DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor 120 fragmented packet loss
- cuthbei
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
23 Nov 2010 17:53 #64993
by cuthbei
Vigor 120 fragmented packet loss was created by cuthbei
Hi,
I have a configuration with a PPPoE connection from a Linksys WRT54GS through a Vigor 120 acting as a PPPoA to PPPoE bridge. I have a number of connection issues and am now very confident the Vigor 120 is causing some packet loss of IP Fragments.
For example, I can see on the inside of my router
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 68 bytes
12:10:22.669578 IP (tos 0xb8, ttl 64, id 11546, offset 0, flags [none], proto UDP (17), length 29) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.249781 IP (tos 0xb8, ttl 64, id 11547, offset 0, flags [none], proto UDP (17), length 476) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
As can be seen, the host is trying to create an IPSec NAT-T connection on UDP port 4500.
The response never makes it back through the router though. On the outside (PPPoE) I can see
12:10:22.669917 IP (tos 0xb8, ttl 63, id 11546, offset 0, flags [none], proto UDP (17), length 29) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.250153 IP (tos 0xb8, ttl 63, id 11547, offset 0, flags [none], proto UDP (17), length 476) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-xxx-xxx.bb.adsl24.co.uk: udp
The third packet is of interest as it is an IP Fragment with an offset of 1480 bytes. Normally, I would expect another fragment before this with an offset of zero and the more fragment bit set. I never see this fragment.
I have recreated this issue by sending fragemented PINGs from a number of third party hosts to my router and only the 2nd fragment arrives, never the 1st fragment.
Does anyone know how I should address this with Draytek?
Thanks, Cuthbei
I have a configuration with a PPPoE connection from a Linksys WRT54GS through a Vigor 120 acting as a PPPoA to PPPoE bridge. I have a number of connection issues and am now very confident the Vigor 120 is causing some packet loss of IP Fragments.
For example, I can see on the inside of my router
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 68 bytes
12:10:22.669578 IP (tos 0xb8, ttl 64, id 11546, offset 0, flags [none], proto UDP (17), length 29) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.249781 IP (tos 0xb8, ttl 64, id 11547, offset 0, flags [none], proto UDP (17), length 476) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
As can be seen, the host is trying to create an IPSec NAT-T connection on UDP port 4500.
The response never makes it back through the router though. On the outside (PPPoE) I can see
12:10:22.669917 IP (tos 0xb8, ttl 63, id 11546, offset 0, flags [none], proto UDP (17), length 29) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.250153 IP (tos 0xb8, ttl 63, id 11547, offset 0, flags [none], proto UDP (17), length 476) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-xxx-xxx.bb.adsl24.co.uk: udp
The third packet is of interest as it is an IP Fragment with an offset of 1480 bytes. Normally, I would expect another fragment before this with an offset of zero and the more fragment bit set. I never see this fragment.
I have recreated this issue by sending fragemented PINGs from a number of third party hosts to my router and only the 2nd fragment arrives, never the 1st fragment.
Does anyone know how I should address this with Draytek?
Thanks, Cuthbei
Please Log in or Create an account to join the conversation.
- cuthbei
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
23 Nov 2010 20:14 #64999
by cuthbei
Replied by cuthbei on topic Vigor 120 fragmented packet loss
I think I have actually now understood this limitation and it isn't something Draytek can fix.
If the second fragment has an offset of 1480 bytes, that means the original missing IP fragment had 1480 bytes of IP data, which if you add on the IP header, would mean it would be 1500 bytes long. This isn't much of a surprise, as the normal IP MTU on ethernet is 1500 bytes, as the maximum frame size if 1518 bytes.
So if we assume a number of ATM cells arrived at the outside of the Draytek Vigor 120 which could be reassembled into a 1500 byte IP fragment / 1518 byte ethernet frame. Once the Draytek has assembled them, it can't then add the PPPoE header, as the frame size will become too large.
This will be a problem for ANY remote host which sends a 1500 byte IP packet or a router on the path fragments to 1500 bytes. Of course, a good remote host will retransmit the data in small packets / fragments if it doesn't get a response, but as the Draytek can't send back an ICMP packet too big message, most hosts wont'.
If you ISP happens to use a lower MTU than 1500, then you probably won't see any issues, but this won't normally be in your control.
A serious limitation of such a product in my mind.
If the second fragment has an offset of 1480 bytes, that means the original missing IP fragment had 1480 bytes of IP data, which if you add on the IP header, would mean it would be 1500 bytes long. This isn't much of a surprise, as the normal IP MTU on ethernet is 1500 bytes, as the maximum frame size if 1518 bytes.
So if we assume a number of ATM cells arrived at the outside of the Draytek Vigor 120 which could be reassembled into a 1500 byte IP fragment / 1518 byte ethernet frame. Once the Draytek has assembled them, it can't then add the PPPoE header, as the frame size will become too large.
This will be a problem for ANY remote host which sends a 1500 byte IP packet or a router on the path fragments to 1500 bytes. Of course, a good remote host will retransmit the data in small packets / fragments if it doesn't get a response, but as the Draytek can't send back an ICMP packet too big message, most hosts wont'.
If you ISP happens to use a lower MTU than 1500, then you probably won't see any issues, but this won't normally be in your control.
A serious limitation of such a product in my mind.
Please Log in or Create an account to join the conversation.
- cuthbei
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
23 Nov 2010 20:24 #65000
by cuthbei
Replied by cuthbei on topic Vigor 120 fragmented packet loss
To add to my ramble, I would expect the PPPoE/PPPoA MTU to be negotiated as part of the startup process. Of course, how well the Draytek takes part in this negotiation is a different matter. I think it doesn't at all.
Even if I set the MTU on my router really low, unless my ISP matches it, it won't make any difference.
Cuthbei
Even if I set the MTU on my router really low, unless my ISP matches it, it won't make any difference.
Cuthbei
Please Log in or Create an account to join the conversation.
- netbee
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
08 Dec 2010 17:15 #65200
by netbee
Replied by netbee on topic Vigor 120 fragmented packet loss
Hey,
Did you check this with DrayTek to take their point of view ? if not, is it some thing which you can do?
Regards,
Did you check this with DrayTek to take their point of view ? if not, is it some thing which you can do?
Regards,
Please Log in or Create an account to join the conversation.
- cuthbei
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
10 Dec 2010 09:15 #65206
by cuthbei
Replied by cuthbei on topic Vigor 120 fragmented packet loss
Hi,
I didn't manage to. I don't have the device at the moment, so I'm not sure I can really speak with Draytek about it.
Thanks, Cuthbei
I didn't manage to. I don't have the device at the moment, so I'm not sure I can really speak with Draytek about it.
Thanks, Cuthbei
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek