DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default PPPoE and MTU settings

My ISP provided ADSL modem died after a short service life and rather than purchase/rent another one, I bought a Netis Dl4201 that is soon to arrive.

I believe I have most of the config settings but am confused on the MTU.

My ISP uses PPPoE which I read will not handle packets > 1492. On the FreeBSD forums, I found this advice:
Quote:
There can be any number of reasons resulting in poor download speed. Unless the experts chime in an say there is a known issue with FreeBSD 10.3-RELEASE I'm gonna say I doubt its the OS.

I am curious if this is an MTU issue. Can you verify what your ISP/DSL MTU is, and then verify what the MTU of your computer? On my machines its 1500 and I know 1500 matches my service provider service. Your computer MTU should be equal or less than the smallest MTU between yourself and your ISP. Thus check your router too. If you send packet sizes larger than MTU they will get fragmented down, and that causes a performance hit.
My OpenBSD NIC cards have default MTU's of 1500 as does my Linksys wrt54G router. At this time, I am going to set the Netis ADSL modem, which has a single port router (bridge/vpn capability), MTU to 1492. Should I do the same to all my devices on the LAN side?

I am also confused on the need for the bridge. My understanding is that bridge mode will just pass all packets to the Linksys router. My ISP's website instructions for configuring your own modem say nothing about MTU or bridge mode.

Last edited by shep; 8th November 2016 at 04:20 PM.
Reply With Quote
  #2   (View Single Post)  
Old 8th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

PPPoE is defined by RFC 2516. Section 7 of that RFC specifies a maximum transmission unit of 1492 octets. As Ethernet uses 1500 octets, fragmentation is common.

RFC 4638 defines a mechanism designed to to exceed the 1492 octet MTU maximum. However, your Netis gateway does not mention it on its specification page. Both your ISP and your gateway would need to have support for this mechanism for you to exceed 1492 bytes.

I have never used PPPoE, so I do not have any specific provisioning guidance. There is a discussion of MTU and MSS values in the pppoe(4) OpenBSD man page.

Last edited by jggimi; 8th November 2016 at 05:04 PM. Reason: added pppoe(4) reference
Reply With Quote
  #3   (View Single Post)  
Old 8th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Tech support at my ISP was clueless about MTU settings - a supervisor did say to set the modem's MTU to 1492 bytes. Hopefully, it was not just to make me go away.

What I'm wondering is is if I generate a data packets of 1500 octets on my system, say in an email with attachments, I would expect it to fragment when passed over the segment between the Netis modem and the ISP. My re(4) ifconfig settings show an MTU of 1500:
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:e0:4d:74:59:44
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
        status: active
        inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
.

Would it be advised to set the MTU on the LAN clients and router to 1492 bytes?

Last edited by shep; 8th November 2016 at 07:23 PM. Reason: clarity
Reply With Quote
  #4   (View Single Post)  
Old 8th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

According to the pppoe(4) man page I referenced above, yes, you should expect fragmentation in certain configurations, such as when you are using NAT. Please see the section of that man page labelled MTU/MSS ISSUES.
Reply With Quote
  #5   (View Single Post)  
Old 8th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

The pppoe(4) indicates that the issue is if I both connect via pppoe and run NAT - either one separately is not an issue. So the question is if I'm running NAT and this is also confusing. My "Learn Networking in 24 hours" handbook says that if I'm using the 192.168.1.1 address block then I am using NAT. My router does not refer to that syntax and I have disable any port forwarding or vpn.

I did set the routers MTU from Auto -> Manual at 1492. If I am running NAT then it looks like the best way to set this is via a /etc/pf.conf entry. I'm assuming they do not support jumbo frames as their supervisor instructed to set the modems mtu at 1492.

Am I running NAT based on a router, dumb'd down for home users, with an address of 192.168.1.1 and a modem address of 192.168.0.1?

Last edited by shep; 8th November 2016 at 11:52 PM. Reason: added dumb'd down concern
Reply With Quote
  #6   (View Single Post)  
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by shep View Post
Am I running NAT ... ?
I don't know, because I don't have a clear understanding of your network. But neither do you, so I will guess you are not using NAT yourself -- other than in your ISP connected router.

