/srv/irclogs.ubuntu.com/2021/07/29/#ubuntu-server.txt

lordievader	Good morning	05:58
foo	err, odd issue. Just spun up a new instance with ssh. I can ssh into the system but I cannot scp or git push ... it says system isn't responding	07:11
foo	No firewall, I can scp in fine, just cannot scp in or push to a myhost:/some/git/repo.git	07:19
foo	So. odd.	07:19
lordievader	Configuration to restrict certain types of activity?	07:23
foo	lordievader: this is a brand new digital ocean droplet, I can't see any config to restrict certain activity	07:24
foo	I've done this process dozens of times	07:24
foo	https://bpa.st/5JOQ	07:24
foo	so odd.	07:24
* foo baffled.		07:24
lordievader	What do you get when you make that `scp -v` instead?	07:32
foo	lordievader: great question, I've tried it with -vvv ... nothing helpful.	07:33
foo	will paste output	07:33
foo	this is scp -vvv file.conf myhost:/home/path/here : https://bpa.st/HUFA	07:37
foo	in case anyone see's anything weird	07:37
foo	just tried with another host, scp worked fine... so it's not my network	07:44
foo	this. is. so. odd.	07:45
tuxick	so nothing in ~/.ssh/config ?	08:19
mwhudson	foo: mtu issues?	08:39
TJ-	foo: X.Y.Z.Z not responding ... means you've no route, or firewall is blocking. try "ip route get X.Y.Z.Z"	08:54
tuxick	must be a rather clever firewall to tell ssh from scp?	08:59
TJ-	tuxick: the problem is likely on the /client/ no the target 'server'	09:00
tuxick	yeah spose so	09:00
TJ-	tuxick: and my suspicion is there's a Host entry affecting it	09:01
=== genii-core is now known as genii
foo	back.	16:11
foo	tuxick: well, I got the config for the host in .ssh/config	16:11
foo	TJ-: but if I can ssh into it, does that make sense?	16:12
foo	tuxick: this is a brand new digital ocean droplet. I've got through this process dozens of times and I'm truly baffled.	16:12
foo	I checked in digital ocean and there's no firewall from what I can see there, how can I check on the server itself if there are any firewall rules	16:12
foo	?	16:12
foo	I've also checked my network to make sure I have no outbound issues here and I can scp to another host fine	16:13
foo	iptables -L is showing nothing, so I doubt this is a firewall issue	16:13
TJ-	foo: it's certainly weird but the fact scp reports timeout server not responding suggests some kind of block - on the target have you monitored the sshd log for connection attempts?	16:13
TJ-	foo: and are you using hostnames or IP addresses, and if address, IPv4 or IPv6 ?	16:14
foo	TJ-: IPv4	16:14
sdeziel	foo: when over SSH can you try calling `dmesg` and see if the long output hangs the session or not. This is what I use to rule out PMTU issues	16:14
foo	TJ-: dmesg looks like it works fine	16:15
foo	my latency is around 50-500ms but I can't imagine that's an issue, FWIW	16:15
foo	I have spent about 2 hours on this otherwise odd issue, I'm open to trying anything.	16:16
sdeziel	foo: could you try scp'ing a tiny small file (like /etc/hostname)?	16:18
tuxick	try different users on either end :)	16:19
foo	sdeziel: the file I've been trying with is 4K... but I can try with a different one	16:20
foo	tuxick: I've tried to scp to another host it works fine	16:20
foo	I've tried to scp to another user on this specific host giving me issues, no go	16:20
TJ-	foo: "echo hello > /tmp/hello; scp -v /tmp/hello user@target"	16:21
sdeziel	foo: 4K is enough to trip on a PMTU blackhole	16:21
foo	uh, wtf.	16:21
foo	touch testfile and tried to send testfile...	16:21
foo	it worked.	16:21
tuxick	aliens\	16:21
foo	I was trying to send conf.py before.	16:21
sdeziel	foo: try lowering the MTU of the sending machine as a potential workaround/confirmation	16:22
TJ-	foo: "tracepath host"	16:22
foo	sdeziel: how do I do that?	16:23
sdeziel	foo: `sudo ip link set eth0 mtu 1400` but replace eth0 with whatever NIC name you have	16:24
foo	sdeziel: is there a way to see what it currently is?	16:24
* foo is trying this with a few more files		16:24
foo	I'm still not convinced. This is too weird.	16:24
