Hotspot MTU issues?

jbaird · Mon Mar 25, 2013 7:23 pm

We use the Hotspot service on some routers to tie into our billing system, and have noticed that some users occasionally have issues loading images on websites. It sounds like this could be an MTU issue of some sort. As soon as we bypass the user from the hotspot service, the images always load correctly.

Has anyone else seen an issue like this with the hotspot server? Can anyone think of a way that I can troubleshoot this?

Thanks.

samsung172 · Tue Mar 26, 2013 12:30 am

connect and try to ping and have the do not fragmet bit set.

Try to have a mangle rule to change mss (a hack).

ros code

/ip firewall mangle add action=change-mss chain=forward disabled=no new-mss=1200 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1201-65535

jbaird · Tue Mar 26, 2013 7:10 pm

Should the hotspot service have any impact on MSS/MTU?

samsung172 · Wed Mar 27, 2013 1:20 am

depends on your setup. A clean hotspot directly to a Ethernet should not. If you use vpls/mpls, eoip, vpn etc etc to get the cpe to the hotspot, its possible.

jbaird · Wed Mar 27, 2013 4:20 pm

The Hotspot service is running on interfaces (or bridges) that connect directly to customer CPE's. There is no MPLS/EOIP in the mix. This problem DOES go away when I disable the Hotspot, though. Packet captures from the router reveal several ICMP unreachable - Fragmentation Needed messages to Facebook. However, I can't tell if this is actually a problem, or if this is actually PMTUD trying to negotiate a correct packet size.

omega-00 · Wed Mar 27, 2013 6:07 pm

I would check your default user profile and turn off 'transparent proxy' if it is on at present.

ros code

/ip hotspot user profile> print detail 
 0 name="default" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 address-list="" 
     transparent-proxy=no

jbaird · Wed Mar 27, 2013 7:57 pm

Here is what I have found. When the user is behind a hotspot and they go to http://www.speedguide.net:8080/ their MTU is 1500, and their MSS is 1460. When the user is bypassed from the hotspot, their MTU is 1480 and 1440.

Once again, the problem only occurs when the user is behind the hotspot. No mangle rules are enabled at this time.

The transparent-proxy option is currently set to "off." One more note, is that this problem is occurring on all hotspot routers that are upstream of a common distribution router. The routers who handle the hotspot stuff are all either directly connected or wirelessly connected to this common distribution problem. Other hotspot routers on our network that are not connected to this distribution router do not exhibit this problem. There are no mangle rules or anything on this distribution router.

Thanks.

jbaird · Wed Mar 27, 2013 8:48 pm

The MTU/MSS doesn't seem to be consistent. Sometimes it's also 1500/1460 with the user being bypassed as well.

samsung172 · Wed Mar 27, 2013 10:09 pm

how is your config. Router-Stuff-Cpe ?

jbaird · Thu Mar 28, 2013 12:45 am

The config is:

<Distribution Router (1100ah)>-----<Access Router (1100ah)>-------<Cambium CPE>----<client computer/router/etc>

The distribution router doesn't serve any customers directly. The access router has the Hotspot service running on it. All access routers that are connected to this distribution router and have the hotspot service enable are exhibiting the same problem.

Does this help or would you like additional information?

Thanks!