[AusNOG] Telstra Mobile NAT64 Gateway dropping UDP?

Wed Jan 5 18:52:58 AEDT 2022

Good Evening
I have seen Optus and Telstra in certain areas with very low MTU below 1200 bytes so causes issues with UDP traffic because no fragmentation. We try to keep the headers below 1000 bytes or recommend TCP for SIP signalling for Mobile customers. A work around might be to strip not required information from the headers to get the MTU down

Thanks Steve

Steven Waite
Pre-Sales Engineer
Comtel Pty Ltd
Tel: +61 (7) 37154818
Email: Steven.Waite at comtel.com.au
Website: www.comtel.com.au

[cid:imagea93604.JPG at 89037ea0.4ea93679]<https://www.comtel.com.au>

The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Andras Toth
Sent: Wednesday, 5 January 2022 5:33 PM
To: Matthew H <Matthew at marrold.co.uk>
Cc: ausnog at ausnog.net <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Telstra Mobile NAT64 Gateway dropping UDP?

Hi Matthew,

As long as you use a DNS hostname instead of an IPv4 literal address, things should work fine for both local apps or tethered/hotspot access because Telstra's DNS servers can do DNS64. Locally on the iPhone you can use a literal IPv4 too because iOS will do local address translation (CLAT), but it can't translate IPv4 literals to IPv6 for connections via the hotspot.

I don't have any problems with UDP on Telstra IPv6-only connection, I just tried and I can send and receive UDP packets via the Telstra NAT64 gateway when visiting https://h2o.examp1e.net/ in a browser that supports QUIC (because that uses UDP) and since that hostname does not have an IPv6 address, Telstra converts it to IPv6 via DNS64. You can see from the packet capture below that both src and dst addresses are Telstra (one is mine, other side is the DNS64 gateway).

18:25:12.424022 IP6 (flowlabel 0xd0300, hlim 64, next-header UDP (17) payload length: 1238) 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910 > 2001:8004:11d0:4e2a::84e2:18c.443: [udp sum ok] UDP, length 1230
18:25:12.666177 IP6 (hlim 45, next-header UDP (17) payload length: 1288) 2001:8004:11d0:4e2a::84e2:18c.443 > 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910: [udp sum ok] UDP, length 1280
18:25:12.667703 IP6 (flowlabel 0xd0300, hlim 64, next-header UDP (17) payload length: 1238) 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910 > 2001:8004:11d0:4e2a::84e2:18c.443: [udp sum ok] UDP, length 1230
18:25:12.668868 IP6 (hlim 45, next-header UDP (17) payload length: 1288) 2001:8004:11d0:4e2a::84e2:18c.443 > 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910: [udp sum ok] UDP, length 1280

I would suggest trying to replicate the issue and gathering a packet capture to see what packets go through and what gets lost. It might be MTU related issues if too large packets can't go through but I can send 1410 bytes packets via the cellular connection successfully.

Regards,
Andras

On Tue, Jan 4, 2022 at 9:34 PM Matthew H <Matthew at marrold.co.uk<mailto:Matthew at marrold.co.uk>> wrote:
Hi,
The app works fine on other IPv6 only networks with NAT64 in place which appears to satisfy Apple's requirements.
We are looking into adding proxies with IPv6 support, however it's likely to take some time and it would be good if we can find a fix / workaround in the meantime
Thanks

On Tue, Jan 4, 2022 at 10:10 AM Troy <troy at troykelly.com<mailto:troy at troykelly.com>> wrote:
Apologies for a non answer, but any app (at least with Apple) is required to support IPv6 only networks.

https://developer.apple.com/support/ipv6/

Rather than work on a 6 to 4 fix, why not put some energy into supporting IPv6?
Regards, Troy
Brevity is the elixir of life.
Father Hector McGrath, Pixie 2020

-------- Original Message --------
On 4 Jan 2022, 9:03 pm, Matthew H < Matthew at marrold.co.uk<mailto:Matthew at marrold.co.uk>> wrote:

Hi,
We are developing a WebRTC mobile app that sets up a media session via Web Socket and then sends the media via RTP over UDP. It's working on most networks but we've had users report issues with the app when their iPhone is connected to the Telstra Mobile network.
Unfortunately our network only supports IPv4, and after examining the available logs it appears their iPhone only gets an IPv6 address. The Web Socket communication is able to reach us so I assume a NAT64 gateway is in use, but we don't see any RTP / UDP arrive at our network edge.

We found a couple of posts that suggest users have had similar issues with UDP being dropped:

https://crowdsupport.telstra.com.au/t5/network-roaming/unable-to-stream-video-over-udp-on-ipv6-only-connection/td-p/933472
https://crowdsupport.telstra.com.au/t5/network-roaming/ios-and-ipv6/td-p/931449
https://crowdsupport.telstra.com.au/t5/apple-ios/nordvpn-won-t-connect-on-4g-ios/td-p/932511

Is anyone aware of Telstra's NAT64 gateway dropping UDP?
Thanks
Matthew
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20220105/579f03fb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagea93604.JPG
Type: image/jpeg
Size: 37255 bytes
Desc: imagea93604.JPG
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20220105/579f03fb/attachment.jpe>