[98308] in North American Network Operators' Group
Re: Seeking Comcast Contact: need to troubleshoot packet loss
daemon@ATHENA.MIT.EDU (Robert Boyle)
Thu Aug 2 11:54:10 2007
Date: Thu, 02 Aug 2007 11:49:44 -0400
To: "Craig D. Rice" <cdr@stolaf.edu>, nanog@merit.edu
From: Robert Boyle <robert@tellurian.com>
In-Reply-To: <46B1DC65.7060405@stolaf.edu>
Errors-To: owner-nanog@merit.edu
At 09:30 AM 8/2/2007, Craig D. Rice wrote:
>For four months dozens of our users who are Comcast subscribers have
>had difficulty reaching St. Olaf College's and Carleton College's
>network services.
>
>We have worked through everything we can think of with our Onvoy
>(regional ISP) network engineers. We have isolated the problem a
>couple of Comcast's IP subnets, but need a contact within Comcast to
>further troubleshoot.
(snip)
Either your firewall/router or the customer's firewall/router is
blocking PMTUD packets. Fragment needed, but don't fragment bit set.
Look at your ICMP access list and make sure you are allowing: permit
icmp any any unreachable from any Internet address. I suspect an
overzealous firewall admin is blocking all icmp. Read the acronym to
him/her and explain that some icmp is necesary for the Internet to work.
-Robert
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
