Specific website(s) not working via specific network

retag add tags

Hi Community,

First time poster for almost anything, I'm hoping someone can help to point me to the root cause of some odd issues I've been trying to get to the bottom of please.

At least two websites, are refusing to work via a corporate MPLS with dual internet breakouts, traffic on the firewalls from either breakout seems to succeed just fine yet the page will not load. On any number of other internet breakouts, non-corporate, from same client(s), loads perfectly fine without issue, it is two websites from same server/hosted supplier it seems that is effected.

I can try multiple DNS, internal and external, to no affect from within corporate LAN, name resolution works fine in all cases.

I've sought support from web page owner to seek if they are blocking and I'm told they are not.

I've sought support from maintainer of MPLS and firewalls and am told as it is not a firewall issue that they cannot help.

I've shared captures of both working and non-working cases with these parties but had little response, I'm no Wireshark expert myself and cannot see the root of the problem, I feel it must be a block at the website providers end but can't prove this, can anyone help shed some light on it please for me?

Not sure what this 'points' system is so if anyone can advise on how to share captures that would be appreciated also.

Many, many thanks in advance for any help you are able to provide.

AyOwZe

asked 2023-09-12 09:45:27 +0000

edit flag offensive 0 remove flag close merge delete

Comments

Long story short, within the failing capture, I am getting several RST, ACK from the webserver and elements like 'TCP Dup ACK' and 'TCP previous segment not captured' from my client.

AyOwZe (2023-09-12 10:46:31 +0000) edit

Are you seeing packets with a DF flag?

hugo.vanderkooij (2023-09-12 10:57:40 +0000) edit

DF, no, i don't think so, where would I see this please?

AyOwZe (2023-09-12 11:01:33 +0000) edit

Perhaps, are these them?

.... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set

If so, yes, most if not all are that way when displaying 'ip.flags.df'.

AyOwZe (2023-09-12 12:04:50 +0000) edit

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

"Don't Fragment" (DF) flag in the IPv4 header (display filter ip.flags.df). This in combination with a Path MTU that is lower than expected for that interface causes packet loss, resulting in failed connections.

Try lowering the MTU on the interface to 1470 and see what happens then.

13.7k

Jaap

answered 2023-09-12 11:29:36 +0000

edit flag offensive 0 remove flag delete link

Comments

Hi Jaap,

Thanks for the filter, where do you mean to change the interface, the client or the firewall please?

AyOwZe (2023-09-13 07:57:16 +0000) edit

It doesn't seem to help for client.

AyOwZe (2023-09-13 08:07:17 +0000) edit

At the client, it that doesn't seem to help, either it needs to be lower still, or there's another cause of this issue. This would then require a more thorough analysis of your network, which is not something for this Q&A site,

Jaap (2023-09-13 13:08:44 +0000) edit

Hi Jaap,

Thanks for your insight, no client did not help, in fact as said client is fine from another local internet breakout but not fine via the centralized (MPLS) breakouts. I'll have to push again for further investigation from the MPLS service providers.

AyOwZe (2023-09-15 10:05:40 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

Specific website(s) not working via specific network edit

Comments

1 Answer

Comments