TCP connections hang during handshake [closed]TCP Handshake fails on Cisco ASAIs application determined before or after TCP handshake?Is MSS negotiated or exchanged during the 3 way handshakeTCP streams/connectionsCalculating 3 way TCP Handshake DurationRandom intercontinental TCP streams are slowTCP Three Way Handshake?

Find constant that allows an integral to be finite

Is it sportsmanlike to waste opponents' time by giving check at the end of the game?

Dicht antonym - what is it?

A question about relaxation oscillator

Giving a talk on a different topic than what we discussed

"Ich habe Durst" vs "Ich bin durstig": Which is more common?

How to use FDE without needing to share the encryption password

Which fallacy: "If white privilege exists, why did Elizabeth Warren pretend to be an Indian?"

Creating vector (with lines/polygons) from raster based on paper map in QGIS

Decision problems for which it is unknown whether they are decidable

What are standard cryptographic assumptions?

How to present boolean options along with selecting exactly 1 of them as "primary"?

What's an "add" chord?

Can you make monkeys human?

tizk aligning arc between nodes + same length

Warranty on lock damaged during attempted theft

CO₂ level is high enough that it reduces cognitive ability. Isn't that a reason to worry?

At what point in time would humans notice a 21st century satellite observing them?

Why might SHA-384 throughput be lower than SHA-512 throughput in hashcat?

"Chess is 90% tactics" - should a player focus more on tactics in order to improve?

Why did the Bohr Model Successfully calculate some of the energy levels in hydrogen?

Translation Golf XLIX - An Accurate Shot

What do you call someone whose unmarried partner has died?

Making Sandwiches



TCP connections hang during handshake [closed]


TCP Handshake fails on Cisco ASAIs application determined before or after TCP handshake?Is MSS negotiated or exchanged during the 3 way handshakeTCP streams/connectionsCalculating 3 way TCP Handshake DurationRandom intercontinental TCP streams are slowTCP Three Way Handshake?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









4

















For the last few days, connections originating behind my LAN's NAT have been having issues completing the TCP handshake (i.e. web pages only load after hitting F5 a few times, network applications sometimes timeout when starting, etc.). After a TCP connection is estabilished, everything works fine.



My network configuration is ~20 machines behind an EdgeOS router, which masquerades internal addresses to my ISP's PPPoE endpoint. No updates or configuration changes have been made recently (last 6 months at least). I've excluded NAT port exhaustion, memory exhaustion and my ISP doesn't run CGNAT. The issue presents both on Windows and Linux machines, which means the culprit is most probably the ISP.



The issue at hand is, how do I investigate and document such a problem on my side?






tcp nat







share|improve this question


















closed as too broad by Ron Maupin Jul 22 at 14:20


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.

























    4

















    For the last few days, connections originating behind my LAN's NAT have been having issues completing the TCP handshake (i.e. web pages only load after hitting F5 a few times, network applications sometimes timeout when starting, etc.). After a TCP connection is estabilished, everything works fine.



    My network configuration is ~20 machines behind an EdgeOS router, which masquerades internal addresses to my ISP's PPPoE endpoint. No updates or configuration changes have been made recently (last 6 months at least). I've excluded NAT port exhaustion, memory exhaustion and my ISP doesn't run CGNAT. The issue presents both on Windows and Linux machines, which means the culprit is most probably the ISP.



    The issue at hand is, how do I investigate and document such a problem on my side?






    tcp nat







    share|improve this question


















    closed as too broad by Ron Maupin Jul 22 at 14:20


    Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.





















      4












      4








      4


      0






      For the last few days, connections originating behind my LAN's NAT have been having issues completing the TCP handshake (i.e. web pages only load after hitting F5 a few times, network applications sometimes timeout when starting, etc.). After a TCP connection is estabilished, everything works fine.



      My network configuration is ~20 machines behind an EdgeOS router, which masquerades internal addresses to my ISP's PPPoE endpoint. No updates or configuration changes have been made recently (last 6 months at least). I've excluded NAT port exhaustion, memory exhaustion and my ISP doesn't run CGNAT. The issue presents both on Windows and Linux machines, which means the culprit is most probably the ISP.



      The issue at hand is, how do I investigate and document such a problem on my side?






      tcp nat







      share|improve this question

















      For the last few days, connections originating behind my LAN's NAT have been having issues completing the TCP handshake (i.e. web pages only load after hitting F5 a few times, network applications sometimes timeout when starting, etc.). After a TCP connection is estabilished, everything works fine.



