Hello everyone,
I work as tech support for an ISP. We operate in country A. In country B, we have layer 3 agreement with another ISP to bring our services abroad. I've never encountered issues except their latest 4G VPN-MPLS link deployed in country B.
Link deployed : Ping towards VPN in country A works, with max sixe of 1394 (df bit set) Ping towards 8.8.8.8 with max size of 1394 works. Some websites are reachable, like all of google services (maps, youtube...) but not typical "simpler" webservers. Teamviewer si working. In Wireshark, I see dropped, RST, and TCP retransmissions sessions, because lengh is < 1398, and on the PC side, web page never loads.
I ask Provider B to set the ip tcp mss value on their link at 1382 because regarding the max MTU on the link, that's the max MSS we can allow.
They do it, in the SYN ACK exchange, I can see 1382 being well settled in the MSS option. However, later on, TLS and others protocols are trying to communicate with max lengh at 1398. Then, sessions are dropped because it is too big.
What am I missing ? Firewall are on my side (ISP Country A). If I manually set the tcp-mss value to 1382 on a IPv4 rule, everything is working and I can access every web servers.
What can I try ? Thanks a lot. Disclaimer : My english is bad, it's not my native tongue. :)
No comments:
Post a Comment