sdeziel	foo: you can check the current MTU with `ip link`	16:24
foo	bah, this other file worked fine... ok, now let me try to push a git repo (which was the original problem I had	16:25
TJ-	foo: the problem happens if the Don't fragment bit is set on a packet that is larger than the PMTU	16:25
foo	TJ-: how can we be certain that is the issue?	16:25
TJ-	packets above a certain size, with DF set, don't arrive	16:26
TJ-	is there any VPN involved in the path?	16:27
TJ-	if any tunneling is used that'll reduce the MTU/MSS	16:27
TJ-	foo: as I said above: "tracepath host"	16:28
TJ-	that discovers, as best it can, the maxium MTU on each router along the path	16:28
foo	TJ-: no, all really basic	16:29
sdeziel	TJ-: thanks for that, I always thought `mtr` was a better `traceroute` but the PMTU estimate the later gives is handy!	16:30
foo	sdeziel: so it looks like mtu 1500 is what's set	16:32
foo	sdeziel: so you're suggesting I set it to 1400?	16:33
foo	I've been working in linux for 20 years and have done this process probably 50+ times and I've never had this issue. I'm open to having missed something, I'm just really confused right now.	16:33
sdeziel	foo: yeah, that's the default Ethernet MTU value. 1400 is a good starting point but you'll need to do a binary search to find the optimal value ;)	16:33
TJ-	foo: do a bisect to figure out the optimum - but if only the single target is affected this suggests the 'issue' is at the other end. Your altering the local setting affects everything leaving the local interface	16:34
TJ-	foo: if the route is passing through a tunnel at any point that'll reduce the max MTU	16:34
TJ-	foo: for TCP connections it is possible to set the Maximum Segment Size (MSS) rather than altering the interface MTU	16:36
TJ-	foo: e.g. "ip route add 1.2.3.4/32 dev enp2s0 advmss 1400	16:36
patdk-lap	that assumes everything you care about uses tcp	16:39
TJ-	we're just dealing with an scp session here	16:43
foo	TJ- / patdk-lap -thank you	16:55
foo	What's odd is I seem to just be having this issue with this one server.	16:55
patdk-lap	that isn't really odd	16:56
patdk-lap	normal causes is a vpn connection, or someone blocking icmp	16:56
patdk-lap	or has a misconfigured mtu	16:57
foo	patdk-lap: I have 2 systems, both at digital ocean, both ubuntu, possibly same data center. One of them I can scp and git push to, the other one I cannot.	16:57
foo	Both relatively stock systems	16:57
foo	ok, I just switched network...	16:58
foo	And it looks like this is working now.	16:58
foo	So maybe it is the network here.	16:58
foo	(hotspot)	16:58
patdk-lap	ya, cell carriers are horrible about it	16:59
patdk-lap	but they normally do pmtu correctly	16:59
patdk-lap	they normally run on atm networks, and have smaller than 1500byte mtu on them	16:59
patdk-lap	if they where to do 1500mtu, they would have a half almost empty atm packet, causing a lot of waste on their cell network	17:00
foo	ok, update: I switched to my verizon hotspot, it works fine. I'm in an area with non-traditional internet, there is repeaters on homes and things are being bounced. So I wonder if the ISP here is doing something that is causing issues. Although I still find this odd because with 2 systems both MTU 1500... I can scp/git push to one but not the other.	17:01
patdk-lap	well, did you use tracepath to fine out why?	17:03
foo	patdk-lap: is that an os x package? I'm not showing that's available. (I appreciate your help, thanks for sharing that earlier)	17:03
patdk-lap	oh well this is ubuntu	17:04
patdk-lap	it's a stock ubuntu package	17:04
patdk-lap	should be any unix	17:04
foo	patdk-lap: ok, maybe I misunderstood - I assume you want me to run that command going from my client to the server, right?	17:04
patdk-lap	well, it can be run either way	17:04
patdk-lap	really it should be done in both directions	17:05
patdk-lap	but one direction will get a resonable result	17:05
patdk-lap	but it should show the paths each server is using and where it breaks 1500mtu	17:05