What is NAT? Network Address Translation. NAT is only performed by a router, and it is possible (but unlikely) your local network may have routers other than the Netis device. Your Netis device is a router, and it performs NAT. But any of your computers with 2 or more NICs could also act as a router.

---

To understand NAT, you must first understand what a router is, and what one does. Simply described, a router is a computer with at least two NICs, which routes, or forwards packets from one network to another.

Here is an example of two TCP/IP networks, each with 3 computers, and with with a router in between. The router has two NICs, with an address on both networks.

Network 1: 192.0.2.0/24
Computer 1A: 192.0.2.1 Computer 1B: 192.0.2.2 Computer 1C: 192.0.2.3

Network 2: 198.51.100.0/24
Computer 2A: 198.51.100.1 Computer 2B: 198.51.100.2 Computer 2C: 198.51.100.3

Our router that interconnects these networks has two NICs: 192.0.2.99, and 198.51.100.21.

Diagrammed:
{192.0.2/24} - {192.0.2.99} [Router] {198.51.100.21}- {198.51.100/24}

----

Without NAT, each of the six computers is identified by its own IP address. Communication between Computer 1A and 2C require that they each know the other's IP address. (Also, that they know there is a router between them.)

But with NAT, the router will translate packets, as if they originated on the router alone. If we use NAT with Network 1, all communication with Network 2 appear to have originated in the router itself. All devices on Network 1 will share a single address: 198.51.100.21. Network 1 is now a "private" network, unseen and unknown by Network 2. If Computer 1A sends a packet to computer 2C, the router in between will change the packet, and translate the origin address. The router will also keep track of the communication, so that it knows where to forward any replies, also translating the address back in the returning packet.

The most common place to find routers that do NAT (or sometimes, "NAT Routers") is in a home or small office connected to the Internet. There may be multiple devices on a private network, but all sharing a single IP address on the Internet. They do this with a single, external facing NAT router.

----

Diagram your local network. It will help you to understand how the various bits all fit together.

Last edited by jggimi; 9th November 2016 at 01:13 AM. Reason: clarity, typos
Reply With Quote
  #7   (View Single Post)  
Old 9th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

My network

WAN <--PPPoE-->ADSL modem 192.168.0.1 <-> router 192.168.1.1


continued: router connects to a static 192.168.1.2 printer and a static 192.168.1.3 work station vi NIC router ports. My wireless devices get dhcp address.

My inclination is that I do not have NAT, I never consciously set it up but I do not want to make assumptions.
Reply With Quote
  #8   (View Single Post)  
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Your internal network is behind a NAT router: your Netis device. But your own network does not *also* use NAT. It is a single subnet.

FYI, you and millions of others have a private network in the 192.168 address range. All must use a NAT router in order to reach the Internet.

Last edited by jggimi; 9th November 2016 at 03:00 AM. Reason: typos
Reply With Quote
  #9   (View Single Post)  
Old 9th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

I'm less confused. My Netis modem/router is a single "machine" with both pppoe and NAT. My "machines" on my private LAN do connect to the Netis pppoe+NAT.

The relevant portion from the pppoe man page
Quote:
Problems can arise on machines with private IPs connecting to the
Internet via a machine running both Network Address Translation (NAT) and
pppoe. Standard Ethernet uses a maximum transmission unit (MTU) of 1500
bytes, whereas PPPoE mechanisms need a further 8 bytes of overhead. This
leaves a maximum MTU of 1492. pppoe sets the MTU on its interface to
1492 as a matter of course. However, machines connecting on a private
LAN will still have their MTUs set to 1500, causing conflict.
I can test the speeds with/without the pf.conf rule when the modem arrives. @jggimi, Thanks for all your help,
Reply With Quote
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

And I misread your LAN configuration. You have an inner router with two NICs. One on the 192.168.0 network, the other on the 192.168.1 network. You may use NAT, but it would depend on that inner router configuration.