      My network configuration is ~20 machines behind an EdgeOS router, which masquerades internal addresses to my ISP's PPPoE endpoint. No updates or configuration changes have been made recently (last 6 months at least). I've excluded NAT port exhaustion, memory exhaustion and my ISP doesn't run CGNAT. The issue presents both on Windows and Linux machines, which means the culprit is most probably the ISP.



      The issue at hand is, how do I investigate and document such a problem on my side?






      tcp nat




      tcp nat






      share|improve this question
















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jul 22 at 11:40







      rrrrrrrrrrrrrrrr

















      asked Jul 21 at 7:48









      rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

      1435 bronze badges




      1435 bronze badges





      closed as too broad by Ron Maupin Jul 22 at 14:20


      Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.











      closed as too broad by Ron Maupin Jul 22 at 14:20


      Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.









      closed as too broad by Ron Maupin Jul 22 at 14:20


      Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.






















          1 Answer
          1






          active

          oldest

          votes


















          8


















          You state that TCP connections run fine once they get established. That makes a cause on the ISP's network unlikely: ISP routers are usually stateless, so they don't care for layers above the network (IP) layer, and (random) packet loss would impact all packets alike, during and after establishing a connection.



          More likely, your NAT router fails to establish new NAT sessions. This may be due to port exhaustion, memory exhaustion or some other system limitation. You should check the router for logged errors and warnings, memory or other resource exhaustion or such.



          If router diagnosis doesn't locate the problem you might need to run a packet capture on your NAT router's WAN interface to make sure that TCP SYNs etc. make it across the router. You can also compare that capture to one made on an outside, known-good host. If you're sure that packets make it across your router and don't make it to the ultimate destination, then your ISP needs to answer some questions.






          share|improve this answer




























          • While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 18:53











          • @rrrrrrrrrrrrrrrr Nothing in the logs?

            – Zac67
            Jul 21 at 19:36











          • Nope, nothing of interest.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 21:21






          • 1





            That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

            – Bob
            Jul 22 at 2:59











          • @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

            – Zac67
            Jul 22 at 6:22


















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          8


















          You state that TCP connections run fine once they get established. That makes a cause on the ISP's network unlikely: ISP routers are usually stateless, so they don't care for layers above the network (IP) layer, and (random) packet loss would impact all packets alike, during and after establishing a connection.



          More likely, your NAT router fails to establish new NAT sessions. This may be due to port exhaustion, memory exhaustion or some other system limitation. You should check the router for logged errors and warnings, memory or other resource exhaustion or such.



          If router diagnosis doesn't locate the problem you might need to run a packet capture on your NAT router's WAN interface to make sure that TCP SYNs etc. make it across the router. You can also compare that capture to one made on an outside, known-good host. If you're sure that packets make it across your router and don't make it to the ultimate destination, then your ISP needs to answer some questions.






          share|improve this answer




























          • While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 18:53











          • @rrrrrrrrrrrrrrrr Nothing in the logs?

            – Zac67
            Jul 21 at 19:36











          • Nope, nothing of interest.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 21:21






          • 1





            That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

            – Bob
            Jul 22 at 2:59











          • @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

            – Zac67
            Jul 22 at 6:22















          8


















          You state that TCP connections run fine once they get established. That makes a cause on the ISP's network unlikely: ISP routers are usually stateless, so they don't care for layers above the network (IP) layer, and (random) packet loss would impact all packets alike, during and after establishing a connection.



          More likely, your NAT router fails to establish new NAT sessions. This may be due to port exhaustion, memory exhaustion or some other system limitation. You should check the router for logged errors and warnings, memory or other resource exhaustion or such.



          If router diagnosis doesn't locate the problem you might need to run a packet capture on your NAT router's WAN interface to make sure that TCP SYNs etc. make it across the router. You can also compare that capture to one made on an outside, known-good host. If you're sure that packets make it across your router and don't make it to the ultimate destination, then your ISP needs to answer some questions.






          share|improve this answer




























          • While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 18:53











          • @rrrrrrrrrrrrrrrr Nothing in the logs?