patdk-lap	the thing is, the path from you to the server, and the server to you, don't have to be the same, why you have to do it both ways to be 100% accurate	17:06
foo	patdk-lap: ohh.	17:09
foo	I see.	17:09
foo	patdk-lap: thank you, I am trying to get that installed here in OS X so I can see what the issue is and have some certainty here.	17:11
patdk-lap	I'm guessing an outgoing paths are different	17:14
patdk-lap	I have had this case before at isp's	17:14
patdk-lap	where they loadbalance two routers	17:14
patdk-lap	one router goes crazy, and suddently every Odd ip goes offline	17:14
patdk-lap	but in your case, likely the mtu is messed up on that router	17:15
foo	patdk-lap: coincidentally, I'm on the phone with the WISP right now..	17:15
foo	who is seeing a broadcast storm	17:15
foo	on my network and they shut down my internet	17:15
foo	I don't understand the networking dynamics here... but does that make sense to you?	17:15
patdk-lap	it makes sense, but I cannot say as to why	17:16
patdk-lap	normally generated by a bad/improper route	17:16
foo	Ok, let's recap - for anyone with WISP understanding/networking understanding: I deployed a new ubuntu server, I could ssh to it, but I could not scp files to it or git push a repo to it. It is an issue with my local network which is on a WISP. When I was doing scp or git push, they were seeing a spike in my network which they described as a "broadcast storm" which forced them to shut down the	17:23
foo	network... they cannot explain what happened, and I don't know enough to understand this. Can anyone explain what might have happened here? (They're a small WISP, I'm remote)	17:23
usrnamewastaken	trying to get nextcloud (installed from initial installer) because its a snap doesnt appear to recognize smbclient being installed, anyone know how to fix this?	17:45
patdk-lap	sounds like their fault	17:46
patdk-lap	something wasn't halding the larger mtu right and looped it	17:46
tomreyn	usrnamewastaken: doesn't seem to be supported https://github.com/nextcloud/nextcloud-snap/issues/60	17:52
ubottu	Issue 60 in nextcloud/nextcloud-snap "Add samba (smb) support" [Open]	17:52
usrnamewastaken	well thats.. fun	17:53
foo	patdk-lap: err, I wish I could get tracepath working	18:09
* foo googles		18:09
foo	It sounds like that would answer this	18:09
foo	https://apple.stackexchange.com/questions/125068/is-there-an-equivalent-utility-to-linuxs-tracepath-for-os-x	18:10
=== StarHeart is now known as Edgan
tuxick	oooh	19:39
patdk-lap	it's crazy those people are saying traceroute does everything and more than tracepath	19:56
patdk-lap	tracepath and traceroute are the same in how they are talking, but tracepath deals with mtu sizes, where traceroute only deals with if you can talk from one side to the other	19:56
Walex	foo: "brodcast storm" is silly. What probably is happening is that your wireless "modem" is sending packets faster than they can receive.	20:38
foo	Walex: thank you for circling back. I'm scp'ing a 4K file FWIW.	20:39
foo	It says connection lost and connection timed out	20:39
Walex	foo: your WISP probably are not entirely clueful	20:39
foo	Walex: I'm open to that, I finished that specific work I was doing and likely won't deal with it - and if I do I can switch to my verizon hotspot	20:40
foo	I might try to call them one more time	20:40
Walex	foo: they probabkly misconfigured the upwards connection because most people just download from the net.	20:40
Walex	foo: that used to happen in a different form also with ADSL ISPs.	20:40
foo	Walex: what is odd to me is I have another server I can scp data to just fine	20:40
Walex	foo: and especially with modem ISPs.	20:40
Walex	foo: the server that works is probably slower than the one does not work.	20:41
Walex	foo: anyhow there is a simple but annoying fix.	20:41
Walex	foo: which is to use a tool that uses "rate limiting".	20:41
Walex	foo: I happen to have written one	20:42
foo	Walex: what was the value for you writing one within the context of wyoyour workflow?	20:43
foo	This specific nuance I experienced was the first time I experienced that in 20 years	20:43
