[AusNOG] Are there any other providers who use M2 as an upstream having issues with SSL based websites?
Justin Twiss
Justin.Twiss at bekkers.com.au
Fri Mar 12 22:22:19 EST 2010
Yeah, unfortunately we only handle radius authentication and then hand off the session for M2 to handle so I think we’re limited in what we can do in regards to passing radius options to force MTU etc..
Cody – the MTU fix does work (dropping MTU to 1400) for those customers affected (and cant process payroll) – we’ve had a few like that..
That said, our internal testing has also identified that its not all M2 connections, doesn’t appear to be similar IP ranges or exchanges, however we’ve been compiling a list of modems of affected clients and the Netgear D834G and the Dlink DSL504 both feature prominently (that said, they were both our standard routers for a while) but we haven’t seen any others really affected yet..
Both appear to have a TI related chipset but we’ve passed that info onto to M2 without much further response...
-JT
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Cody Appleby
Sent: Friday, 12 March 2010 1:00 PM
To: Craig Meyers
Cc: <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Are there any other providers who use M2 as an upstream having issues with SSL based websites?
Confirmed. Very annoying. Customers unable to do payroll!!!
On 12/03/2010, at 15:03, "Craig Meyers" <Craig.Meyers at citec.com.au<mailto:Craig.Meyers at citec.com.au>> wrote:
The easy solution to fix multiple connections for MTU issues, is to add "ip tcp adjust-mss blah" if cisco kit on a 'central-ish' device, where blah is somewhere between 536 and 1460 depnding on the solar flare count of the day.
What it does is that on SYN/SYN-ACK exchange it modifies the MSS option in the TCP packet to force both ends of the conversation to use lower size packets. Thereby negating the deal to modify MTU on kit you may/may not manage inbetween.
I know it's a hack, but hey if desperate...
-- Craig Meyers
________________________________
From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Justin Twiss
Sent: Tuesday, 9 March 2010 1:10 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: [AusNOG] Are there any other providers who use M2 as an upstream having issues with SSL based websites?
If so, please contact me off-list – As far as I’m concerned, M2’s response of ‘get your customers to change the MTU on their routers down to 1400’ really isn’t acceptable and this apparently has been on-going since Thursday. (SSL based websites in particular, banking websites – we’ve had reports of clients unable to access/successfully log in to almost every major bank in Australia so far)
(Just glad they’re not our only upstream provider!)
Justin Twiss
Hosting Manager
<image001.gif>
Bekkers, 884 Beaufort Street, Inglewood, WA, 6052
Telephone: +618 9422 6777
Mobile: 0405 555 044
Facsimile: +618 9272 6625
Justin.Twiss at bekkers.com.au<mailto:Justin.Twiss at bekkers.com.au> | www.bekkers.com.au<http://www.bekkers.com.au>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100312/a21dae84/attachment.html>
More information about the AusNOG
mailing list