PDA

View Full Version : Fringe divison of the internets (MTU & FTP)



Halwende
15-09-2010, 12:40 PM
I have a strange one for all you internet / networking gurus...

My home broadband connection has been on an un-bundled exchange in Auckland CBD for the past few months. It's not naked DSL, but it's through my ISP's own equipment

First up, I can suddenly no longer access a remote FTP server properly. It's only 5 hops away from me in a tracert, no delays or problems with a trace but when I go to connect the FTP server times-out and I get <2 KB/s speeds. It'll time-out just asking for a directory structure refresh

A tracert from the FTP to me gives time-outs once it hits my ISP, so is my ISP blocking or filtering FTP traffic? Sounds like a simple firewall right? I've yet to get an answer from them on that, but...

International traffic will sometimes go down. Anything that's not hosted in NZ gives me grief. My browser will say "waiting for..." but I never get the site. They resolve ok, but I never get any data back from them. I looked around and tried doing a ping -f -l 1500 to the site and get told my packets will be fragmented, so I dropped the MTU in the ping until it went through, 1412 was the magic number. International traffic comes back

However, I then tried a ping -f -l 1412 to the same site and instead of being told it was ok again I get a response that the packets will be fragmented. I drop the MTU lower (this is all to try and get my FTP working, I have no evidence MTU effects FTP connections but hey, it fixed my international traffic so gimme a break - heh) and it works at 1362. Reboot the router and again, packets fragmented with an MTU of 1362. International still ok but no FTP. Gosh, how low do I have to go? :P

I leave that alone for now (because sites are loading fine) but none of this is fixing my FTP connection. What gives I wonder. Could it be my router on the way out? (an older NETGEAR DG834Gv1)

Low MTU needed + FTP blocking (assumption) points towards my ISP routing equipment yes?

I'm in talks with my ISP as well obviously, see how I go, but just thought I'd throw this to the Press F1 crew and see if any gems of wisdom surface. Any ideas?

kahawai chaser
15-09-2010, 12:57 PM
Well I had a similar FTP issue with KOL on dial up when trying to access my web host. I think I had too many images and files, and hence the directories would not display fast enough. But I used free online FTP's which worked. Maybe try online FTP's.

Deimos
15-09-2010, 01:28 PM
Frame size won't effect FTP at all as frames will be fragmented when needed, the "response" is informational only, it does not mean the connection will/will not work.

The only time you need to worry about frame size (MTU) is if you are trying to run a VPN tunnel as VPN frames by default can't be fragmented (do not frgment flag is set), the solution in that scenario is to either enable fragmentation, or reduce the frame size on the VPN device.

The fact that you have switched ISP may just be a coincidence, have you tried connecting to the FTP from another location? have you asked a friend/collegue to verify that the ftp is working?

Chilling_Silence
15-09-2010, 01:32 PM
Sounds like a problem with your ISP, Traffic shaping (plus blocking?), oversubscribed international bandwdith by your ISP... Sounds like you're on the money.

DNS resolving (Resolves with an NZ-local server, your ISPs) again points towards shaping or an oversubscription of international bandwidth.

Those Netgear routers are "Acceptable" but not the greatest, however I doubt it's the cause of the issue personally. I'll PM you a local private speedtest site, lemme know what speeds you get from it.

Deimos
15-09-2010, 01:34 PM
Just re-reading your post a bit.

Keep in mind that when pinging a server with MTU of 1500 will always result in fragmented packets over ADSL, (and again, this won't effect connectivity because packets can be fragmented when needed) because the standard MTU for your connection is either 1492 or 1500, and with IP overheads any ping or traffic will have to use a lower MTU.

If tweaking the MTU on your router fixes connection issues, it could mean that the MTU was set too large in the first place (an MTU of 1500 might not work with your ISP) or it could mean that your router is having trouble fragmenting packets (which would indicate a fault).

try setting your MTU to 1492 and test your international traffic.

