1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

akamai packets being lost

Discussion in 'Tomato Firmware' started by asdfasdf2, Jul 27, 2008.

  1. asdfasdf2

    asdfasdf2 Addicted to LI Member

    setup:
    adsl modem connected to a WRT54GL v1.0 running tomato 1.21 connected to a set of computers (using static DHCP addressing)
    firewall settings: Respond To ICMP Ping (NO) | Allow Multicast (NO) | NAT Loopback (Forwarded Only)

    when i try to get yahoo's logo:
    http://l.yimg.com/a/i/ww/beta/y3.gif

    i see the following lines in the (enabled) tomato logs:

    Jul 27 13:09:40 user.warn kernel: ACCEPT IN=br0 OUT=ppp0 SRC=192.168.1.102 DST=77.238.187.39 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=58960 DF PROTO=TCP SPT=1539 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
    Jul 27 13:09:40 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E2B0201917C3501030300)
    Jul 27 13:09:43 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E39BA01917C3501030300)
    Jul 27 13:09:46 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E427601917C3501030300)
    Jul 27 13:09:49 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E512A01917C3501030300)
    Jul 27 13:09:52 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E59E601917C3501030300)
    Jul 27 13:09:56 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=52037 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E6A2A0191708501030300)
    Jul 27 13:09:58 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=52037 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E71AA0191708501030300)
    Jul 27 13:10:01 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E800A01917C3501030300)
    Jul 27 13:10:04 user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=192.116.203.136 DST=84.229.10.147 LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=55763 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405830402080ABA7E88C901917C3501030300)


    where 77.238.187.39 belongs to yahoo.com
    and 192.116.203.* belongs to akamai
    (see http://remote.12dt.com/lookup.php)
    i know yahoo (and microsoft (my problems with microsoft's site are much greater, since, i guess, everything there is served by akamai)) use akamai to serve their content. but i thought this is done seamlessly (so that the user is not aware of it)

    i cannot explain
    1. why i dont get the yahoo image (or microsoft site for that matter)
    2. why akamai packets are dropped
    3. why the log lines on the dropped packets have empty OUT field ("OUT= ")

    any clue as to what's wrong?

    this is not a problem with my ISP (when i connect my adsl modem directly to a computer (configured with a dialer) then i have no problems)

    thank you,
    may all beings be happy
     
  2. kevanj

    kevanj LI Guru Member

    Is the ADSL modem in Bridged or Routed mode?
    Do you use any proxy configurations in your browser?

    1. Can't explain that...when I browse that URL, I see the logo, but I see no Akamai packets...

    2. The Akamai packets are being dropped simply because the firewall in the router sees them as initiated connection attempts from an external source. Why that is I don't know. That is why I asked the question about the modem being bridged or routed. I'm not saying there is a connection...just looking a bit deeper into your setup.

    3. The logs show a blank OUT field because the packets are being dropped by the firewall, hence they are not being sent OUT any interface on the router.
     
  3. asdfasdf2

    asdfasdf2 Addicted to LI Member

    update: OpenDNS config may be the culprit

    Thanks for reply kevanj,

    to answer your questions
    2. i dont use a proxy
    1. i dont know, but, check this out:

    when i changed my DNS from OpenDNS, to my ISP's DNS, the problems i described above, went away (now yahoo, and microsoft load fine).

    however, i would prefer to use OpenDNS over my ISP's DNS. i saw that DD-WRT needs "strict-order" option for OpenDNS to function properly (see http://www.dd-wrt.com/wiki/index.php/OpenDNS). I tried to do the same on my Tomato router with no success

    I still dont understand:
    1. why i get unexpected packets from Akamai when OpenDNS acts as my DNS
    2. exactly how to configure Tomato to work well with OpenDNS
    3. I'm not sure, but let me know if I'm wrong. DDNS (dynamic DNS) has nothing to do with my problemo, right?
     
  4. kevanj

    kevanj LI Guru Member

    I use OpenDNS with no problems....

