Ask Your Question
0

Specific website(s) not working via specific network

asked 2023-09-12 09:45:27 +0000

AyOwZe gravatar image

Hi Community,

First time poster for almost anything, I'm hoping someone can help to point me to the root cause of some odd issues I've been trying to get to the bottom of please.

At least two websites, are refusing to work via a corporate MPLS with dual internet breakouts, traffic on the firewalls from either breakout seems to succeed just fine yet the page will not load. On any number of other internet breakouts, non-corporate, from same client(s), loads perfectly fine without issue, it is two websites from same server/hosted supplier it seems that is effected.

I can try multiple DNS, internal and external, to no affect from within corporate LAN, name resolution works fine in all cases.

I've sought support from web page owner to seek if they are blocking and I'm told they are not.

I've sought support from maintainer of MPLS and firewalls and am told as it is not a firewall issue that they cannot help.

I've shared captures of both working and non-working cases with these parties but had little response, I'm no Wireshark expert myself and cannot see the root of the problem, I feel it must be a block at the website providers end but can't prove this, can anyone help shed some light on it please for me?

Not sure what this 'points' system is so if anyone can advise on how to share captures that would be appreciated also.

Many, many thanks in advance for any help you are able to provide.

edit retag flag offensive close merge delete

Comments

Long story short, within the failing capture, I am getting several RST, ACK from the webserver and elements like 'TCP Dup ACK' and 'TCP previous segment not captured' from my client.

AyOwZe gravatar imageAyOwZe ( 2023-09-12 10:46:31 +0000 )edit

Are you seeing packets with a DF flag?

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2023-09-12 10:57:40 +0000 )edit

DF, no, i don't think so, where would I see this please?

AyOwZe gravatar imageAyOwZe ( 2023-09-12 11:01:33 +0000 )edit

Perhaps, are these them?

  1. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set

    If so, yes, most if not all are that way when displaying 'ip.flags.df'.

AyOwZe gravatar imageAyOwZe ( 2023-09-12 12:04:50 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-09-12 11:29:36 +0000

Jaap gravatar image

"Don't Fragment" (DF) flag in the IPv4 header (display filter ip.flags.df). This in combination with a Path MTU that is lower than expected for that interface causes packet loss, resulting in failed connections.

Try lowering the MTU on the interface to 1470 and see what happens then.

edit flag offensive delete link more

Comments

Hi Jaap,

Thanks for the filter, where do you mean to change the interface, the client or the firewall please?

AyOwZe gravatar imageAyOwZe ( 2023-09-13 07:57:16 +0000 )edit

It doesn't seem to help for client.

AyOwZe gravatar imageAyOwZe ( 2023-09-13 08:07:17 +0000 )edit

At the client, it that doesn't seem to help, either it needs to be lower still, or there's another cause of this issue. This would then require a more thorough analysis of your network, which is not something for this Q&A site,

Jaap gravatar imageJaap ( 2023-09-13 13:08:44 +0000 )edit

Hi Jaap,

Thanks for your insight, no client did not help, in fact as said client is fine from another local internet breakout but not fine via the centralized (MPLS) breakouts. I'll have to push again for further investigation from the MPLS service providers.

AyOwZe gravatar imageAyOwZe ( 2023-09-15 10:05:40 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-09-12 09:45:27 +0000

Seen: 252 times

Last updated: Sep 12 '23