[9.260][BUG] WIFI throughput issue using separate zone

I operate a AP50 with 3 separate zone networks / SSID's.

Since 9.260 update I had intermittent issues to connect to - especially SSL - sites as IView Setup, SUM Gateway Manager or also connections with VSphere Client to ESXi via that those separate zone networks.

Today it got worse, and my throughput via separate zone WIFI networks dropped to 0,x...max. ~2MBit downloadspeeds, while uploads still seemed to work ok. Perftest via speedtest.net showed me for my 50/5 Uplink only 0,7 MBit download, but full 5 MBit Upload,

After some testing I found out, that if I lower MTU on those separate zone networks wlanx interfaces to 1300, throughput and stability becomes nearly normal again, if I go back to higher MTU as 1460, 1472 or 1492 or 1500 (which was default in my network up to now), throughput drops again nearly to zero for download.

Was there any changes in the tunneling from separate zone or the MTU (some kind of broken MSS clamping or something like that) ?

Contact me, if you want test...It's simple to reproduce the breakdown here by setting MTU back to (normal) MTU 1500 from now 1300 (which seems to work quite well...)

[8-)]

Parents

0 Sascha Paris over 10 years ago

[:S]Fascinating...if I go even lower to dial-in MTU value 576 the WIFI connection as fast as hell, and I get super low pings on speedtest.net around 8...10ms instead 15++ms

Everything seems to work as connecting those ssl sites as SUM Gateway Manager, ESXi via vSphere client, RDP connections, websurfing at all...

I would have expected lower throughput...but instead it seems to behave super stable and responsive.

That´s against my logic [:S]


C:\Users\saschaparis>ping -f -l 1472 192.168.10.20

Pinging 192.168.10.20 with 1472 bytes of data:
Request timed out.C:\Users\saschaparis>ping -f -l 548 192.168.10.20

C:\Users\saschaparis>ping -f -l 550 192.168.10.20

Pinging 192.168.10.20 with 550 bytes of data:
Request timed out.

Pinging 192.168.10.20 with 548 bytes of data:
Reply from 192.168.10.20: bytes=548 time=2ms TTL=63

Only the UTM´s DNS forwarder seems not to like this MTU...initial DNS resolution takes a short hiccup now...but works afterwards


C:\Users\saschaparis>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  2001:1a80:2000:8::1

> lserver 192.168.16.1
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [192.168.16.1]
Address:  192.168.16.1

> blick.ch
Server:  [192.168.16.1]
Address:  192.168.16.1

Non-authoritative answer:
Name:    blick.ch
Address:  62.138.108.68

> sheridan.b*****5.local
Server:  [192.168.16.1]
Address:  192.168.16.1

Going back to the 1300 MTU, as DNS hiccups are uncool...

Reply

0 Sascha Paris over 10 years ago


C:\Users\saschaparis>ping -f -l 1472 192.168.10.20

Pinging 192.168.10.20 with 1472 bytes of data:
Request timed out.C:\Users\saschaparis>ping -f -l 548 192.168.10.20

C:\Users\saschaparis>ping -f -l 550 192.168.10.20

Pinging 192.168.10.20 with 550 bytes of data:
Request timed out.

Pinging 192.168.10.20 with 548 bytes of data:
Reply from 192.168.10.20: bytes=548 time=2ms TTL=63

Only the UTM´s DNS forwarder seems not to like this MTU...initial DNS resolution takes a short hiccup now...but works afterwards


C:\Users\saschaparis>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  2001:1a80:2000:8::1

> lserver 192.168.16.1
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [192.168.16.1]
Address:  192.168.16.1

> blick.ch
Server:  [192.168.16.1]
Address:  192.168.16.1

Non-authoritative answer:
Name:    blick.ch
Address:  62.138.108.68

> sheridan.b*****5.local
Server:  [192.168.16.1]
Address:  192.168.16.1

Going back to the 1300 MTU, as DNS hiccups are uncool...

Children

No Data