    Set up as follows:

    On the Basic Network config page, enter the Open DNS IPs as Static DNS entries
    On the DHCP/DNS config page, check "Use Internal Caching DNS Forwarder", and "Intercept DNS Port". UnCheck "Use Received DNS With Static DNS" (I trust the OpenDNS servers to be up!!)

    The client machines on your LAN use either DHCP or have the IP of your router as their DNS server, correct?

    In the DNSMASQ config box, have a cache size of 256 and no reference to strict-order.

    It is unlikely that DDNS has any bearing on this particular problem.
     
  5. asdfasdf2

    asdfasdf2 Addicted to LI Member

    Thanx again kevanj,

    i have the setup you suggested (Intercept DNS Port is not really needed as my PCs use the router as their DNS) but the problem persists.

    so now what i dont know is
    1. Having OpenDNS servers as Tomato's 2 static DNSs, when i ask yahoo for its logo image, why do akamai servers come back to me with a response?

    when i use my ISP's DNS, and request yahoo's logo, i get the response from yahoo (that's how akamai is supposed to work)

    it's probably not something to do specifically akamai. but its a concrete example i have.

    more insights?
     
  6. Badders44

    Badders44 LI Guru Member

    Off topic I know, but why is the OpenDNS primary server so much slower than the secondary?

    Code:
    C:\>ping 208.67.222.222
    
    Pinging 208.67.222.222 with 32 bytes of data:
    
    Reply from 208.67.222.222: bytes=32 time=117ms TTL=48
    Reply from 208.67.222.222: bytes=32 time=118ms TTL=48
    Reply from 208.67.222.222: bytes=32 time=119ms TTL=48
    Reply from 208.67.222.222: bytes=32 time=134ms TTL=48
    
    Ping statistics for 208.67.222.222:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 117ms, Maximum = 134ms, Average = 122ms
    
    C:\>ping 208.67.220.220
    
    Pinging 208.67.220.220 with 32 bytes of data:
    
    Reply from 208.67.220.220: bytes=32 time=41ms TTL=51
    Reply from 208.67.220.220: bytes=32 time=42ms TTL=51
    Reply from 208.67.220.220: bytes=32 time=42ms TTL=51
    Reply from 208.67.220.220: bytes=32 time=43ms TTL=51
    
    Ping statistics for 208.67.220.220:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 41ms, Maximum = 43ms, Average = 42ms
    
    C:\>
     
  7. TexasFlood

    TexasFlood Network Guru Member

    Different results for me just now.

    Code:
    C:\>ping 208.67.222.222
    
    Pinging 208.67.222.222 with 32 bytes of data:
    
    Reply from 208.67.222.222: bytes=32 time=71ms TTL=53
    Reply from 208.67.222.222: bytes=32 time=70ms TTL=53
    Reply from 208.67.222.222: bytes=32 time=71ms TTL=53
    Reply from 208.67.222.222: bytes=32 time=72ms TTL=53
    
    Ping statistics for 208.67.222.222:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 70ms, Maximum = 72ms, Average = 71ms
    
    C:\>ping 208.67.220.220
    
    Pinging 208.67.220.220 with 32 bytes of data:
    
    Reply from 208.67.220.220: bytes=32 time=75ms TTL=53
    Reply from 208.67.220.220: bytes=32 time=85ms TTL=53
    Reply from 208.67.220.220: bytes=32 time=76ms TTL=53
    Reply from 208.67.220.220: bytes=32 time=82ms TTL=53
    
    Ping statistics for 208.67.220.220:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 75ms, Maximum = 85ms, Average = 79ms
     
  8. asterger

    asterger Network Guru Member

    Primary DNS servers can get more traffic than a Secondary server. When I manually configure a machine, I sometimes position the Secondary server first to utilize the under-subscribed DNS server.

    Cheers,

    -- asterger
     
  9. Badders44

    Badders44 LI Guru Member

    I guess we could be looking at different servers. i.e UK/USA.

    Anyhow, I've taken asterger's advice. Thanks.
     

Share This Page