Changing AdvLinkMTU when using NPt
-
Wow, the "Output" on that site is impossible to read, with the faint green text. I had to cut 'n paste it into another app, to read it. Why do some people create sites that are unreadable?
-
Yep this is strange. I did some more testing, and I am also getting weird errors when I set router advertisement to 1280 (but traffic works, beside wireshark, everything is green)
I am unsure about bad hardware, as ipv4 works fine. Pretty much everything runs on VMs, on intel NICs. As IPv6 is not vital and that I do not see any easy way to get this sorted I might not invest too much effort in getting this working. In any case, I will report my findings here
In any case, thank everyone for the help.
-
Yep this is strange. I did some more testing, and I am also getting weird errors when I set router advertisement to 1280 (but traffic works, beside wireshark, everything is green)
I am unsure about bad hardware, as ipv4 works fine. Pretty much everything runs on VMs, on intel NICs. As IPv6 is not vital and that I do not see any easy way to get this sorted I might not invest too much effort in getting this working. In any case, I will report my findings here
In any case, thank everyone for the help.
You never mentioned if this effects any other site. Other then that one.
-
I am unsure about bad hardware, as ipv4 works fine.
If you're getting CRC errors, you have a hardware problem that has nothing to do with IP or web site. It could be a bad NIC, switch port, cable connection, etc., but something physical is causing that. Are you certain you don't see any similar errors with IPv4? You can try pinging with different size packets to test and you can also force either IPv4 or IPv6 when testing. Do you get similar errors if you use a different computer?
-
I know it old topic, but @JKnott test yourself https://meet.lync.com/ not adjusted at all
-
@dragoangel said in Changing AdvLinkMTU when using NPt:
I know it old topic, but @JKnott test yourself https://meet.lync.com/ not adjusted at all
What am I supposed to be looking for? All I see is an error message about not being allowed to enter the meeting. Wireshark doesn't show anything unusual either. I don't see any frame errors, as was described in the previous messages.
-
I'm alredy found answer on my question in https://answers.microsoft.com/en-us/msoffice/forum/msoffice_sfb-mso_mac-mso_o365b/skype-for-businesslync-services-dont-appear-to/c204b511-8b0b-4338-924e-729603627413?page=2 sorry =).
-
@dragoangel said in Changing AdvLinkMTU when using NPt:
I'm alredy found answer on my question
Tunnels always have a smaller MTU than the underlying network, to make room for their own header. I wouldn't experience that problem here, as I'm not using a tunnel. My MTU, on both sides of pfSense, is 1500.
I used to use a tunnel, with 1280 MTU.
It would appear the problem is with Microsoft software (Gee... What a surprise!!! ) not properly handling PMTUD. By reducing the local MTU, packets are no longer too big to pass through a link with the smaller MTU.
-
@JKnott Yes, I read it. They not go by RFC. And this is not first time I see it. I write them about HTTP/2 in IIS =). Same here... Lower down all LAN MTU only for some 2-3 host in Internet. Better rewrite DNS...
P.S. If configure MTU on GIF to tunnelbroker - this is ok. It really 1480. And configure Squid Proxy. PC by proxy will access lync.com. This acceptable workaround #2. But without proxy - of course with brokem PMTU on MS side it anyway fail -
@JKnott said in Changing AdvLinkMTU when using NPt:
@dragoangel said in Changing AdvLinkMTU when using NPt:
I'm alredy found answer on my question
Tunnels always have a smaller MTU than the underlying network, to make room for their own header. I wouldn't experience that problem here, as I'm not using a tunnel. My MTU, on both sides of pfSense, is 1500.
I used to use a tunnel, with 1280 MTU.
It would appear the problem is with Microsoft software (Gee... What a surprise!!! ) not properly handling PMTUD. By reducing the local MTU, packets are no longer too big to pass through a link with the smaller MTU.
And here is the "proof"
https://www.ipv6alizer.se?address=https://meet.lync.com -
@Napsterbater MS is so bad, they work on broken IPv4 too:
tbit from 130.217.250.115 to 52.113.64.150 server-mss 1460, result: pmtud-fail app: http, url: https://meet.lync.com/ [ 0.009] TX SYN 44 seq = 0:0 b7ef [ 0.136] RX SYN/ACK 44 seq = 0:1 2774 [ 0.136] TX 40 seq = 1:1 b7f0 [ 0.136] TX 369 seq = 1:1(329) b7f1 DF [ 0.268] RX 1500 seq = 1:330(1460) 277b DF [ 0.268] RX 1500 seq = 1461:330(1460) 277c DF [ 0.268] RX 1460 seq = 2921:330(1420) 277d DF [ 0.268] TX PTB 56 mtu = 1280 [ 0.693] RX 1500 seq = 1:330(1460) 2780 DF [ 0.693] TX PTB 56 mtu = 1280 [ 1.443] RX 1500 seq = 1:330(1460) 279e DF [ 1.443] TX PTB 56 mtu = 1280 [ 2.927] RX 1500 seq = 1:330(1460) 27f7 DF [ 2.928] TX PTB 56 mtu = 1280 [ 5.896] RX 1500 seq = 1:330(1460) 2834 DF tbit from 2001:df0:4:4000::1:115 to 2603:1047:0:2::e server-mss 1440, result: pmtud-fail app: http, url: https://meet.lync.com/ [ 0.009] TX SYN 64 seq = 0:0 [ 0.232] RX SYN/ACK 64 seq = 0:1 [ 0.232] TX 60 seq = 1:1 [ 0.232] TX 389 seq = 1:1(329) [ 0.459] RX 1500 seq = 1:330(1440) [ 0.459] RX 1500 seq = 1441:330(1440) [ 0.459] RX 1500 seq = 2881:330(1440) [ 0.459] RX 80 seq = 4321:330(20) [ 0.459] TX PTB 1280 mtu = 1280 [ 0.470] TX 60 seq = 330:1 [ 1.178] RX 1500 seq = 1:330(1440) [ 1.178] TX PTB 1280 mtu = 1280 [ 2.489] RX 1500 seq = 1:330(1440) [ 2.490] TX PTB 1280 mtu = 1280 [ 5.083] RX 1500 seq = 1:330(1440) [ 5.084] TX PTB 1280 mtu = 1280 [ 10.302] RX 1500 seq = 1:330(1440)