Walex	http://www.sabi.co.uk/#sourcesSabishape	20:43
Walex	foo: you can find others on the web, the key words are "rate limiter" or "traffic control".	20:44
Walex	foo: the reason I wrote it and why most such scripts exist is called "buffer bloat"	20:44
Walex	foo: which is sort of the opposite of what is happening to you	20:45
Walex	foo: are you vaguely familiar with networking terms like "congestion control"?	20:47
foo	Walex: unfortunately, no	20:48
Walex	foo: you can search the web for the keywords to get the details	20:58
foo	Walex: thank you	20:59
Walex	foo: what is happening is that your radio transmitter is sending too many chunks of data too fast, and the their radio receiver cannot handle how closely spaced they are. So they need to be sent at a certain cadence/rate that does not overwhelm their receiver, to avoid the "spike".	20:59
Walex	that's the big picture as simple as I can make it.	21:00
foo	Walex: and that makes sense even though it's a 4K file?	21:00
Walex	foo: when you open a connection there is whole flow of other "packets" underneath.	21:00
Walex	foo: typically also the radio communicates in burst 250-500 bytes long.	21:01
Walex	but yes with 4KiB it is a bit extreme.	21:01
foo	Walex: ok, I might be seeing this issue with a regular git push... in which case, this is an issue. If I was going to attempt to help the WISP see this so they can fix it, how might I communicate this to them?	21:03
Walex	foo: part of the problem is that ISP, both wired and wireless, configure links so that the upward direction has a lot less capacity than the downwards, because most customers fetch stuff from the Internet, they don't send to it.	21:03
patdk-lap	what wisp is using 250-500byte packets? normal is 24xx bytes	21:03
patdk-lap	but we do know the issue is with mtu	21:04
patdk-lap	and his ssh login works cause a single packet doesn't go over 1000bytes or so	21:04
patdk-lap	but the scp will fill that 1500bytes easily	21:04
patdk-lap	I have had that issue before	21:04
Walex	foo: try first the reate limited tool to see if by cutting down on the upload rate things get better.	21:05
foo	patdk-lap: I don't think I asked you, if I want to communicate this with the WSIP - do I simply ask about their upstream and what their limts ar?	21:05
foo	WISP*	21:05
foo	are *	21:05
Walex	patdk-lap: MTU is another possibilty, but seems quite unlikely because it works with the other server.	21:05
Walex	patdk-lap: but it could well be.	21:05
Walex	foo: did you actually do the 'tracepath' test?	21:06
patdk-lap	mac seems not to have tracepath or any reasonable way to install it :(	21:06
patdk-lap	only thing you can really to is ask the wisp what mtu setting you need to use to talk to their equipment	21:06
Walex	what is this guy doing in #Ubuntu-server then?	21:06
patdk-lap	other than that you cannot really do anything, except set an mss clamp	21:07
Walex	patdk-lap: even on MacOS X he can send PING packets of various sizes...	21:07
patdk-lap	yes, but he did that and I was sure it showed the mtu issue	21:07
patdk-lap	but dunno where the mtu issue is	21:07
Walex	patdk-lap: if it is MTU it is likely at the "modem" exit, but then the WISP have configured a max MTU on their client side "modem" that is not compatible with their service side stuff.	21:08
foo	thanks patdk-lap for chiming in	21:08
foo	Walex: I'm in ubuntu server because I had issues scp'ing a file to my ubuntu server...	21:09
foo	from os x	21:09
foo	and I didn't realize this was a network issue.	21:09
Walex	foo: foo: ahhhhhhh	21:09
foo	(I haven't seen this issue in ~25 years)	21:09
patdk-lap	I would say login to the ubuntu server, and tracepath from there	21:09
patdk-lap	it would show as nicely, but will tell us whatside the issue is on	21:09
foo	patdk-lap: err, duh, of course. I didn't think to do it that way despite you sharing	21:09
foo	patdk-lap: I think I simply want to traceath my public IP	21:10
patdk-lap	ya	21:10
patdk-lap	it might not even show anything though :(	21:10
patdk-lap	depends on how uniform the issue is	21:10