However the warning in the driver man page is for a router that is also connected via pppoe.
Reply With Quote
Old 9th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

And I may have diagrammed my router settings incorrectly.
Under the main setup tap of the router I have entered a Local IP:192.168.1.1 and subnet mask:255.255.255.0

Under the Status Tab I have an assigned address via dhcp
Quote:
Login Type: Automatic Configuration - DHCP
IP Address: 10.0.0.2
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.0.1
DNS 1: 205.171.3.65
DNS 2: 96.90.175.167
DNS 3: 104.238.153.178
MTU: 1492
I recall reading a recommendation that if one was using a router that the modem should utilize a bridge.

What I read on bridges last night was that they would treat the modem and the router's internet rj-45 as a single network. Bridges were described as inefficient because all broadcast traffic was sent to all devices but If the router interface is the only device, that may be minimal.

My needs are pretty basic and my inclination is configure for correctness, security and simplicity.
Reply With Quote
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I don't understand the 10.0.0.2 address definition you show. But I don't think its important as you state you are using DHCP so an IP address will be assigned by your gateway router.

You are using something as an inner router, if your diagram is still sufficiently accurate. Perhaps you are using a commercial router, or perhaps this is a general purpose computer with two NICs.

---

As you've learned, a bridge logically connects two (or more) networks into a single logical network,

As discussed earlier in this thread, a router ... well... routes (or forwards) packets between two (or more) networks.

According to the Netis documentation readily and publicly available to me -- web site, data sheet, quick installation guide -- your device does not state it can operate as a bridge. That doesn't mean it won't, just that the documentation I've seen doesn't state this.

---

Setting all of that aside, let us look at configurations for an inner network, using an "inner" router such as you likely have.

An inner router defines two local networks: 1) a network between the gateway modem and the router, and 2) a network between the router and all of your local devices. That outer network might just consist of a single Ethernet cable.

[outer router / ISP gateway] - {net 1} - [inner router] - {net 2} - [devices...]

If the inner router is configured to use NAT, then the outer router only sees a single inner device - the inner router. All of the devices on network 2 have NAT applied to their packets, and appear to all share the same IP address -- whatever the outer router has assigned to your inner router.

I believe you are using NAT on an inner router, but are unaware of it, because otherwise you would have to add a route to the inner network on your outer router

Here's why:

If the inner router is not using NAT, the outer router needs to have a route added to its routing table, so it can route packets destined for the inner network to the inner router.

If your inner router happens to be a general purpose computer running OpenBSD, NAT is defined by a "nat-to" clause added to a PF filter rule, as described in the NAT section of the PF User's Guide. If its a different OS or a commercial router, you'll have to refer to the appropriate documentation for that OS or that equipment.

---

A brief introduction to routing tables:

TCP/IP is a routed protocol, so that traffic can span multiple networks. Any time there is a packet to be sent to a device on another network, the sending computer inspects in its routing table. Usually, there is only one router on any network, and so there is only a single, default route for all packets destined for other networks. These default routes point at the local router's IP address.

In the case of a tiered network topology -- without NAT -- as described above in this post, the outer router would require two routes in its route table: 1) a route to the innermost network, with a "next hop" pointing to the inner router, and 2) a default route, pointing outward to a router in your ISP's network.

Last edited by jggimi; 9th November 2016 at 05:45 PM. Reason: typos
Reply With Quote
Old 9th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
You are using something as an inner router, if your diagram is still sufficiently accurate. Perhaps you are using a commercial router, or perhaps this is a general purpose computer with two NICs.
I am using a Linksys wrt54g V8.0. The screenshots I'm referencing are the "Basic SetUp" and "Status-Router".

http://www.pcwintech.com/screenshots...nksys-firmware


This customer review seems to be from someone with networking knowledge:

Quote:
By S. Tillman on December 30, 2015
Verified Purchase
This review is for the Netis DL4201 ADSL2+ modem router. This is a small low power device and has a surprising number of features and capabilities for the price.

Included in the box is a AC/DC power supply, ADSL splitter, telephone and network cable. The device has three connections: RJ-11 for DSL, RJ-45 Ethernet (link speed is 100Mbps), and power.