            – Zac67
            Jul 21 at 19:36











          • Nope, nothing of interest.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 21:21






          • 1





            That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

            – Bob
            Jul 22 at 2:59











          • @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

            – Zac67
            Jul 22 at 6:22













          8














          8










          8









          You state that TCP connections run fine once they get established. That makes a cause on the ISP's network unlikely: ISP routers are usually stateless, so they don't care for layers above the network (IP) layer, and (random) packet loss would impact all packets alike, during and after establishing a connection.



          More likely, your NAT router fails to establish new NAT sessions. This may be due to port exhaustion, memory exhaustion or some other system limitation. You should check the router for logged errors and warnings, memory or other resource exhaustion or such.



          If router diagnosis doesn't locate the problem you might need to run a packet capture on your NAT router's WAN interface to make sure that TCP SYNs etc. make it across the router. You can also compare that capture to one made on an outside, known-good host. If you're sure that packets make it across your router and don't make it to the ultimate destination, then your ISP needs to answer some questions.






          share|improve this answer
















          You state that TCP connections run fine once they get established. That makes a cause on the ISP's network unlikely: ISP routers are usually stateless, so they don't care for layers above the network (IP) layer, and (random) packet loss would impact all packets alike, during and after establishing a connection.



          More likely, your NAT router fails to establish new NAT sessions. This may be due to port exhaustion, memory exhaustion or some other system limitation. You should check the router for logged errors and warnings, memory or other resource exhaustion or such.



          If router diagnosis doesn't locate the problem you might need to run a packet capture on your NAT router's WAN interface to make sure that TCP SYNs etc. make it across the router. You can also compare that capture to one made on an outside, known-good host. If you're sure that packets make it across your router and don't make it to the ultimate destination, then your ISP needs to answer some questions.







          share|improve this answer















          share|improve this answer




          share|improve this answer








          edited Jul 21 at 14:43

























          answered Jul 21 at 12:21









          Zac67Zac67

          41.6k2 gold badges28 silver badges79 bronze badges




          41.6k2 gold badges28 silver badges79 bronze badges















          • While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 18:53











          • @rrrrrrrrrrrrrrrr Nothing in the logs?

            – Zac67
            Jul 21 at 19:36











          • Nope, nothing of interest.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 21:21






          • 1





            That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

            – Bob
            Jul 22 at 2:59











          • @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

            – Zac67
            Jul 22 at 6:22

















          • While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 18:53











          • @rrrrrrrrrrrrrrrr Nothing in the logs?

            – Zac67
            Jul 21 at 19:36











          • Nope, nothing of interest.

            – rrrrrrrrrrrrrrrr
            Jul 21 at 21:21






          • 1





            That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

            – Bob
            Jul 22 at 2:59











          • @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

            – Zac67
            Jul 22 at 6:22
















          While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

          – rrrrrrrrrrrrrrrr
          Jul 21 at 18:53





          While you have a (very, very) fair point, I did not change anything in the network configuration & I have restarted the router multiple times, and the problem presents immediately after a reboot, which means resource (port, memory, etc.) exhaustion is unlikely. I will do a very simple test this evening: I'm going to route traffic through a different ISP from the same router. If that fails to identify the culprit, I'm going to run the other tests you suggested.

          – rrrrrrrrrrrrrrrr
          Jul 21 at 18:53













          @rrrrrrrrrrrrrrrr Nothing in the logs?

          – Zac67
          Jul 21 at 19:36





          @rrrrrrrrrrrrrrrr Nothing in the logs?

          – Zac67
          Jul 21 at 19:36













          Nope, nothing of interest.

          – rrrrrrrrrrrrrrrr
          Jul 21 at 21:21





          Nope, nothing of interest.

          – rrrrrrrrrrrrrrrr
          Jul 21 at 21:21




          1




          1





          That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

          – Bob
          Jul 22 at 2:59





          That first paragraph would only hold if the ISP is not applying CGNAT, right? If this is a new development then that's possibly something that has changed on the ISP end. Of course, if @rrrrrrrrrrrrrrrr is on a business plan that's unlikely - CGNAT is usually residential/consumer only, barring a mixup on the ISP side.

          – Bob
          Jul 22 at 2:59













          @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

          – Zac67
          Jul 22 at 6:22





          @bob Absolutely - however even then, resources for carrier-grade NAT should be ample and never run out.

          – Zac67
          Jul 22 at 6:22



          -

          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Image
          Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
          Read more

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Image
          Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
          Read more

          Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

          Image
          Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
          Read more