Deimos
15-09-2010, 01:38 PM
Oh, and by pinging with the -f flag, you are setting the "do not fragment" flag which would fail if the packet needs to be fragmented but again, this will not tell you if the connection would be successfull or not (for reasons stated above)

Halwende
15-09-2010, 02:31 PM
Frame size won't effect FTP at all as frames will be fragmented when needed, the "response" is informational only, it does not mean the connection will/will not work.

The only time you need to worry about frame size (MTU) is if you are trying to run a VPN tunnel...

Hmm, interesting, thanks for that - I wasn't sure if I should be taking those ping responses as gospel on if I was on the right track, but dropping my MTU to 1412 got my international traffic back. Still, it didn't get me back on to the FTP - which is as you say - to be expected. So does having to drop it like that mean oversaturation of international traffic or not really?

1492 didn't work btw, at that setting I still got no response from overseas sites. Only at 1362-1412 did I start getting pages load in the browser

I'm confused though because if the FTP is local, only 5 hops away from my machine, surely it must be the ISP doing something. The server is confirmed as fine, a friend on another ISP can access it and the owner confirms it's running a-ok. Must be some kind of shaping / control. Grrr... why would an ISP block users from accessing an FTP

I will post back if I hear anything more, or get it working. In the meantime I will leave my MTU alone @1412, at least I have normal browsing back

Deimos
15-09-2010, 02:49 PM
So does having to drop it like that mean oversaturation of international traffic or not really?

It doesn't really mean much apart from the fact that your ISP has a low MTU, and for some really strange reason your ISPs routers won't fragment the packets for you, in my experience setting the MTU too high (e.g. setting the MTU to 1500 when the ISPs MTU is 1492, I use 1492 because that is what my ISPs MTU is) does not break a connection, I would guess it is typically the case, but obviously not in yours.

You will always get packet fragmentation, the main reason is because the default MTU for a network device is 1500 (e.g. Windows), so if your DSL modem is set lower (it pretty much always is) then packets will fragment, but its perfectly normal, and there is anecdotal evidence that by tweaking the MTU in windows you can get better performance, but it is completely unnecessary, packet fragmentation is supposed to be normal and acceptable behaviour for a network.

So basically what you have done (by setting a lower MTU) is you have told your ADSL router to fragment any packets larger than the size you have specified (which will be the majority of the data coming from your PC).

What ISP are you with by the way? it sounds like they have misconfigured something in their routing equipment...

Halwende
17-09-2010, 01:56 PM
...it sounds like they have misconfigured something in their routing equipment...

...appears to be the issue here yep. My FTP is now back up and normal service is resuming. If anyone ever comes across a similar issue a call to the ISP may be the way to go, looks like something wasn't configured quite correctly between me and the server. Thanks all for the feedback :)

Chilling_Silence
17-09-2010, 02:46 PM
I still wanna know what ISP :D

Deimos
17-09-2010, 03:38 PM
Yeah me too... sounds like they may need to hire a network engineer....

Halwende
17-09-2010, 03:48 PM
I still wanna know what ISP :D

Haha! I don't think it's fair to out them on a public forum, needless to say it's fixed now... ;)

Oh I tried to PM you back yesterday to say thanks for the details on the local speedtests but I can't, not sure why - no option on the drop-down. Maybe it's my profile but anyway, cheers for the extra help there

gary67
17-09-2010, 06:56 PM
Haha! I don't think it's fair to out them on a public forum, needless to say it's fixed now... ;)

Oh I tried to PM you back yesterday to say thanks for the details on the local speedtests but I can't, not sure why - no option on the drop-down. Maybe it's my profile but anyway, cheers for the extra help there

PM's don't work until you have made 10 posts it's to try and combat the spammers

Chilling_Silence
17-09-2010, 11:46 PM
Potentially ... but still we hammer all ISPs around here anyways. Keeps them honest ;)