RE: request time out with one site

Subject: RE: request time out with one site
From: James Bagley Jr. (james@thelostnet.net)
Date: Wed Jan 23 2002 - 08:25:13 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Stanley Long: "[Fwd: Public comment period on MS settlement ends monday!]"
• Previous message: Buddha: "RE: request time out with one site"
• In reply to: Buddha: "RE: request time out with one site"
• Reply: James Bagley Jr.: "RE: request time out with one site"
• Reply: James Bagley Jr.: "RE: request time out with one site"

As I understand it this only happens when your computer is sending packets
with the 'dont fragment' flag turned on. If the packet is too large to
make it accross one of the links on it's way to the destination the router
responsible for that link is suppose to send a ICMP message back to you
(fragmentation-needed). As you may know, some firewall admins make it a
point to block ALL icmp messages. Since it gets blocked somewhere, you
never recieve that icmp message and the router ends up throwing away your
pakcets (after a timeout). So, before you start playing with mtu's on all
of the workstations on your lan you might check your firewall settings.
;-)

Someone want to correct me if I am wrong here?

On Wed, 23 Jan 2002, Buddha wrote:

>
> Old topic, new idea. Stolen from
> http://www.linuxdoc.org/HOWTO/DSL-HOWTO/tuning.html
>
> 5.4.1
> Some Web pages won't load. For PPPoX users, the MTU value could be too high.
> This will cause packet fragmentation, and likely will cause misbehaving
> routers to fail to route your requests per Path MTU Discovery specs.The
> correct ppp0 device setting should be a maximum of 1492, but actually it
> needs to be 8 bytes less than any router you pass through on the way to the
> site. If a router somewhere is misconfigured, you could have problems. Try
> experimenting with lower MTU values. Any LAN hosts behind the connection,
> may even need to be even lower -- 1452 or maybe even 1412. If ECN is
> enabled, it might also cause this problem. Cured with "echo 0 > cat
> /proc/sys/net/ipv4/tcp_ecn".
>
> Could a router somewhere be "blocking" your http requests?
>
>
> -Jim "Buddha" McMorris
>
> -----Original Message-----
> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
> W.D.McKinney
> Sent: Wednesday, December 26, 2001 2:23 PM
> To: aklug@aklug.org
> Subject: Re: request time out with one site
>
>
>
> Greg Hagele <ghagele@alaska.net> wrote:
> > tatus: RO
> >
> >
> > I have been attempting to get into my banking site. when i try going to
> the
> > secure page, from the main page, http://www.wellsfargo.com (click on the
> Online
> > Banking top right corner) the page will not load. It just says
> "contacted
> > host waiting for reply" and never loads. I called the guys down in the
> lower
> > 48 and they said the direct page was banking.wellsfargo.com
> > I attempted that but no joy, they said they had no problems getting in to
> the
> > page there. I can get to other secure sites and surf without delay. Any
> ideas
> > on why this page may be not letting me in. I have tried a couple of
> different
> > computers and web browser Explore and Netscape with the same result.
> >
> > tha
>
> My ACS DSL has noissues with any of the URL's mention in this thread.
> >From a NAP point traceroute to "www.bp.com" --> 208.254.0.207:
> -------------------------------------------------------
> Query: trace
> Addr: 208.254.0.207
>
>
>
> Type escape sequence to abort.
> Tracing the route to 208.254.0.207
>
> 1 sjc2-core1-pos1-0.atlas.icix.net (165.117.59.29) 0 msec
> sjc2-core4-fa4-1-0.atlas.icix.net (165.117.50.134) 24 msec
> sjc2-core1-pos1-0.atlas.icix.net (165.117.59.29) 0 msec
> 2 sjc2-core2-pos1-0.atlas.icix.net (165.117.59.33) 4 msec
> sjc1-core3-pos6-3.atlas.icix.net (165.117.60.157) 0 msec
> sjc2-core2-pos1-0.atlas.icix.net (165.117.59.33) 0 msec
> 3 sjc1-core2-pos6-0.atlas.icix.net (165.117.60.201) 0 msec
> sjc3-core4-pos6-3.atlas.icix.net (165.117.67.138) 4 msec
> sjc1-core2-pos6-0.atlas.icix.net (165.117.60.201) 0 msec
> 4 sjc3-core5-pos6-0.atlas.icix.net (165.117.67.241) 4 msec
> sfo2-core4-pos4-1.atlas.icix.net (165.117.64.9) 4 msec
> sjc3-core5-pos6-0.atlas.icix.net (165.117.67.241) 0 msec
> 5 sfo2-core3-pos6-0.atlas.icix.net (165.117.48.13) 4 msec
> sfo2-core3-pos4-0.atlas.icix.net (165.117.50.193) 4 msec
> sfo2-core3-pos6-0.atlas.icix.net (165.117.48.13) 4 msec
> 6 sfo2-core2-pos6-0.atlas.icix.net (165.117.48.9) 4 msec 4 msec 0 msec
> 7 intermedia.uu.net (165.117.64.114) 8 msec 4 msec 8 msec
> 8 105.at-6-0-0.XR3.SCL1.ALTER.NET (152.63.48.126) [AS 701] 4 msec
> 105.at-5-0-0.XR4.SCL1.ALTER.NET (152.63.48.182) [AS 701] 8 msec
> 105.at-6-0-0.XR3.SCL1.ALTER.NET (152.63.48.126) [AS 701] 4 msec
> 9 0.so-0-0-0.XL2.SCL1.ALTER.NET (152.63.55.93) [AS 701] 8 msec
> 0.so-1-0-0.XL1.SCL1.ALTER.NET (152.63.55.81) [AS 701] 4 msec
> 0.so-0-0-0.XL2.SCL1.ALTER.NET (152.63.55.93) [AS 701] 4 msec
> 10 0.so-3-0-0.TL1.SAC1.ALTER.NET (152.63.53.250) [AS 701] 8 msec
> 0.so-3-0-0.TL2.SAC1.ALTER.NET (152.63.54.10) [AS 701] 8 msec
> 0.so-3-0-0.TL1.SAC1.ALTER.NET (152.63.53.250) [AS 701] 8 msec
> 11 0.so-3-0-0.TL2.DCA6.ALTER.NET (152.63.19.170) [AS 701] 88 msec
> 0.so-6-0-0.TL1.DCA6.ALTER.NET (152.63.13.18) [AS 701] 84 msec
> 0.so-3-0-0.TL2.DCA6.ALTER.NET (152.63.19.170) [AS 701] 100 msec
> 12 0.so-6-0-0.XL1.DCA6.ALTER.NET (152.63.38.70) [AS 701] 80 msec
> 0.so-6-0-0.XL2.DCA6.ALTER.NET (152.63.38.74) [AS 701] 84 msec
> 0.so-6-0-0.XL1.DCA6.ALTER.NET (152.63.38.70) [AS 701] 84 msec
> 13 0.so-6-0-0.WR2.IAD6.ALTER.NET (152.63.39.117) [AS 701] 84 msec
> 0.so-6-0-0.WR1.IAD6.ALTER.NET (152.63.39.113) [AS 701] 84 msec
> 0.so-6-0-0.WR2.IAD6.ALTER.NET (152.63.39.117) [AS 701] 88 msec
> 14 0.so-0-0-0.UR1.IAD6.Alter.Net (157.130.59.70) [AS 701] 80 msec
> 0.so-1-0-0.UR2.IAD6.Alter.Net (157.130.59.82) [AS 701] 88 msec
> 0.so-0-0-0.UR1.IAD6.Alter.Net (157.130.59.70) [AS 701] 80 msec
> 15 206.112.64.37 [AS 11486] 84 msec
> 206.112.64.21 [AS 11486] 84 msec
> 206.112.64.37 [AS 11486] 84 msec
> 16 206.112.65.35 [AS 11486] 84 msec 88 msec 80 msec
> 17 208.254.2.1 [AS 11486] 88 msec 88 msec 80 msec
> 18 * * *
> 19 * * *
> 20 * * *
> 21 * * *
> 22 * * *
> 23 * * *
> 24 * * *
> 25 * * *
> 26 * * *
> 27 * * *
> 28 * * *
> 29 * * *
> 30 * * *
> ---------------------------------------------------------------
>
> This confirms the path is being dropped. You can grab this and more info
> on this issue by using http://nitrous.digex.net/mae/maew-lg.html
> and the Looking Glass script they have.
>
> It also offers a bit more intuitiveness to use the -A when using
> traceroute and thus spilling the AS # of the hop.
>
> Best Regards
> /Dee
>
> deem@wdm.com
> wdm@deesignnet.com
>
>
>
>
>
>
>
>

-- 
Don't panic.

• Next message: Stanley Long: "[Fwd: Public comment period on MS settlement ends monday!]"
• Previous message: Buddha: "RE: request time out with one site"
• In reply to: Buddha: "RE: request time out with one site"
• Reply: James Bagley Jr.: "RE: request time out with one site"
• Reply: James Bagley Jr.: "RE: request time out with one site"

This archive was generated by hypermail 2a23 : Wed Jan 23 2002 - 11:05:16 AKST