Power is 5 volts and uses a 2.5mm x 5.5mm barrel connector. It comes with a AC/DC adapter (800mA, 100-240V, 50/60Hz). Because it's 5v and low power it can be powered from a USB port on nearby computer using a USB to 2.5mm barrel cable: http://www.amazon.com/gp/product/B00UVH9I5A (Startech calls this a type "N").

To use it with CenturyLink....

DHCP:
On setup menu / WAN tab, at bottom of page, select and delete existing config if any. Then in upper section of the same page, enter new configuration settings (VPI=0, VCI=32, Encapsulation=VCMux, ChannelMode=PPPoA [[PPPoE seems to work too, but may depend on location with CenturyLink]] ). Click "add". Most users will want to plug the Ethernet port into a network switch (I like the Trendnet GREENnet switches), or it can be connected directly to the network port on a computer.

Bridged:
For my application I used it in bridged mode connected to the WAN interface of a pfsense firewall. Configuration settings: VPI=0, VCI=32, Encapsulation=LLC, ChannelMode=1483 Bridged. On pfsense, I set the MTU to 1492 though I'm not sure if that's absolutely necessary.

It supports many features (to name a few):
- IPv4 and IPv6
- configurable firewall with many options
- control over NAT passthrough
- NTP client (for WAN side) and server (for LAN side)
- DDNS (NO-IP, TZO, PHDNS, DynDNS)

It came with firmware version 2.1.1 which is the latest as of Jan/2016. New firmware is available on the Netis website and can be programmed if needed, but it hasn't changed since May/2013.

Overall it worked good for what I wanted: a low power DSL modem.

Last edited by shep; 9th November 2016 at 06:07 PM. Reason: Added linksys
Reply With Quote
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Thank you.

Your diagram was inaccurate, but it isn't critical.

If it helps, your Linksys router is a small office / home office ("SOHO") NAT router. NAT is enabled by default, and there doesn't seem to be a mechanism to disable NAT according to the manual, or to internet searching.
Reply With Quote
Old 9th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Was the inaccuracy the router IP or lack of the 192,168.1.1 -NAT-> 10.0.0.2?

Anyway, the system dual boots Debian Testing and OpenBSD 6.0 and I've set the re0 interface to have MTU=1492 in both. The router arrives this afternoon, so I'll set it up and get familiar with the settings. Another issue came up (download speeds in OpenBSD are about 1/2 the Debian speed). That will have to wait for another thread.

Thanks
Reply With Quote
Old 9th November 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by shep View Post
Was the inaccuracy the router IP or lack of the 192,168.1.1 -NAT-> 10.0.0.2?
Both.
Reply With Quote
Old 11th November 2016
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

It took the better part of the day but I'm up and running. The Netis DL4201 was a mixed bag. It provisioned OK with PPPoE but when I went to add the router I had difficulties with the router's DHCP setting provided by the modem. It was not getting a gateway.

It was much easier to set the modem using the bridge instructions and provision PPPoE at the level of the router.

I set the devices in each segment with MTU of 1492 but did not test to see if the MTU setting made a difference. I'm seeing the best upload/download speeds I've had since I started the service with a cisco 678 modem.

The Netis is also running cool with a 5V/800milliamp transformer. The documentation is dumd'd down and the configuration interface is buggy - I would get a javascript message that the code was corrupted when attempting to change the modem's IP 192.168.1.1 -> 192.168.0.1. Still with modem rental fees of $5/month, if it lasts more than 6 months it will pay for itself. Buying a modem from my ISP is a minimum of $90 and the word on the street is that most do not last more than 2 years.

Last edited by shep; 11th November 2016 at 06:52 PM. Reason: spelling/punctuation
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
XXXterm settings questions sepuku OpenBSD Packages and Ports 12 29th August 2011 04:44 PM
/etc/ppp settings for Earthlink shep OpenBSD General 3 24th December 2009 04:17 AM
please help me understand wpa settings gosha OpenBSD General 1 14th July 2009 11:37 AM
Network settings guitarscn OpenBSD General 13 18th February 2009 01:45 AM
Modem PPPoE vs OpenBSD PPPoE ryoken OpenBSD Security 13 15th June 2008 10:07 PM


All times are GMT. The time now is 08:34 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick