Can't access some websites, possible MTU issue on the router?

2

Two particular sites that I can't access at all is css-tricks.com and jquery.com which are pretty crucial to me since I'm a web designer.

I talked with my ISP and we tried

  • Using different browsers,
  • Using various dns servers,
  • Clearing the DNS cache
  • Resetting the modem back to the factory settings,
  • and finally was about the change MTU settings, which was not available under the router interface, they gave up and told me to try a different router if the problem persists.

Here is the problem, I don't have another one and I don't want to pay for it. Obviously this one(airties rt-211) is working but probably there's a misconfiguration.

Anyways, so I took the reins and after some googling I found out more about the MTU. So apparently, my MTU is set to 1500. Pinging css-tricks.com with a 1500b packet returns the following error:

Packet needs to be fragmented but DF set.

I tried my way down to 1472. At this point the error messages changes to:

Request timed out.

I tried much more lower values as well, but it times-out even with a 1kb packet.

I don't think there is a problem with ISP dns's either since I use the same ISP at work and I'm able to reach those sites.

I also did a tracert, but again, the request timed out after 16th hop.

Any ideas anyone?

Ege

Posted 2012-02-06T20:09:30.320

Reputation: 131

Did you ever figure out what the problem was? – Old Pro – 2015-10-13T19:48:39.137

1If you direct wire into the modem and bypass the router can you get to them? – Raystafarian – 2012-02-06T20:19:11.763

1nope, even a direct wire won't open it, and I've just tried with my old laptop and same problem there – Ege – 2012-02-06T21:01:49.083

1So if you've ruled out the computer and the router as the cause, it has to be the modem. Why not get your ISP to replace it? – Raystafarian – 2012-02-06T21:04:10.367

Answers

2

Your ping trial does not necessarily mean anything.

The normal MTU for Ethernet (and for the internet) is 1500. Because ping does not count the (28 byte) header size as part of the packet size, it normally will complain Packet needs to be fragmented but DF set if you try to use a packet size over 1472 (+ 28 = 1500). The DF stands for "Don't Fragment" and packets larger than the MTU have to be fragmented to be transmitted.

Also, to prevent malicious scanners from detecting servers, it is typical to turn off responses to pings, so Request timed out is not necessarily indicative of a problem.

That said, I can ping css-tricks.com and jquery.com and get responses, so you may really have a problem there. To help narrow things down, compare the IP address you are seeing for these sites (ping will report the IP address it is pinging in parentheses after the domain name) to the IP address you see on other computers that work. Also try tracert or traceroute (depending on your OS) to see what route your packets are taking. It is possible there is a routing error between you and the site in question which would show the packets going off into a black hole. I note that both sites you mentioned are hosted by Media Temple so you might try asking them for help.

Old Pro

Posted 2012-02-06T20:09:30.320

Reputation: 1 751

1

It could be a problem with a router somewhere along the route that is blocking ICMP packets. This is done because some malicious sites use these for nefarious reasons. See the articles 'Internet Control Message Protocol' and 'Black hole (networking)' in Wikipedia for details. I had this problem only with the IMDb site for some reason, and the solution in Linux, which is what I use, is explained in the following blog posts:

http://blog.glinskiy.com/2009/02/packetization-layer-path-mtu-discovery.html

http://fitzcarraldoblog.wordpress.com/2010/11/30/why-cant-i-access-a-specific-web-site/

To get around this, you have to disable ICMP and enable PLPMD (Packetization Layer Path MTU Discovery) instead. Don't know how to do it in Windows, but Google will probably point you in the right direction.

Good luck.

Fitzcarraldo

Posted 2012-02-06T20:09:30.320

Reputation: 11

0

Try to lower your out-going MTU (maybe pppoe?), It set to defalut 1492. you can set it to lower value like 1450.

Some "bad implemented" route will make the packet bigger than physical limit of ethernet, and makes the internet connection buggy.

neoedmund

Posted 2012-02-06T20:09:30.320

Reputation: 101

Please read the question again carefully. Your answer does not answer the original question. He's already tried your suggestion "I tried much more lower values as well" – DavidPostill – 2015-10-15T22:13:04.697

Asked: 2012-02-06T20:09:30.320

Viewed: 16 990 times

Active: 2015-10-14T10:21:55.303