Re: [Bismark-devel] switching issue on device

[Dave Taht <d@taht.net>]

On 04/17/2011 06:21 PM, Kim Hawtin wrote:
> On 18/04/11 00:22, Nick Feamster wrote:
>> On Apr 17, 2011, at 10:46 AM, Dave Taht wrote:
>>> I'm mildly confused as to your topology here. Diagram?
>>>
>>> You are behind NAT by default, so if you try to ping through the WAN
>> port to something anything inside the LAN, those machines will be 
>> unreachable.
>> You should however, be able to ping from the wireless to anywhere wired,
>> LAN or WAN port. If you have AP isolation turned on in the wireless 
>> side,
>> you cannot ping any other wireless connection, and I'm unsure what the
>> behavior is for wired to wireless in that case.
>>
>> I'm just talking about my LAN here:
>>
>>  SERVER<----(2.4 GHz wireless, SSID "foo") ---->  WNDR3700<---- 
>> (wired LAN port) ---->  Access Point 2
>>
>> * When I associate to AP2, I can ping SERVER, and resolve MDNS names.
>> * When I log into WNDR, I can ping SERVER
>> * When I associate to the WNDR3700, I can neither ping the server, 
>> nor resolve MDNS names.
>>
>> So, isn't it strange that everything works when I'm connected via AP2,
>> but not via the WNDR?  By my reasoning, all of the traffic that I'm
>> sending when I'm connected via AP2 would have to go through the WNDR 
>> anyhow...
>
> I am not sure how relevant my experience is here, as I am not using a 
> WNDR3700. I have seen this behavior on other APs. I have a hunch that 
> its related to how ARP is treated on the AP. In my case specifically 
> on WPA2 on a modern Billion device that does ADSL2+/AP/VoIP. This 
> behavior generally does not seem to be an issue on an open network or 
> using WEP. I noticed this last weekend when I was setting up my server 
> at home to to builds on, transfering files around with rsync/scp/etc
>
> Only when *both* hosts on the wireless have ping'd the AP can then you 
> ping the other hosts from wireless to wireless...
>
> ([laptop A], [laptop B]) --wifi-wpa2--> [AP] <--wired-- [server]
>
> For example I can not ping [laptop B] from [laptop A], both being on 
> the wireless using WPA2, until I ping the AP from both laptops. I can 
> however ping the [server] from both laptops. However I can not ping 
> either latptop from [server] until the laptop has ping'd [AP]. There 
> is currently no mdns in use by any of these devices.
>
> Perhaps the AP is building an internal table using mdns to 
> allow/identify traffic across its interfaces?

In Nick's case he had AP isolation on, which isolates individual 
wireless clients from each other on the same AP.

Most cafe's and public wifi spots have this on. Home users and anyone 
doing p2p stuff should have it off, and it should be off by default.

It's ironic that people trust the internet more than machines 
topologically close by these days.

So if you have AP isolation on in your WPA case and off in your WEP 
case, that's probably the real diagnosis.

I've *also* seen all kinds of issues with ARP of late, taking 10s of ms 
for an ARP reply to be propagated, and in the bufferbloated case, often 
failing entirely.

>
> regards,
>
> Kim
> _______________________________________________
> Bismark-devel mailing list
> Bismark-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bismark-devel