Netonix Forums


https://oldstore.netonix.com/

Fragmented UDP packets blocked

https://oldstore.netonix.com/viewtopic.php?f=17&t=2393

Page 1 of 1

Fragmented UDP packets blocked

Posted: Thu Jan 05, 2017 5:22 am
by FuzzyDice
Hello everyone.

I am seeing fragmented UDP packets being blocked at my WS-10-250-AC, firmware 1.4.5. Here is a permalink to one of the tests I did using the ICSI Netalyzr tool:

http://n2.netalyzr.icsi.berkeley.edu/re ... ca-af7a/rd

When I bypass the Netonix switch the tool reports no blockage of UDP fragments.

I can go into more detail about my network setup and configuration if needed, but before doing that I wanted to see if there was a setting or something in the switch that affects this? I poked around and couldn't find anything that seemed related to this issue, but my wife will tell you I couldn't find the water from a boat. :roll:

Thanks!

Re: Fragmented UDP packets blocked

Posted: Thu Jan 05, 2017 12:28 pm
by Eric Stern
You can try increasing the MTU on the Ports tab.

Re: Fragmented UDP packets blocked

Posted: Thu Jan 05, 2017 1:31 pm
by FuzzyDice
Currently set to 1528, with the rest of the network set to 1500. The WAN link is 1500, so that's going to be the maximum path MTU regardless.

The problem isn't that the packets are being fragmented - that's going to happen regardless since the path MTU will always be max 1500. The problem is that fragmented UDP packets aren't making it past the Netonix for some reason. If I run this test with the Netonix bypassed the fragmented UDP packets are passed across the entire path, including the WAN link.

I have customers using a variety of VOIP, VPN, and IPSec connections which all pass the occasional jumbo UDP frame and it's causing disruption to their services when the fragments are being blocked. With the popularity of Netonix among WISPs I would have expected this issue to have surfaced, so I'm not sure if this is expected behavior from the Netonix or if I have a special problem.

Re: Fragmented UDP packets blocked

Posted: Thu Jan 05, 2017 4:57 pm
by Eric Stern
I tested this with the switches in my lab and it passes every time. I tried a number of configuration changes to try and cause it to happen.

If you'd like to send me backup of the configuration of your switch I can look at it. You can email it to eric@netonix.com.

But I can't think of any configuration issue that could be causing this, as the switch operates at layer 2 and thus it doesn't know or care what is going on at layer 4 (UDP).

Re: Fragmented UDP packets blocked

Posted: Tue Jan 10, 2017 6:53 pm
by Eric Stern
I was able to duplicate this problem using your configuration.

On the Ports tab disable DHCP Snooping (DS) on all your ports.

Re: Fragmented UDP packets blocked

Posted: Tue Jan 10, 2017 7:27 pm
by FuzzyDice
That was it - thank you!

Re: Fragmented UDP packets blocked

Posted: Sun Jul 23, 2017 9:24 am
by michwave
Is this going to get resolved? Will we be able to use DHCP snooping again?

Re: Fragmented UDP packets blocked

Posted: Sun Jul 23, 2017 10:35 am
by Eric Stern
I'll look into it.

Re: Fragmented UDP packets blocked

Posted: Wed Aug 30, 2017 7:03 pm
by michwave
I'm surprised many others haven't run into this with VPNs being blocked. Any update on this?

Thanks
Jon
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/