Jun-2018 20:48
Send private message

have you tried with the standard fritzbox to count out a configuration issue?

 

 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have. 



fe31nz
1294 posts

Uber Geek
+1 received by user: 423


  #2039280 17-Jun-2018 21:36
Send private message

2Degrees connections via Chorus fibre allow you to set up your PPPoE connection to use the overprovisioning that Chorus allows for.  So set your WAN Ethernet port to MTU 1508, the VLAN 10 over that port to MTU 1508 and the PPPoE MTU to 1500.  That is what is needed if you are ever to enable IPv6 and have it work properly, but it also helps with IPv4 as it prevents fragmentation of longer packets and allows the full Ethernet standard MTU of 1500 to be used.  pfSense should be up to date enough to have a PPPoE client that supports the larger MTU.

 

It probably works the same now with other fibre providers, but I have never verified that.

 

 

NickMack
977 posts

Ultimate Geek
+1 received by user: 831

Trusted
In memoriam
Lifetime subscriber

  #2039303 17-Jun-2018 22:46
Send private message

PEPCK:

 

Recently switched to 2degrees UFB (from Bigpipe) and ordered a static IP. After the static IP was assigned about a week ago, I've encountered some weird routing issues affecting certain sites. Pretty much excluded every possible local cause I can think of.

 

Symptoms:

 

  • Affected sites fail to load (timeout)
  • App updates/downloads from Google Play store on multiple Android devices fail (timeout)
  • In the packet captures of the above, no response is seen from the affected IP (just SYNs from the client until timeout)
  • Some affected sites have been unavailable intermittently

Affected sites/servers:

 

  • trademe.co.nz (intermittent, working at time of writing) ---> 202.162.72.2 
  • radionz.co.nz (intermittent, working at time of writing) ---> 103.14.3.1
  • wn016-fm2.clnz.net (nz.archive.ubuntu.com, ftp.nz.debian.org) ---> 202.8.44.105 NOTE: only consistently broken IP
  • Unknown Google IP(s) -- haven't been able to pin down exact IP
  • Unknown 2D IP: 202.124.127.14

Setup:

 

  • 2Degrees UFB connection (900/400 PPPoE)
  • pfSense FW (minimal FW rules, no other modules)
  • Juniper/HP Gigabit switches to devices, UniFi AP for Wifi

Excluded problems:

 

  • DNS? Resolution working fine, correct records, match external tests, can reproduce issue using IPs directly.
  • Firewall? Nothing being blocked, adding allow rules had no effect. Packets leave WAN interface without issue, no reply traffic received.
  • Local network/hardware/software? Multiple devices/OS/hardware/connection combos affected. Resetting FW to defaults had no effect
  • Issue with remote server? No issues with any of the above when testing from external locations (work, 2D LTE, AU VPS etc.)
  • MTU? Problems persist regardless of link MTU of PPPoE connection (1492/1500/1508 makes no difference)
  • General issue? Haven't noticed any issues with sites other than the above. No speed issues, etc.

Why I think its a routing/ISP issue, not local:

 

  • All of the affected sites have worked fine from anywhere outside my home UFB connection (even my 2D LTE connection)
  • Issue seemed to have started after switching to a static IP (which happens to be a 202.124.x.x address)
  • Total absence of any errors/return traffic from affected IPs suggests routing blackhole or FW block.

Has anyone else had similar issues in the last week or so? 

 

Please let me know if you have any ideas!

 

Cheers!

 

 

 

 

Hiya - MTU should be set to 1492. Have you called customer care - Are you able to PM me the ticket number?

 

To change your IP to a dynamic, you should be able to change connection login to details to Something@bogus.nz instead of xyz@snap.net.nz to test. (I'd be surprised, but happy to be surprised :-))

 

Nick

 

 

 

Nick.




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #2039542 18-Jun-2018 11:28
Send private message

Drop your MTU to 1420.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
PEPCK

4 posts

Wannabe Geek
+1 received by user: 1


  #2039574 18-Jun-2018 12:07
Send private message

Nick- 

 

Yup, reference number is 180618-000215

 

I tried switching back to a dynamic IP this morning, but the PPPoE link failed to connect afterwards. Seemed to just be a pfSense issue though (the interface assignment linking the VLAN to the PPPoE int disappeared). Will try again later this evening.

NickMack
977 posts

Ultimate Geek
+1 received by user: 831

Trusted
In memoriam
Lifetime subscriber

  #2039577 18-Jun-2018 12:11
Send private message

Clarification from the team - Remove the realm @snap.net.nz, keen your Username/Pw there.




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

PEPCK

4 posts

Wannabe Geek
+1 received by user: 1


  #2039959 18-Jun-2018 18:30
Send private message

All sorted! Nick reports there was a leftover static route for my static IP. Changing the IP fixed the issue straight away!

 

 

 

Huge thanks to Nick and the team for getting this sorted so quickly!

NickMack
977 posts

Ultimate Geek
+1 received by user: 831

Trusted
In memoriam
Lifetime subscriber

  #2039960 18-Jun-2018 18:31
Send private message

Hiya - All good, thanks for working with us!




https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz 

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright