I think it is MTU problem

rodja990 · March 13, 2012, 12:37pm

This is my network:

                                             
                               Mikrotik 4.11
                     _ _ _ _  _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
                    |                                                        |
ADSL PPPoE/NAT----->| ether1------>PPPoE Server------->bridge (ether2,wlan1) |-------> Clients:  PPPoE client    
    MTU=1492       |MTU=1500     Max MTU=1488               MTU=1500         |                        MTU = 1452
                   |                   Max MRU=1488                          |                         MRU = 1488
                   |               Change TCP MSS=yes                        |                         
                   |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  _ _ _ _ _ _ _ _ _ _ _ _ |

Some clients gets MTU 1480, some 1466 and others 1452, MRU is 1488 to everyone. In firewall/mangle adds dynamicly MSS 1. MTU-40 2. MRU-40 for every client. When clients get MTU 1452 or 1466 yahoo, msn don’t work… And if i cnage MRU to 1492 or 1480 then pages wont load to everyone.

Other settings are: DHCP client on ether1, DHCP server on bridge, and firewall/NAT src-nat on address which pppoe server apply to clients.

I think it is MTU problem but i can’t set right one or to calculate right one. I have read somewhere that i need MTU on ether1 set on 1492 and on pppoe server to set on 1484 (new MTU-8 for pppoe) but i am not sure.
Why some clients get MTU 1480 and some dont? Thanks in advance!

Sorry on my english

joshaven · March 13, 2012, 9:05pm

rodja990:

This is my network:
                                             
                               Mikrotik 4.11
                     _ _ _ _  _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
                    |                                                        |
ADSL PPPoE/NAT----->| ether1------>PPPoE Server------->bridge (ether2,wlan1) |-------> Clients:  PPPoE client    
    MTU=1492       |MTU=1500     Max MTU=1488               MTU=1500         |                        MTU = 1452
                   |                   Max MRU=1488                          |                         MRU = 1488
                   |               Change TCP MSS=yes                        |                         
                   |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  _ _ _ _ _ _ _ _ _ _ _ _ |
Some clients gets MTU 1480, some 1466 and others 1452, MRU is 1488 to everyone. In firewall/mangle adds dynamicly MSS 1. MTU-40 2. MRU-40 for every client. When clients get MTU 1452 or 1466 yahoo, msn don’t work… And if i cnage MRU to 1492 or 1480 then pages wont load to everyone.

Other settings are: DHCP client on ether1, DHCP server on bridge, and firewall/NAT src-nat on address which pppoe server apply to clients.

I think it is MTU problem but i can’t set right one or to calculate right one. I have read somewhere that i need MTU on ether1 set on 1492 and on pppoe server to set on 1484 (new MTU-8 for pppoe) but i am not sure.
Why some clients get MTU 1480 and some dont? Thanks in advance!

Sorry on my english

Check your DNS. I bet if you set your clients Primary DNS to 8.8.8.8 and no secondary then it will work. I found a similar issue and found that it was due to the UDP packets being truncated. The fix for this was to increase the Max-UDP-Packet-Size in the DNS Caching server or to use Bind in place of MikroTik’s light weight DNS caching server… we choose using a Bind DNS Cache.

rodja990 · March 15, 2012, 8:56am

DNS is ok, same problem with 8.8.8.8 dns.

joshaven · March 22, 2012, 6:15pm

Confirm that your mangle is changing the syn packets… something like:

/ip firewall mangle 
add chain=forward out-interface=pppoe-bob protocol=tcp tcp-mss=1441-65535\
  tcp-flags=syn action=change-mss new-mss=1440 passthrough=yes
add chain=forward in-interface=pppoe-bob protocol=tcp tcp-mss=1441-65535\
  tcp-flags=syn action=change-mss new-mss=1440 passthrough=yes

The above will be created dynamically for any PPP sessions that are using a profile which has the Change TCP MSS set to yes… under the PPP & Profiles menu.

Also, I am not running PPPoE on any routers before version 5.5 so the menu’s or settings may be slightly different but I would suspect that 4.11 should work about the same.

DynStatic · March 22, 2012, 6:34pm

It’s possible that the DNS udp packets are exceeding 512 bytes due to too much information returned in the request. Set the max DNS packet size to 8192.

joshaven · March 22, 2012, 8:57pm

That was my first thought but it has been established that the issue persists when the DNS has been changed to 8.8.8.8

DynStatic · March 23, 2012, 12:27am

just to make sure… Changing the DNS server to 8.8.8.8 and the max DNS packet size are two different things.

joshaven · March 23, 2012, 2:40am

Queries from 8.8.8.8 will not have the UDP packet truncation issue so if your having issues when using 8.8.8.8 then changing the max UDP packet size won’t fix the issue. However if your having issues with only the mikrotik caching server then adjusting the size will likely fix it. The mikrotik DNA server is good for light weight use. If you are using the DNA heavily then you will likley be happier running bind.

DynStatic · March 23, 2012, 3:31am

Josh,
Sorry, I was reading this on my iPhone and missed some details and I believe we were on the same page. The max dns packet size only causes a problem when using a MT as a resolver/cacher which I agree is only useful in light weight use.

OP,

You should be using MTU and MRU of 1480 on the mikrotik hardware according to Mikrotik docs. If you can ping but can’t surf it’s a mtu issue. You can specify ping size and do not fragment flag to test as well. MTU loss may also be cumulative so you may need to use 1472 or lower.

Troubleshooting section here:
http://www.mikrotik.com/testdocs/ros/2.9/interface/pppoe.php
.

joshaven · March 23, 2012, 4:51pm

Right on…

The attached screenshot may help explain visually how to check the Max MTU.

On Mac the command would be: ping -D -s 1472 google.com
Command Prompt.jpg