Walex	patdk-lap: yes I was thinking that too, worth a try.	21:10
Walex	foo: on MacOS X you can set the origin MTU to a small value, something like 'ifconfig eth0 mtu 576' (not sure that is the right syntax.	21:11
foo	Walex: https://bpa.st/4Q7Q	21:11
foo	patdk-lap: ^	21:11
foo	from server to my IP	21:11
foo	(not actual IP	21:12
Walex	foo: it can go smaller. If it works with a small MTU it is likely MTU,	21:12
patdk-lap	ya, that says the path the server took to you is clean	21:14
* foo set mtu and can see 576 took effect		21:14
Walex	foo: actually you can usde the GUI	21:14
* foo tries to scp a 4K py file		21:14
Walex	https://support.zen.co.uk/kb/Knowledgebase/Changing-the-MTU-size-in-Mac-OS-X-10.6-to-10.9	21:14
patdk-lap	no way to install a linux docker in your mac or something?	21:14
foo	it does seem to work	21:14
foo	patdk-lap: can you stop being so smart.	21:14
foo	patdk-lap: ... yes, I have docker right here.	21:14
Walex	foo: try with 1006	21:14
* foo tries with 1006		21:15
foo	Walex: worked	21:15
Walex	foo: note that the issue could still be sending too fast.	21:15
Walex	foo: try 1280	21:15
foo	waworked	21:16
foo	Walex: worked	21:16
Walex	foo: which reminds me: is your service IPv6 by any chance (but it should not be because IPv6 in theory haas a minimum mTU of 1280).	21:16
Walex	foo: try 1400	21:16
foo	Walex: what's an easy way to tell if I'm ipv6?	21:16
Walex	foo: huge numerical addresses with colons instsad of dots	21:17
Walex	foo: but from your paste I can see it…	21:17
foo	Walex: I really really appreciate this, this issue baffled me for 3 hours. While I am curious, I don't have a ton of time to figure this out so I appreciate the help	21:17
foo	Walex: 1400 worked	21:17
foo	Walex: my paste would indicate I'm ipv4?	21:17
Walex	foo: yes, because the 'tracepath' reports IPv4 addresses.	21:18
foo	Walex: should I try 1500 to make sure it errors out?	21:18
foo	or something between 1400 and 1500?	21:18
Walex	foo: I if it is MTU, I think I know what your WISP have done, let' get closer to 1500	21:18
Walex	foo: try 1460	21:18
foo	ok, what next after 1400?	21:18
patdk-lap	1440, 1472	21:19
patdk-lap	1496	21:19
Walex	patdk-lap: yes....	21:19
patdk-lap	1496 is dsl issue (what I was saying about atm earilier)	21:19
Walex	patdk-lap: I think it is going to be 1472. I can't believe it is 1496.	21:19
* foo waits for 1460		21:19
foo	so MTU is how big a packet can be. The Internet runs at 1500, LAN usually runs around 1500.	21:20
patdk-lap	ya, I sometimes hit 1472-1476, but kindof rare	21:20
foo	ok, 1460 failed	21:20
patdk-lap	well, the internet runs at random	21:20
foo	1400 worked	21:20
patdk-lap	ethernet runs at 1500	21:20
Walex	foo: 1440?	21:20
patdk-lap	amazon runs at what 9001	21:20
* foo tries 1440		21:20
Walex	patdk-lap: yes, 9,000 is typical of "better" NICs.	21:21
patdk-lap	ya, all my servers are using 9000	21:21
foo	At this point, I'm doing this to A) satiat my curiosity and learn and B) to tell the WISP, as specifically as I can, WTF happened since they didn't seem to know	21:21
Walex	patdk-lap: I once had a cheap NIC that had different MTU limits on send and receive...	21:21
patdk-lap	I'm sure someone at the wisp knows, just not the support guys	21:21
patdk-lap	ya, older nics had a 7000 limit	21:22
Walex	my current WiFi has 2304. Just because.	21:22
patdk-lap	intel mostly has a 16k limit, but not normally work going over 9000, since most switchs cannot	21:22
foo	I won't be surprised if they call me and shut me down again... like they did last time	21:22
foo	ok, 1440 failed	21:22
Walex	foo: very odd.	21:23
foo	patdk-lap: yeah, I tried to get their most senior person. this is a small WSIP	21:23
foo	WISP*	21:23
Walex	foo: 1420?	21:23
Walex	foo: I am curious because this is "encapsulation overhead" and that big is strange.	21:23
foo	1420 failed	21:24
Walex	1410?	21:24
foo	oh the suspense.	21:24
patdk-lap	I find it odd the full size made it in, but it's so much smaller going out	21:25
foo	1410 worked	21:25
Walex	patdk-lap: my laptop's wires NIC max MTU is 9194	21:25
Walex	foo: just for curiosity try some values 1411-1429	21:26
foo	so, the MTU of anything above 1410 is too large for this network upstream - is it that simple?	21:26
Walex	foo: halving	21:26
patdk-lap	yep	21:26
foo	Walex: ok, will do	21:26
foo	patdk-lap: was that "yep" for me?	21:26
patdk-lap	but if that was your issue, you likely would have noticed this sooner	21:26
foo	Walex: wait, halving, what do you mean?	21:26
Walex	foo: first the middle of the range, then the middle of the new range, binary search, triangulation	21:27
patdk-lap	try 1415, then 1412 or 1417	21:27
foo	is it possible this issue only occurs with latency above 500ms+ or such?	21:27
patdk-lap	foo, doubtful	21:27
Walex	foo: it is weird, hard to say	21:27
patdk-lap	they would have had to get very fancy to do something like that	21:28
Walex	it could still be a rate issue, as they say "spiked", and a smaller MTU makes the sending just a bit slower.	21:28
foo	Why would a WISP want to limit MTU like this?	21:28
patdk-lap	some kind of strange bandwidth rate policy, that you recover fast enough for a smaller mtu packet	21:28
patdk-lap	but it drops a large one cause of over limit	21:28
Walex	foo: it is usually encapsulation overheads.	21:28
patdk-lap	would be very fully	21:28
patdk-lap	normally the wisp would run say 2k or 9k mtu	21:29
patdk-lap	then they take your packet and wrap it in kindof like a vpn	21:29
foo	Walex: what does "encapsulation overheads" mean in lamen terms? :)	21:29
foo	ahh	21:29
patdk-lap	so they know it comes from you	21:29
Walex	patdk-lap: but they seem to have configured their "modems" to be incomaptible with their POPs.	21:29
foo	POP?	21:29
patdk-lap	ya, issues with smaller wisps	21:29
patdk-lap	point of presence	21:29
patdk-lap	basically where hubs of their network	21:29
Walex	foo: their "masts", wireless access points	21:29
foo	1412 works	21:30
Walex	foo: network data is encapsulated with "headers", so an ethernet frame has a header, then there is an IP header, then there is a TCP header	21:30
foo	1415 fails	21:30
foo	Walex: I see	21:30
patdk-lap	the point of encapsilation for a wisp, is to make sure one customer doesn't spoof another customer and make get free service and the like	21:31
Walex	foo: foo: for things like wireless there are can be another header	21:31
patdk-lap	I'm unable to process sentences today it seems	21:31
foo	ohhhhh	21:31
foo	ok, ok, I think I'm getting	21:31
Walex	and the difference between 1500 and what you can do is probably the size of the headers that put around the IP packet	21:32
foo	There is an MTU limit of 1412 (we'll say) because they're adding onto the packet, eg. moving my traffic over the network via a VPN or such which uses the overhead or gap (1500-1412)	21:32
foo	for security reasons and/or to privacy and/or to not allow someone to spoof someone else	21:32
Walex	foo: yes, pretty much, that difference is the header/envelope of their potocol.	21:32
patdk-lap	https://stubarea51.net/wp-content/uploads/2021/07/image-13.png	21:33
patdk-lap	there are a lot of ones to pick from, the largest one I see is 50bytes	21:33
Walex	foo: in theory MacOS X and/or ubuntu should be doing "adaptive" MTU checking.	21:33
patdk-lap	but they could be using two stacked on each other, say one to the customer, and one between their routers	21:33
Walex	patdk-lap: yes, an overhead that large is unusual.	21:34
foo	Walex: very interesting, is it possible scp/git does not do adaptive MTU checking?	21:34
foo	but say, uploading a video in safari does?	21:34
patdk-lap	they wouldn't it would be done lower at the tcp level or ip level	21:34
patdk-lap	in linux it's called pmtu	21:34
foo	ahh	21:34
Walex	foo: 'scp' is way above that kind of stuff, same for safari.	21:35
Walex	foo: but some programs can disable it.	21:35
Walex	foo: also in some case adaptive MTU can cause trouble, or at least it could 15-20 years ago.	21:35
patdk-lap	also why most people don't notice these issues with tcp due to it checking	21:35
patdk-lap	it can become more of an issue for udp	21:35
