1 | initial version |
"Communication administratively filtered" means that there is a kind of filter (router ACL or firewall). The system that sent the ICMP packet (62.73.73.128) is a good candidate for the ACL or firewall. So the SYN packets are blocked.
The ICMP packets also contain the TCP/IP headers of the original packet. I noticed a source address of 10.10.200.11. A 10.0.0.0/8 address is a private address and that is not allowed on the internet. So if Network Address Translation (NAT) is not applied by your SOHO router then that would explain the blockage.
Is this only the case of this destination (ctldl.windowsupdate.com) or does this also happen with other websites?
I'd also like to point out that my IP TV (from the same provider) has no issues at all during these periods.
So you have IPTV over Fiber (FtoH), like me. In my case IPTV and internet traffic is separated via 2 VLANs (at the WAN side). That would explain that IPTV has no issues, assuming you have the same setup (multicast traffic separated).
The issue appears periodically (not every day) and so far only in the evening at a random time.
Given that IPTVs VLAN typically uses a private IP-range, I suspect that in the error condition the traffic is routed via the IPTV VLAN. That could also explain the change in RTT reported by ping indicating the network path has changed.
Is DHCP (WAN side) set up correctly?