patdk-lap	I have large blocks of verison dsl address space fixed at 1440 mss due to issues with pmtu	21:36
Walex	patdk-lap: I do the same also to avoid IPv4 fragmentation.	21:37
Walex	patdk-lap: also on WiFi smaller MTUs cause smaller losses on noisy channels.	21:37
patdk-lap	ya, moving into a block home, wifi interference is a non-issue anymore	21:37
Walex	foo: https://www.quora.com/Do-ISPs-regularly-use-MSS-clamping-to-prevent-MTU-black-holing-of-customer-traffic-If-so-does-this-break-any-RFCs-or-net-neutrality-legislation a bit technical	21:37
patdk-lap	getting cellservice inside the home is also a not-working thing	21:38
Walex	foo: have you tried a much larger file?	21:38
Walex	foo: BTW if you remember the first we tried was 576	21:39
Walex	foo: that was the "traditional" MTU many years go, and it is 576 because it is 512 bytes of data plus encapsulation overheads.	21:39
patdk-lap	these days, ipv6 pretty much says min is 1280, so should be safe to use that at the smallest	21:40
patdk-lap	unless your doing something really strange	21:40
Walex	patdk-lap: I am a traditionalist :-)	21:40
Walex	patdk-lap: actually in IPv6 the min MTU is much smaller than 576, but 576 is traditional.	21:41
patdk-lap	no	21:41
patdk-lap	1280 in the rfc	21:41
patdk-lap	unless one was released and update it lately	21:41
Walex	sorry I meant IPv4. 1280 is indeed the smallest with IPv6.	21:41
Walex	1006 was the MTU for SLiRP, I doubt anybody remembers that.	21:42
patdk-lap	ya, ipv4 dunno what min was, but most people stuck with 512 as the smallest	21:42
patdk-lap	used it a lot, still use it	21:42
Walex	ping -s 0 8.8.4.4 still works	21:43
Walex	foo anyhow the "sabishape" and "wondershaper" tools and others may still help you	21:44
foo	Walex: haven't tried larger file, only tried 4K files	21:45
Walex	foo: especially with a WISP and radio issues and a hugely different max upload and download capacities.	21:45
foo	Walex: I see	21:45
foo	This is all very informative, I learned something new	21:45
Walex	foo: those shapers are useful if downloading at full speed makes uploading very very slow.	21:45
Walex	foo: like you download an ISO file and have an SSH session at the same time and the link is not well configured by the ISP.	21:46
Walex	foo: it used to be terrible with modems and older ADSL lines.	21:47
foo	is there any harm in leaving my en0 mtu 1412 while I'm on this network for the next week?	21:47
Walex	you can set always to 1412	21:48
foo	ok, cool. I'll leave it at that while I'm here	21:48
Walex	foo: for cases where it could be the full 1500 the different between 1412 and 1500 is really small in terms of speed etc.	21:49
foo	Walex: ok, so all this will do is very tiny limit my upload	21:49
foo	patdk-lap: now, about docker tracepath...	21:50
* foo tries		21:50
Walex	foo: tiny tiny limit both. The shaping/rate limiting tools instead mostly limit the dowload to prevent download flows to swamp the upload channel.	21:50
foo	Walex: is there a reason why my computer wasn't smart enough to figure this out? :)	21:52
patdk-lap	mostly, it requires your wisp device or router connected to it to have a properly configured mtu	21:53
patdk-lap	then it should have	21:53
Walex	foo: we were mentioning that before with "adaptive mtu"	21:53
Walex	foo: "patdk-lap" mentioned the Linux 'pmtu' setting, and IIRC MacOS X has got somethigng equivalent. But often they are disabled by default because with ISPs that configure routers not optimally it can cause "blackholing"	21:54
foo	Walex / patdk-lap - is it possible the misconfiguration is in whatever is providing DHCP isn't telling my computer the correct mtu?	21:54
patdk-lap	it shouldn't be, cause that should be on your local network at 1500	21:55
Walex	foo: can't remember is there is an MTU option in DHCP, but if there is your WISP should have set it right.	21:55
patdk-lap	but the other side of the router or wisp device should know it's not outputting a full 1500, so when it sees one come it, it will know it cannot send it, and tell your mac that	21:55
patdk-lap	there is one for dhcp, but it shouldn't be needed	21:56
Walex	patdk-lap: in an ideal world... :-)	21:56
patdk-lap	ya, your trading one issue for another	21:56
patdk-lap	no idea how well it will work	21:56
patdk-lap	many things like printers normally don't support changing the mtu	21:57
Walex	foo: also in theory it is possible to set different MTUs for different routes, so one can set a lrge MTU for the local network and a smaller one for the Internet. But often it is not worth it.	21:57
Walex	BTW public service announcement: having a small MTU like 576 or smaller is a good idea if accessing the internet using a cellphone as a gateway. I think.	21:59
foo	said differently, while I feel good in knowing we figured it out together - it's the MTU - I still wonder if there is something improperly configured with this WISP.	21:59
foo	Walex: I do that often, I camp off the grid with my hotspot hoisted in a tree... haha. Good to know.	21:59
Walex	foo: most likels the WISP have not thought it through.	21:59
Walex	foo: BTW there are ways to support 1500B MTUs on a links that can only do 1412B, but they are wasteful.	22:00
foo	patdk-lap: here ya go, this is way delayed - haha https://bpa.st/FQ5A	22:01
foo	patdk-lap: anything in there that tells you my network only supports 1412 ?	22:01
Walex	foo: it claims it is 1452 instead of 1412	22:01
Walex	but the 40 byte difference is likely the 40 bytes of header.	22:02
Walex	foo: wait	22:02
Walex	foo: to do a proper 'tracepath' you must raise the 'en0	22:03
Walex	foo: to do a proper 'tracepath' you must raise the 'en0' MTU	22:03
foo	Walex: beyond 1500?	22:03
Walex	foo: then 'tracepath' will do automatically what we did manually.	22:03
foo	Walex: ohhh, I see	22:03
foo	Walex: so according to this tracepath, theoretically, 1452 should work	22:04
patdk-lap	ya, issue with the wisp	22:04
patdk-lap	that is a total mess	22:05
patdk-lap	private ip to public ip to private ip back to public	22:05
patdk-lap	3 diferent private address ranges	22:05
Walex	foo: had you alread set the 'en0' MTU to 1500 before the tracepath?	22:05
patdk-lap	just all over the place	22:05
foo	Walex: negative, this was in docker	22:06
patdk-lap	oh ya, forgot, docker would be the 172.18.x.x network	22:06
patdk-lap	reset to 1500 to test	22:06
Walex	foo: then set it to something like 4000 both insider and outside docket if you can, or at least 1500	22:06
foo	ah yeah it was set to 1500 at start	22:10
mwhudson	wait so it was mtu?	22:26
patdk-lap	well, as soon as he said ssh was fine and scp wasn't, knew it was mtu, the question was why, and where	22:27
=== StarHeart is now known as Edgan
Walex	patdk-lap: it could still have been rate: SSH sends usually a lot more slowly than 'scp'. But I think it it relatively likely it was MTU	22:32
patdk-lap	ya, lots of esoteric things it could have been, just not nearly as likely	22:33
Walex	I was thinking that if the WISP said "spiked" they had alread seen a wireless frame flood sort of issue	22:33
patdk-lap	ya, but that shouldn't mess with mtu sizes, and scp shouldn't have failed	22:34
patdk-lap	just been slower	22:34
patdk-lap	or lots of dropped packets	22:34
Walex	most wireless stuff does not do well with rapid back-to-back frame sending.	22:34
Walex	patdk-lap: the claim from the WISP was that on seeing a flood their receiver reset the connection...	22:35
patdk-lap	yes, but that would cause any of the mtu issues	22:36
patdk-lap	scp would have instantly failed, not hung	22:36
Walex	maybe they did see that in other cases so they assumed it was that case.	22:36
=== Walex is now known as Walex_away
foo	Walex_away / patdk-lap - it seems something else is going on	23:40
foo	these guys are claiming that they've seen something saturate this network for the past week	23:40
foo	shrug	23:40
* foo on the phone with him now		23:40
foo	Only change in network here is me, my laptop, and 3 alexa devices in the past week	23:40
foo	I have 10 down 5 up here, nothing fancy	23:43
foo	wow, something on my phone is doing this	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!